READ Free Dumps For VMware- 2V0-621
| Question ID 21791 | Strict Lockdown Mode has been enabled on an ESXi host. Which action should an administrator perform to allow ESXi Shell or SSH access for users with administrator privileges?
|
| Option A | Grant the users the administrator role and enable the service.
|
| Option B | Add the users to Exception Users and enable the service.
|
| Option C | No action can be taken, Strict Lockdown Mode prevents direct access.
|
| Option D | Add the users to vsphere.local and enable the service.
|
| Correct Answer | B |
Explanation Explanation: Strict Lockdown mode: In strict lockdown mode the DCUI service is stopped. If the connection to vCenter Server is lost and the vSphere Web Client is no longer available, the ESXi host becomes unavailable unless the ESXi Shell and SSH services are enabled and Exception Users are defined. If you cannot restore the connection to the vCenter Server system, you have to reinstall the host. Reference: https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1008077
| Question ID 21792 | A common root user account has been configured for a group of ESXi 6.x hosts.
Which two steps should be taken to mitigate security risks associated with this configuration? (Choose two.)
|
| Option A | Remove the root user account from the ESXi host.
|
| Option B | Set a complex password for the root account and limit its use.
|
| Option C | Use ESXi Active Directory capabilities to assign users the administrator role.
|
| Option D | Use Lockdown mode to restrict root account access.
|
| Correct Answer | B,C |
Explanation Explanation: root User Privileges By default each ESXi host has a single root user account with the Administrator role. That root user account can be used for local administration and to connect the host to vCenter Server. This common root account can make it easier to break into an ESXi host and make it harder to match actions to a specific administrator. Set a highly complex password for the root account and limit the use of the root account, for example, for use when adding a host to vCenter Server. Do not remove the root account. In vSphere 5.1 and later, only the root user and no other named user with the Administrator role is permitted to add a host to vCenter Server. Best practice is to ensure that any account with the Administrator role on an ESXi host is assigned to a specific user with a named account. Use ESXi Active Directory capabilities, which allow you to manage Active Directory credentials if possible. Reference: https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-55F14938-8A2F-4703-8A60-3516F9C3E312.html