nerdexam
ExamsCAS-001Questions#162
CompTIA

CAS-001 · Question #162

CAS-001 Question #162: Real Exam Question with Answer & Explanation

The correct answer is B: The hosting company should manage the hypervisor-based firewall; while allowing customers to. A hypervisor-based firewall centrally managed by the hosting company, with an option for customer self-management, satisfies both the managed-service and self-configuration requirements.

Question

A hosting company provides inexpensive guest virtual machines to low-margin customers. Customers manage their own guest virtual machines. Some customers want basic guarantees of logical separation from other customers and it has been indicated that some customers would like to have configuration control of this separation; whereas others want this provided as a value- added service by the hosting company. Which of the following BEST meets these requirements?

Options

  • AThe hosting company should install a hypervisor-based firewall and allow customers to manage
  • BThe hosting company should manage the hypervisor-based firewall; while allowing customers to
  • CCustomers should purchase physical firewalls to protect their guest hosts and have the hosting
  • DThe hosting company should install a host-based firewall on customer guest hosts and offer to

Explanation

A hypervisor-based firewall centrally managed by the hosting company, with an option for customer self-management, satisfies both the managed-service and self-configuration requirements.

Common mistakes.

  • A. Allowing only customer self-management of the hypervisor-based firewall satisfies the self-configuration group but does not fulfill the requirement for a hosting-company-managed separation option for customers who want it provided as a service.
  • C. Physical firewalls add significant per-customer hardware cost that is incompatible with the inexpensive, low-margin hosting model, and they do not provide the flexible managed-versus-self-managed model the question requires.
  • D. Host-based firewalls installed inside each guest VM protect only at the OS level and do not provide true hypervisor-layer logical separation between tenants, failing to meet the multi-tenant isolation requirement.

Concept tested. Hypervisor-based firewall for multi-tenant VM logical separation

Reference. https://csrc.nist.gov/publications/detail/sp/800-125/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-001 Practice