Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home VMware 2V0-621

VMware 2V0-621 Exam Practice Questions (P. 4)

  • Full Access (243 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #16
Lockdown Mode has been enabled on an ESXi 6.x host and users are restricted from logging into the Direct Console User Interface (DCUI).

Which two statements are true given this configuration? (Choose two.)
  1. A
    A user granted administrative privileges in the Exception User list can login.
  2. B
    A user defined in the DCUI.Access without administrative privileges can login.
  3. C
    A user defined in the ESXi Admins domain group can login.
  4. D
    A user set to the vCenter Administrator role can login.

Correct Answer:
AB
In normal lockdown mode the DCUI service is not stopped. If the connection to the vCenter Server is lost and access through the vSphere Web Client is no longer available, privileged accounts can log in to the ESXi host's Direct Console Interface and exit lockdown mode. Only these accounts can access the Direct Console
User Interface:
✑ Accounts in the Exception User list for lockdown mode who have administrative privileges on the host. The Exception Users list is meant for service accounts that perform very specific tasks. Adding ESXi administrators to this list defeats the purpose of lockdown mode.
✑ Users defined in the DCUI.Access advanced option for the host. This option is for emergency access to the Direct Console Interface in case the connection to vCenter Server is lost. These users do not require administrative privileges on the host.
Reference:
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1008077

Question #17
Strict Lockdown Mode has been enabled on an ESXi host.

Which action should an administrator perform to allow ESXi Shell or SSH access for users with administrator privileges?
  1. A
    Grant the users the administrator role and enable the service.
  2. B
    Add the users to Exception Users and enable the service.
  3. C
    No action can be taken, Strict Lockdown Mode prevents direct access.
  4. D
    Add the users to vsphere.local and enable the service.

Correct Answer:
B
Strict Lockdown mode:
In strict lockdown mode the DCUI service is stopped. If the connection to vCenter Server is lost and the vSphere Web Client is no longer available, the ESXi host becomes unavailable unless the ESXi Shell and SSH services are enabled and Exception Users are defined. If you cannot restore the connection to the vCenter
Server system, you have to reinstall the host.
Reference:
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1008077

Question #18
A common root user account has been configured for a group of ESXi 6.x hosts.

Which two steps should be taken to mitigate security risks associated with this configuration? (Choose two.)
  1. A
    Remove the root user account from the ESXi host.
  2. B
    Set a complex password for the root account and limit its use.
  3. C
    Use ESXi Active Directory capabilities to assign users the administrator role.
  4. D
    Use Lockdown mode to restrict root account access.

Correct Answer:
BC
root User Privileges
By default each ESXi host has a single root user account with the Administrator role. That root user account can be used for local administration and to connect the host to vCenter Server.
This common root account can make it easier to break into an ESXi host and make it harder to match actions to a specific administrator.
Set a highly complex password for the root account and limit the use of the root account, for example, for use when adding a host to vCenter Server. Do not remove the root account. In vSphere 5.1 and later, only the root user and no other named user with the Administrator role is permitted to add a host to vCenter
Server.
Best practice is to ensure that any account with the Administrator role on an ESXi host is assigned to a specific user with a named account. Use ESXi Active
Directory capabilities, which allow you to manage Active Directory credentials if possible.
Reference:
https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-55F14938-8A2F-4703-8A60-3516F9C3E312.html

Question #19
An administrator wants to configure an ESXi 6.x host to use Active Directory (AD) to manage users and groups. The AD domain group ESX Admins is planned for administrative access to the host.
Which two conditions should be considered when planning this configuration? (Choose two.)
  1. A
    If administrative access for ESX Admins is not required, this setting can be altered.
  2. B
    The users in ESX Admins are not restricted by Lockdown Mode.
  3. C
    An ESXi host provisioned with Auto Deploy cannot store AD credentials.
  4. D
    The users in ESX Admins are granted administrative privileges in vCenter Server.

Correct Answer:
AC
Configure a Host to Use Active Directory
You can configure a host to use a directory service such as Active Directory to manage users and groups.
When you add an ESXi host to Active Directory the DOMAIN group ESX Admins is assigned full administrative access to the host if it exists. If you do not want to make full administrative access available, see VMware Knowledge Base article 1025569 for a workaround.
If a host is provisioned with Auto Deploy, Active Directory credentials cannot be stored on the hosts. You can use the vSphere Authentication Proxy to join the host to an Active Directory domain. Because a trust chain exists between the vSphere Authentication Proxy and the host, the Authentication Proxy can join the host to the Active Directory domain. See
Using vSphere Authentication Proxy
.
Reference:
https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-63D22519-38CC-4A9F-AE85-97A53CB0948A.html

Question #20
Which two advanced features should be disabled for virtual machines that are only hosted on a vSphere system? (Choose two.)
  1. A
    isolation.tools.unity.push.update.disable
  2. B
    isolation.tools.ghi.launchmenu.change
  3. C
    isolation.tools.bbs.disable
  4. D
    isolation.tools.hgfsServerSet.enable

Correct Answer:
AB
Disable Unexposed Features -
VMware virtual machines are designed to work on both vSphere systems and hosted virtualization platforms such as Workstation and Fusion. Certain VMX parameters do not need to be enabled when you run a virtual machine on a vSphere system. Disable these parameters to reduce the potential for vulnerabilities.

Prerequisites -
Turn off the virtual machine.

Procedure -

Reference:
https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-60E83710-8295-41A2-9C9D-83DEBB6872C2.html

Previous Questions Next Questions

All Pages