nerdexam
Broadcom-VMware

2V0-621 · Question #29

Which three options are available for replacing vCenter Server Security Certificates? (Choose three.)

The correct answer is A. Replace with Certificates signed by the VMware Certificate Authority. B. Make VMware Certificate Authority an Intermediate Certificate Authority. C. Do not use VMware Certificate Authority, provision your own Certificates.. VMware supports three certificate management modes for vCenter Server, each offering different levels of CA control and integration.

Section 1 – Configure and Administer vSphere 6.x Security

Question

Which three options are available for replacing vCenter Server Security Certificates? (Choose three.)

Options

  • AReplace with Certificates signed by the VMware Certificate Authority.
  • BMake VMware Certificate Authority an Intermediate Certificate Authority.
  • CDo not use VMware Certificate Authority, provision your own Certificates.
  • DUse SSL Thumbprint mode.
  • EReplace all VMware Certificate Authority issued Certificates with self-signed Certificates.

How the community answered

(47 responses)
  • A
    94% (44)
  • D
    4% (2)
  • E
    2% (1)

Why each option

VMware supports three certificate management modes for vCenter Server, each offering different levels of CA control and integration.

AReplace with Certificates signed by the VMware Certificate Authority.Correct

Replacing with VMCA-signed certificates is the default mode where VMCA acts as a root CA and signs all solution and machine SSL certificates directly.

BMake VMware Certificate Authority an Intermediate Certificate Authority.Correct

Making VMCA an intermediate CA is a hybrid mode where an enterprise CA signs the VMCA certificate, allowing VMCA to issue certificates that chain up to a trusted enterprise root.

CDo not use VMware Certificate Authority, provision your own Certificates.Correct

Using custom certificates entirely bypasses VMCA, allowing organizations to provision and manage their own certificates from an external CA for full control.

DUse SSL Thumbprint mode.

SSL Thumbprint mode is a legacy ESXi host connection method, not a supported certificate replacement option for vCenter Server.

EReplace all VMware Certificate Authority issued Certificates with self-signed Certificates.

Replacing VMCA-issued certificates with self-signed certificates is not a supported or recommended certificate management mode in vSphere.

Concept tested: vCenter Server certificate management modes

Source: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.authentication.doc/GUID-0EF9BCE9-F09C-4AC7-AFB6-8F3D9E6E8FDB.html

Topics

#certificate replacement#VMCA#intermediate CA#certificate options

Community Discussion

No community discussion yet for this question.

Full 2V0-621 Practice