Section 4 – Install and Configure vCenter Server
- Objective 4.4 – Configure Access Control
To open a Port on a Host’s Firewall, what command is used?
Open a port:
esxcfg-firewall -o 465,tcp,out,out-smtps
What command is used to list the services controlled by the firewall?
To list the services currently controlled by the firewall:
To close a Port on a Host’s Firewall, what command is used?
Close a port:
esxcfg-firewall -c 465,tcp,out
What command is used to list the current firewall rules on a Host?
To list the firewall rules:
esxcfg-firewall -q [servicename]
SSH operates on which Port?
The standard TCP port 22 has been assigned for contacting SSH servers.
To disable a service on a Host’s Firewall, what command is used?
Disable a service:
esxcfg-firewall -d [servicename]
esxcfg-firewall -d sshClient
In order for changes to a Host’s Firewall to be committed, what command must be used?
A.service firewall restart
B.service mgmt-vmware restart
C.service mgmt-vmware start
D.service mgmt-vmware stop
Mastering VMware vSphere 4, page 52.
Type the following command to apply the changes made to the Service Console firewall:
service mgmt-vmware restart
To enable a service on a Host’s Firewall, what command is used?
Enable a service:
esxcfg-firewall -e [servicename]
esxcfg-firewall -e sshClient
To list the current firewall settings which command would you use?
-q|–query Lists current settings.
ESX Service Console user authentication (Choose Two)?
A.can use a central directory service for password checking only
B.requires local accounts
C.requires users to change their passwords every 6 months by default
D.controls vCenter authentication for vSphere Client users
Enabling Active Directory Authentication with ESX Server, page2.
A variety of authentication providers are available for use. ESX Server includes services that can be used to meet your authentication needs but also supports the use of other authentication providers. This is especially useful in cases where a collection of users has already been established, as in organizations using Active Directory. To facilitate the use of such providers, ESX Server includes an option in the esxcfg tool to configure the use of other authentication providers, (A).
ESX Configuration Guide ESX 4.0 vCenter Server 4.0, page 165.
The default installation of ESX uses /etc/passwd authentication as Linux does, but you can configure ESX to use another distributed authentication mechanism, (B).
Which vCenter Server role, by default, has performance privileges?
A.Virtual Machine Power User NO
B.Virtual Machine Administrator
C.Resource Pool Administrator NO
E.None of the other answers are correct.
Managing VMware VirtualCenter Roles and Permissions, page 5.
Table 1 – Sample roles included in VirtualCenter 2.x
Virtual Machine Administrator (equivalent to the role with the same name in VirtualCenter 1.x)
Perform actions on global items, folders, datacenters, datastores, hosts, virtual machines, resources, alarms, and sessions. This includes:
All privileges for all privilege groups, except permissions.
The default ESX service console firewall (Choose Two)?
A.is configured for high security
B.blocks all traffic unless specifically allowed
C.is configured for medium security
D.allows all traffic unless specifically blocked
Mastering VMware vSphere 4, page 565.
Both incoming and outgoing connections, only those ports necessary for managing the virtual machines and the ESX host are open. The default mode of operation is High security.
On an ESX Host, a particular user is assigned the Administrator role. However, when that user logs into the vCenter Server, he has Read Only permissions. What most likely caused this?
A.ESX Server permission assignments do not propagate to the vCenter Server
B.The permissions assigned on the ESX Server will not update in vCenter until the next scheduled update interval
C.The ESX Server is not joined to the Active Directory domain
D.The user has Read Only permissions specifically assigned to an item, which overrides propagated permissions
vSphere Basic System Administration vCenter Server 4.0 ESX 4.0 ESXi 4.0, page 211.
The privileges and roles assigned on an ESX/ESXi host are separate from the privileges and roles assigned on a vCenter Server system. When you manage a host using vCenter Server, only the privileges and roles assigned through the vCenter Server system are available. If you connect directly to the host using the vSphere Client, only the privileges and roles assigned directly on the host are available, (A).
Assuming a user or a group is assigned a single vCenter Server role, if the role is then removed, which of the following occurs?
A.Users or groups retain the permissions associated with the removed role until they are manually assigned a new role
B.Users or groups are automatically assigned the Read Only role until an administrator can manually assign a new role
C.Users or groups assigned the removed role no longer have any permissions in vCenter
D.A role assigned to existing users or groups cannot be removed until all users or groups are removed from the role
The screenshot below shows that users or groups assigned the removed role no longer have any permissions in vCenter if the default option is selected.
Which three are ESX Server pre-defined roles? (Choose three.)
B.Virtual Machine User
D.Virtual Machine Administrator
The screenshot below shows the pre-defined roles of an ESX Server.
For what reason would an ESX Server administrator send an end user a remote console URL?
A.because remote console URLs are used to delegate administrative tasks performed on the ESX service console
B.to go directly to the state of a specific virtual machine snapshot that can be resumed by the end user with a vSphere Client
C.to provide a lightweight user interface to a virtual machine without a vSphere Client
D.for quick access to a specific virtual machine from the vSphere Client
Virtual Infrastructure Web Access Administrator’s Guide : Using Virtual Infrastructure Web Access to Manage Virtual Machines : Creating and Sharing Remote Console URLs Using VI Web Access, you can create a remote console URL of a virtual machine using ordinary Web browser.