VMware vSphere 8.x Professional — Question 103

An administrator is tasked with configuring certificates for a VMware software-defined data center (SDDC) based on the following requirements:

• The solution should minimize the ongoing management overhead of replacing certificates.
• No intermediate certificate authorities are allowed in the certificate chain.
• All external traffic should be secured using certificates signed by an Enterprise Certificate Authority (CA).

Which two actions should the administrator take to ensure the solution meets corporate policy? (Choose two.)

Answer options

• A. Replace the solution user certificates with custom certificates generated from the Enterprise CA.
• B. Replace the machine SSL certificates with custom certificates generated from the Enterprise CA.
• C. Replace the machine SSL certificates with self-signed certificates generated from the VMware Certificate Authority (VMCA).
• D. Replace the VMware Certificate Authority (VMCA) certificate with a custom certificate gen-erated from the Enterprise CA.
• E. Replace the solution user certificates with self-signed certificates generated from the VMware Certificate Authority (VMCA).

Correct answer: A, B

Explanation

Options A and B are correct because they involve replacing the necessary certificates with those issued by the Enterprise CA, thereby fulfilling the requirement of using certificates signed by the appropriate authority. Options C, D, and E do not comply with the need for Enterprise CA signed certificates or introduce self-signed certificates, which are not allowed under the specified corporate policy.