Which two countermeasures can be employed to prevent VM escape?

Sandboxing is a security measure that isolates applications or processes within a controlled environment. By running potentially untrusted or vulnerable applications in a sandboxed environment, the impact of any successful VM escape attempt can be limited. Sandboxing restricts the privileges and access of the application, preventing it from breaking out of the virtualized environment and compromising the host system.
Patch management involves regularly updating and applying software patches to address known vulnerabilities. By keeping the virtualization software, the hypervisor, and the virtual machine images up to date with the latest security patches, the risk of VM escape can be mitigated. Patches often include fixes for known vulnerabilities that attackers may exploit to escape from a virtual machine, so timely patching is crucial to maintaining a secure virtualized environment.