VMware vSphere 8.x Professional — Question 19

An administrator is tasked with configuring certificates for a VMware software-defined data center (SDDC) based on the following requirements:
All certificates should use certificates trusted by the Enterprise Certificate Authority (CA).
The solution should minimize the ongoing management overhead of replacing certificates.
Which three actions should the administrator take to ensure that the solution meets corporate policy? (Choose three.)

Answer options

• A. Replace the VMware Certificate Authority (VMCA) certificate with a self-signed certificate generated from the VMCA.
• B. Replace the machine SSL certificates with custom certificates generated from the Enterprise CA.
• C. Replace the machine SSL certificates with trusted certificates generated from the VMware Certificate Authority (VMCA).
• D. Replace the VMware Certificate Authority (VMCA) certificate with a custom certificate generated from the Enterprise CA.
• E. Replace the solution user certificates with custom certificates generated from the Enterprise CA.
• F. Replace the solution user certificates with trusted certificates generated from the VMware Certificate Authority (VMCA).

Correct answer: C, D, F

Explanation

The correct actions are to replace the machine SSL certificates with trusted VMCA certificates (C), to use a custom certificate from the Enterprise CA for the VMCA certificate (D), and to replace solution user certificates with trusted VMCA certificates (F). Options A and B introduce unnecessary complexity and do not align with the requirement for minimizing management overhead, while option E does not address the need for using trusted certificates from the VMCA.