Certified Information Systems Security Professional (CISSP) — Question 120

How is protection for hypervisor host and software administration functions BEST achieved?

Answer options

• A. Enforce network controls using a host-based firewall.
• B. Deploy the management interface in a dedicated virtual network segment.
• C. The management traffic pathway should have separate physical network interface cards (NIC) and network.
• D. Deny permissions to specific virtual machines (VM) groups and objects.

Correct answer: C

Explanation

The correct answer, C, emphasizes the importance of using separate physical network interface cards (NIC) and networks for management traffic, which enhances security by isolating management from other traffic. Options A and B do not provide the same level of physical separation, while D addresses permissions but does not protect the management interface itself.