Certified Secure Software Lifecycle Professional (CSSLP) — Question 5

The NIST Information Security and Privacy Advisory Board (ISPAB) paper "Perspectives on Cloud Computing and Standards" specifies potential advantages and disdvantages of virtualization. Which of the following disadvantages does it include? Each correct answer represents a complete solution. Choose all that apply.

Answer options

• A. It increases capabilities for fault tolerant computing using rollback and snapshot features.
• B. It increases intrusion detection through introspection.
• C. It initiates the risk that malicious software is targeting the VM environment.
• D. It increases overall security risk shared resources.
• E. It creates the possibility that remote attestation may not work.
• F. It involves new protection mechanisms for preventing VM escape, VM detection, and VM-VM interference.
• G. It increases configuration effort because of complexity and composite system.

Correct answer: A, B

Explanation

The correct answers are C, D, E, F, and G, as they all represent valid disadvantages of virtualization highlighted in the NIST paper. Options A and B are advantages of virtualization, not disadvantages, and therefore should not be selected.