What are two ways that this can be accomplished?

An administrator decides to change the root password for an ESXi 6.x host to comply with the company’s security policies.
What are two ways that this can be accomplished? (Choose two.)

An administrator decides to change the root password for an ESXi 6.x host to comply with the company’s security policies.
What are two ways that this can be accomplished? (Choose two.)

A.
Use the Direct Console User Interface to change the password.

B.
Use the passwd command in the ESXi Shell.

C.
Use the password command in the ESXi Shell.

D.
Use the vSphere client to update local users.

Explanation:
Explanation/Reference:

Show Hint

Leave a Reply 16

Your email address will not be published. Required fields are marked *

babar

babar

A and B are correct

Reply

b1lb0

b1lb0

B doesn’t work for ESXi 3.5 and higher
A and D are correct.

Reply

SomeDude

SomeDude

B does work: KB1004659 Updated Dec 22, 2016 (Gotta love the support people looking to get the KB points…) Product versions…. VMware ESXi 6.0

Reply

b1lb0

b1lb0

Ok, B does work indeed, but A and D works as well (tested), so there are 3 valid answers and only 2 possible picks, so it seems like question is broken.

Is there any reason you wouldn’t use D as an answer?

Reply

Dasher

Dasher

Great point b1lb0. I’m with you. I don’t see why D isn’t a valid answer.

From the link jmarsj posted, I’d definitely say that B is an answer VMware wants. The question is whether A or D is more correct. The question mentions the companies security policies and I’d say that it is more common to have Lockdown mode enabled than turning off DCUI simply because DCUI also has a physical layer of security around it. But this doesn’t seem definitive enough to justify it being the answer. Seems a bit like a toss up

Reply

SomeDude

SomeDude

UGH, bad question

Reply

Chris

Chris

I’m leaning towards A/D. B does indeed work but doesn’t look like it’s supported from the KB link

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004659

In ESXi 3.5 and later versions, reinstalling the ESXi software is the only supported way to reset a password if the root password is forgotten. Any other method may lead to a host failure or an unsupported configuration due to the complex nature of the ESXi architecture. ESXi does not have a service console, and the traditional Linux methods of resetting a password, such as single-user mode, do not apply.

Reply

karank

karank

A & B are correct (tested on ESXi 6.0.0, 3620759)

D does not work because you cannot update local users with a web client starting vSphere 5.0. Refer to the 5.1 documentation –

https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-670B9B8C-3810-4790-AC83-57142A9FE16F.html

Procedure
1. Log in to ESXi using the vSphere Client.
You cannot create ESXi users with the vSphere Web Client. You must directly log into the host with the vSphere Client to create ESXi users.
Note: You cannot perform this task on vCenter Server.

Reply

andy75

andy75

But D does not say “Web Client” however. vSphere Client (aka C# Client) does allow for this kind of changes directly on ESX.

Reply

andy75

andy75

Have just double-checked it… ‘D’ is 100% correct. So, there’re 3 (three) correct answers: A, B, D. Which means VMware Edu folks made yet another blunder with this one. They apparently meant to say “vSphere Web Client” in D to make it incorrect.

Reply

Ramon

Ramon

The question mentions ESXi 6.x, that means 6.0 or 6.5. In 6.5 the C# Client is not available anymore. So A/B should be valid.

Reply

andy75

andy75

When the test was made available including this very question, there was no v6.5 yet.
Also, now VMware uses the same brand of “vSphere Client” (HTML 5 based, not C#) for management via vCenter, as well as to connect directly to ESXi. So ‘D’ is still a valid answer. Either the exam dump is incorrect or VMware Education folks made an error.

Reply

Dude

Dude

Its B done via ‘paswd’ which is supported on 6.0 / 6.5 still and D via a host profile via the web client under and remediation using only ‘Security Configuration’ section.

Reply