2V0-622 · Question #18
A common root user account has been configured for a group of ESXi 6.x hosts. Which two steps should be taken to mitigate security risks associated with this configuration? (Choose two.)
The correct answer is B. Set a complex password for the root account and limit its use. C. Use ESXi Active Directory capabilities to assign users the administrator role.. Sharing a root account across multiple ESXi hosts is a security risk best mitigated by enforcing a strong password with minimal use and replacing shared root usage with individual AD-authenticated administrator accounts.
Question
A common root user account has been configured for a group of ESXi 6.x hosts. Which two steps should be taken to mitigate security risks associated with this configuration? (Choose two.)
Options
- ARemove the root user account from the ESXi host.
- BSet a complex password for the root account and limit its use.
- CUse ESXi Active Directory capabilities to assign users the administrator role.
- DUse Lockdown mode to restrict root account access.
How the community answered
(46 responses)- A7% (3)
- B83% (38)
- D11% (5)
Why each option
Sharing a root account across multiple ESXi hosts is a security risk best mitigated by enforcing a strong password with minimal use and replacing shared root usage with individual AD-authenticated administrator accounts.
The root account is a built-in system account on ESXi and cannot be removed; VMware does not support deleting the root user from a host.
Setting a complex, unique password for root and limiting its use reduces the blast radius if credentials are compromised and discourages casual shared use that leads to lack of accountability.
Joining ESXi hosts to Active Directory and assigning individual domain users the administrator role eliminates the need to share root credentials, provides per-user audit trails, and follows the principle of least privilege.
Lockdown Mode restricts all direct host access broadly rather than specifically limiting root account usage, and enabling it could block legitimate administrative workflows without addressing the shared-credential root cause.
Concept tested: ESXi root account security hardening and AD integration
Source: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-A1C4B8C0-2B37-4F7B-9D2E-0F5E4E6D0A4D.html
Topics
Community Discussion
No community discussion yet for this question.