VMware Certified Professional 6 – Data Center Virtualization Delta Beta Exam
Question No: 31 – (Topic 1)
An administrator wants to configure an ESXi 6.x host to use Active Directory (AD) to manage users and groups. The AD domain group ESX Admins is planned for administrative access to the host.
Which two conditions should be considered when planning this configuration? (Choose two.)
If administrative access for ESX Admins is not required, this setting can be altered.
The users in ESX Admins are not restricted by Lockdown Mode.
An ESXi host provisioned with Auto Deploy cannot store AD credentials.
The users in ESX Admins are granted administrative privileges in vCenter Server.
Answer: A,C Explanation:
The setting can be altered if administrative access for ESX admins is not required. The second rule is that the ESX admins users should not be restricted by Lockdown mode.
Question No: 32 – (Topic 1)
Which two roles can be modified? (Choose two.)
Answer: B,C Explanation:
It is a common knowledge that you cannot modify Administrator role and grant whatever privileges you like. Same is the case with read-only. This role is created solely for ready only purposes. So you are left with two viable options – Network administrator and Datastore consumer both of which can be modified to add or delete privileges according to your specifications.
Question No: 33 – (Topic 1)
When attempting to log in with the vSphere Web Client, users have reported the error: Incorrect Username/Password
The administrator has configured the Platform Services Controller Identity Source as:
->Type. Active Directory as an LDAP Server
->Default Domain: Yes
Which two statements would explain why users cannot login to the vSphere Web Client? (Choose two.)
Users are typing the password incorrectly.
Users are in a forest that has 1-way trust.
Users are in a forest that has 2-way trust.
Users are logging into vCenter Server with incorrect permissions.
Answer: A,B Explanation:
The possible explanation for this error might be that the users are typing password incorrectly or they are in a forest with has only 1-way trust. You need 2-way trust to get the credentials accepted.
Question No: 34 – (Topic 1)
An administrator wishes to give a user the ability to manage snapshots for virtual machines.
Which privilege does the administrator need to assign to the user?
Virtual machine.Configuration.create snapshot
Virtual machine.Configuration.manage snapshot
Answer: A Explanation:
Datastore.Allocate space allows allocating space on a datastore for a virtual machine, snapshot, clone, or virtual disk.
Reference: https://pubs.vmware.com/vsphere- 51/index.jsp?topic=/com.vmware.vsphere.security.doc/GUID-B2426ACC-D73F- 4732-8BBC-DE9B1B2263D9.html
Question No: 35 – (Topic 1)
Which Platform Service Controller Password Policy determines the number of days a password can exist before the user must change it?
Answer: A Explanation:
You can configure the following parameters for password policy:
->Description – Password policy description. Required.
->Maximum lifetime – Maximum number of days that a password can exist before it has to be changed.
->Restrict re-use – Number of the user’s previous passwords that cannot be set again.
->Maximum length – Maximum number of characters that are allowed in the password.
->Minimum length – Minimum number of characters required in the password.
->Character requirements – Minimum number of different character types required in the password.
->Identical adjacent characters – Maximum number of identical adjacent characters allowed in the password.
Reference: http://www.vladan.fr/vcp6-dcv-objective-1-3-enable-sso-and-active-directory- integration/
Question No: 36 – (Topic 1)
Which three Authorization types are valid in vSphere? (Choose three.)
Group Membership in vsphere.local
Group Membership in system-domain
Answer: A,B,D Explanation:
Sphere 6.0 and later allows privileged users to give other users permissions to perform tasks in the following ways. These approaches are, for the most part, mutually exclusive; however, you can assign use global permissions to authorize certain users for all solution, and local vCenter Server permissions to authorize other users for individual vCenter Server systems.
The permission model for vCenter Server systems relies on assigning permissions to objects in the object hierarchy of thatvCenter Server. Each permission gives one user or group a set of privileges, that is, a role for a selected object. For example, you can select an ESXi host and assign a role to a group of users to give those users the corresponding privileges on that host.
Global permissions are applied to a global root object that spans solutions. For example, if both vCenter Server and vCenter Orchestrator are installed, you can give permissions to all objects in both object hierarchies using global permissions.
Global permissions are replicated across the vsphere.local domain. Global permissions to not provide authorization for services managed through vsphere.local groups. See Global Permissions.
Group Membership in vsphere.local Groups
The user firstname.lastname@example.org can perform tasks that are associated with services included with the Platform Services Controller. In addition, members of a vsphere.local group can perform the corresponding task. For example, you can perform license management if you are a member of the LicenseService.Administrators group. See Groups in the vsphere.local Domain.
Reference: http://pubs.vmware.com/vsphere- 60/index.jsp?topic=/com.vmware.vsphere.security.doc/GUID-74F53189-EF41- 4AC1-A78E-D25621855800.html
Question No: 37 – (Topic 1)
An administrator decides to change the root password for an ESXi 6.x host to comply with the company#39;s security policies.
What are two ways that this can be accomplished? (Choose two.)
Use the Direct Console User Interface to change the password.
Use the passwd command in the ESXi Shell.
Use the password command in the ESXi Shell.
Use the vSphere client to update local users.
Answer: A,B Explanation:
To prevent unauthorized access to the vCenter Server Appliance Direct Console User Interface, you can change the password of the root user.
The default root password for the vCenter Server Appliance is the password you enter during deployment of the virtual appliance.
Reference: http://pubs.vmware.com/vsphere- 60/index.jsp?topic=/com.vmware.vsphere.vcsa.doc/GUID-48BAF973-4FD3-4FF3- B1B6-5F7286C9B59A.html
Question No: 38 – (Topic 1)
Which three options are available for replacing vCenter Server Security Certificates? (Choose three.)
Replace with Certificates signed by the VMware Certificate Authority.
Make VMware Certificate Authority an Intermediate Certificate Authority.
Do not use VMware Certificate Authority, provision your own Certificates.
Use SSL Thumbprint mode.
Replace all VMware Certificate Authority issued Certificates with self-signed Certificates.
Answer: A,B,C Explanation:
There are three options for replace vCenter server security certificates. You can replace it with certificates signed by VMware certificate authority; you can make the VMCA an
intermediate certificate authority. Likewise, you can provision your own certificates.
Question No: 39 – (Topic 1)
Strict Lockdown Mode has been enabled on an ESXi host.
Which action should an administrator perform to allow ESXi Shell or SSH access for users with administrator privileges?
Grant the users the administrator role and enable the service.
Add the users to Exception Users and enable the service.
No action can be taken, Strict Lockdown Mode prevents direct access.
Add the users to vsphere.local and enable the service.
Reference: https://pubs.vmware.com/vsphere- 60/index.jsp?topic=/com.vmware.vsphere.security.doc/GUID-F8F105F7-CF93- 46DF-9319-F8991839D265.html
Question No: 40 – (Topic 1)
Which Advanced Setting should be created for the vCenter Server to change the expiration policy of the vpxuser password?
Answer: A Explanation:
vCenter Server creates the vpxuser account on each ESX/ESXi host that it manages. The password for each vpxuser account is auto-generated when an ESX/ESXi host is added.
The password is updated by default every 30 days.
To modify default password settings:
->Connect vSphere Client to vCenter Server.
->Click Administration gt; vCenter Server Settings gt; Advanced Settings.
->Scroll to the parameter VirtualCenter.VimPasswordExpirationInDays and change the value from the default.
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|