A security officer has issued a new directive that users will no longer have access to change connected network
adapters to limit denial of service on a virtual machine.
Which two correct virtual machine advanced configuration parameters will accomplish this? (Choose two.)
A.
isolation.device.edit.disable = “FALSE”
B.
isolation.device.edit.disable = “TRUE”
C.
isolation.device.connectable.disable = “FALSE”
D.
isolation.device.connectable.disable = “TRUE”
Explanation:
https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%
2FGUID-F88A5FED-552B-44F9-A168-C62D9306DBD6.html
By default, the ability to connect and disconnect devices is disabled. When this feature is enabled, users and processes without root or administrator privileges can connect devices such as network adapters and CD-ROM drives, and they can modify device settings. That is, a user can connect a disconnected CD-ROM drive and access sensitive information on the media left in the drive. A user can also disconnect a network adapter to isolate the virtual machine from its network, which is a denial of service. To avoid risks associated with this feature, retain the following .vmx settings, which disable the ability to connect and disconnect devices or to modify device settings:
isolation.device.connectable.disable = “TRUE”
isolation.device.edit.disable = “TRUE”