The vSphere administrator attempts to connect to an ESXi host via an SSH client and receives the following security alert:
-- Exhibit —
-- Exhibit —
The vSphere administrator needs to determine whether the RSA key fingerprint shown in the security alert is the fingerprint of the intended ESXi host.
Which tool should the vSphere administrator use?
A. Direct Console User Interface
B. vSphere Client
C. vSphere Web Client
D. vSphere Management Assistant
Correct Answer: A
Explanation/Reference:
Explanation:
We need to view the RSA key fingerprint/thumbprint of the ESXi host then compare it to that shown in the security alert. To view the thumbprint of the ESXi host, we use the Direct Console User Interface (DCUI).
To prevent man-in-the-middle attacks and to fully use the security that certificates provide, certificate checking is enabled by default. You can verify that certificate checking is enabled in the vSphere Web Client.
Procedure
Browse to the vCenter Server system in the vSphere Web Client object navigator.
Select the Manage tab, click Settings, and click General.
Click Edit.
Click SSL Settings and verify that vCenter requires verified host SSL certificates is selected.
If there are hosts that require manual validation, compare the thumbprints listed for the hosts to the thumbprints in the host console.
To obtain the host thumbprint, use the Direct Console User Interface (DCUI).
Log in to the direct console and press F2 to access the System Customization menu.
Select View Support Information.
The host thumbprint appears in the column on the right.
If the thumbprint matches, select the Verify check box next to the host.
Hosts that are not selected will be disconnected after you click OK.
Click OK.
Incorrect Answers:
B: We cannot view the thumbprint in the vSphere Client. Therefore, this answer is incorrect.
C: We use the vSphere Web Client initially to connect to the vCenter server but then we open the Direct Console User Interface (DCUI) to view the thumbprint. Therefore, this answer is incorrect.
D: The vSphere Management Assistant (vMA) allows administrators and developers to run scripts and agents to manage ESXi hosts and vCenter Server systems. However, it is not used to view the RSA thumbprint of an ESXi host. Therefore, this answer is incorrect.
References:
http://pubs.vmware.com/vsphere-55/index.jsp#com.vmware.vsphere.security.doc/GUID-59AA89EC-EF6A-4A56-AB3D-76540484B8E6.html