A security officer has issued a new directive that users will no longer have access to change connected network
adapters to limit denial of service on a virtual machine.
Which two correct virtual machine advanced configuration parameters will accomplish this? (Choose two.)
A.
isolation.device.edit.disable = “FALSE”
B.
isolation.device.edit.disable = “TRUE”
C.
isolation.device.connectable.disable = “FALSE”
D.
isolation.device.connectable.disable = “TRUE”
Explanation:
https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%
2FGUID-F88A5FED-552B-44F9-A168-C62D9306DBD6.html
Source: https://pubs.vmware.com/vsphere-51/index.jsp#com.vmware.vsphere.security.doc/GUID-F88A5FED-552B-44F9-A168-C62D9306DBD6.html
Answer is B and D as follows:
Prevent a Virtual Machine User or Process from Disconnecting Devices in the vSphere Web Client
Users and processes without root or administrator privileges within virtual machines have the capability to connect or disconnect devices, such as network adaptors and CD-ROM drives, as well as the ability to modify device settings. To increase virtual machine security, remove these devices. If you do not want to permanently remove a device, you can prevent a virtual machine user or process from connecting or disconnecting the device from within the guest operating system.
Value
isolation.device.connectable.disable
true
isolation.device.edit.disable
true
B&D