nerdexam
Broadcom-VMware

2V0-622 · Question #17

Strict Lockdown Mode has been enabled on an ESXi host. Which action should an administrator perform to allow ESXi Shell or SSH access for users with administrator privileges?

The correct answer is B. Add the users to Exception Users and enable the service.. In Strict Lockdown Mode, only users listed as Exception Users can be granted direct ESXi Shell or SSH access; no other role assignment bypasses this restriction.

Section 1 – Configure and Administer vSphere 6.5 Security

Question

Strict Lockdown Mode has been enabled on an ESXi host. Which action should an administrator perform to allow ESXi Shell or SSH access for users with administrator privileges?

Options

  • AGrant the users the administrator role and enable the service.
  • BAdd the users to Exception Users and enable the service.
  • CNo action can be taken, Strict Lockdown Mode prevents direct access.
  • DAdd the users to vsphere.local and enable the service.

How the community answered

(18 responses)
  • A
    17% (3)
  • B
    72% (13)
  • C
    6% (1)
  • D
    6% (1)

Why each option

In Strict Lockdown Mode, only users listed as Exception Users can be granted direct ESXi Shell or SSH access; no other role assignment bypasses this restriction.

AGrant the users the administrator role and enable the service.

Assigning the administrator role does not exempt a user from Strict Lockdown Mode restrictions; role assignment and lockdown mode exception lists are independent controls.

BAdd the users to Exception Users and enable the service.Correct

VMware's Strict Lockdown Mode blocks all direct host access except for accounts explicitly added to the Exception Users list in the Direct Console User Interface (DCUI) or vCenter. Adding users to Exception Users and then enabling the ESXi Shell or SSH service is the only supported mechanism to allow that access while keeping Strict Lockdown Mode active.

CNo action can be taken, Strict Lockdown Mode prevents direct access.

Strict Lockdown Mode does not make direct access completely impossible - the Exception Users list exists precisely to allow controlled individual exceptions.

DAdd the users to vsphere.local and enable the service.

vsphere.local is the SSO domain for vCenter Server identity, not a mechanism for bypassing ESXi host-level Strict Lockdown Mode restrictions.

Concept tested: ESXi Strict Lockdown Mode Exception Users configuration

Source: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-88B24C81-7C8E-4D93-8070-94CE8B8672A4.html

Topics

#strict lockdown mode#exception users#ESXi shell#SSH access

Community Discussion

No community discussion yet for this question.

Full 2V0-622 Practice