A new AD domain has just been added to vSphere as an identity source. This new domain has a user group called administrators group.
Which role do the administrators group users have by default, when authenticated to vCenter Server?
A. Read Only
B. No Cryptography Administrator
C. Administrator
D. No Access
This question is tricky. Key seems to be domain added as an identity source but not the group.
https://docs.vmware.com/en/VMware-vSphere/5.5/com.vmware.vsphere.security.doc/GUID-1F0106C9-0524-4583-9AC5-A748FD1DC4C5.html
vCenter Single Sign-On does not propagate permissions that result from nested groups from dissimilar identity sources. For example, if you add the Domain Administrators group to the Local Administrators group, the permissions are not propagated because Local OS and Active Directory are separate identity sources.
D is the best answer without being given further information.
There does not to appear to be any official 6.7 document referencing this but the closest link I believe is still applicable with this question regardless of LDAP considerations when authenticating to a vCenter server.
According to https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.security.doc/GUID-63D22519-38CC-4A9F-AE85-97A53CB0948A.html only ESX Admins is a preconfigured Administrators group. All others have no default access, so the Answer is D
Adding Identity Source in vCenter is just a prerequisite to give someone an rights. Next you have to map AD user/group to vCenter privilege/permission. Right Answer is D – No Access
D. https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.security.doc/GUID-93B962A7-93FA-4E96-B68F-AE66D3D6C663.html