nerdexam
Broadcom-VMware

2V0-622D · Question #70

An administrator is configuring an identity source for Single Sign-On. The administrator will use the machine that Single Sign-On is running on, but does not want all users on the machine to be visibi

The correct answer is A. Active Directory (Integrated Windows Authentication). Active Directory with Integrated Windows Authentication uses the SSO machine's domain Kerberos identity to authenticate users without exposing the machine's local OS accounts to SSO.

Section 1 – Configure and Administer vSphere 6.5 Security

Question

An administrator is configuring an identity source for Single Sign-On. The administrator will use the machine that Single Sign-On is running on, but does not want all users on the machine to be visibile to SSO. Which Identity Source meets this requirement?

Options

  • AActive Directory (Integrated Windows Authentication)
  • BActive Directory as an LDAP Service
  • COpenLDAP
  • DLocalOS

How the community answered

(52 responses)
  • A
    83% (43)
  • B
    10% (5)
  • C
    2% (1)
  • D
    6% (3)

Why each option

Active Directory with Integrated Windows Authentication uses the SSO machine's domain Kerberos identity to authenticate users without exposing the machine's local OS accounts to SSO.

AActive Directory (Integrated Windows Authentication)Correct

Active Directory (Integrated Windows Authentication) leverages the Kerberos ticket-based domain membership of the machine running SSO to authenticate AD domain users. Because it operates at the domain level rather than the local OS level, only AD domain accounts are visible to SSO - local machine accounts are not included. This satisfies the requirement to use the SSO machine as the identity source while hiding non-domain local users.

BActive Directory as an LDAP Service

Active Directory as an LDAP Service requires a separately specified LDAP server hostname and credentials and does not use the SSO machine's own domain membership as its identity source.

COpenLDAP

OpenLDAP requires an external OpenLDAP directory server to be configured - it is not tied to the SSO machine's local or domain identity and introduces a separate directory dependency.

DLocalOS

LocalOS exposes all user accounts from the local operating system of the machine running SSO, which directly violates the requirement of not making all users on that machine visible to SSO.

Concept tested: vCenter SSO identity source selection for local machine domain users

Source: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.authentication.doc/GUID-A8A97E30-F1E1-4702-AA93-DFE4AE58FDE8.html

Topics

#Single Sign-On#identity source#Active Directory IWA#SSO configuration

Community Discussion

No community discussion yet for this question.

Full 2V0-622D Practice