nerdexam
(ISC)2

CISSP · Question #1488

A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user's access to data files?

The correct answer is D. Guest OS audit logs. In a strongly isolated VM environment, each guest OS manages its own file access independently. Auditing user access to data files requires reviewing the audit logs maintained by the specific guest OS where those files reside.

Submitted by satoshi_tk· Mar 5, 2026Security Operations

Question

A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user's access to data files?

Options

  • AHost VM monitor audit logs
  • BGuest OS access controls
  • CHost VM access controls
  • DGuest OS audit logs

How the community answered

(57 responses)
  • A
    12% (7)
  • B
    9% (5)
  • C
    5% (3)
  • D
    74% (42)

Why each option

In a strongly isolated VM environment, each guest OS manages its own file access independently. Auditing user access to data files requires reviewing the audit logs maintained by the specific guest OS where those files reside.

AHost VM monitor audit logs

The VM monitor (hypervisor) audit logs track hypervisor-level events such as VM creation, deletion, and resource allocation, not user-level file access within individual guest operating systems.

BGuest OS access controls

Guest OS access controls define permissions and policies for who can access files, but they do not provide an audit trail or log of actual access events that have already occurred.

CHost VM access controls

Host VM access controls govern who can manage the hypervisor and virtual machine configurations, not who accessed data files within a specific guest OS.

DGuest OS audit logsCorrect

In a virtualized environment with strong isolation, each guest OS operates independently and maintains its own audit logs for file and resource access. Since data files live within the guest OS filesystem, only the guest OS audit logs capture user-level file access events such as reads, writes, and permission changes. The hypervisor has no visibility into file-level operations occurring inside the guest.

Concept tested: Guest OS audit logging in virtualized environments

Source: https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/basic-audit-object-access

Topics

#Virtualization security#Audit logs#Guest OS#Access control

Community Discussion

No community discussion yet for this question.

Full CISSP Practice