nerdexam
Broadcom-VMware

2V0-622 · Question #20

Which two advanced features should be disabled for virtual machines that are only hosted on a vSphere system? (Choose two.)

The correct answer is A. isolation.tools.unity.push.update.disable B. isolation.tools.ghi.launchmenu.change. Unity mode and GHI launch menu features are VMware desktop-product capabilities that serve no purpose in a vSphere-only environment and should be disabled to reduce the VM attack surface.

Section 1 – Configure and Administer vSphere 6.5 Security

Question

Which two advanced features should be disabled for virtual machines that are only hosted on a vSphere system? (Choose two.)

Options

  • Aisolation.tools.unity.push.update.disable
  • Bisolation.tools.ghi.launchmenu.change
  • Cisolation.tools.bbs.disable
  • Disolation.tools.hgfsServerSet.enable

How the community answered

(49 responses)
  • A
    59% (29)
  • C
    29% (14)
  • D
    12% (6)

Why each option

Unity mode and GHI launch menu features are VMware desktop-product capabilities that serve no purpose in a vSphere-only environment and should be disabled to reduce the VM attack surface.

Aisolation.tools.unity.push.update.disableCorrect

The isolation.tools.unity.push.update.disable parameter controls Unity mode, a seamless-window feature designed for VMware Workstation and Fusion; it has no functional value on vSphere and exposing it unnecessarily increases the guest-to-host communication surface.

Bisolation.tools.ghi.launchmenu.changeCorrect

The isolation.tools.ghi.launchmenu.change parameter controls Guest Host Integration launch menu functionality, another VMware desktop-oriented feature not applicable to vSphere; disabling it prevents guests from manipulating host-side menu behavior.

Cisolation.tools.bbs.disable

isolation.tools.bbs.disable relates to the BIOS Boot Screen and is not a desktop-specific feature requiring disablement in vSphere-only environments under standard hardening guidance.

Disolation.tools.hgfsServerSet.enable

isolation.tools.hgfsServerSet.enable controls the HGFS (Host Guest File System) server and, while it may warrant disabling for other security reasons, it is not categorized in the VMware hardening guide as a desktop-only feature irrelevant to vSphere-only deployments.

Concept tested: VMware VM advanced parameter hardening for vSphere-only deployments

Source: https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/vmware-vsphere-security-hardening-guide.pdf

Topics

#VM isolation#advanced VM settings#VMware Tools#security hardening

Community Discussion

No community discussion yet for this question.

Full 2V0-622 Practice