2V0-622 · Question #24
An administrator would like to use a passphrase for their ESXi 6.x hosts which has these characteristics: -Minimum of 21 characters -Minimum of 2 words Which advanced options must be set to allow this
The correct answer is B. retry=3 min=disabled, disabled, 21, 7, 7 passphrase=2. ESXi 6.x passphrase configuration relies on pam_passwdqc, where the third positional value in the min parameter (N2) sets the minimum passphrase character length and the separate passphrase option sets the minimum word count.
Question
An administrator would like to use a passphrase for their ESXi 6.x hosts which has these characteristics:
-Minimum of 21 characters -Minimum of 2 words Which advanced options must be set to allow this passphrase configuration to be used?
Options
- Aretry=3 min=disabled, disabled, 7, 21, 7 passphrase=2
- Bretry=3 min=disabled, disabled, 21, 7, 7 passphrase=2
- Cretry=3 min=disabled, disabled, 2, 21, 7
- Dretry=3 min=disabled, disabled, 21, 21, 2
How the community answered
(26 responses)- A12% (3)
- B81% (21)
- D8% (2)
Why each option
ESXi 6.x passphrase configuration relies on pam_passwdqc, where the third positional value in the min parameter (N2) sets the minimum passphrase character length and the separate passphrase option sets the minimum word count.
min=disabled,disabled,7,21,7 places 7 in the N2 (passphrase length) position and 21 in the N3 (3-class regular password) position, meaning passphrases only need 7 characters rather than the required 21.
The pam_passwdqc min parameter uses five positional values (N0,N1,N2,N3,N4); N2 controls minimum passphrase length, so min=disabled,disabled,21,7,7 places 21 in the N2 slot requiring passphrases to be at least 21 characters long, and passphrase=2 independently enforces a minimum of 2 words, satisfying both stated requirements.
min=disabled,disabled,2,21,7 places 2 in the N2 position, setting minimum passphrase length to only 2 characters instead of 21, and the option also omits the required passphrase= keyword that controls the minimum word count.
min=disabled,disabled,21,21,2 places the value 2 in the N4 position (minimum length for 4-class passwords) rather than using the dedicated passphrase= keyword, so the word count requirement for passphrases is never correctly configured.
Concept tested: ESXi pam_passwdqc passphrase min length and word count configuration
Source: https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.security.doc/GUID-E9D37923-7F04-4E4D-9B5C-8D9B93F78E4F.html
Topics
Community Discussion
No community discussion yet for this question.