Home » VMware » 2V0-621 » Which two steps should be taken to mitigate security risks associated with this configuration?
A common root user account has been configured for a group of ESXi 6.x hosts.
Which two steps should be taken to mitigate security risks associated with this configuration? (Choose two.)
A. Remove the root user account from the ESXi host.
B. Set a complex password for the root account and limit its use.
C. Use ESXi Active Directory capabilities to assign users the administrator role.
D. Use Lockdown mode to restrict root account access.
Correct Answer: BC
Explanation/Reference:
Explanation:
root User Privileges
By default each ESXi host has a single root user account with the Administrator role. That root user account can be used for local administration and to connect the host to vCenter Server.
This common root account can make it easier to break into an ESXi host and make it harder to match actions to a specific administrator.
Set a highly complex password for the root account and limit the use of the root account, for example, for use when adding a host to vCenter Server. Do not remove the root account. In vSphere 5.1 and later, only the root user and no other named user with the Administrator role is permitted to add a host to vCenter Server.
Best practice is to ensure that any account with the Administrator role on an ESXi host is assigned to a specific user with a named account.
Use ESXi Active Directory capabilities, which allow you to manage Active Directory credentials if possible.
Reference:
https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-55F14938-8A2F-4703-8A60-3516F9C3E312.html