nerdexam
Broadcom-VMware

1V0-21.20 · Question #26

Which configuration setting prevents a packet sniffing program from analyzing network packets on the virtual switch?

The correct answer is A. Promiscuous Mode set to Reject. To prevent a virtual machine from capturing all network traffic on a virtual switch, the Promiscuous Mode security policy must be set to Reject. This configuration ensures that the VM's virtual network adapter only receives traffic intended for it, blocking any attempt at packet

Explain Security Concepts in vSphere

Question

Which configuration setting prevents a packet sniffing program from analyzing network packets on the virtual switch?

Options

  • APromiscuous Mode set to Reject
  • BPromiscuous Mode set to Accept
  • CForged Transmits set to Accept
  • DForged Transmits set to Reject

How the community answered

(29 responses)
  • A
    90% (26)
  • B
    7% (2)
  • D
    3% (1)

Why each option

To prevent a virtual machine from capturing all network traffic on a virtual switch, the Promiscuous Mode security policy must be set to Reject. This configuration ensures that the VM's virtual network adapter only receives traffic intended for it, blocking any attempt at packet sniffing.

APromiscuous Mode set to RejectCorrect

Promiscuous Mode, when set to Reject, prevents a virtual network adapter from forwarding all traffic seen on the virtual switch to the guest operating system. This explicitly blocks packet sniffing tools from analyzing traffic not specifically addressed to the VM, thereby enhancing network security.

BPromiscuous Mode set to Accept

Promiscuous Mode set to Accept allows a virtual machine's network adapter to see all traffic on the virtual switch segment, which enables packet sniffing programs to analyze network packets, directly contradicting the goal of preventing it.

CForged Transmits set to Accept

Forged Transmits set to Accept allows a virtual machine to send packets with a source MAC address different from its own, which is related to MAC spoofing and impersonation, not preventing packet sniffing.

DForged Transmits set to Reject

Forged Transmits set to Reject prevents a virtual machine from sending packets with a source MAC address different from its own, which enhances security against MAC spoofing but does not prevent a VM from receiving and analyzing all network packets.

Concept tested: Virtual switch promiscuous mode security

Source: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.networking.doc/GUID-9D09287B-8B57-4E0C-A201-9F22566F6A6E.html

Topics

#Virtual switch security#promiscuous mode#network security

Community Discussion

No community discussion yet for this question.

Full 1V0-21.20 Practice