2V0-622 · Question #378
A security officer has issued a new directive that users will no longer have access to change connected network adapters to limit denial of service on a virtual machine. Which two correct virtual mach
The correct answer is B. isolation.device.edit.disable = "TRUE" D. isolation.device.connectable.disable = "TRUE". Two VM advanced configuration parameters must both be set to TRUE to block users from editing and connecting network adapters, preventing denial-of-service manipulation of virtual devices.
Question
A security officer has issued a new directive that users will no longer have access to change connected network adapters to limit denial of service on a virtual machine. Which two correct virtual machine advanced configuration parameters will accomplish this? (Choose two.)
Options
- Aisolation.device.edit.disable = "FALSE"
- Bisolation.device.edit.disable = "TRUE"
- Cisolation.device.connectable.disable = "FALSE"
- Disolation.device.connectable.disable = "TRUE"
How the community answered
(55 responses)- A18% (10)
- B73% (40)
- C9% (5)
Why each option
Two VM advanced configuration parameters must both be set to TRUE to block users from editing and connecting network adapters, preventing denial-of-service manipulation of virtual devices.
Setting isolation.device.edit.disable to FALSE explicitly permits device editing, which is the opposite of the restriction the security directive requires.
Setting isolation.device.edit.disable to TRUE prevents any user from modifying device configuration properties on the virtual machine, including network adapter settings that could be changed to disrupt network behavior.
Setting isolation.device.connectable.disable to FALSE explicitly permits connect and disconnect operations on virtual devices, directly contradicting the intent of the security directive.
Setting isolation.device.connectable.disable to TRUE prevents users from connecting or disconnecting virtual devices such as network adapters, directly blocking the ability to manipulate connectivity in a way that could cause a denial-of-service condition.
Concept tested: VM advanced isolation parameters for device access control
Source: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-E9B71B85-D223-4EB7-A3E1-5B7CB8E3D007.html
Topics
Community Discussion
No community discussion yet for this question.