A network auditing team has observed activity from a virtual machine that may be an organization
policy security breach. The vSphere administrator needs to stop network traffic from the virtual
machine.
Which step should the administrator take?
A.
Enable Port Blocking on the vSphere Standard Switches in the organization and block the port
on which the virtual machine is connected.
B.
Enable Port Blocking on each vSphere Standard Switch portgroup in the organization, then
block the port on which the virtual machine is connected.
C.
Enable Port Blocking on each vSphere Distributed Switch portgroup in the organization, then
block the port on which the virtual machine is connected.
D.
Enable Port Blocking on the vSphere Distributed Switches in the organization and block the
port on which the virtual machine is connected.
Explanation:
Answer is C.
http://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.networking.doc%2FGUID-6449C222-4B4B-4EBD-B5E9-850FE0870CEA.html
Port Blocking is not available as part of vSphere standard switches.
Port Blocking must be enabled on the portgroup specifically
Answer is C
For 5.5:
http://pubs.vmware.com/vsphere-55/topic/com.vmware.ICbase/PDF/vsphere-esxi-vcenter-server-55-networking-guide.pdf
See the bottom of page 115.
I really hope they extend this ability to standard switches in a future release.
A and B can be ruled out right away as the feature is not supported on standard v-switches. D is the next to eliminate since port blocking, along with most vDS settings, is done on the port group level.
However, why does ‘C’ option forces to make the change on __each__ port group – only VMware Education folks would know in their infinite wisdom… This is just plain silly as any admin in his right mind would simply go to a respective vDS port and enable its blocking. No need to even do anything on the port group level as Block Port Override for individual ports is enabled by default.
C : Enable Port Blocking on each vSphere Distributed Switch portgroup in the organization, then block the port on which the virtual machine is connected.
Because disconnecting the nic is too mainstream..