CompTIA SecurityX (CAS-005) — Question 214

A cloud security architect has been tasked with finding a solution for hardening VMs. The solution must meet the following requirements:

• Data needs to be stored outside of the VMs.
• No unauthorized modifications to the VMs are allowed.
• If a change needs to be done, a new VM needs to be deployed.

Which of the following is the best solution?

Answer options

• A. Immutable system
• B. Data loss prevention
• C. Storage area network
• D. Baseline template

Correct answer: A

Explanation

The correct answer is A, Immutable system, because it ensures that once a VM is deployed, it cannot be altered, which aligns with the requirement of no unauthorized modifications. The other options do not meet all the specified criteria; for example, B (Data loss prevention) focuses on protecting data rather than securing VM configurations, C (Storage area network) is related to data storage rather than VM security, and D (Baseline template) does not enforce immutability.