READ Free Dumps For VMware- 2V0-621
Question ID 21799 | An administrator has recently audited the environment and found numerous virtual machines with sensitive data written to the configuration files. To prevent this in the future, which advanced parameter should be applied to the virtual machines?
|
Option A | isolation.tools.setinfo.disable = true
|
Option B | isolation.tools.setinfo.enable = true
|
Option C | isolation.tools.setinfo.disable = false
|
Option D | isolation.tools.setinfo.enable = false
|
Correct Answer | A |
Explanation Explanation: Litmit SETINFO Messages Now if you read through the hardening guide, you'll come cross a section that covers informational messages, otherwise known as SETINFO messages. Now my understanding is that currently there is no limitation on the amount of data that can be sent from VMware tools to the host, so you can imagine it wouldn't be hard to write some code to continuously send huge amounts of data. So lets looks at how to limit this to something more acceptable as per the hardening guide. tools.setInfo.sizeLimit = "1048576" Now you can actually totally disable this using the following isolation.tools.setInfo.disable = "true" But this stops the Virtual Center client from displaying any information about the Virtual Machine, e.g. IP Address, DNS information. So for a production environment I would recommend setting a limit rather then totally disabling. Reference: https://goingvirtual.wordpress.com/2009/07/11/locking-down-vmware-tools/
Question ID 21800 | Which two statements are correct regarding vSphere certificates? (Choose two.)
|
Option A | ESXi host upgrades do not preserve the SSL certificate and reissue one from the VMware Certificate Authority (VMCA).
|
Option B | ESXi host upgrades preserve the existing SSL certificate.
|
Option C | ESXi hostshave assigned SSL certificates from the VMware Certificate Authority (VMCA) during install.
|
Option D | ESXi hosts have self-signed SSL certificates by default.
|
Correct Answer | B,C |
Explanation Explanation: B-)ESXi hosts that are upgraded from vSphere 5.x to vSphere 6.0 will continue using their Certificate Authority signed certificates if they were replaced in the previous versions. However, ESXi 5.x hosts that were running self-signed certificates and then upgraded to vSphere 6.0 will have their certificates regenerated using VMware-signed. For more info link: https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2113926 C-) In vSphere 6.0, VMware tried to address SSL certificates in a different manner. It introduced a new component called the "Platform Services Controller." The Platform Services Controller includes a fully-functional certificate authority, called the VMware Certification Authority (VMCA), that automatically manages the certificates used in vCenter and the ESXi hosts. There are two steps to complete. First, you need to retrieve the root certificate from vCenter and convert it into something usable. Once you've done that, you need to deploy it as a Trusted Root Certificate. The easiest way to do this with multiple computers is to use Group Policy. Here are the steps to retrieve the certificate: 1.Open your Web browser. 2.Navigate to https://
3. In the lower right-hand corner, click the Download Trusted Root CA link.------ for more: https://pubs.vmware.com/vsphere-60/index.jsp#com.vmware.vsphere.security.doc/GUID-C91AFFAD-A830-4BBE-BF7C-F779A3AD03F1.html?resultof=%2522% 2573%2573%256c%2522%2520