9636299
Question 1
Question
An administrator wants to provide users restricted access. The users should only be able to perform the following tasks:
Create and consolidate virtual machine snapshots Add/Remove virtual disks
Snapshot Management
Which default role in vCenter Server would meet the administrator's requirements for the users?
Answer
-
Virtual machine user
-
Virtual machine power user
-
Virtual Datacenter administrator
-
VMware Consolidated Backup user
Question 2
Question
Which two roles can be modified? (Choose two.)
Answer
-
Administrator
-
Network Administrator
-
Datastore Consumer
-
Read-Only
Question 3
Question
An administrator with global administrator privileges creates a custom role but fails to assign any privileges to it.
Which two privileges would the custom role have? (Choose two.)
Answer
-
System.View
-
System.Anonymous
-
System.User
-
System.ReadOnly
Question 4
Question
An administrator wishes to give a user the ability to manage snapshots for virtual machines.
Which privilege does the administrator need to assign to the user?
Answer
-
Datastore.Allocate Space
-
Virtual machine.Configuration.create snapshot
-
Virtual machine.Configuration.manage snapshot
-
Datastore.Browse Datastore
Question 5
Question
An object has inherited permissions from two parent objects.
What is true about the permissions on the object?
Answer
-
The common permissions between the two are applied and the rest are discarded.
-
The permissions are combined from both parent objects.
-
No permissions are applied from the parent objects.
-
The permission is randomly selected from either of the two parent objects.
Question 6
Question
What is the highest object level from which a virtual machine can inherit privileges?
Answer
-
Host Folder
-
Data Center
-
Data Center Folder
-
VM Folder
Question 7
Question
Which three Authorization types are valid in vSphere? (Choose three.)
Answer
-
Group Membership in vsphere.local
-
Global
-
Forest
-
vCenter Server
-
Group Membership in system-domain
Question 8
Question
Which three components should an administrator select when configuring vSphere permissions? (Choose three.)
Answer
-
Inventory Object
-
Role
-
User/Group
-
Privilege
-
Password
Question 9
Question
In which two vsphere.local groups should an administrator avoid adding members? (Choose two.)
Answer
-
SolutionUsers
-
Administrators
-
DCAdmins
-
ExternalPDUsers
Question 10
Question
An administrator has configured three vCenter Servers and vRealize Orchestrator within a Platform Services Controller domain, and needs to grant a user privileges that span all environments.
Which statement best describes how the administrator would accomplish this?
Answer
-
Assign a Global Permission to the user.
-
Assign a vCenter Permission to the user.
-
Assign vsphere.local membership to the user.
-
Assign an ESXi Permission to the user.
Question 11
Question
Which two methods are recommended for managing the VMware Directory Service? (Choose two.)
Answer
-
Utilize the vmdir command.
-
Manage through the vSphere Web Client.
-
Manage using the VMware Directory Service.
-
Utilize the dc rep command.
Question 12
Question
What are three sample roles that are provided with vCenter Server by default? (Choose three.)
Answer
-
Virtual machine User
-
Network Administrator
-
Content Library Administrator
-
Storage Administrator
Question 13
Question
An administrator would like to use the VMware Certificate Authority (VMCA) as an Intermediate Certificate Authority (CA). The first two steps performed are:
Replace the Root Certificate
Replace Machine Certificates (Intermediate CA)
Which two steps would need to be performed next? (Choose two.)
Answer
-
Replace Solution User Certificates (Intermediate CA)
-
Replace the VMware Directory Service Certificate (Intermediate CA)
-
Replace the VMware Directory Service Certificate
-
Replace Solution User Certificates
Question 14
Question
Which three options are available for ESXi Certificate Replacement? (Choose three.)
Answer
-
VMware Certificate Authority mode
-
Custom Certificate Authority mode
-
Thumbprint mode
-
HybridDeployment
-
VMware Certificate Endpoint Authority Mode
Question 15
Question
Lockdown Mode has been enabled on an ESXi 6.x host and users are restricted from logging into the Direct Console User Interface (DCUI).
Which two statements are true given this configuration? (Choose two.)
Answer
-
A user granted administrative privileges in the Exception User list can login.
-
A user defined in theDCUI.Access without administrative privileges can login.
-
A user defined in the ESXi Admins domain group can login.
-
A user set to the vCenter Administrator role can login.
Question 16
Question
Strict Lockdown Mode has been enabled on an ESXi host.
Which action should an administrator perform to allow ESXi Shell or SSH access for users with administrator privileges?
Answer
-
Grant the users the administrator role and enable the service.
-
Add the users to Exception Users and enable the service.
-
No action can be taken, Strict Lockdown Mode prevents direct access.
-
Add the users to vsphere.local and enable the service.
Question 17
Question
An administrator wants to configure an ESXi 6.x host to use Active Directory (AD) to manage users and groups. The AD domain group ESX Admins is planned for administrative access to the host.
Which two conditions should be considered when planning this configuration? (Choose two.)
Answer
-
If administrative access for ESX Admins is not required, this setting can be altered.
-
The users in ESX Admins are not restricted by Lockdown Mode.
-
An ESXi host provisioned with Auto Deploy cannot store AD credentials.
-
The usersin ESX Admins are granted administrative privileges in vCenter Server.
Question 18
Question
Which password meets ESXi 6.x host password requirements?
Answer
-
8kMVnn2x!
-
zNgtnJBA2
-
Nvgt34kn44
-
!b74wr
Question 19
Question
An administrator would like to use a passphrase for their ESXi 6.x hosts which has these characteristics:
Minimum of 21 characters Minimum of 2 words
Which advanced options must be set to allow this passphrase configuration to be used?
Answer
-
retry=3 min=disabled, disabled, 7, 21, 7 passphrase=2
-
retry=3 min=disabled, disabled, 21, 7, 7 passphrase=2
-
retry=3 min=disabled, disabled, 2, 21, 7
-
retry=3 min=disabled, disabled, 21, 21, 2
Question 20
Question
Which Advanced Setting should be created for the vCenter Server to change the expiration policy of the vpxuser password?
Answer
-
VimPasswordExpirationInDays
-
VimExpirationPasswordDays
-
VimPassExpirationInDays
-
VimPasswordRefreshDays
Question 21
Question
An administrator has been instructed to secure existing virtual machines in vCenter Server.
Which two actions should the administrator take to secure these virtual machines? (Choose two.)
Answer
-
Disable native remote management services
-
Restrict Remote Console access
-
Use Independent Non-Persistent virtual disks
-
Prevent use of Independent Non-Persistent virtual disks
Question 22
Question
An administrator has recently audited the environment and found numerous virtual machines with sensitive data written to the configuration files.
To prevent this in the future, which advanced parameter should be applied to the virtual machines?
Answer
-
isolation.tools.setinfo.disable = true
-
isolation.tools.setinfo.enable = true
-
isolation.tools.setinfo.disable = false
-
isolation.tools.setinfo.enable = false
Question 23
Question
Which two statements are correct regarding vSphere certificates? (Choose two.)
Answer
-
ESXi host upgrades do not preserve the SSL certificate and reissue one from the VMware Certificate Authority (VMCA).
-
ESXi host upgrades preserve the existing SSL certificate.
-
ESXi hosts have assigned SSL certificates from the VMware Certificate Authority (VMCA) during install.
-
ESXi hosts have self-signed SSL certificates by default.
Question 24
Question
Which three options are available for replacing vCenter Server Security Certificates? (Choose three.)
Answer
-
Replace with Certificates signedby the VMware Certificate Authority.
-
Make VMware Certificate Authority an Intermediate Certificate Authority.
-
Do not use VMware Certificate Authority, provision your own Certificates.
-
Use SSL Thumbprint mode.
-
Replace all VMware Certificate Authority issued Certificates with self-signed Certificates.
Question 25
Question
When attempting to log in with the vSphere Web Client, users have reported the error:
Incorrect Username/Password
The administrator has configured the Platform Services Controller Identity Source as: Type. Active Directory as an LDAP Server
Domain: vmware.com
Alias: VMWARE
Default Domain: Yes
Which two statements would explain why users cannot login to the vSphere Web Client? (Choose two.)
Answer
-
Users are typing the password incorrectly.
-
Users are in a forest that has 1-way trust.
-
Users are in a forest that has 2-way trust.
-
Users are logging into vCenter Server with incorrect permissions.
Question 26
Question
Which group in the vsphere.local domain will have administrator privileges for the VMware Certificate Authority (VMCA)?
Answer
-
SolutionUsers
-
CAAdmins
-
DCAAdmins
-
SystemConfiguration.Administrators
Question 27
Question
Which Platform Service Controller Password Policy determines the number of days a password can exist before the user must change it?
Answer
-
MaximumLifetime
-
Password Age
-
Maximum Days
-
Password Lifetime
Question 28
Question
An administrator is configuring the clock tolerance for the Single Sign-On token configuration policy and wants to define the time skew tolerance between a client and the domain controller clock.
Which time measurement is used for the value?
Answer
-
Milliseconds
-
Seconds
-
Minutes
-
Hours
Question 29
Question
Which VMware Single Sign-On component issues Security Assertion Markup Language (SAML) tokens?
Answer
-
VMware Security Token Service
-
Administration Server
-
VMware Directory Service
-
Identity Management Service
Question 30
Question
Which two are valid Identity Sources when configuring vCenter Single Sign-On? (Choose two.)
Answer
-
Radius
-
NIS
-
OpenLDAP
-
LocalOS
Question 31
Question
An administrator needs to create an Integrated Windows Authentication (IWA) Identity Source on a newly deployed vCenter Server Appliance (VCSA).
Which two actions will accomplish this? (Choose two.)
Answer
-
Use aService Principal Name (SPN) to configure the Identity Source.
-
Use a Domain administrator to configure the Identity Source.
-
Join the VCSA to Active Directory and configure the Identity Source with a Machine Account.
-
Create a computer account in Active Directory for the VCSA and configure the Identity Source.
Question 32
Question
An administrator is creating a new Content Library. It will subscribe to another remote Content Library without authentication enabled.
What information from the published library will they need in order to complete the subscription?
Answer
-
Subscription URL
-
A security password from the publishing Content Library
-
Publisher's Items.json file
-
Username from the publishing Content Library
Question 33
Question
An administrator is assigning a user the Content Library administrator role. The user will only be creating the library for a single vCenter Server.
What is the lowest level of the permission heirarchy that this role can be granted to the user and still allow them to create a Content Library?
Answer
-
Global
-
Datacenter Folder
-
Virtual Center
-
Datacenter
Question 34
Question
Which three connection types are supported between a remote site and vCloud Air? (Choose three.)
Answer
-
Secure Internet Connectivity
-
Private Connect
-
Direct Connect
-
Internet Connectivity
-
Secure VPN
Question 35
Question
An administrator is adding an Active Directory over LDAP Identity Source for vCenter Single Sign- On, as indicated in the Exhibit.
What is the correct value to configure for the Domain alias?
Answer
-
The domain's NetBIOS name.
-
The fully qualified domain name.
-
vsphere.local
-
A user defined label.
Question 36
Question
An administrator decides to change the root password for an ESXi 6.x host to comply with the company's security policies.
What are two ways that this can be accomplished? (Choose two.)
Answer
-
Use the Direct Console User Interface to change the password.
-
Use the passwd command in the ESXi Shell.
-
Use the password command in the ESXi Shell.
-
Use the vSphere client to update local users.
Question 37
Question
An administrator connects to an ESXi 6.x host console in order to shutdown the host.
Which option in the Direct Console User Interface would perform this task?
Answer
-
Press the F12 key
-
Press the F2 key
-
Press Alt +F1 simultaneously
-
Press Alt + F2 simultaneously
Question 38
Question
An administrator is able to manage an ESXi 6.x host connected to vCenter Server using the vSphere Web Client but is unable to connect to the host directly.
Which action should the administrator take to correct this behavior?
Answer
-
Restart management agents on the ESXi host.
-
Disable Lockdown Mode on theESXi host through vCenter Server.
-
Disable the ESXi firewall with the command esxcli network firewall unload.
-
Reboot the ESXi host.
Question 39
Question
An administrator needs two vCenter Servers to be visible within a single vSphere Web Client session.
Which two vCenter Server and Platform Services Controller (PSC) configurations would accomplish this? (Choose two.)
Answer
-
Install a single PSC with two vCenter Servers registered to it.
-
Install two PSCs in the same Single Sign-On domain with one vCenter Server registered to each PSC.
-
Install a single PSC with two vCenter Servers registered to it and configure Linked Mode.
-
Install two PSCs in the same Single Sign-On domain with one vCenter Server registered to each PSC and configure Linked Mode.
Question 40
Question
An administrator wants to clone a virtual machine using the vSphere Client.
Which explains why the Clone option is missing?
Answer
-
The vSphere Client is directly connected to the ESXi host.
-
The virtual machine is configured with a thin-provisioned virtual disk.
-
The virtual machine is configured with outdated Virtual Hardware.
-
Cloning can only be performed with vRealize Orchestrator.
Question 41
Question
An administrator creates a custom ESXi firewall rule using an XML file, however the rules do not appear in the vSphere Web Client.
Which action should the administrator take to correct the problem?
Answer
-
Load the new rules using esxcli network firewall reload.
-
Load the new rules using esxcli network firewall refresh.
-
Verify the entries in the XML file and then reboot the ESXi host.
-
Remove the ESXi host from the inventory and add it back.
Question 42
Question
A common root user account has been configured for a group of ESXi 6.x hosts.
Which two steps should be taken to mitigate security risks associated with this configuration? (Choose two.)
Answer
-
Remove the root user account fromthe ESXi host.
-
Set a complex password for the root account and limit its use.
-
Use ESXi Active Directory capabilities to assign users the administrator role.
-
Use Lockdown mode to restrict root account access.
Question 43
Question
Which two advanced features should be disabled for virtual machines that are only hosted on a vSphere system? (Choose two.)
Answer
-
isolation.tools.unity.push.update.disable
-
isolation.tools.ghi.launchmenu.change
-
isolation.tools.bbs.disable
-
isolation.tools.hgfsServerSet.enable
Question 44
Question
To reduce the attack vectors for a virtual machine, which two settings should an administrator set to false? (Choose two.)
Answer
-
ideX:Y.present
-
serial.present
-
ideX:Y.enabled
-
serial.enabled
Question 45
Question
Which two groups of settings should be reviewed when attempting to increase the security of virtual machines (VMs)? (Choose two.)
Answer
-
Disable hardware devices
-
Disable unexposed features
-
Disable Vmtools devices
-
Disable VM Template features
Question 46
Question
An administrator is changing the settings on a vSphere Distributed Switch (vDS). During this process, the ESXi Management IP address is set to an address which can no longer communicate with the vCenter Server.
What is the most likely outcome of this action?
Answer
-
The host will disconnect from thevCenter Server and remain disconnected.
-
The host will automatically detect the communication issue and revert the change.
-
The host will stay connected with the change, but show an alert.
-
The host will disconnect and migrate the vDS portgroup to astandard switch.
Question 47
Question
Which secondary Private VLAN (PVLAN) type can communicate and send packets to an Isolated PVLAN?
Answer
-
Community
-
Isolated
-
Promiscuous
-
Primary
Question 48
Question
Which three traffic types can be configured for dedicated Vmkernel adapters? (Choose three.)
Answer
-
Discovery traffic
-
vMotion traffic
-
vSphere Replication NFC traffic
-
Provisioning traffic
-
vSphere Custom traffic
Question 49
Question
What are two limitations of Link Aggregation Control Protocol (LACP) on a vSphere Distributed Switch? (Choose two.)
Answer
-
IP Hash load balancing is not a supported Teaming Policy.
-
Software iSCSI multipathing is not compatible.
-
Link Status Network failover detection must be disabled.
-
It does not support configuration throughHost Profiles.
Question 50
Question
Which two features are deprecated in Network I/O Control 3 (NIOC3)? (Choose two.)
Answer
-
Class Of Service (COS) Tagging
-
Bandwidth Allocation
-
User-defined network resource pools
-
Admission control
Want to create your own Quizzes for free with GoConqr? Learn more.