Question

A security engineer is working to secure an organization's VMs. While reviewing the workflow for creating VMs on demand, the engineer raises a concern about the integrity of the secure boot process of the VM guest.

Which of the following would BEST address this concern?

A. Configure file integrity monitoring of the guest OS.
B. Enable the vTPM on a Type 2 hypervisor.
C. Only deploy servers that are based on a hardened image.
D. Protect the memory allocation of a Type 1 hypervisor.

Answer 1

The BEST way to address the concern about the integrity of the secure boot process of the VM guest is to only deploy servers that are based on a hardened image.

Step-by-step explanation:

The BEST way to address the concern about the integrity of the secure boot process of the VM guest is to C. Only deploy servers that are based on a hardened image. Deploying servers that are based on a hardened image ensures that the VM guest has gone through a rigorous security configuration process, including the secure boot process. This helps to minimize the risk of any tampering or compromise during the boot process.

Option A, configuring file integrity monitoring of the guest OS, can help detect changes to files but may not prevent tampering during the boot process. Option B, enabling the vTPM on a Type 2 hypervisor, focuses more on the virtualization layer rather than the integrity of the guest OS itself. Option D, protecting the memory allocation of a Type 1 hypervisor, is more relevant for securing the hypervisor itself rather than the guest OS.