2V0-622 · Question #17
Strict Lockdown Mode has been enabled on an ESXi host. Which action should an administrator perform to allow ESXi Shell or SSH access for users with administrator privileges?
The correct answer is B. Add the users to Exception Users and enable the service.. In Strict Lockdown Mode, only users listed as Exception Users can be granted direct ESXi Shell or SSH access; no other role assignment bypasses this restriction.
Question
Strict Lockdown Mode has been enabled on an ESXi host. Which action should an administrator perform to allow ESXi Shell or SSH access for users with administrator privileges?
Options
- AGrant the users the administrator role and enable the service.
- BAdd the users to Exception Users and enable the service.
- CNo action can be taken, Strict Lockdown Mode prevents direct access.
- DAdd the users to vsphere.local and enable the service.
How the community answered
(18 responses)- A17% (3)
- B72% (13)
- C6% (1)
- D6% (1)
Why each option
In Strict Lockdown Mode, only users listed as Exception Users can be granted direct ESXi Shell or SSH access; no other role assignment bypasses this restriction.
Assigning the administrator role does not exempt a user from Strict Lockdown Mode restrictions; role assignment and lockdown mode exception lists are independent controls.
VMware's Strict Lockdown Mode blocks all direct host access except for accounts explicitly added to the Exception Users list in the Direct Console User Interface (DCUI) or vCenter. Adding users to Exception Users and then enabling the ESXi Shell or SSH service is the only supported mechanism to allow that access while keeping Strict Lockdown Mode active.
Strict Lockdown Mode does not make direct access completely impossible - the Exception Users list exists precisely to allow controlled individual exceptions.
vsphere.local is the SSO domain for vCenter Server identity, not a mechanism for bypassing ESXi host-level Strict Lockdown Mode restrictions.
Concept tested: ESXi Strict Lockdown Mode Exception Users configuration
Source: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-88B24C81-7C8E-4D93-8070-94CE8B8672A4.html
Topics
Community Discussion
No community discussion yet for this question.