Home » VMware » 2V0-621 v.2 » Which two conditions should be considered when planning this configuration?
An administrator wants to configure an ESXi 6.x host to use Active Directory (AD) to manage users and groups. The AD domain group ESX Admins is planned for administrative access to the host.
Which two conditions should be considered when planning this configuration? (Choose two.)
A. If administrative access for ESX Admins is not required, this setting can be altered.
B. The users in ESX Admins are not restricted by Lockdown Mode.
C. An ESXi host provisioned with Auto Deploy cannot store AD credentials.
D. The users in ESX Admins are granted administrative privileges in vCenter Server.
Correct Answer: AC
Explanation/Reference:
Explanation:
Configure a Host to Use Active Directory
You can configure a host to use a directory service such as Active Directory to manage users and groups.
When you add an ESXi host to Active Directory the DOMAIN group ESX Admins is assigned full administrative access to the host if it exists. If you do not want to make full administrative access available, see VMware Knowledge Base article 1025569 for a workaround.
If a host is provisioned with Auto Deploy, Active Directory credentials cannot be stored on the hosts. You can use the vSphere Authentication Proxy to join the host to an Active Directory domain. Because a trust chain exists between the vSphere Authentication Proxy and the host, the Authentication Proxy can join the host to the Active Directory domain. See Using vSphere Authentication Proxy.
Reference: https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-63D22519-38CC-4A9FAE8597A53CB0948A.html