nerdexam
ExamsCISSPQuestions#1488
(ISC)2(ISC)2

CISSP · Question #1488

CISSP Question #1488: Real Exam Question with Answer & Explanation

The correct answer is D: Guest OS audit logs. In a strongly isolated VM environment, each guest OS manages its own file access independently. Auditing user access to data files requires reviewing the audit logs maintained by the specific guest OS where those files reside.

Submitted by satoshi_tk· Mar 5, 2026Security Operations

Question

A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user's access to data files?

Options

  • AHost VM monitor audit logs
  • BGuest OS access controls
  • CHost VM access controls
  • DGuest OS audit logs

Explanation

In a strongly isolated VM environment, each guest OS manages its own file access independently. Auditing user access to data files requires reviewing the audit logs maintained by the specific guest OS where those files reside.

Common mistakes.

  • A. The VM monitor (hypervisor) audit logs track hypervisor-level events such as VM creation, deletion, and resource allocation, not user-level file access within individual guest operating systems.
  • B. Guest OS access controls define permissions and policies for who can access files, but they do not provide an audit trail or log of actual access events that have already occurred.
  • C. Host VM access controls govern who can manage the hypervisor and virtual machine configurations, not who accessed data files within a specific guest OS.

Concept tested. Guest OS audit logging in virtualized environments

Reference. https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/basic-audit-object-access

Topics

#Virtualization security#Audit logs#Guest OS#Access control

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CISSP PracticeBrowse All CISSP Questions