Q21. An administrator has been instructed to secure existing virtual machines in vCenter Server.
Which two actions should the administrator take to secure these virtual machines? (Choose two.)
翻译:要求管理员在vCenter Server中保护已经存在的虚拟机,下面哪两个操作可以达到保留这些虚拟机的目的
A. Disable native remote management services
B. Restrict Remote Console access
C. Use Independent Non-Persistent virtual disks
D. Prevent use of Independent Non-Persistent virtual disks
Q22. An administrator has recently audited the environment and found numerous virtual machines with sensitive data
written to the configuration files.
To prevent this in the future, which advanced parameter should be applied to the virtual machines?
翻译:管理员最近审计环境,发现很多虚拟机被写了很多敏感数据
A. isolation.tools.setinfo.disable = true
B. isolation.tools.setinfo.enable = true
C. isolation.tools.setinfo.disable = false
D. isolation.tools.setinfo.enable = false
Q23. Which two statements are correct regarding vSphere certificates? (Choose two.)
翻译:关于vSphere的证书哪2个结论是正确的?
A. ESXi host upgrades do not preserve the SSL certificate and reissue one from the VMware Certificate Authority
(VMCA).
B. ESXi host upgrades preserve the existing SSL certificate.
C. ESXi hosts have assigned SSL certificates from the VMware Certificate Authority (VMCA) during install.
D. ESXi hosts have self-signed SSL certificates by default.
Q24. Which three options are available for replacing vCenter Server Security Certificates? (Choose three.)
翻译:下面的方法中哪些可以替换vCenter的安全证书?
A. Replace with Certificates signed by the VMware Certificate Authority.
B. Make VMware Certificate Authority an Intermediate Certificate Authority.
C. Do not use VMware Certificate Authority, provision your own Certificates.
D. Use SSL Thumbprint mode.
E. Replace all VMware Certificate Authority issued Certificates with self-signed Certificates.
Q25. When attempting to log in with the vSphere Web Client, users have reported the error:
Incorrect Username/Password
The administrator has configured the Platform Services Controller Identity Source as:
- Type. Active Directory as an LDAP Server
- Domain: vmware.com
- Alias: VMWARE
- Default Domain: Yes
Which two statements would explain why users cannot login to the vSphere Web Client? (Choose two.)
A. Users are typing the password incorrectly.
B. Users are in a forest that has 1-way trust.
C. Users are in a forest that has 2-way trust.
D. Users are logging into vCenter Server with incorrect permissions.
Q26. Which group in the vsphere.local domain will have administrator privileges for the VMware Certificate Authority
(VMCA)?
A. SolutionUsers
B. CAAdmins
C. DCAAdmins
D. SystemConfiguration.Administrators
Q27. Which Platform Service Controller Password Policy determines the number of days a password can exist before
the user must change it?
A. Maximum Lifetime
B. Password Age
C. Maximum Days
D. Password Lifetime
Q28. An administrator is configuring the clock tolerance for the Single Sign-On token configuration policy and wants to
define the time skew tolerance between a client and the domain controller clock.
Which time measurement is used for the value?
A. Milliseconds
B. Seconds
C. Minutes
D. Hours
Q29. Which VMware Single Sign-On component issues Security Assertion Markup Language (SAML) tokens?
翻译:
A. VMware Security Token Service
B. Administration Server
C. VMware Directory Service
D. Identity Management Service
Q30. Which two are valid Identity Sources when configuring vCenter Single Sign-On? (Choose two.)
翻译:当配置vCenter单点登录的时候哪些资源是有效的?
A. Radius
B. NIS
C. OpenLDAP
D. LocalOS
Q31. An administrator needs to create an Integrated Windows Authentication (IWA) Identity Source on a newly
deployed vCenter Server Appliance (VCSA).
Which two actions will accomplish this? (Choose two.)
翻译:管理员需要创建一个IWA的身份资源在一个新部署的VCSA中,下面那些操作可以完成这些
A. Use a Service Principal Name (SPN) to configure the Identity Source.
B. Use a Domain administrator to configure the Identity Source.
C. Join the VCSA to Active Directory and configure the Identity Source with a Machine Account.
D. Create a computer account in Active Directory for the VCSA and configure the Identity Source
Q32. An administrator is creating a new Content Library. It will subscribe to another remote Content Library without
authentication enabled.
What information from the published library will they need in order to complete the subscription?
A. Subscription URL
B. A security password from the publishing Content Library
C. Publisher's Items.json file
D. Username from the publishing Content Library
Q33. An administrator is assigning a user the Content Library administrator role. The user will only be creating the
library for a single vCenter Server.
What is the lowest level of the permission heirarchy that this role can be granted to the user and still allow them to
create a Content Library?
A. Global
B. Datacenter Folder
C. Virtual Center
D. Datacenter
Q34. Which three connection types are supported between a remote site and vCloud Air? (Choose three.)
A. Secure Internet Connectivity
B. Private Connect
C. Direct Connect
D. Internet Connectivity
E. Secure VPN
Q35. Refer to the Exhibit.
An administrator is adding an Active Directory over LDAP Identity Source for vCenter Single Sign- On, as indicated in
the Exhibit.
What is the correct value to configure for the Domain alias?
A. The domain's NetBIOS name.
B. The fully qualified domain name.
C. vsphere.local
D. A user defined label.
Q36. An administrator decides to change the root password for an ESXi 6.x host to comply with the company's security
policies.
What are two ways that this can be accomplished? (Choose two.)
A. Use the Direct Console User Interface to change the password.
B. Use the passwd command in the ESXi Shell.
C. Use the password command in the ESXi Shell.
D. Use the vSphere client to update local users.
Q37. An administrator connects to an ESXi 6.x host console in order to shutdown the host.
Which option in the Direct Console User Interface would perform this task?
A. Press the F12 key
B. Press the F2 key
C. Press Alt + F1 simultaneously
D. Press Alt + F2 simultaneously
Q38.
An administrator is able to manage an ESXi 6.x host connected to vCenter Server using the vSphere Web Client but is
unable to connect to the host directly.
Which action should the administrator take to correct this behavior?
A. Restart management agents on the ESXi host.
B. Disable Lockdown Mode on the ESXi host through vCenter Server.
C. Disable the ESXi firewall with the command esxcli network firewall unload.
D. Reboot the ESXi host.
Q39. An administrator needs two vCenter Servers to be visible within a single vSphere Web Client session.
Which two vCenter Server and Platform Services Controller (PSC) configurations would accomplish this? (Choose two.)
A. Install a single PSC with two vCenter Servers registered to it.
B. Install two PSCs in the same Single Sign-On domain with one vCenter Server registered to each PSC.
C. Install a single PSC with two vCenter Servers registered to it and configure Linked Mode.
D. Install two PSCs in the same Single Sign-On domain with one vCenter Server registered to each PSC and configure
Linked Mode.
Q40. An administrator wants to clone a virtual machine using the vSphere Client.
Which explains why the Clone option is missing?
A. The vSphere Client is directly connected to the ESXi host.
B. The virtual machine is configured with a thin-provisioned virtual disk.
C. The virtual machine is configured with outdated Virtual Hardware.
D. Cloning can only be performed with vRealize Orchestrator.