A security audit states that the attack surface of several developer laptops running Type 2 hypervisors must be reduced immediately. According to virtualization security best practices, which action should the technician perform FIRST to address this requirement?
Enable nested paging (SLAT) and IOMMU support in UEFI firmware.
Create a snapshot of every virtual machine before each update cycle.
Assign each virtual machine to a unique VLAN on the core switch.
Apply the latest security patches to the host operating system and hypervisor software.
Type 2 hypervisors rely on a fully featured host operating system. If that OS contains unpatched vulnerabilities, every virtual machine running on top of it can be compromised, regardless of the guest settings. Therefore, keeping the host OS and the hypervisor application fully patched is the most critical first step in hardening a desktop-class virtualization platform.
Taking snapshots protects data but does not shrink the attack surface.
Placing each VM on its own VLAN improves network segmentation but does not remove exploitable code from the host.
Enabling nested paging (SLAT/IOMMU) can enhance performance or device pass-through, yet it does not mitigate software vulnerabilities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Type 2 hypervisor?
Open an interactive chat with Bash
Why is patching the host OS and hypervisor critical?
Open an interactive chat with Bash
How does VLAN configuration benefit virtual machines?