nerdexam
Broadcom-VMware

2V0-622 · Question #378

A security officer has issued a new directive that users will no longer have access to change connected network adapters to limit denial of service on a virtual machine. Which two correct virtual mach

The correct answer is B. isolation.device.edit.disable = "TRUE" D. isolation.device.connectable.disable = "TRUE". Two VM advanced configuration parameters must both be set to TRUE to block users from editing and connecting network adapters, preventing denial-of-service manipulation of virtual devices.

Section 1 – Configure and Administer vSphere 6.5 Security

Question

A security officer has issued a new directive that users will no longer have access to change connected network adapters to limit denial of service on a virtual machine. Which two correct virtual machine advanced configuration parameters will accomplish this? (Choose two.)

Options

  • Aisolation.device.edit.disable = "FALSE"
  • Bisolation.device.edit.disable = "TRUE"
  • Cisolation.device.connectable.disable = "FALSE"
  • Disolation.device.connectable.disable = "TRUE"

How the community answered

(55 responses)
  • A
    18% (10)
  • B
    73% (40)
  • C
    9% (5)

Why each option

Two VM advanced configuration parameters must both be set to TRUE to block users from editing and connecting network adapters, preventing denial-of-service manipulation of virtual devices.

Aisolation.device.edit.disable = "FALSE"

Setting isolation.device.edit.disable to FALSE explicitly permits device editing, which is the opposite of the restriction the security directive requires.

Bisolation.device.edit.disable = "TRUE"Correct

Setting isolation.device.edit.disable to TRUE prevents any user from modifying device configuration properties on the virtual machine, including network adapter settings that could be changed to disrupt network behavior.

Cisolation.device.connectable.disable = "FALSE"

Setting isolation.device.connectable.disable to FALSE explicitly permits connect and disconnect operations on virtual devices, directly contradicting the intent of the security directive.

Disolation.device.connectable.disable = "TRUE"Correct

Setting isolation.device.connectable.disable to TRUE prevents users from connecting or disconnecting virtual devices such as network adapters, directly blocking the ability to manipulate connectivity in a way that could cause a denial-of-service condition.

Concept tested: VM advanced isolation parameters for device access control

Source: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-E9B71B85-D223-4EB7-A3E1-5B7CB8E3D007.html

Topics

#VM security#isolation parameters#network adapter#advanced configuration

Community Discussion

No community discussion yet for this question.

Full 2V0-622 Practice