nerdexam
Broadcom-VMware

2V0-622 · Question #27

An administrator has recently audited the environment and found numerous virtual machines with sensitive data written to the configuration files. To prevent this in the future, which advanced paramete

The correct answer is A. isolation.tools.setinfo.disable = true. The isolation.tools.setinfo.disable = true parameter prevents guest processes and VMware Tools from writing sensitive name-value pairs into the VM configuration file.

Section 1 – Configure and Administer vSphere 6.5 Security

Question

An administrator has recently audited the environment and found numerous virtual machines with sensitive data written to the configuration files. To prevent this in the future, which advanced parameter should be applied to the virtual machines?

Options

  • Aisolation.tools.setinfo.disable = true
  • Bisolation.tools.setinfo.enable = true
  • Cisolation.tools.setinfo.disable = false
  • Disolation.tools.setinfo.enable = false

How the community answered

(32 responses)
  • A
    88% (28)
  • B
    3% (1)
  • C
    6% (2)
  • D
    3% (1)

Why each option

The isolation.tools.setinfo.disable = true parameter prevents guest processes and VMware Tools from writing sensitive name-value pairs into the VM configuration file.

Aisolation.tools.setinfo.disable = trueCorrect

Setting isolation.tools.setinfo.disable = true disables the SetInfo VMware Tools channel, which prevents guest OS processes from writing arbitrary name-value pairs into the .vmx configuration file. This stops sensitive information such as passwords or tokens from being inadvertently stored in a plaintext file accessible to anyone with datastore access. This is a recommended hardening parameter in the VMware vSphere Security Configuration Guide.

Bisolation.tools.setinfo.enable = true

isolation.tools.setinfo.enable = true is not a valid VMware advanced parameter key - the correct key uses the 'disable' suffix, and this format does not match the recognized naming convention.

Cisolation.tools.setinfo.disable = false

Setting isolation.tools.setinfo.disable = false explicitly enables the SetInfo channel, which is the opposite of the desired behavior and would allow sensitive data to continue being written to configuration files.

Disolation.tools.setinfo.enable = false

isolation.tools.setinfo.enable = false is not a recognized valid parameter key and does not correspond to the correct VMware VM advanced parameter naming convention.

Concept tested: VM advanced parameter to restrict guest configuration file writes

Source: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-DA5F3EA8-8CF2-4832-B6E3-938580B4EB24.html

Topics

#VM configuration security#isolation.tools.setinfo#sensitive data protection#advanced VM parameters

Community Discussion

No community discussion yet for this question.

Full 2V0-622 Practice