Question

A new database application was added to a company's hosted VM environment. Firewall ACLs were modified to allow database users to access the server remotely. The company's cloud security broker then identified abnormal from a database user on-site. Upon further investigation, the security team noticed the user ran code on a VM that provided access to the hypervisor directly and access to other sensitive data.

Which of the following should the security team do to help mitigate future attacks within the VM environment? (Choose two.)

A. Install the appropriate patches.
B. Install perimeter NGFW.
C. Configure VM isolation.
D. Deprovision database VM.
E. Change the userג€™s access privileges.
F. Update virus definitions on all endpoints.

Answer 1

To mitigate future VM environment attacks, the security team should configure VM isolation and change the user's access privileges to contain potential breaches and minimize risks.

Step-by-step explanation:

To mitigate future attacks within the VM environment after an incident where abnormal activities were detected from a database user who ran code on a VM with direct hypervisor access, the security team should consider the following actions:

Configure VM isolation: This prevents VMs from interacting with each other unnecessarily, which can contain breaches within a single compromised VM and protect the other VMs and the hypervisor from being accessed.

Change the user's access privileges: This minimizes the security risk by ensuring that users have only the access necessary to perform their jobs, which could prevent similar incidents from occurring if the user's credentials are compromised.

While patching and updating virus definitions are also important in maintaining a secure environment, in the context of direct access to the hypervisor and VM isolation, A and F from the provided options are less relevant as initial steps for this particular scenario.