An organization’s security policy requires a design where the ESXi hosts will be manageable only through vCenter Server.
Which two security configurations will help meet this requirement? (Choose two.)
A. enable lockdown mode strict
B. disable DCUI access
C. enable lockdown mode normal
D. disable shell access
A&D are correct. “STRICT Lockdown mode – The host can only be accessed through vCenter Server. If SSH or the ESXi Shell is enabled, running sessions for accounts in the DCUI.Access advanced option and for Exception User accounts that have administrator privileges remain enabled. All other sessions are closed.”
A & D
As discussed in the link posted by Megalodon.
A & D are correct
A & D
With strict mode DCUI is already disabled.
https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.security.doc/GUID-83E1802D-D05A-48CF-92E9-4A98CEDCE911.html
Correct