Which VMware Single Sign-On component issues Security Assertion Markup Language (SAML) token

A.VMware Security Token Service B.Administration Server C.VMware Directory Service D.Identity Management Service   Answer: A Explanation: The security token service issues Security Assertion Markup Language (SAML) tokens. These security tokens pass information about a system user between anidentity provider and a web service. This service enables a user who has logged on through vCenter Single …

An administrator is configuring the clock tolerance for the Single Sign-On token configuration policy and wants to define the time skew tolerance between a client and the domain controller clock. Which time measurement is used for the value?

A.Milliseconds B.Seconds C.Minutes D.Hours Answer: A Explanation: The time skew tolerance between a client and the domain controller clock is measured in milliseconds. QUESTION NO:

When attempting to log in with the vSphere Web Client, users have reported the error:

Incorrect Username/Password The administrator has configured the Platform Services Controller Identity Source as: Type. Active Directory as an LDAP Server Domain: vmware.com Alias: VMWARE Default Domain: Yes Which two statements would explain why users cannot login to the vSphere Web Client? (Choose two.) A.Users are typing the password incorrectly. B.Users are in a forest that …

Which three options are available for replacing vCenter Server Security Certificates? (Choose three.)

A.Replace with Certificates signedby the VMware Certificate Authority. B.Make VMware Certificate Authority an Intermediate Certificate Authority. C.Do not use VMware Certificate Authority, provision your own Certificates. D.Use SSL Thumbprint mode. E.Replace all VMware Certificate Authority issued Certificates with self-signed Certificates. Answer: A,B,C Explanation: There are three options for replace vCenter server security certificates. You can …

Which two statements are correct regarding vSphere certificates?

(Choose two.) A.ESXi host upgrades do not preserve the SSL certificate and reissue one from the VMware Certificate Authority (VMCA). B.ESXi host upgrades preserve the existing SSL certificate. C.ESXi hosts have assigned SSL certificates from the VMware Certificate Authority (VMCA) during install. D.ESXi hosts have self-signed SSL certificates by default. Answer: B,C Explanation: Of course, …

An administrator has recently audited the environment and found numerous virtual machines with sensitive data written to the configuration files.

To prevent this in the future, which advanced parameter should be applied to the virtual machines? A.isolation.tools.setinfo.disable = true B.isolation.tools.setinfo.enable = true C.isolation.tools.setinfo.disable = false D.isolation.tools.setinfo.enable = false Answer: A Explanation: It is configured on a per-VM basis. You can increase the guest operating system variablememory limit if large amounts of custom information are being …

An administrator has been instructed to secure existing virtual machines in vCenter Server.

Which two actions should the administrator take to secure these virtual machines? (Choose two.) A.Disable native remote management services B.Restrict Remote Console access C.Use Independent Non-Persistent virtual disks D.Prevent use of Independent Non-Persistent virtual disks Answer: B,D   https://pubs.vmware.com/vsphere-4-esx-vcenter/index.jsp#com.vmware.vsphere.server_configclassic.doc_40/esx_server_config/security_for_esx_systems/c_security_for_esx_systems.html  

Which Advanced Setting should be created for the vCenter Server to change the expiration policy of the vpxuser password?

A.VimPasswordExpirationInDays B.VimExpirationPasswordDays C.VimPassExpirationInDays D.VimPasswordRefreshDays Answer: A Explanation: vCenter Server creates the vpxuser account on each ESX/ESXi host that it manages. The password for each vpxuser accountis auto-generated when an ESX/ESXi host is added. The password is updated by default every 30 days. https://kb.vmware.com/kb/1016736