Home » VMware » VCP550D » Which action should a system administrator take to enforce this policy?
An organization has a cluster of 6 ESXi hosts. Security policy requires that all administrative activity occurs through vCenter Server and not directly on the hosts.
Which action should a system administrator take to enforce this policy?
A. Use the vSphere client to right-click on the cluster and select Enable lockdown mode on the ESXi hosts in the cluster.
B. Use the vSphere client to navigate to the Security Profile of each ESXi host and enable lockdown mode.
C. Connect to the DCUI of each ESXi host and navigate the menus to the Troubleshooting Options and enable lockdown mode.
D. Connect to the ESXi shell on each host and type the command service lockdown start.
Correct Answer: B
Explanation/Reference:
Explanation:
You can enable lockdown mode to compel all configuration changes go through vCenter Server. The steps for achieving this via vSphere Client is shown below:
Log in to a vCenter Server system using the vSphere Client.
Select the host in the inventory panel.
Click the Configuration tab and click Security Profile.
Click the Edit link next to lockdown mode.
The Lockdown Mode dialog box appears.
Select Enable Lockdown Mode.
Click OK.
Incorrect Answers:
A: You are not able to enable lockdown mode for the entire cluster via the vSphere Client.
C: If you enable or disable lockdown mode using the Direct Console User Interface, permissions for users and groups on the host are discarded. This means that administrative activity will not be able to occur through vCenter Server.
D: Enabling Lockdown Mode cannot be done in this manner.
References:
https://pubs.vmware.com/vsphere-51/index.jsp#com.vmware.vsphere.security.doc/GUID-BB698C3D-CBC7-40ED-A3CB-C16A8CAF058E.html
https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-3705562C-206E-456A-AFCE-5FB80557B282.html