CompTIA CASP+ (CAS-003) — Question 178

A new database application was added to a company's hosted VM environment. Firewall ACLs were modified to allow database users to access the server remotely. The company's cloud security broker then identified abnormal from a database user on-site. Upon further investigation, the security team noticed the user ran code on a VM that provided access to the hypervisor directly and access to other sensitive data.

Which of the following should the security team
do to help mitigate future attacks within the VM environment? (Choose two.)

Answer options

• A. Install the appropriate patches.
• B. Install perimeter NGFW.
• C. Configure VM isolation.
• D. Deprovision database VM.
• E. Change the user's access privileges.
• F. Update virus definitions on all endpoints.

Correct answer: A, C

Explanation

Installing the appropriate patches (A) is vital to fix vulnerabilities that could be exploited, while configuring VM isolation (C) helps to prevent unauthorized access between virtual machines, enhancing security. The other options, while potentially useful, do not directly address the identified security vulnerability associated with the user accessing the hypervisor.