Broadcom-VMware
2V0-621 · Question #20
2V0-621 Question #20: Real Exam Question with Answer & Explanation
The correct answer is A: isolation.tools.unity.push.update.disable. VMs hosted exclusively on vSphere should have VMware Workstation/Fusion-specific Guest Host Integration and Unity features disabled, as these features serve no purpose in vSphere and unnecessarily expand the attack surface.
Question
Which two advanced features should be disabled for virtual machines that are only hosted on a vSphere system? (Choose two.)
Options
- Aisolation.tools.unity.push.update.disable
- Bisolation.tools.ghi.launchmenu.change
- Cisolation.tools.bbs.disable
- Disolation.tools.hgfsServerSet.enable
Explanation
VMs hosted exclusively on vSphere should have VMware Workstation/Fusion-specific Guest Host Integration and Unity features disabled, as these features serve no purpose in vSphere and unnecessarily expand the attack surface.
Common mistakes.
- C. isolation.tools.bbs.disable is not among the parameters explicitly recommended for disabling in the VMware vSphere Security Hardening Guide for VMs running only in a vSphere environment, making it an incorrect choice in this context.
- D. isolation.tools.hgfsServerSet.enable relates to the Host-Guest File System used by VMware Tools for legitimate file transfer and operational tasks within vSphere environments, so disabling it is not a recommended security hardening step for standard vSphere-hosted VMs.
Concept tested. VM isolation advanced parameter hardening for vSphere
Reference. https://www.vmware.com/security/hardening-guides.html
Community Discussion
No community discussion yet for this question.