Which of the following should the security do to help mitigate future attacks within the VM environment?

– by 5

A new database application was added to a company’s hosted VM environment. Firewall ACLs were modified to allow database users to access the server remotely. The company’s cloud security broker then identified abnormal from a database user on-site. Upon further investigation, the security team noticed the user ran code on a VM that provided access to the hypervisor directly and access to other sensitive data. Which of the following should the security do to help mitigate future attacks within the VM environment? (Choose two.)
A. Install the appropriate patches.
B. Install perimeter NGFW.
C. Configure VM isolation.
D. Deprovision database VM.
E. Change the user’s access privileges.
F. Update virus definitions on all endpoints.

How to PASS CAS-004 in First Attempt?

FULL Printable PDF and Software. VALID exam to help you PASS.
comptia-exams

5 thoughts on “Which of the following should the security do to help mitigate future attacks within the VM environment?

  1. Maybe not: C. Configure VM isolation ?

    I think VM isolation usually means keeping one VM from interacting with another VM. I don’t know if VM isolation means preventing a VM from interacting with the hypervisor. From the question: “the user ran code on a VM that provided access to the hypervisor directly.”

    Reply

  2. I would think A and C.

    A. This is a hypervisor vulnerability, there is likely a vendor provided patch

    B. Isn’t obviously applicable. This may only apply to some VMS.

    C. Most hypervisors have additional security features/configurations that can be implemented to mitigate future vulnerabilities. Moving from PV to HVM would be one (these are not CASP+ terms, that I know of).

    D. Would technically prevent the database from leaking via this hypervisor. But this assumes it has somewhere safer to go or isn’t needed anymore.

    E. This could possibly prevent this user from leveraging attack, but as far as mitigations go this is extremely narrow.

    F. AntiVirus often doesn’t run on servers. HIDS run on servers. Antivirus may only prevent desktops from being used to pivot to servers.

    Reply

  3. CE… “…user ran code on a VM & …hypervisor directly and access to other sensitive data”, so don’t let user ran code and implement VM isolation.
    A. (no patch to install… except if you talk about VMtool which is prerequisite of VM isolation.)
    B. (There’s already a Firewall)
    C. Configure VM isolation. (Yes isolate the VM, so file transfer is between VM and host is not possible.)
    D. (No… database VM didn’t do anything wrong.)
    E. Change the user’s access privileges. (Yes. Don’t let user run code.)
    F. (No. not a virus problem.)

    4
    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.