nerdexam
Broadcom-VMware

2V0-622 · Question #222

In which two vsphere.local groups should an administrator avoid adding members? (Choose two.)

The correct answer is A. SolutionUsers B. Administrators. Certain vsphere.local groups are reserved for internal vSphere system use and should not have members manually added to avoid disrupting authentication and privileged access.

Section 1 – Configure and Administer vSphere 6.5 Security

Question

In which two vsphere.local groups should an administrator avoid adding members? (Choose two.)

Options

  • ASolutionUsers
  • BAdministrators
  • CDCAdmins
  • DExternalPDUsers

How the community answered

(25 responses)
  • A
    88% (22)
  • C
    4% (1)
  • D
    8% (2)

Why each option

Certain vsphere.local groups are reserved for internal vSphere system use and should not have members manually added to avoid disrupting authentication and privileged access.

ASolutionUsersCorrect

SolutionUsers is reserved exclusively for internal vSphere solution accounts such as vCenter Server and the vSphere Web Client service. Adding regular user accounts to this group can break internal component-to-component authentication within the SSO domain.

BAdministratorsCorrect

The vsphere.local Administrators group grants unrestricted administrative control over the vCenter Single Sign-On domain and all registered solutions. VMware explicitly recommends against adding members here to prevent unintended privilege escalation across the entire vSphere environment.

CDCAdmins

DCAdmins is not flagged by VMware as a group to avoid populating; it does not carry the same internal system-reservation risk as SolutionUsers or Administrators.

DExternalPDUsers

ExternalPDUsers holds accounts synchronized from external identity providers and does not have the same internal-use restrictions that make SolutionUsers and Administrators groups dangerous to modify.

Concept tested: vsphere.local SSO group membership restrictions

Source: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.authentication.doc/GUID-CDEA6F32-7581-4615-8572-E0B44C11D80D.html

Topics

#vsphere.local groups#SSO#SolutionUsers#identity management

Community Discussion

No community discussion yet for this question.

Full 2V0-622 Practice