CompTIA CASP+ Practice Test

What is a core concern of a security architect regarding virtualization for hosting services?

• A. Increased response time for virtual machines
• B. Liability for disclosure of sensitive data due to shared resources
• C. Higher operational costs for physical servers
• D. Compatibility with all software applications

The correct answer is: Liability for disclosure of sensitive data due to shared resources

A core concern of a security architect regarding virtualization for hosting services is the liability for disclosure of sensitive data due to shared resources. Virtualization allows multiple virtual machines (VMs) to run on a single physical server, which means that resources like CPU, memory, and storage are shared among different VMs. This shared environment can lead to security vulnerabilities such as data leakage or unauthorized access if proper isolation controls are not enforced. Since different virtual machines could potentially access the same physical resources, if one VM is compromised, there is a risk that sensitive data from other VMs could be exposed. This concern is heightened in multi-tenant environments, where multiple clients' workloads are hosted on the same infrastructure. In such scenarios, organizations must ensure stringent security measures to prevent data breaches and maintain compliance with regulations that protect sensitive information. While other concerns like response time, operational costs, and application compatibility are valid considerations in a virtualization context, they are not as directly tied to the security implications of shared resources as the liability for data disclosure is. These factors, while important for overall infrastructure management and efficiency, do not primarily pertain to the protection of sensitive data, which is a critical focus for a security architect.