Term
What does lockdown mode do? |
|
Definition
Stops users performing operations directly on the host. Operations must be performed using vCenter Server |
|
|
Term
Which single user has authentication permissions during lockdown mode? |
|
Definition
|
|
Term
T/F: A host in lockdown mode can run vCLI commands from an administration server, a script or from the vMA on the host |
|
Definition
False: no actions can be performed except from vCenter Server |
|
|
Term
T/F: You can enable and disable lockdown mode from the Direct Console User Interface (DCUI) |
|
Definition
True: however, if you do so from the DCUI, permissions for users and groups on the host are discarded. To preserve those permissions, enable lockdown mode using the vSphere Client connected to vCenter Server |
|
|
Term
T/F: If ESXi Shell, SSH, or DCUI services are enabled when a host goes into lockdown mode, these services will continue to run |
|
Definition
True: Enabling or disabling lockdown mode affects which types of users are authorized to access host services, but does not affect the availability of those services |
|
|
Term
Which Network Security Policy effects VM transmitted traffic? |
|
Definition
|
|
Term
Which Network Security Policy effects VM received traffic |
|
Definition
|
|
Term
Which Network Security Policies are Rejected by default? Which are Accepted by default? |
|
Definition
Rejected: Promiscuous Mode Accepted: Forged Transmits, MAC Address Changes |
|
|
Term
Promiscuous Mode can be defined at which level?
A. Virtual Switch Level Only B. Portgroup Level Only C. Both Virtual Switch and Portgroup Levels |
|
Definition
C. Both Virtual Switch and Portgroup Levels |
|
|
Term
T/F: A VM, Service Console, or VMkernel NW interface in a portgrouip which allows promiscuous mode can see only traffic specifically addressed to it in promiscuous mode. |
|
Definition
False: objects on a portgroup in promiscuous mode can see all network traffic on the virtual switch. |
|
|
Term
What limitations still apply to a portgroup in promiscuous mode? |
|
Definition
Placing the guest's network adapter in promiscuous mode causes it to receive all frames passed on the virtual switch that are allowed under the VLAN policy for the associated portgroup. This can be useful for intrusion detection monitoring or if a sniffer needs to to analyze all traffic on the network segment. |
|
|
Term
A vSwitch X has promiscuous mode set to Accept. Portgroup A on vSwitch X has been configured to reject promiscuous mode. Which policy prevails. |
|
Definition
The policy set at the portgroup level over-rides the policy at the switch level. |
|
|
Term
What does Forged transmit blocking do? |
|
Definition
Prevents virtual machines from sending traffic that appears to come from nodes on the network other than themselves |
|
|
Term
What does MAC address change lockdown do? |
|
Definition
Prevents virtual machines from changing their own unicast addresses. This also prevents them from seeing unicast traffic to other nodes on the network, blocking a potential security vulnerability that is similar to but narrower than promiscuous mode. |
|
|
Term
What formats can Users or Groups be exported in? |
|
Definition
HTML, XML, Microsoft Excel, CSV |
|
|
Term
Where should you log into to export ESXi Users or Groups? |
|
Definition
Host using the vSphere Client. |
|
|