2V0-622 · Question #22
Which two groups of settings should be reviewed when attempting to increase the security of virtual machines (VMs)? (Choose two.)
The correct answer is A. Disable hardware devices B. Disable unexposed features. VMware VM security hardening focuses on two main setting groups: disabling unnecessary hardware devices and disabling unexposed or unneeded VMware features.
Question
Which two groups of settings should be reviewed when attempting to increase the security of virtual machines (VMs)? (Choose two.)
Options
- ADisable hardware devices
- BDisable unexposed features
- CDisable VMtools devices
- DDisable VM Template features
How the community answered
(46 responses)- A89% (41)
- C7% (3)
- D4% (2)
Why each option
VMware VM security hardening focuses on two main setting groups: disabling unnecessary hardware devices and disabling unexposed or unneeded VMware features.
Disabling hardware devices such as serial ports, parallel ports, USB controllers, and floppy drives that the VM does not require removes physical-layer attack vectors that malicious processes could exploit through the guest OS.
Disabling unexposed features - VMware functionality not required by the workload - reduces the attack surface by ensuring unused code paths and virtual interfaces are not accessible to attackers.
VMware Tools devices provide essential guest OS integration such as time synchronization and management-plane communication; disabling them would break core VM manageability rather than improve security posture.
Disabling VM Template features is not a recognized security hardening category in VMware guidelines; VM templates are a provisioning construct and do not represent a runtime attack surface.
Concept tested: VMware VM security hardening categories and review areas
Source: https://www.vmware.com/security/hardening-guides.html
Topics
Community Discussion
No community discussion yet for this question.