You are worried about VM escape attacks causing a significant data breach. Which of the following would provide the most protection against this?

Virtual machine (VM) escape attacks depend on a flaw in the hypervisor that could allow an attacker to attack the hypervisor itself. Typical system administration best practices can help, which includes regular patching of the hypervisor, but in the event of a successful escape attack, minimizing damage by keeping VMs of the same sensitivity level isolated to the same host can prevent broader impact. Antivirus is always a good idea and can even stop some malware-based VM escape attacks, but isolating the VM is more useful. Full-disk encryption (FDE) will have no effect since the disk must be unencrypted during operation. A Trusted Platform Module (TPM) is used for storing cryptographic keys.