Description
Exam Demo
2V0-621D VMware Certified Professional 6 – Data Center Virtualization Delta
QUESTION 1
Which two methods are recommended for managing the VMware Directory Service? (Choose two.)
A. Utilize the vmdir command.
B. Manage through the vSphere Web Client.
C. Manage using the VMware Directory Service.
D. Utilize the dc rep command.
Correct Answer: AB
Explanation:
To manage VMware directory service, you can use vmdir command and vsphere web client. VMware directory service is always managed using vmdir
command which is specifically used for directory services.
QUESTION 2
What are two sample roles that are provided with vCenter Server by default? (Choose three.)
A. Virtual machine User
B. Network Administrator
C. Content Library Administrator
D. Storage Administrator
Correct Answer: ABC
Explanation/Reference:
Out of the box VMware vCenter provides several default roles (that cannot be deleted nor modified) as well as several sample roles (which can be
deleted and modified):
Administrator
Read-Only
No Access
Tagging Admin
Resource Pool Administrator (sample)
Virtual Machine User (sample)
VMware Consolidated Backup User (sample)
Datastore Consumer (sample)
Network Administrator (sample)
Virtual Machine Power User (sample)
Content Library Administrator (sample)
Reference: http://www.virtuallanger.com/2015/05/26/vcp-6-objective-1-1configure-administer-role-based-access-control/
QUESTION 3
An administrator would like to use the VMware Certificate Authority (VMCA) as an Intermediate Certificate Authority (CA). The first two steps performed
are:
Replace the Root Certificate
Replace Machine Certificates (Intermediate CA)
Which two steps would need to be performed next? (Choose two.)
A. Replace Solution User Certificates (Intermediate CA)
B. Replace the VMware Directory Service Certificate (Intermediate CA)
C. Replace the VMware Directory Service Certificate
D. Replace Solution User Certificates
Correct Answer: AC
Section: Configure and Administer vSphere Security
Explanation
Explanation/Reference:
Explanation:
You can replace the VMCA root certificate with a third-party CA-signed certificate that includes VMCA in the certificate chain. Going forward, all
certificates that VMCA generates include the full chain. You can replace existing certificates with newly generated certificates. This approach combines
the security of third-party CA-signed certificate with the convenience of automated certificate management.
Reference: http://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-5FE583A2-3737-4B62-A905-
5BB38D479AE0.html
QUESTION 4
Which three options are available for ESXi Certificate Replacement? (Choose three.)
A. VMware Certificate Authority mode
B. Custom Certificate Authority mode
C. Thumbprint mode
D. Hybrid Deployment
E. VMware Certificate Endpoint Authority Mode
Correct Answer: ABC
Explanation:
You can perform different types of certificate replacement depending on company policy and requirements for the system that you are configuring. You
can perform each replacement with the vSphere Certificate Manager utility or manually by using the CLIs included with your installation.
VMCA is included in each Platform Services Controller and in each embedded deployment. VMCA provisions each node, each vCenter Server solution
user, and each ESXi host with a certificate that is signed by VMCA as the certificate authority. vCenter Server solution users are groups of vCenter
Server services. See vSphere Security for a list of solution users.
You can replace the default certificates. For vCenter Server components, you can use a set of command-line tools included in your installation. You
have several options.
Reference: http://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.install.doc%2FGUID-4469A6D3-048A-471C-9CB4-
518A15EA2AC0.html
QUESTION 5
Lockdown Mode has been enabled on an ESXi 6.x host and users are restricted from logging into the Direct Console User Interface (DCUI).
Which two statements are true given this configuration? (Choose two.)
A. A user granted administrative privileges in the Exception User list can login.
B. A user defined in the DCUI.Access without administrative privileges can login.
C. A user defined in the ESXi Admins domain group can login.
D. A user set to the vCenter Administrator role can login.
Correct Answer: AB
Section: Configure and Administer vSphere Security
Explanation
Explanation/Reference:
Reference: https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-F8F105F7-CF93-46DF-9319-
F8991839D265.html
