An administrator wants to configure an ESXi 6.x host to use Active Directory (AD) to manage users and groups. The AD domain group ESX Admins is planned for administrative access to the host.
Which two conditions should be considered when planning this configuration? (Choose two.)
Answer : AC
Explanation:
The setting can be altered if administrative access for ESX admins is not required. The second rule is that the ESX admins users should not be restricted by Lockdown mode.
Which two roles can be modified? (Choose two.)
Answer : BC
Explanation:
It is a common knowledge that you cannot modify Administrator role and grant whatever privileges you like. Same is the case with read-only. This role is created solely for ready only purposes. So you are left with two viable options Network administrator and
Datastore consumer both of which can be modified to add or delete privileges according to your specifications.
When attempting to log in with the vSphere Web Client, users have reported the error:
Incorrect Username/Password -
The administrator has configured the Platform Services Controller Identity Source as:
-> Type. Active Directory as an LDAP Server
-> Domain: vmware.com
-> Alias: VMWARE
-> Default Domain: Yes
Which two statements would explain why users cannot login to the vSphere Web Client?
(Choose two.)
Answer : AB
Explanation:
The possible explanation for this error might be that the users are typing password incorrectly or they are in a forest with has only 1-way trust. You need 2-way trust to get the credentials accepted.
An administrator wishes to give a user the ability to manage snapshots for virtual machines.
Which privilege does the administrator need to assign to the user?
Answer : A
Explanation:
Datastore.Allocate space allows allocating space on a datastore for a virtual machine, snapshot, clone, or virtual disk.
Reference: https://pubs.vmware.com/vsphere-
51/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-B2426ACC-D73F-
4732-8BBC-DE9B1B2263D9.html
Which Platform Service Controller Password Policy determines the number of days a password can exist before the user must change it?
Answer : A
Explanation:
You can configure the following parameters for password policy:
-> Description – Password policy description. Required.
-> Maximum lifetime – Maximum number of days that a password can exist before it has to be changed.
-> Restrict re-use – Number of the user’s previous passwords that cannot be set again.
-> Maximum length – Maximum number of characters that are allowed in the password.
-> Minimum length – Minimum number of characters required in the password.
-> Character requirements – Minimum number of different character types required in the password.
-> Identical adjacent characters – Maximum number of identical adjacent characters allowed in the password.
Reference: http://www.vladan.fr/vcp6-dcv-objective-1-3-enable-sso-and-active-directory- integration/
Which three Authorization types are valid in vSphere? (Choose three.)
Answer : ABD
Explanation:
Sphere 6.0 and later allows privileged users to give other users permissions to perform tasks in the following ways. These approaches are, for the most part, mutually exclusive; however, you can assign use global permissions to authorize certain users for all solution, and local vCenter Server permissions to authorize other users for individual vCenter Server systems. vCenter ServerPermissions
The permission model for vCenter Server systems relies on assigning permissions to objects in the object hierarchy of thatvCenter Server. Each permission gives one user or group a set of privileges, that is, a role for a selected object. For example, you can select an ESXi host and assign a role to a group of users to give those users the corresponding privileges on that host.
Global Permissions -
Global permissions are applied to a global root object that spans solutions. For example, if both vCenter Server and vCenter Orchestrator are installed, you can give permissions to all objects in both object hierarchies using global permissions.
Global permissions are replicated across the vsphere.local domain. Global permissions to not provide authorization for services managed through vsphere.local groups. See Global
Permissions.
Group Membership in vsphere.local Groups
The user [email protected] can perform tasks that are associated with services included with the Platform Services Controller. In addition, members of a vsphere.local group can perform the corresponding task. For example, you can perform license management if you are a member of the LicenseService.Administrators group. See Groups in the vsphere.local Domain.
Reference: http://pubs.vmware.com/vsphere-
60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-74F53189-EF41-
4AC1-A78E-D25621855800.html
An administrator decides to change the root password for an ESXi 6.x host to comply with the company's security policies.
What are two ways that this can be accomplished? (Choose two.)
Answer : AB
Explanation:
To prevent unauthorized access to the vCenter Server Appliance Direct Console User
Interface, you can change the password of the root user.
The default root password for the vCenter Server Appliance is the password you enter during deployment of the virtual appliance.
Reference: http://pubs.vmware.com/vsphere-
60/index.jsp?topic=%2Fcom.vmware.vsphere.vcsa.doc%2FGUID-48BAF973-4FD3-4FF3-
B1B6-5F7286C9B59A.html -
Which three options are available for replacing vCenter Server Security Certificates?
(Choose three.)
Answer : ABC
Explanation:
There are three options for replace vCenter server security certificates. You can replace it with certificates signed by VMware certificate authority; you can make the VMCA an intermediate certificate authority. Likewise, you can provision your own certificates.
Strict Lockdown Mode has been enabled on an ESXi host.
Which action should an administrator perform to allow ESXi Shell or SSH access for users with administrator privileges?
Answer : B
Reference: https://pubs.vmware.com/vsphere-
60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-F8F105F7-CF93-
46DF-9319-F8991839D265.html
Which Advanced Setting should be created for the vCenter Server to change the expiration policy of the vpxuser password?
Answer : A
Explanation:
vCenter Server creates the vpxuser account on each ESX/ESXi host that it manages. The password for each vpxuser account is auto-generated when an ESX/ESXi host is added.
The password is updated by default every 30 days.
To modify default password settings:
-> Connect vSphere Client to vCenter Server.
-> Click Administration > vCenter Server Settings > Advanced Settings.
-> Scroll to the parameter VirtualCenter.VimPasswordExpirationInDays and change the value from the default.
Reference:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC
&externalId=1016736
Which three connection types are supported between a remote site and vCloud Air?
(Choose three.)
Answer : ACE
Explanation:
The connection types supported between a remote site and vcloud Air is secure VPN, direct connect and Secure Internet Connectivity.
Topic 2, Configure and Administer Advanced vSphere Networking
A common root user account has been configured for a group of ESXi 6.x hosts.
Which two steps should be taken to mitigate security risks associated with this configuration? (Choose two.)
Answer : BC
Explanation:
To address the security risks, yo need to set a complex password for the root account and make sure only authorized personnel use it. The second step is to use ESXi active directory to assign the administrator role to users.
Which two features are deprecated in Network I/O Control 3 (NIOC3)? (Choose two.)
Answer : AC
Explanation:
Class of Service tagging and user-defined resource pools are deprecated in NIOC3.
An administrator runs the command esxcli storage core device list and sees the following output: mpx.vmhba1:C0:T0:L0 Display Name: RAID 5 (mpx.vmhba1:C0:T0:L0) Has Settable
Display Name: false SizE. 40960 Device Type: Direct-Access Multipath Plugin: NMP Devfs
Path: /vmfs/devices/disks/mpx.vmhba1:C0:T0:L0 Status: off Is Local: true
What can be determined by this output?
Answer : B
Reference: http://vmwaremine.com/2014/07/07/manage-psa-claimrules-satp-rules- esxcli/#sthash.i6Esax8x.dpbs
Which two statements are true regarding iSCSI adapters? (Choose two.)
Answer : AB
Explanation:
An independent hardware iSCSI adapter is a specialized third-party adapter capable of accessing iSCSI storage over TCP/IP. This iSCSI adapter handles all iSCSI and network processing and management for your ESXi system.
Software and dependent hardware iSCSI adapters depend on VMkernel networking. If you use the software or dependent hardware iSCSI adapters, you must configure connections for the traffic between the iSCSI component and the physical network adapters.
Reference: http://pubs.vmware.com/vsphere-
51/index.jsp#com.vmware.vsphere.storage.doc/GUID-9BC0BA74-EAE4-4816-BD49-
E5214920AB4B.html -
Have any questions or issues ? Please dont hesitate to contact us