2V0-621 VMware Certified Professional 6 – Data Center Virtualization

Description

Exam Demo

2V0-621 VMware Certified Professional 6 – Data Center Virtualization

QUESTION 1
What are two sample roles that are provided with vCenter Server by default? (Choose two.)
A. Virtual machine User
B. Network Consumer
C. Content Library Administrator
D. Storage Administrator

Correct Answer: AB

Explanation:

Reference:
http://pubs.vmware.com/vsphere-4-esx-vcenter/index.jsp?topic=/com.vmware.vsphere.dcadmin.doc_41/vsp_dc_admin_guide/
managing_users_groups_roles_and_permissions/r_default_roles_for_esx_esxi_and_vcenter_server.html

QUESTION 2
Which three services can be enabled/disabled in the Security Profile for an ESXi host? (Choose three.)
A. CIM Server
B. Single Sign-On
C. Direct Console UI
D. Syslog Server
E. vSphere Web Access

Correct Answer: ACD

Explanation:

Reference:
https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-37AB1F95-DDFD-4A5D-BD49-
3249386FFADE.html

QUESTION 3
An administrator would like to use the VMware Certificate Authority (VMCA) as an Intermediate Certificate Authority (CA). The first two steps performed
are:
Replace the Root Certificate
Replace Machine Certificates (Intermediate CA)
Which two steps would need to be performed next? (Choose two.)
A. Replace Solution User Certificates (Intermediate CA)
B. Replace the VMware Directory Service Certificate (Intermediate CA)
C. Replace the VMware Directory Service Certificate
D. Replace Solution User Certificates

Correct Answer: AC

Explanation:
Use VMCA as an Intermediate Certificate Authority
You can replace the VMCA root certificate with a third-party CA-signed certificate that includes VMCA in the certificate chain. Going forward, all
certificates that VMCA generates include the full chain. You can replace existing certificates with newly generated certificates. This approach combines
the security of third-party CA-signed certificate with the convenience of automated certificate management.
Procedure
1 Replace the Root Certificate (Intermediate CA)
The first step in replacing the VMCA certificates with custom certificates is generating a CSR and adding the certificate that is returned to VMCA as a
root certificate.
2 Replace Machine SSL Certificates (Intermediate CA)
After you have received the signed certificate from the CA and made it the VMCA root certificate, you can replace all machine SSL certificates.
3 Replace Solution User Certificates (Intermediate CA)
After you replace the machine SSL certificates, you can replace the solution user certificates.
4 Replace the VMware Directory Service Certificate
If you decide to use a new VMCA root certificate, and you unpublish the VMCA root certificate that was used when you provisioned your environment,
you must replace the machine SSL certificates, solution user certificates, and certificates for some internal services.
5 Replace the VMware Directory Service Certificate in Mixed Mode Environments
During upgrade, your environment might temporarily include both vCenter Single Sign-On version 5.5 and vCenter Single Sign-On version 6.0, you have
to perform additional steps to replace the VMware Directory Service SSL certificate if you replace the SSL certificate of the node on which the vCenter
Single Sign-On service is running.
Reference:
https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-5FE583A2-3737-4B62-A905-
5BB38D479AE0.html

QUESTION 4
Which three options are available for ESXi Certificate Replacement? (Choose three.)
A. VMware Certificate Authority mode
B. Custom Certificate Authority mode
C. Thumbprint mode
D. Hybrid Deployment
E. VMware Certificate Endpoint Authority Mode

Correct Answer: ABC

Section: (none)
Explanation

Explanation/Reference:
Explanation:
ESXi Certificate Replacement
For ESXi hosts, you can change certificate provisioning behavior from the vSphere Web Client.

Reference:
https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.install.doc%2FGUID-4469A6D3-048A-471C-9CB4-
518A15EA2AC0.html

QUESTION 5
Lockdown Mode has been enabled on an ESXi 6.x host and users are restricted from logging into the Direct Console User Interface (DCUI).
Which two statements are true given this configuration? (Choose two.)
A. A user granted administrative privileges in the Exception User list can login.
B. A user defined in the DCUI.Access without administrative privileges can login.
C. A user defined in the ESXi Admins domain group can login.
D. A user set to the vCenter Administrator role can login.

Correct Answer: AB

Section: (none)
Explanation
Explanation/Reference:
Explanation:
In normal lockdown mode the DCUI service is not stopped. If the connection to the vCenter Server is lost and access through the vSphere Web Client is
no longer available, privileged accounts can log in to the ESXi host’s Direct Console Interface and exit lockdown mode. Only these accounts can access
the Direct Console User Interface:
Accounts in the Exception User list for lockdown mode who have administrative privileges on the host. The Exception Users list is meant for service
accounts that perform very specific tasks. Adding ESXi administrators to this list defeats the purpose of lockdown mode.
Users defined in the DCUI.Access advanced option for the host. This option is for emergency access to the Direct Console Interface in case the connection to vCenter Server is lost. These users do not require administrative privileges on the host.
Reference:
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1008077