Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam 2V0-21.19 topic 1 question 93 discussion

Actual exam question from VMware's 2V0-21.19
Question #: 93
Topic #: 1
[All 2V0-21.19 Questions]

A customer suspects someone or something is changing the MAC address of a virtual machine.
Which security policy should the customer modify to obtain more information?

  • A. MAC Address Change
  • B. Promiscuous Mode
  • C. Discovery Protocol
  • D. Forged Transmits
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Grande
Highly Voted 4 years, 5 months ago
I think its B as question is to obtain more info of what is happening which one can interpret as sniffing the network and that is one of the uses of setting promiscuous mode. it it was to stop mac address changes then A would be appropriate since an admin can choose to either enable or disabled.
upvoted 13 times
fastbikkel
4 years, 5 months ago
Good point, also crossed my mind. But it does not state anything about using a sniffer. Stopping it's traffic could also bring information, i.e. when a user calls the helpdesk that something stopped working :-) I am truly not sure what is correct here, im leaning towards B.
upvoted 8 times
...
...
acryz
Highly Voted 4 years, 4 months ago
I think it's B Promiscuous mode because 'to obtain more information" Mac Adresse change is accept or reject. Doesn't give more information at all.
upvoted 9 times
...
JoeTech88
Most Recent 2 years, 4 months ago
It's a horribly written question. It all depends on how an admin would "obtain information" Options A and D block (or allow) frames with the modified addresses. It's possible that one may change these settings as a means of obtaining info. Option B could be correct, but only if we have a sniffer running on a VM, which is not a normal assumption. It seems like that is the most likely answer, although it's not a very good question/answer.
upvoted 1 times
...
NickNs
3 years, 3 months ago
https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.security.doc/GUID-92F3AB1F-B4C5-4F25-A010-8820D7250350.html Although promiscuous mode can be useful for tracking network activity, it is an insecure mode of operation,
upvoted 1 times
...
sdus
3 years, 5 months ago
The right answer is B, security policy just contains A,B and D, so C is the first dismissed, as for A and D, the default setting is Accept and B is Reject. Then if modify A from default setting Accept to Reject then will stop his suspects since no MAC address changed packages will be received by certain VM, the same as option D.
upvoted 2 times
...
tgortva
3 years, 8 months ago
Correct answer is B: Key phrase is "obtain more information". Set Promiscuous mode to Accept to use an application in a virtual machine that analyzes or sniffs packets, such as a network-based intrusion detection system.
upvoted 3 times
...
Rass2
3 years, 10 months ago
Correct answer B. Checked in egzam.
upvoted 2 times
sahing
3 years, 5 months ago
This guy is under almost every tricky question. With same words always.
upvoted 6 times
broh
3 years, 5 months ago
da real mvp
upvoted 1 times
...
...
...
GPunk
3 years, 10 months ago
Forged Transmits ____________________________ The Forged transmits option affects traffic that is transmitted from a virtual machine. When the Forged transmits option is set to Accept, ESXi does not compare source and effective MAC addresses. To protect against MAC impersonation, you can set the Forged transmits option to Reject. If you do, the host compares the source MAC address being transmitted by the guest operating system with the effective MAC address for its virtual machine adapter to see if they match. If the addresses do not match, the ESXi host drops the packet. The guest operating system does not detect that its virtual machine adapter cannot send packets by using the impersonated MAC address. *****The ESXi host intercepts any packets with impersonated addresses before they are delivered, and the guest operating system might assume that the packets are dropped.*********************
upvoted 2 times
...
edineme
3 years, 10 months ago
For me it's "B" Because we want to get more information, so set Promiscuous mode to Accept to use an application in a virtual machine that analyzes or sniffs packets, such as a network-based intrusion detection system.
upvoted 4 times
...
as2ah1
3 years, 11 months ago
"" to obtain more information "" i.e promiscuous mode" Answer : B
upvoted 3 times
...
Vinythepat
4 years ago
Correct answer is B. Questions clearly says that "Which security policy should the customer modify to obtain more information?", in order to obtain "more info", you have to use promiscuous. Read below kb https://kb.vmware.com/s/article/1002934?lang=en It says "This can be useful for intrusion detection monitoring or if a sniffer needs to analyze all traffic on the network segment."
upvoted 4 times
...
enifant
4 years, 1 month ago
To me it seems A: Mac Address Policy has "Accept" or "Reject" .... Reject says: "When the Mac address changes option is set to Reject, ESXi does not honor requests to change the effective MAC address to a different address than the initial MAC address. This setting protects the host against MAC impersonation. The port that the virtual machine adapter used to send the request is disabled and the virtual machine adapter does not receive any more frames until the effective MAC address matches the initial MAC address. The guest operating system does not detect that the MAC address change request was not honored." https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.security.doc/GUID-942BD3AA-731B-4A05-8196-66F2B4BF1ACB.html#GUID-942BD3AA-731B-4A05-8196-66F2B4BF1ACB
upvoted 2 times
...
metapedro
4 years, 1 month ago
Correct answer B. Checked in exam.
upvoted 5 times
...
metapedro
4 years, 1 month ago
Correct answer B. Checked in exam.
upvoted 2 times
...
lgalford
4 years, 1 month ago
for the the right answer is B. https://kb.vmware.com/s/article/1002934?lang=en
upvoted 4 times
...
5kyFx
4 years, 1 month ago
I would go with D A is blocking traffic from vSwitch to VM (if initial MAC doesnt match actual MAC) D is dropping traffic from VM at vSwitch (if MAC changed from initial) so supposing someone changes MAC address I assume it wasnt done at vSphere level but rather on the VM itself (by naughty-windows-admin)
upvoted 1 times
5kyFx
4 years, 1 month ago
I was wrong - it can not be D at all ( https://wahlnetwork.com/2013/04/29/how-the-vmware-forged-transmits-security-policy-works/ ) ...The key thing to note about Forged Transmits is that the security policy is only policing the Effective Address of the network adapter, which is the address set by the guest OS. The policy does not compare the virtual machine’s configured MAC address, also called the Initial Address, as that duty is handled by the MAC Address Changes policy.... for the question of gathering more information (instead of supressing) I would tend to go with B
upvoted 4 times
sasaz
3 years, 7 months ago
The question is: "how to gain more information" not to "prevent" the issue. So the answer should be B, use the Promiscuous Mode to 'sniff' more details.
upvoted 3 times
...
...
...
leodelca23
4 years, 2 months ago
I think it 's A. Because the question is about the MAC address change and not talking about whether you need to catch traffic or other options. https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.security.doc/GUID-942BD3AA-731B-4A05-8196-66F2B4BF1ACB.html#GUID-942BD3AA-731B-4A05-8196-66F2B4BF1ACB https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.security.doc/GUID-3507432E-AFEA-4B6B-B404-17A020575358.html
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...