2018 Updated Lead2pass VMware 2V0-621D Exam Questions:
To reduce the attack vectors for a virtual machine, which two settings should an administrator set to false? (Choose two.)
Which two groups of settings should be reviewed when attempting to increase the security of virtual machines (VMs)? (Choose two.)
A. Disable hardware devices
B. Disable unexposed features
C. Disable VMtools devices
D. Disable VM Template features
Make sure you review hardware devices and disable the unnecessary ones. Also disable unexposed features before increasing virtual machines security.
Which password meets ESXi 6.x host password requirements?
A valid password requires a mix of upper and lower case letters, digits, and other characters. You can use a 7-character long password with characters from at least three of these four classes, or a 6-character long password containing characters from all the classes. A password that begins with an upper case letter and ends with a numerical digit does not count towards the number of character classes used. It is recommended that the password does not contain the username.
A passphrase requires at least 3 words, can be 8 to 40 characters long, and must contain enough different characters.
An administrator would like to use a passphrase for their ESXi 6.x hosts which has these characteristics:
– Minimum of 21 characters
– Minimum of 2 words
Which advanced options must be set to allow this passphrase configuration to be used?
A. retry=3 min=disabled, disabled, 7, 21, 7 passphrase=2
B. retry=3 min=disabled, disabled, 21, 7, 7 passphrase=2
C. retry=3 min=disabled, disabled, 2, 21, 7
D. retry=3 min=disabled, disabled, 21, 21, 2
To force a specific password complexity and disable all others, replace the number with the word with disabled. For example, to force passwords containing characters from all four-character classes: password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min= disabled,disabled,disabled,disabled,7
Which Advanced Setting should be created for the vCenter Server to change the expiration policy of the vpxuser password?
vCenter Server creates the vpxuser account on each ESX/ESXi host that it manages. The password for each vpxuser account is auto-generated when an ESX/ESXi host is added. The password is updated by default every 30 days.
To modify default password settings:
Connect vSphere Client to vCenter Server.
Click Administration > vCenter Server Settings > Advanced Settings. Scroll to the parameter VirtualCenter.VimPasswordExpirationInDays and change the value from the default.
An administrator has been instructed to secure existing virtual machines in vCenter Server.
Which two actions should the administrator take to secure these virtual machines? (Choose two.)
A. Disable native remote management services
B. Restrict Remote Console access
C. Use Independent Non-Persistent virtual disks
D. Prevent use of Independent Non-Persistent virtual disks
Reference: http://www.vmware.com/files/pdf/techpaper/VMW-TWP-vSPHR-SECRTY-HRDNG-USLET-101-WEB-1.pdf (page 11, see the tables)
An administrator has recently audited the environment and found numerous virtual machines with sensitive data written to the configuration files.
To prevent this in the future, which advanced parameter should be applied to the virtual machines?
A. isolation.tools.setinfo.disable = true
B. isolation.tools.setinfo.enable = true
C. isolation.tools.setinfo.disable = false
D. isolation.tools.setinfo.enable = false
It is configured on a per-VM basis. You can increase the guest operating system variable memory limit if large amounts of custom information are being stored in the configuration file. You can also prevent guests from writing any name-value pairs to the configuration file. To do so, use the following setting, and set it to ‘true’.
Which two statements are correct regarding vSphere certificates? (Choose two.)
A. ESXi host upgrades do not preserve the SSL certificate and reissue one from the VMware Certificate Authority (VMCA).
B. ESXi host upgrades preserve the existing SSL certificate.
C. ESXi hosts have assigned SSL certificates from the VMware Certificate Authority (VMCA) during install.
D. ESXi hosts have self-signed SSL certificates by default.
Of course, ESXi host upgrades preserve existing SSL certificate and it also have assigned SSL certificates from VMCA during the installation process.
Which three options are available for replacing vCenter Server Security Certificates? (Choose three.)
A. Replace with Certificates signed by the VMware Certificate Authority.
B. Make VMware Certificate Authority an Intermediate Certificate Authority.
C. Do not use VMware Certificate Authority, provision your own Certificates.
D. Use SSL Thumbprint mode.
E. Replace all VMware Certificate Authority issued Certificates with self-signed Certificates.
There are three options for replace vCenter server security certificates. You can replace it with certificates signed by VMware certificate authority; you can make the VMCA an intermediate certificate authority. Likewise, you can provision your own certificates.
When attempting to log in with the vSphere Web Client, users have reported the error:
The administrator has configured the Platform Services Controller Identity Source as:
– Type. Active Directory as an LDAP Server
– Domain: vmware.com
– Alias: VMWARE
– Default Domain: Yes
Which two statements would explain why users cannot login to the vSphere Web Client? (Choose two.)
A. Users are typing the password incorrectly.
B. Users are in a forest that has 1-way trust.
C. Users are in a forest that has 2-way trust.
D. Users are logging into vCenter Server with incorrect permissions.
The possible explanation for this error might be that the users are typing password incorrectly or they are in a forest with has only 1-way trust. You need 2-way trust to get the credentials accepted.
2V0-621D dumps full version (PDF&VCE): https://www.lead2pass.com/2v0-621d.html
Large amount of free 2V0-621D exam questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDa2xCVTdHZXoxYjA