2V0-622 Question #29: Real Exam Question with Answer & Explanation

The correct answer is A: Replace with Certificates signed by the VMware Certificate Authority.. vCenter Server provides three supported modes for managing TLS certificates: using VMCA-signed certs, making VMCA an intermediate CA chained to an enterprise CA, or bypassing VMCA entirely with custom certificates.

Question

Which three options are available for replacing vCenter Server Security Certificates? (Choose three.)

Options

AReplace with Certificates signed by the VMware Certificate Authority.
BMake VMware Certificate Authority an Intermediate Certificate Authority.
CDo not use VMware Certificate Authority, provision your own Certificates.
DUse SSL Thumbprint mode.
EReplace all VMware Certificate Authority issued Certificates with self-signed Certificates.

Explanation

vCenter Server provides three supported modes for managing TLS certificates: using VMCA-signed certs, making VMCA an intermediate CA chained to an enterprise CA, or bypassing VMCA entirely with custom certificates.

Common mistakes.

D. SSL Thumbprint mode is a legacy ESXi host connection mode for bypassing certificate verification, not a certificate replacement strategy for vCenter Server.
E. Replacing VMCA-issued certificates with self-signed certificates is not a supported or recommended workflow - self-signed certs outside VMCA introduce unmanaged trust anchor issues.

Concept tested. vCenter Server certificate management modes

Reference. https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.authentication.doc/GUID-0076A3A6-5D4C-407D-A7B5-9B64AD97CCA3.html

Community Discussion

No community discussion yet for this question.

Full 2V0-622 Practice