An engineer is assisting with the design of a new virtualized environment that will house critical company services and reduce the datacenter's physical footprint.
The company has expressed concern about the integrity of operating systems and wants to ensure a vulnerability exploited in one datacenter segment would not lead to the compromise of all others.
Which of the following design objectives should the engineer complete to BEST mitigate the company's concerns? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.AC.
The company wants to ensure the integrity of operating systems and reduce the risk of vulnerability exploitation in one datacenter segment compromising others. To achieve this objective, the engineer should complete the following design objectives:
B. Employ the use of vTPM with boot attestation:
This design objective involves using virtual Trusted Platform Module (vTPM) with boot attestation. A vTPM is a software-based security component that emulates a hardware TPM, providing trusted computing functions to virtual machines. Boot attestation ensures that the operating system and software running on a virtual machine have not been modified or tampered with before booting. This helps to ensure that the virtual machines in the datacenter are running unmodified operating systems, reducing the risk of vulnerability exploitation.
E. Deploy to a private cloud with hosted hypervisors on each physical machine:
Deploying to a private cloud with hosted hypervisors on each physical machine involves setting up a virtualized environment on private cloud infrastructure where each physical machine is running a hypervisor. This design objective helps to reduce the risk of vulnerability exploitation by segregating virtual machines running sensitive services and data from those running less critical services. The use of a private cloud ensures that the virtualized environment is isolated from other cloud tenants and reduces the risk of unauthorized access.
Therefore, the best way to mitigate the company's concerns is to employ the use of vTPM with boot attestation and deploy to a private cloud with hosted hypervisors on each physical machine. Option B and E are the correct choices.
Option A is incorrect because deploying virtual desktop infrastructure with an out-of-band (OOB) management network does not address the issue of the integrity of operating systems. An OOB management network is used to provide secure management access to the virtualized environment.
Option C is incorrect because leveraging separate physical hardware for sensitive services and data is expensive and does not address the issue of vulnerability exploitation in one datacenter segment compromising others.
Option D is incorrect because using a community CSP with independently managed security services does not ensure the integrity of operating systems and does not address the issue of vulnerability exploitation in one datacenter segment compromising others.