Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
50 Cards in this Set
- Front
- Back
|
What are the 4 different types of permissions |
- Global Permissions - vCenter Server Permissions - Group Membership in vSphere.local Groups - ESXi Local Host Permissions |
|
|
What happens to a users permissions if they are a member of more than one group |
Combined privileges within the roles apply |
|
|
Child permissions do not override Parent permissions - True or False |
False |
|
|
User roles override group roles - True of False |
True |
|
|
What are the default roles |
- Administrator - Read-Only - No Access |
|
|
How do you check which services are active via the CLI |
esxcli network firewall ruleset list |
|
|
How do you open a port via CLI |
esxcli network firewall ruleset set -e true -r httpClient |
|
|
How do you enable / disable services in the ESXi firewall |
vSphere client > configuration > security profile >Firewall |
|
|
What are the lockdown modes |
- Disabled - Lockdown mode is disabled. - Normal - Lockdown mode is enabled. The host can only be accessed from vCenter or from the console (DCUI). - Strict - Lockdown mode is enabled. The DCUI service is stopped. The host can not be accessed from the console(DCUI). |
|
|
What happens in the "normal" lockdown mode |
Lockdown mode is enabled. The host can only be accessed from vCenter or from the console (DCUI). |
|
|
What happens in the "strict" lockdown mode |
Lockdown mode is enabled. The DCUI service is stopped. The host can not be accessed from the console (DCUI). |
|
|
What are "Exception Users" |
Are users with local accounts or Microsoft Active Directory accountswith permissions defined locally on the host where these users have host access |
|
|
What authentication type is only available for US federal customers |
Smart Card Authentication to DCUI – Itallows DCUI login access using a Common Access Card (CAC) and Personal Identity Verification (PIV). In this casethe ESXi host must be part of Microsoft AD. |
|
|
What are the 2 places where network security policies can be defined |
- vSwitch level - Portgroup level |
|
|
What are the 3 different network security policies |
- Promiscuous mode - MAC address changes - Forged transmits |
|
|
What are "Forged Transmits" |
A host does not compare source and effective MAC addresses transmitted from a virtualmachine. By default it's Accept |
|
|
What are "MAC Address Changes" |
A host is able to accepts requests to change the effective MAC address to a differentaddress than the initial MAC address. By default it's Accept |
|
|
What is "Promiscuous Mode" |
If set to Accept then it allows the guest OS to receive all traffic observed on theconnected vSwitch or PortGroup (the switch becames a HUB basically - with all the inconveniences, packetcolisions, performance degradation etc... ). By default it's Reject |
|
|
What is "Promiscuous Mode" set to by default |
Reject |
|
|
What is "MAC Address Changes" set to by default |
Accept |
|
|
What is "Forged Transmits" set to by default |
Accept |
|
|
How do you add a host to a directory service |
vSphere Client: selecting a host >configuration > authentication services > properties vSphere Web Client: Hosts and clusters > Select ESXi host > Manage > Settings > Authentication services |
|
|
What are "Host Profiles" |
A feature allowing to homogenize configuration across ESXi hosts and automate compliance |
|
|
How do you create a "Host Profile" |
Home > Host profiles > Extract profile from host |
|
|
What are the two certificate operation modes |
- Root CA (Default) - Issuer CA |
|
|
What is the vSphere Certificate Manager utility |
Perform certificate replacement tasks from a command line utility |
|
|
What are the 3 ways you can manage certificates? |
vSphere Certificate Manager utility – certificate replacement tasks from a command line utility. Certificate management CLIs – dir-cli, certool, and vecs-cli command line utilities. - certool can Generate and manage certificates and keys. Part of VMCA. - dir-cli is a able to create and update certificates in VMware Directory Service. Part of VMAFD. - ves-cli can manage the contents of VMware Certificate Store instances. Part of VMAFD vSphere Web Client certificate management – view certificate information in the Web Client |
|
|
What is the Platform Services Controller (PSC) |
The Platform Services Controller (PSC) provides: - Single Sign-On (SSO) - Licensing21 - Certificate Authority (VMCA) |
|
|
What are the two Platform Services Controller (PSC) installation types |
The embedded PSC is meant to be used for standalone sites where vCenter server will be the only SSO integratedsolution. In this case a replication to another PSC is not necessary. External PSC shall be deployed in anvironments where there is more then one SSO enabled solution |
|
|
What does the Platform Services Controller (PSC) do? |
- Manages and generates SSL certificates for your vSphere environment. - Stores and replicates VMware License Keys - Stores and replicates permissions via the Global Permissions layer. - Manages the storage and replication of TAGS and CATEGORIES. - There is a Built-in automatic replication between different, logical SSO sites. (if any) - There is only one single default domain for the identity sources. |
|
|
What is the difference between the Embedded Platform Service Controller and the External Platform Service Controller |
Embedded Platform Service Controller All services bundled with the Platform Services Controller are deployed on the same virtual machine orphysical server as vCenter Server. External Platform Service Controller The services bundled with the Platform Services Controller and vCenter Server are deployed on differentvirtual machines or physical servers. |
|
|
What are the 3 ESXi Certificate replacement modes |
Default - VMCA as cert authority where VMCA issues certs for your hosts. Custom - you can override and do and issue certs manually via VMCA Thumbprint mode - this way you keep certs from vSphere 5.5 |
|
|
True or False - Permissions that are assigned at a lower level object don't override permissions assigned at a higher level object |
False |
|
|
True or False - By default the administrator account in the SSO domain (administrator@vsphere.local) can modify global permissions but the root account cannot. |
True |
|
|
True of False - Changes to roles take effect immediately |
True even for users currently logged in. |
|
|
What is VMware Directory Service |
(vmdir) is the component of SSO 6.0 that provides the SSO domain (directory service) that you create during the install of SSO. |
|
|
Which ports does vmdir use? |
LDAP on 389 and port 11711 for backwards compatibility with vSphere 5.5 |
|
|
True of False - vmdir doesnt store certificate info |
False in 6.0 it does. |
|
|
True or False - Folders can be used to set permission on groups of datacenters, datastores, hosts, VMs and networks. |
True but not on groups of vCenter Servers. |
|
|
What is permission validation |
vCenter Server will occasionally check its users and group lists against AD. This setting can be changed (enabled/disabled) and timeout values changed. |
|
|
What are the required privileges for "Create a virtual machine" |
On the destination folder or datacenter: Virtual Machine.Inventory.Raw Create New Virtual Machine.Configuration.Add New Disk Virtual Machine.Configuration.Add Existing Disk Virtual Machine.Configuration.Raw Device On the destination host, cluster or resource pool: Resource.Assign Virtual Machine to Resource Pool On the destination datastore or datastore folder: Datastore.Allocate Space On the network: Network.Assign Network |
|
|
What are the required privileges for "Deploy a virtual machine from a template" |
On the destination folder or datacenter: Virtual Machine.Inventory.Create from Existing Virtual Machine.Configuration.Add New Disk On a template or template folder: Virtual Machine.Provisioning.Deploy Template On the destination host, cluster or resource pool: Resource.Assign Virtual Machine to Resource Pool On the destination datastore or folder of datastores: Datastore.Allocate Space On the network that the virtual machine will be assigned to: Network.Assign Network |
|
|
What are the required privileges for "Take a virtual machine snapshot" |
On the virtual machine or a folder of virtual machines: Virtual Machine.Snapshot Management.Create Snapshot On the destination datastore or folder of datastores: Datastore.Allocate Space |
|
|
What are the required privileges for "Move a virtual machine into a resource pool" |
On the virtual machine or a folder of virtual machines: Resource.Assign Virtual Machine to Resource Pool Virtual Machine.Inventory.Move On the destination resource pool: Resource.Assign Virtual Machine to Resource Pool |
|
|
What are the required privileges for "Install a guest operating system on a virtual machine" |
On the virtual machine or a folder of virtual machines: Virtual Machine.Interaction.Answer Question Virtual Machine.Interaction.Console Interaction Virtual Machine.Interaction.Device Connection Virtual Machine.Interaction.Power On Virtual Machine.Interaction.Power Off Virtual Machine.Interaction.Reset Virtual Machine.Interaction.Configure CD Media Virtual Machine.Interaction.Configure Floppy Media Virtual Machine.Interaction.Tools Install On a datastore containing the installation media ISO image: Datastore.Browse Datastore On the datastore to which you upload the installation media ISO image: Datastore.Browse Datastore Datastore.Low Level File Operations |
|
|
What are the required privileges for "Migrate a virtual machine with vMotion" |
On the virtual machine or folder of virtual machines: Resource.Migrate Powered on Virtual Machine Resource.Assign Virtual Machine to Resource Pool On the destination host, cluster, or resource pool: Resource.Assign Virtual Machine to Resource Pool |
|
|
What are the required privileges for "Cold migrate (relocate) a virtual machine" |
On the virtual machine or folder of virtual machines: Resource.Migrate Powered Off Virtual Machine Resource.Assign Virtual Machine to Resource Pool On the destination host, cluster, or resource pool: Resource.Assign Virtual Machine to Resource Pool On the destination datastore: Datastore.Allocate Space |
|
|
What are the required privileges for "Migrate a virtual machine with Storage vMotion" |
On the virtual machine or folder of virtual machines: Resource.Migrate Powered On Virtual Machine On the destination datastore: Datastore.Allocate Space |
|
|
What are the required privileges for "Move a host into a cluster" |
On the host: Host.Inventory.Add Host to Cluster On the destination cluster: Host.Inventory.Add Host to Cluster |
|
|
What are the "sample" roles |
- Resource Pool Administrator - Virtual Machine User - VMware Consolidated Backup User - Datastore Consumer - Network Administrator - Virtual Machine Power User - Content Library Administrator |
