CAS-002 · Question #41
CAS-002 Question #41: Real Exam Question with Answer & Explanation
The correct answer is D: The virus is trying to access a virtual device which the hypervisor is configured to restrict.. The virus is attempting to access virtual hardware devices (such as a virtual network adapter, USB controller, or disk interface) that the hypervisor has restricted. Hypervisors like VMware ESXi or Hyper-V control which virtual devices a VM can interact with. When the virus execu
Question
Options
- AThe hypervisor host does not have hardware acceleration enabled and does not allow DEP.
- BThe virus scanner on the VM changes file extensions of all programs downloaded via P2P
- CThe virtual machine is configured to require administrator rights to execute all programs.
- DThe virus is trying to access a virtual device which the hypervisor is configured to restrict.
Explanation
The virus is attempting to access virtual hardware devices (such as a virtual network adapter, USB controller, or disk interface) that the hypervisor has restricted. Hypervisors like VMware ESXi or Hyper-V control which virtual devices a VM can interact with. When the virus executed and attempted to access these restricted virtual devices, the hypervisor logged the access attempts - which is exactly what the administrator correlated. This is a common behavior for malware designed to attack hypervisor-managed resources or attempt VM escape. Option A is irrelevant because DEP/hardware acceleration affects execution prevention, not device access logs. Option B is a distractor about file extensions. Option C would prevent the program from running at all, not generate device access attempts in hypervisor logs.
Community Discussion
No community discussion yet for this question.