Broadcom-VMware
2V0-621 · Question #28
2V0-621 Question #28: Real Exam Question with Answer & Explanation
The correct answer is B: ESXi host upgrades preserve the existing SSL certificate.. In vSphere, ESXi hosts receive SSL certificates from VMCA when added to vCenter, and those certificates are retained - not replaced - when the host is upgraded.
Question
Which two statements are correct regarding vSphere certificates? (Choose two.)
Options
- AESXi host upgrades do not preserve the SSL certificate and reissue one from the VMware
- BESXi host upgrades preserve the existing SSL certificate.
- CESXi hosts have assigned SSL certificates from the VMware Certificate Authority (VMCA) during
- DESXi hosts have self-signed SSL certificates by default.
Explanation
In vSphere, ESXi hosts receive SSL certificates from VMCA when added to vCenter, and those certificates are retained - not replaced - when the host is upgraded.
Common mistakes.
- A. This statement is incorrect - ESXi host upgrades preserve the existing certificate rather than reissuing a new one from VMCA, maintaining continuity of secure management connections.
- D. ESXi hosts managed by a vCenter Server receive VMCA-signed certificates by default rather than purely self-signed certificates, which was the pre-vSphere 6.0 behavior before VMCA was introduced.
Concept tested. vSphere VMCA certificate assignment and upgrade certificate preservation
Community Discussion
No community discussion yet for this question.