VMware Cloud Foundation 5.x Administrator (2025) — Question 34

Following an update to the Information Security policy, an administrator has been reviewing the status SSL certificates within the VMware Cloud Foundation (VCF) solution.
The new Information Security Policy states:
All SSL certificates must be generated and signed from the shared Microsoft Certificate Authority (CA).
The administrator has discovered the following:
All Aria Suite Components already use CA-signed Subject Alternate Name (SAN) SSL certificates.
All other VCF-based SSL certificates are either self-signed or generated using the VMware Certificate Authority (VMCA).
Which three steps must the administrator take to ensure the VCF solution remains compliant and managed by SDDC Manager? (Choose three.)

Answer options

• A. In VMware vCenter, replace the ESXi SSL certificates.
• B. Integrate the OpenSSL CA into SDDC Manager.
• C. Integrate the Microsoft CA into SDDC Manager.
• D. In SDDC Manager, replace the SSL certificates for vCenter, NSX Manager, SDDC Manager and Aria Suite Lifecycle.
• E. In Aria Suite Lifecycle, replace the VMware Identity Manager, Aria Automation, Aria Operations and Aria Operations for Logs SSL certificates.
• F. In SDDC Manager, replace the SSL certificates for vCenter, ESXi, NSX Manager, SDDC Manager and Aria Suite Lifecycle.

Correct answer: A, C, D

Explanation

The correct steps involve replacing the self-signed SSL certificates with Microsoft CA-signed certificates, which ensures compliance with the updated policy. Option A addresses the need to replace ESXi SSL certificates, option C integrates the Microsoft CA into SDDC Manager to manage the certificates properly, and option D ensures that critical components are updated. The other options do not align with the policy or are not necessary for compliance.