ISC2 Certified Cloud Security Professional (CCSP) Practice Question
During a security review you are asked to harden the memory configuration of a new multi-tenant IaaS host that runs a Type-1 hypervisor. The cloud provider wants to minimize the risk that one tenant could retrieve data remnants or mount side-channel attacks that read another tenant's memory pages. Which hypervisor setting BEST meets this requirement?
Enable large memory pages (2 MB/1 GB) for all virtual machines to improve TLB efficiency
Disable inter-VM transparent page sharing and ensure pages are zeroed before re-allocation
Increase the hypervisor's memory overcommit ratio to reduce swapping
Permit kernel same-page merging across guests to conserve host memory
Disabling any feature that allows the hypervisor to share identical memory pages between different virtual machines-and forcing the hypervisor to zero-fill pages before they are re-used-prevents one tenant from gaining access to data that previously belonged to another tenant. Transparent Page Sharing (TPS), Kernel Same-page Merging (KSM), and similar deduplication techniques save RAM by mapping identical pages from separate VMs to the same physical page. Security analyses have shown that attackers can abuse these mechanisms to infer or copy data across security boundaries. For this reason, leading hypervisors such as VMware ESXi now disable inter-VM TPS by default and recommend combining this with mandatory page-zeroing when pages are reclaimed. Enabling ballooning, large pages, CPU pinning, or aggressive memory overcommitment may improve performance or consolidation ratios, but they do not specifically address the risk of cross-VM memory scraping.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Transparent Page Sharing (TPS)?
Open an interactive chat with Bash
Why is page-zeroing important in hypervisor memory management?
Open an interactive chat with Bash
What is a Type-1 hypervisor, and how does it differ from a Type-2 hypervisor?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Security Operations
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .