2V0-622 Question #20: Real Exam Question with Answer & Explanation

The correct answer is A: isolation.tools.unity.push.update.disable. Unity mode and GHI launch menu features are VMware desktop-product capabilities that serve no purpose in a vSphere-only environment and should be disabled to reduce the VM attack surface.

Section 1 – Configure and Administer vSphere 6.5 Security

Question

Which two advanced features should be disabled for virtual machines that are only hosted on a vSphere system? (Choose two.)

Options

Aisolation.tools.unity.push.update.disable
Bisolation.tools.ghi.launchmenu.change
Cisolation.tools.bbs.disable
Disolation.tools.hgfsServerSet.enable

Explanation

Unity mode and GHI launch menu features are VMware desktop-product capabilities that serve no purpose in a vSphere-only environment and should be disabled to reduce the VM attack surface.

Common mistakes.

C. isolation.tools.bbs.disable relates to the BIOS Boot Screen and is not a desktop-specific feature requiring disablement in vSphere-only environments under standard hardening guidance.
D. isolation.tools.hgfsServerSet.enable controls the HGFS (Host Guest File System) server and, while it may warrant disabling for other security reasons, it is not categorized in the VMware hardening guide as a desktop-only feature irrelevant to vSphere-only deployments.

Concept tested. VMware VM advanced parameter hardening for vSphere-only deployments

Reference. https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/vmware-vsphere-security-hardening-guide.pdf

Topics

#VM isolation#advanced VM settings#VMware Tools#security hardening

Community Discussion

No community discussion yet for this question.

Full 2V0-622 Practice