An organization has a cluster of 6 ESXi hosts. Security policy requires that all administrative
activity occurs through vCenter Server and not directly on the hosts.
Which action should a system administrator take to enforce this policy?
A.
Use the vSphere client to right-click on the cluster and select Enable lockdown mode on the
ESXi hosts in the cluster.
B.
Use the vSphere client to navigate to the Security Profile of each ESXi host and enable
lockdown mode.
C.
Connect to the DCUI of each ESXi host and navigate the menus to the Troubleshooting
Options and enable lockdown mode.
D.
Connect to the ESXi shell on each host and type the command service lockdown start.
Explanation:
B is correct
When you enable Lockdown mode, only the vpxuser has authentication permissions. Other users cannot perform any operations directly on the host. Lockdown mode forces all operations to be performed through vCenter Server.
If you enable or disable Lockdown mode using the DCUI, permissions for users and groups on the host are discarded. To preserve these permissions, you must enable or disable Lockdown mode using the vSphere Client connected to vCenter Server.
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1008077
http://kb.stonegroup.co.uk/kb_upload/image/vmware5_lockdown_mode.PNG
Another EVIL question, took a while to even understand the question, whoever designed this is purely evil bastard
C is a possible option to enforce the policy, but pay attention… C is incorrect because doing so would be in breach of the security policy itself, not because using the DCUI would discard all permissions on the host, which is not a requirement in this question. The main issue here is that if you use DCUI you’d be actually violating the policy because you didn’t use vCenter.
Really tricky question, you vmbastards!
C is not a possible option because “lockdown mode” not is within “Troubleshooting
Options” on DCUI