3V0-22.21 無料問題集「VMware Advanced Deploy VMware vSphere 7.x」
The security team has decided to follow the VMware-recommended best practices in the vSphere hardening guide.
esxi02b:
Your first task is to create a local user in esxi02b:
* Name: SpecialUser
* Role: Administrator
Your second task is to ensure that SpecialUser is the ONLY user who is able to SSH into esxi02b via Putty.
Your final task is to enforce a strict lockdown on esxi02b.
Your second task is to ensure that SpecialUser is the ONLY user who is able to SSH into esxi02b via Putty.
Your final task is to enforce a strict lockdown on esxi02b.
esxi02b:
Your first task is to create a local user in esxi02b:
* Name: SpecialUser
* Role: Administrator
Your second task is to ensure that SpecialUser is the ONLY user who is able to SSH into esxi02b via Putty.
Your final task is to enforce a strict lockdown on esxi02b.
Your second task is to ensure that SpecialUser is the ONLY user who is able to SSH into esxi02b via Putty.
Your final task is to enforce a strict lockdown on esxi02b.
正解:
Authentication and authorization govern access. vCenter Single Sign-On supports authentication, which means it determines whether a user can access vSphere components at all. Each user must also be authorized to view or manipulate vSphere objects.
vSphere supports several different authorization mechanisms, discussed in Understanding Authorization in vSphere. The focus of the information in this section is how the vCenter Server permission model works and how to perform user management tasks.
vCenter Server allows fine-grained control over authorization with permissions and roles. When you assign a permission to an object in the vCenter Server object hierarchy, you specify which user or group has which privileges on that object. To specify the privileges, you use roles, which are sets of privileges.
Initially, only the administrator user for the vCenter Single Sign-On domain, [email protected] by default, is authorized to log in to the vCenter Server system. That user can then proceed as follows:
Add an identity source in which users and groups are defined to vCenter Single Sign-On. See the Platform Services Controller Administration documentation.
Give privileges to a user or group by selecting an object such as a virtual machine or a vCenter Server system and assigning a role on that object for the user or group.
vSphere supports several different authorization mechanisms, discussed in Understanding Authorization in vSphere. The focus of the information in this section is how the vCenter Server permission model works and how to perform user management tasks.
vCenter Server allows fine-grained control over authorization with permissions and roles. When you assign a permission to an object in the vCenter Server object hierarchy, you specify which user or group has which privileges on that object. To specify the privileges, you use roles, which are sets of privileges.
Initially, only the administrator user for the vCenter Single Sign-On domain, [email protected] by default, is authorized to log in to the vCenter Server system. That user can then proceed as follows:
Add an identity source in which users and groups are defined to vCenter Single Sign-On. See the Platform Services Controller Administration documentation.
Give privileges to a user or group by selecting an object such as a virtual machine or a vCenter Server system and assigning a role on that object for the user or group.
As a member of the virtual infrastructure team, you have been tasked with creating a new guest customization specification and deploying a test virtual machine from an existing legacy template migrated from an old VMware VI3 environment To complete this task:
Deploy a new virtual machine with the name VM-GuestCust to esxi02a.vclass.local in cluster PROD-A using the following details:
vCenter Server: vcsa01a.vdass.local
Datastore: ProdDS01
Template; Core-Template
The virtual machine requires an additional network card with the type VMXNET3.
Create a new Guest Customization Spec with the name Custom-Spec using the following details:
Cust-Spec
Operating System: Windows Server 2008 R2
Registration Spec;
Name: vclass
Organization: VMware
The computer name must use the virtual machine name . Timezone must be set to America/Central Time Network Specifications:
IPv4 and IPv6 are set to DHCP but require a static DNS entry of 172.20.10.10 The computer must join the domain vclass.local using the following credentials:
Username: administrator
Password: VMware1!
Deploy a new virtual machine with the name VM-GuestCust to esxi02a.vclass.local in cluster PROD-A using the following details:
vCenter Server: vcsa01a.vdass.local
Datastore: ProdDS01
Template; Core-Template
The virtual machine requires an additional network card with the type VMXNET3.
Create a new Guest Customization Spec with the name Custom-Spec using the following details:
Cust-Spec
Operating System: Windows Server 2008 R2
Registration Spec;
Name: vclass
Organization: VMware
The computer name must use the virtual machine name . Timezone must be set to America/Central Time Network Specifications:
IPv4 and IPv6 are set to DHCP but require a static DNS entry of 172.20.10.10 The computer must join the domain vclass.local using the following credentials:
Username: administrator
Password: VMware1!
正解:
Select Menu > Policies and Profiles, and under Policies and Profiles, click VM Customization Specifications.
Click the Create a new specification icon.
The New VM Guest Customization Specification wizard opens.
On the Name and target OS page, enter a name and description for the customization specification and select Windows as a target guest OS.
(Optional) Select the Generate a new security identity (SID) option and click Next.
A Windows Security ID (SID) is used in some Windows operating systems to uniquely identify systems and users. If you do not select this option, the new virtual machine has the same SID as the virtual machine or template from which it was cloned or deployed.
Duplicate SIDs do not cause problems when the computers are part of a domain and only domain user accounts are used. However, if the computers are part of a Workgroup or local user accounts are used, duplicate SIDs can compromise file access controls. For more information, see the documentation for your Microsoft Windows operating system.
On the Set Registration Information page, enter the virtual machine owner's name and organization and click Next.
On the Computer name page, enter a computer name for the guest operating system and a domain name.
The operating system uses the computer name to identify itself on the network. On Linux systems, it is called the host name.
Option
Action
Use the virtual machine name
Select this option to use the virtual machine name. The computer name that vCenter Server creates is identical to the name of the virtual machine on which the guest operating system is running. If the name exceeds 63 characters, it is truncated.
Enter a name in the Clone/Deploy wizard
Select this option to be prompted to enter a name during cloning or deployment.
Enter a name
Enter a name.
The name can contain alphanumeric characters and a hyphen (-). It cannot contain a period (.), blank spaces, or special characters, and cannot contain digits only. Names are not case-sensitive.
(Optional) To ensure that the name is unique, select the Append a numeric value check box.
This action appends a hyphen followed by a numeric value to the virtual machine name. The name is truncated if it exceeds 63 characters when combined with the numeric value.
Generate a name using the custom application configured with vCenter Server Optional: Enter a parameter that can be passed to the custom application.
On the Windows license page, provide licensing information for the Windows operating system and click Next.
Option
Action
For nonserver operating systems
Type the Windows product key for the new guest operating system.
For server operating systems
Type the Windows product key for the new guest operating system.
Select Include Server License Information.
Select either Per seat or Per server.
If you select Per server, enter the maximum number of simultaneous connections for the server to accept.
On the Set Administrator Password page, configure the administrator password for the virtual machine and click Next.
Enter a password for the administrator account and confirm the password by typing it again.
(Optional) Select the Automatically logon as Administrator check box to log users in to the guest operating system as Administrator, and select the number of times to log in automatically.
On the Time zone page, select the time zone for the virtual machine and click Next.
(Optional) On the Run Once page, specify commands to run the first time a user logs in to the guest operating system and click Next.
See the Microsoft Sysprep documentation for information about RunOnce commands.
On the Network page, select the type of network settings to apply to the guest operating system and click Next.
Select Use standard network settings so that vCenter Server configures all network interfaces from a DHCP server by using the default settings.
Select Manually select custom settings and configure each network interface yourself.
Select a network adapter from the list or add a new one.
For the selected NIC, click the vertical ellipsis icon and select Edit.
The Edit Network dialog box opens.
Click the IPv4 tab to configure the virtual machine to use IPv4 network.
You can configure all the settings at that stage or you can select the Prompt the user for an IPv4 address when the specification is used option. In that case, vCenter Server prompts for an IP address when you select to apply that customization specification during cloning or deployment. With that option, you can also configure the gateways during cloning or deployment.
Click the IPv6 tab to configure the virtual machine to use IPv6 network.
You can configure all the settings at that stage or you can select the Prompt the user for an address when the specification is used option. In that case, vCenter Server prompts for an IP address when you select to apply that customization specification during cloning or deployment. With that option, you can also configure the gateways during cloning or deployment.
Click the DNS tab to specify DNS server details.
Click WINS to specify primary and secondary WINS server information.
Click OK to close the Edit Network dialog box.
On the Set Workgroup or Domain page, select how the virtual machine participates in the network and click Next.
Option
Action
Workgroup
Enter a workgroup name. For example, MSHOME.
Windows Server Domain
Enter the domain name.
To add a computer to the specified domain, enter the user name and password for a user account that has permission.
On the Ready to complete page, review the details and click Finish to save your changes.
Click the Create a new specification icon.
The New VM Guest Customization Specification wizard opens.
On the Name and target OS page, enter a name and description for the customization specification and select Windows as a target guest OS.
(Optional) Select the Generate a new security identity (SID) option and click Next.
A Windows Security ID (SID) is used in some Windows operating systems to uniquely identify systems and users. If you do not select this option, the new virtual machine has the same SID as the virtual machine or template from which it was cloned or deployed.
Duplicate SIDs do not cause problems when the computers are part of a domain and only domain user accounts are used. However, if the computers are part of a Workgroup or local user accounts are used, duplicate SIDs can compromise file access controls. For more information, see the documentation for your Microsoft Windows operating system.
On the Set Registration Information page, enter the virtual machine owner's name and organization and click Next.
On the Computer name page, enter a computer name for the guest operating system and a domain name.
The operating system uses the computer name to identify itself on the network. On Linux systems, it is called the host name.
Option
Action
Use the virtual machine name
Select this option to use the virtual machine name. The computer name that vCenter Server creates is identical to the name of the virtual machine on which the guest operating system is running. If the name exceeds 63 characters, it is truncated.
Enter a name in the Clone/Deploy wizard
Select this option to be prompted to enter a name during cloning or deployment.
Enter a name
Enter a name.
The name can contain alphanumeric characters and a hyphen (-). It cannot contain a period (.), blank spaces, or special characters, and cannot contain digits only. Names are not case-sensitive.
(Optional) To ensure that the name is unique, select the Append a numeric value check box.
This action appends a hyphen followed by a numeric value to the virtual machine name. The name is truncated if it exceeds 63 characters when combined with the numeric value.
Generate a name using the custom application configured with vCenter Server Optional: Enter a parameter that can be passed to the custom application.
On the Windows license page, provide licensing information for the Windows operating system and click Next.
Option
Action
For nonserver operating systems
Type the Windows product key for the new guest operating system.
For server operating systems
Type the Windows product key for the new guest operating system.
Select Include Server License Information.
Select either Per seat or Per server.
If you select Per server, enter the maximum number of simultaneous connections for the server to accept.
On the Set Administrator Password page, configure the administrator password for the virtual machine and click Next.
Enter a password for the administrator account and confirm the password by typing it again.
(Optional) Select the Automatically logon as Administrator check box to log users in to the guest operating system as Administrator, and select the number of times to log in automatically.
On the Time zone page, select the time zone for the virtual machine and click Next.
(Optional) On the Run Once page, specify commands to run the first time a user logs in to the guest operating system and click Next.
See the Microsoft Sysprep documentation for information about RunOnce commands.
On the Network page, select the type of network settings to apply to the guest operating system and click Next.
Select Use standard network settings so that vCenter Server configures all network interfaces from a DHCP server by using the default settings.
Select Manually select custom settings and configure each network interface yourself.
Select a network adapter from the list or add a new one.
For the selected NIC, click the vertical ellipsis icon and select Edit.
The Edit Network dialog box opens.
Click the IPv4 tab to configure the virtual machine to use IPv4 network.
You can configure all the settings at that stage or you can select the Prompt the user for an IPv4 address when the specification is used option. In that case, vCenter Server prompts for an IP address when you select to apply that customization specification during cloning or deployment. With that option, you can also configure the gateways during cloning or deployment.
Click the IPv6 tab to configure the virtual machine to use IPv6 network.
You can configure all the settings at that stage or you can select the Prompt the user for an address when the specification is used option. In that case, vCenter Server prompts for an IP address when you select to apply that customization specification during cloning or deployment. With that option, you can also configure the gateways during cloning or deployment.
Click the DNS tab to specify DNS server details.
Click WINS to specify primary and secondary WINS server information.
Click OK to close the Edit Network dialog box.
On the Set Workgroup or Domain page, select how the virtual machine participates in the network and click Next.
Option
Action
Workgroup
Enter a workgroup name. For example, MSHOME.
Windows Server Domain
Enter the domain name.
To add a computer to the specified domain, enter the user name and password for a user account that has permission.
On the Ready to complete page, review the details and click Finish to save your changes.