It is A. This sentence is from standard as PCI DSS:
"2.2.1 Implement only one primary function per server to prevent functions that require different security levels from co-existing on the same server. (For example, web servers, database servers, and DNS should be implemented on separate servers.)"
The BEST approach to implement multiple servers on a virtual system is A.
Requirement 2.2.1 of the PCI DSS states that organizations must implement only one primary function per server to prevent functions that require different security levels from coexisting on the same server. This requirement helps to reduce the risk of unauthorized access or data leakage between different functions.
Moreover, Requirement 2.2.2 of the PCI DSS states that organizations must ensure that security configurations are not applied to other servers in a manner that would negatively impact the security of the cardholder data environment. This requirement emphasizes the importance of applying individual security configurations to each virtual server to ensure that the security of each server is not compromised.
A. Implement one primary function per virtual server and apply individual security configuration for each virtual server.
This approach allows for more granular control of security and reduces the attack surface. Each virtual server can be configured with a unique security configuration that is tailored to its specific function, which minimizes the risk of a compromise affecting multiple servers or functions. Additionally, if one virtual server is compromised, the attacker would have access to only the resources and data on that specific virtual server, which limits the overall impact.
Implementing multiple functions within the same virtual server, and apply the same security configuration for each virtual server, may lead to a scenario where a vulnerability in one service can be used to compromise the security of other services or the whole system, and it would be harder to identify and isolate the breach.
The answer is D. The first benefit of VMs is consolidation. That's why the answer should be the easiest and more secure option. On the other hand, If you configure different security configurations on each virtual server, it might not work when you deploy. It's recommended to keep the same configuration.
To think about this question in real-life, the AV or Anti-malware product in agentless or lite agent modes all be implemented by the central management with one unified policy&tasks or profiles and distributed to the clients/servers based upon hypervisor like MS Hyper-V or VMware ESXi,so still vote to D.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Rollizo
Highly Voted 1 year, 5 months agoRollizo
1 year, 5 months agojackdryan
10 months, 1 week agojon1991
Highly Voted 1 year, 6 months ago74gjd_37
Most Recent 5 months, 3 weeks agoDee83
1 year, 1 month agobynd
1 year, 4 months agoFiredragon
1 year, 4 months agofax
1 year, 5 months agoPeterzhang
1 year, 5 months agostickerbush1970
1 year, 6 months agoDERCHEF2009
1 year, 6 months ago