nerdexam
Exams2V0-621Questions#244
Broadcom-VMware

2V0-621 · Question #244

2V0-621 Question #244: Real Exam Question with Answer & Explanation

The correct answer is A: Replace the VMCA root certificate before adding the ESXi hosts to vCenter Server.. Replacing the VMCA root certificate before adding ESXi hosts ensures all hosts automatically receive certificates signed by the new root, requiring the least administrative effort.

Question

An administrator is implementing a vSphere 6.x environment containing one vCenter and five ESXi hosts. The administrator has just finished deploying the vCenter Server appliance with an embedded Platform Services Controller (PSC) and need to ensure that default security certificates within the vSphere 6.x environment are replaced with new certificates. What should the administrator do to complete this task the least administrative effort?

Options

  • AReplace the VMCA root certificate before adding the ESXi hosts to vCenter Server.
  • BCreate ESXi host security certificates using the SSL. Thumbprint mode to ensure consistency
  • CAdd the ESXi hosts to vCenter Server before updating the VMCA root certificate on the PSC.
  • DMake VMCA an Intermediate Certificate Authority to ensure each added ESXi hosts receives

Explanation

Replacing the VMCA root certificate before adding ESXi hosts ensures all hosts automatically receive certificates signed by the new root, requiring the least administrative effort.

Common mistakes.

  • B. SSL Thumbprint mode is a legacy fallback mechanism that does not leverage VMCA-signed certificates and does not ensure consistent PKI-based security across the environment.
  • C. Adding hosts before updating the VMCA root means all hosts initially receive certs from the old VMCA root, requiring a separate certificate renewal operation for each host afterward - increasing administrative effort.
  • D. Making VMCA an Intermediate CA requires integrating with an enterprise CA, submitting CSRs, and distributing new root trust chains - significantly more administrative effort than a simple VMCA root replacement.

Concept tested. VMCA root certificate replacement order for minimal effort

Reference. https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.security.doc/GUID-A2D4F1A0-E61C-4E8B-AC41-B93C8AD497FC.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 2V0-621 Practice