VMware vSphere 8.x Advanced Design (VCAP-DCV Design) — Question 17

An architect is updating the design for a vSphere environment.
During a workshop focused on security, the following has been identified:
It has been determined that any configuration of ESXi hosts can only be completed via VMware vCenter
The Direct Console User Interface (DCUI) service must be disabled on ESXi hosts
The SSH service must be disabled on ESXi hosts
Based on the information from the workshop, which element does the architect need to include in the design?

Answer options

• A. Strict Lockdown Mode
• B. Normal Lockdown Mode
• C. Normal Lockdown Mode with a defined Exception User list
• D. Strict Lockdown Mode with a defined Exception User list

Correct answer: A

Explanation

Strict Lockdown Mode is the appropriate choice as it ensures that all management of the ESXi hosts is done exclusively through VMware vCenter, aligning with the workshop's findings. Normal Lockdown Mode does not enforce as strict a limitation, allowing some local access which contradicts the requirement to disable DCUI and SSH. The other options that include exceptions also do not meet the security requirements established during the workshop.