VMware vSphere 8.x Professional — Question 20

An administrator is tasked with configuring an appropriate Single Sign-On (SSO) solution for VMware vCenter based on the following criteria:
The solution should support the creation of Enhanced Link Mode groups.
All user accounts are stored within a single Active Directory domain and the solution must support only this Active Directory domain as the identity source.
All user account password and account lockout policies must be managed within the Active Directory domain.
The solution should support token-based authentication.
Which SSO solution should the administrator choose based on the criteria?

Answer options

• A. vCenter Identity Provider Federation with Active Directory Federation Services as the identity provider
• B. vCenter Single Sign-On with Active Directory over LDAP as the identity source
• C. vCenter Single Sign-On with Active Directory (Windows Integrated Authentication) as the identity source
• D. vCenter Identity Provider Federation with Active Directory over LDAP as the identity provider

Correct answer: A

Explanation

The correct answer is A because vCenter Identity Provider Federation with Active Directory Federation Services allows for Enhanced Link Mode groups and supports token-based authentication while aligning with the specified Active Directory domain. Options B and C do not meet the requirement for token-based authentication, and option D does not provide the necessary support for Enhanced Link Mode groups.