Virtualized Network Security

Correct Answer: Configure MACsec encryption

The most secure way to protect communications between virtual machines on different physical hosts is to 'Configure MACsec encryption'. MACsec, or Media Access Control Security, provides data confidentiality, data integrity, and data origin authenticity at the Data Link Layer. It encrypts packets before they are sent and decrypts packets as they are received. The other options such as 'Disable port isolation', 'Increase broadcast traffic', and 'Configure ARP cache poisoning' do not provide secure communication. 'Disable port isolation' can result in data leaks or unauthorized data access as it would remove network segmentation. 'Increase broadcast traffic' would not secure data, but could potentially create a heavy load on the network, leading to decreased performance. 'Configure ARP cache poisoning' is a type of attack to intercept network traffic, therefore, it's not a security measure, but rather a security threat.

Correct Answer: Implement network virtualization and security analytics

The answer 'Implement network virtualization and security analytics' is the best choice as it directly addresses the need for security and performance within a virtualized network. Network virtualization provides isolation and segmentation that improves security while security analytics can identify and mitigate threats to the system. Conversely, the option 'Disable virtual machines' would halt operations of the mission-critical application which conflicts with the organization's goal. 'Increase traffic between virtual machines' might further degrade performance rather than improve it. Finally, 'Reduce the number of physical NICs' could potentially limit network capacity and flexibility, thereby hampering both performance and security.

Correct Answer: Implement best practices for the secure configuration of virtual switches

In a virtualized environment, it's recommended to implement best practices for the secure configuration of virtual switches. This includes restrictions on certain types of traffic, use of VLANs for segmentation, and implementation of best configuring and management practices specific to the kind of virtual switch being used. Disabling the virtual switches is not a practical solution as it will disrupt the VM's network connectivity which is the core part of virtualized environment. Increasing the number of VLANs does not necessarily make your network more secure. Having too many VLANs can also add complexity which can lead to misconfigurations and potential security vulnerabilities. Lastly, using only physical switches isn't a solution for a problem associated with virtual switches. Virtualized environments require virtual switches to regulate the interaction between virtual machines and networks.