2V0-622 Question #378: Real Exam Question with Answer & Explanation

The correct answer is B: isolation.device.edit.disable = "TRUE". Two VM advanced configuration parameters must both be set to TRUE to block users from editing and connecting network adapters, preventing denial-of-service manipulation of virtual devices.

Section 1 – Configure and Administer vSphere 6.5 Security

Question

A security officer has issued a new directive that users will no longer have access to change connected network adapters to limit denial of service on a virtual machine. Which two correct virtual machine advanced configuration parameters will accomplish this? (Choose two.)

Options

Aisolation.device.edit.disable = "FALSE"
Bisolation.device.edit.disable = "TRUE"
Cisolation.device.connectable.disable = "FALSE"
Disolation.device.connectable.disable = "TRUE"

Explanation

Two VM advanced configuration parameters must both be set to TRUE to block users from editing and connecting network adapters, preventing denial-of-service manipulation of virtual devices.

Common mistakes.

A. Setting isolation.device.edit.disable to FALSE explicitly permits device editing, which is the opposite of the restriction the security directive requires.
C. Setting isolation.device.connectable.disable to FALSE explicitly permits connect and disconnect operations on virtual devices, directly contradicting the intent of the security directive.

Concept tested. VM advanced isolation parameters for device access control

Reference. https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-E9B71B85-D223-4EB7-A3E1-5B7CB8E3D007.html

Topics

#VM security#isolation parameters#network adapter#advanced configuration

Community Discussion

No community discussion yet for this question.

Full 2V0-622 Practice