A company provides on-demand cloud computing resources for a sensitive project. The company implements a fully virtualized datacenter and terminal server
access with two-factor authentication for customer access to the administrative website. The security administrator at the company has uncovered a breach in data
confidentiality. Sensitive data from customer A was found on a hidden directory within the VM of company B. Company B is not in the same industry as company A
and the two are not competitors. Which of the following has MOST likely occurred?
A.
Both VMs were left unsecured and an attacker was able to exploit network vulnerabilities to access each and move the data.
B.
A stolen two factor token was used to move data from one virtual guest to another host on the same network segment.
C.
A hypervisor server was left un-patched and an attacker was able to use a resource exhaustion attack to gain unauthorized access.
D.
An employee with administrative access to the virtual guests was able to dump the guest memory onto a mapped disk.