nerdexam
Broadcom-VMware

2V0-622 · Question #22

Which two groups of settings should be reviewed when attempting to increase the security of virtual machines (VMs)? (Choose two.)

The correct answer is A. Disable hardware devices B. Disable unexposed features. VMware VM security hardening focuses on two main setting groups: disabling unnecessary hardware devices and disabling unexposed or unneeded VMware features.

Section 1 – Configure and Administer vSphere 6.5 Security

Question

Which two groups of settings should be reviewed when attempting to increase the security of virtual machines (VMs)? (Choose two.)

Options

  • ADisable hardware devices
  • BDisable unexposed features
  • CDisable VMtools devices
  • DDisable VM Template features

How the community answered

(46 responses)
  • A
    89% (41)
  • C
    7% (3)
  • D
    4% (2)

Why each option

VMware VM security hardening focuses on two main setting groups: disabling unnecessary hardware devices and disabling unexposed or unneeded VMware features.

ADisable hardware devicesCorrect

Disabling hardware devices such as serial ports, parallel ports, USB controllers, and floppy drives that the VM does not require removes physical-layer attack vectors that malicious processes could exploit through the guest OS.

BDisable unexposed featuresCorrect

Disabling unexposed features - VMware functionality not required by the workload - reduces the attack surface by ensuring unused code paths and virtual interfaces are not accessible to attackers.

CDisable VMtools devices

VMware Tools devices provide essential guest OS integration such as time synchronization and management-plane communication; disabling them would break core VM manageability rather than improve security posture.

DDisable VM Template features

Disabling VM Template features is not a recognized security hardening category in VMware guidelines; VM templates are a provisioning construct and do not represent a runtime attack surface.

Concept tested: VMware VM security hardening categories and review areas

Source: https://www.vmware.com/security/hardening-guides.html

Topics

#VM security review#hardware device hardening#unexposed features#VM hardening

Community Discussion

No community discussion yet for this question.

Full 2V0-622 Practice