Question 6 of 245

What is the highest object level from which a virtual machine can inherit privileges?

Answer

Suggested Answer

The suggested answer is C.

Exam 2V0-621D: Question 6 - Image 1
Reference: http://www.vmware.com/pdf/vi3_vc_roles.pdf C
Question 7 of 245

Which three Authorization types are valid in vSphere? (Choose three.)

Answer

Suggested Answer

The suggested answer is A, B, D.

Sphere 6.0 and later allows privileged users to give other users permissions to perform tasks in the following ways. These approaches are, for the most part, mutually exclusive; however, you can assign use global permissions to authorize certain users for all solution, and local vCenter Server permissions to authorize other users for individual vCenter Server systems.
Exam 2V0-621D: Question 7 - Image 1
Reference: http://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-74F53189-EF41-4AC1-A78E-

D25621855800.html -

See -

Global Permissions -
.

See -
Groups in the vsphere.local Domain
. ABD
Question 8 of 245

Which three components should an administrator select when configuring vSphere permissions? (Choose three.)

Answer

Suggested Answer

The suggested answer is A, B, C.

In vSphere, permission consists of a user or group and an assigned role for an inventory object, such as a virtual machine or ESX/ESXi host. Permissions grant users the right to perform the activities specified by the role on the object to which the role is assigned.
Reference: http://pubs.vmware.com/vsphere-4-esx-vcenter/index.jsp?topic=/com.vmware.vsphere.dcadmin.doc_41/vsp_dc_admin_guide/ managing_users_groups_roles_and_permissions/c_permissions.html
Question 9 of 245

In which two vsphere.local groups should an administrator avoid adding members? (Choose two.)

Answer

Suggested Answer

The suggested answer is A, B.

The vsphere.local domain includes several predefined groups. Assign users to one of those groups to be able to perform the corresponding actions.
For all objects in the vCenter Server hierarchy, permissions are assigned by pairing a user and a role with the object. For example, you can select a resource pool and give a group of users read privileges to that resource pool by giving them the corresponding role.
For some services that are not managed by vCenter Server directly, privileges are determined by membership to one of the vCenter Single Sign-On groups. For example, a user who is a member of the Administrator group can manage vCenter Single Sign-On. A user who is a member of the CAAdmins group can manage the VMware Certificate Authority, and a user who is in the LicenseService.Administrators group can manage licenses.
Reference: https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-87DA2F34-DCC9-4DAB-8900-
1BA35837D07E.html
Question 10 of 245

An administrator has configured three vCenter Servers and vRealize Orchestrator within a Platform Services Controller domain, and needs to grant a user privileges that span all environments.

Which statement best describes how the administrator would accomplish this?

Answer

Suggested Answer

The suggested answer is A.

Global permissions are applied to a global root object that spans solutions, for example, both vCenter Server and vCenter Orchestrator. Use global permissions to give a user or group privileges for all objects in all object hierarchies.
Reference: http://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-C7702E31-1623-4189-89CB-
E1136AA27972.html