Crucial Exams

ISC2 Certified Cloud Security Professional (CCSP) Practice Question

A public IaaS provider uses KVM to host multitenant workloads. A critical hypervisor privilege-escalation (VM-escape) flaw that abuses direct device passthrough handling has just been disclosed. While vendor patches are still being validated, which immediate action will most directly reduce the likelihood that a malicious tenant can break out of its guest and reach the host or neighboring tenants?

  • Store every tenant's encryption keys inside the same virtual machine that uses them to avoid network exposure.

  • Place each tenant in a separate virtual network and enforce restrictive security group rules.

  • Enable memory page deduplication so identical memory pages are shared across guest VMs.

  • Disable all PCI, USB, and other device passthrough so guests use only standard virtual devices.

ISC2 Certified Cloud Security Professional (CCSP)
Cloud Concepts, Architecture and Design
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot