Certificate of Cloud Security Knowledge (CCSK) — Question 177

CCM: A hypothetical company called "lnfrastructure4Sure" provides Infrastructure as a Service (IaaS) to its clients. A customer wants to review Infrastructure4Sure's hypervisor security implementation measures. Which of the following measures should Infrastructure4Sure implement?

Answer options

• A. Choose a hypervisor with a smaller footprint for a reduced attack surface.
• B. Harden the hypervisor's configuration to increase areas of vulnerability (e.g., disabling memory sharing between VMs running within the same hypervisor hosts).
• C. Connect unused physical hardware devices and enable clipboard or file-sharing services.
• D. Monitor for signs of compromise by analyzing hypervisor logs on an ongoing basis.
• E. A and D

Correct answer: A

Explanation

The correct answer is A because selecting a hypervisor with a smaller footprint helps in minimizing potential vulnerabilities, thereby enhancing security. Option B is incorrect as hardening configurations should limit vulnerabilities, not increase them. Option C is not advisable since connecting unused devices and enabling sharing services can create additional security risks. Option D is also beneficial but does not directly address the selection of the hypervisor itself, which is why A is the best answer.