Term
| What does lockdown mode do? |
|
Definition
| Stops users performing operations directly on the host. Operations must be performed using vCenter Server |
|
|
Term
| Which single user has authentication permissions during lockdown mode? |
|
Definition
|
|
Term
| T/F: A host in lockdown mode can run vCLI commands from an administration server, a script or from the vMA on the host |
|
Definition
| False: no actions can be performed except from vCenter Server |
|
|
Term
| T/F: You can enable and disable lockdown mode from the Direct Console User Interface (DCUI) |
|
Definition
| True: however, if you do so from the DCUI, permissions for users and groups on the host are discarded. To preserve those permissions, enable lockdown mode using the vSphere Client connected to vCenter Server |
|
|
Term
| T/F: If ESXi Shell, SSH, or DCUI services are enabled when a host goes into lockdown mode, these services will continue to run |
|
Definition
| True: Enabling or disabling lockdown mode affects which types of users are authorized to access host services, but does not affect the availability of those services |
|
|
Term
| Which Network Security Policy effects VM transmitted traffic? |
|
Definition
|
|
Term
| Which Network Security Policy effects VM received traffic |
|
Definition
|
|
Term
| Which Network Security Policies are Rejected by default? Which are Accepted by default? |
|
Definition
Rejected: Promiscuous Mode
Accepted: Forged Transmits, MAC Address Changes |
|
|
Term
Promiscuous Mode can be defined at which level?
A. Virtual Switch Level Only
B. Portgroup Level Only
C. Both Virtual Switch and Portgroup Levels |
|
Definition
| C. Both Virtual Switch and Portgroup Levels |
|
|
Term
| T/F: A VM, Service Console, or VMkernel NW interface in a portgrouip which allows promiscuous mode can see only traffic specifically addressed to it in promiscuous mode. |
|
Definition
| False: objects on a portgroup in promiscuous mode can see all network traffic on the virtual switch. |
|
|
Term
| What limitations still apply to a portgroup in promiscuous mode? |
|
Definition
| Placing the guest's network adapter in promiscuous mode causes it to receive all frames passed on the virtual switch that are allowed under the VLAN policy for the associated portgroup. This can be useful for intrusion detection monitoring or if a sniffer needs to to analyze all traffic on the network segment. |
|
|
Term
| A vSwitch X has promiscuous mode set to Accept. Portgroup A on vSwitch X has been configured to reject promiscuous mode. Which policy prevails. |
|
Definition
| The policy set at the portgroup level over-rides the policy at the switch level. |
|
|
Term
| What does Forged transmit blocking do? |
|
Definition
| Prevents virtual machines from sending traffic that appears to come from nodes on the network other than themselves |
|
|
Term
| What does MAC address change lockdown do? |
|
Definition
| Prevents virtual machines from changing their own unicast addresses. This also prevents them from seeing unicast traffic to other nodes on the network, blocking a potential security vulnerability that is similar to but narrower than promiscuous mode. |
|
|
Term
| What formats can Users or Groups be exported in? |
|
Definition
| HTML, XML, Microsoft Excel, CSV |
|
|
Term
| Where should you log into to export ESXi Users or Groups? |
|
Definition
| Host using the vSphere Client. |
|
|
