VMware NSX-T Advanced Deployment (VCAP-NV Deploy) — Question 52

An architect is designing a certificate strategy for vRealize Operations (vROps) to satisfy the following requirements:
✑ Enhance security
✑ Avoid browser warnings
✑ The certificate must be applicable for all vROps servers
Which three design decisions would fulfill the requirements? (Choose three.)

Answer options

• A. Certificates will use the PEM format.
• B. Certificates will be created using the Diffie-Hellman security-key algorithm.
• C. Certificates will use the PFX and/or PKCS12 format.
• D. The solution will use CA-signed certificates.
• E. Certificates will use multiple Subject Alternative Name (SAN) entries.
• F. The solution will use self-signed certificates.

Correct answer: A, D, E

Explanation

Using PEM format (A) is a common practice for certificate management and enhances compatibility. CA-signed certificates (D) provide trustworthiness and reduce browser warnings, while having multiple Subject Alternative Name entries (E) allows a single certificate to cover multiple server names, fulfilling the requirement for all vROps servers. The other options, such as self-signed certificates (F), may not eliminate browser warnings effectively, and the use of Diffie-Hellman (B) is not directly related to certificate validity or security in this context.