2V0-622 · Question #27
An administrator has recently audited the environment and found numerous virtual machines with sensitive data written to the configuration files. To prevent this in the future, which advanced paramete
The correct answer is A. isolation.tools.setinfo.disable = true. The isolation.tools.setinfo.disable = true parameter prevents guest processes and VMware Tools from writing sensitive name-value pairs into the VM configuration file.
Question
An administrator has recently audited the environment and found numerous virtual machines with sensitive data written to the configuration files. To prevent this in the future, which advanced parameter should be applied to the virtual machines?
Options
- Aisolation.tools.setinfo.disable = true
- Bisolation.tools.setinfo.enable = true
- Cisolation.tools.setinfo.disable = false
- Disolation.tools.setinfo.enable = false
How the community answered
(32 responses)- A88% (28)
- B3% (1)
- C6% (2)
- D3% (1)
Why each option
The isolation.tools.setinfo.disable = true parameter prevents guest processes and VMware Tools from writing sensitive name-value pairs into the VM configuration file.
Setting isolation.tools.setinfo.disable = true disables the SetInfo VMware Tools channel, which prevents guest OS processes from writing arbitrary name-value pairs into the .vmx configuration file. This stops sensitive information such as passwords or tokens from being inadvertently stored in a plaintext file accessible to anyone with datastore access. This is a recommended hardening parameter in the VMware vSphere Security Configuration Guide.
isolation.tools.setinfo.enable = true is not a valid VMware advanced parameter key - the correct key uses the 'disable' suffix, and this format does not match the recognized naming convention.
Setting isolation.tools.setinfo.disable = false explicitly enables the SetInfo channel, which is the opposite of the desired behavior and would allow sensitive data to continue being written to configuration files.
isolation.tools.setinfo.enable = false is not a recognized valid parameter key and does not correspond to the correct VMware VM advanced parameter naming convention.
Concept tested: VM advanced parameter to restrict guest configuration file writes
Source: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-DA5F3EA8-8CF2-4832-B6E3-938580B4EB24.html
Topics
Community Discussion
No community discussion yet for this question.