CCSK Question #153: Real Exam Question with Answer & Explanation

Question

Options

• AChoose a hypervisor with a smaller footprint for a reduced attack surface.
• BHarden the hypervisor's configuration to increase areas of vulnerability (e.g., disabling memory
• CConnect unused physical hardware devices and enable clipboard or file-sharing services.
• DMonitor for signs of compromise by analyzing hypervisor logs on an ongoing basis.
• EA and D

Explanation

IaaS providers must secure hypervisors by minimizing attack surface through a smaller footprint and by continuously monitoring hypervisor logs for indicators of compromise.

Common mistakes.

• A. Choosing a smaller-footprint hypervisor is a correct security measure but is incomplete on its own - it must be paired with monitoring controls such as log analysis to satisfy CCM requirements.
• B. Hardening configuration should reduce areas of vulnerability, not increase them; disabling memory protections actively weakens hypervisor security and contradicts both CCM guidance and security best practices.
• C. Connecting unused physical hardware and enabling clipboard or file-sharing services expands the attack surface, directly contradicting the principle of minimizing exposure in a secure IaaS hypervisor implementation.
• D. Monitoring hypervisor logs is a correct detective control but is insufficient alone; it must be combined with preventive measures like footprint reduction (A) to address CCM hypervisor security requirements.

Concept tested. CSA CCM IaaS hypervisor security implementation measures

Reference. https://cloudsecurityalliance.org/research/cloud-controls-matrix

No community discussion yet for this question.