Examice

Exam 5v0-3122 All QuestionsBrowse all questions from this exam

Question 113

What are the correct steps to grant the DevOps team permissions to a vSphere Namespace in a VMware Cloud Foundation (VCF) developer-ready workload domain while following the principle of least privilege access?

At the Permissions setting, add the DevOps group and assign the “Editor” permission

At the Global Permissions setting, add the DevOps group and assign the vSphere Kubernetes Manager role

At the Global Permissions setting, add the DevOps group and assign the SupervisorService Cluster Operator role

At the Permissions setting, add the DevOps group and assign the “Can edit” permission

Correct Answer: D

The principle of least privilege access entails granting only the necessary permissions needed to perform specific tasks. In this context, adding the DevOps group at the Permissions setting and assigning the 'Can edit' permission is the most appropriate step. This provides the necessary but minimal set of permissions for creating, reading, updating, and deleting TKG clusters without granting overly broad permissions that are not needed.

Discussion

ruan19812022Option: D

there is no global permissions tab, and can edit is the correct term for permissions not edit

xniclasOption: D

correct is D

ocaptnmycaptn

Another vote for D. https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-with-tanzu-tkg/GUID-223D91FB-C4CB-4DA7-8B3F-24721ABDFBC7.html

ShiVipOption: D

Ans D - Role Permissions and RoleBindings TKG clusters on Supervisor support three roles: viewer, editor, and owner. Role permissions are assigned at and scoped to the vSphere Namespace. See Configuring vSphere Namespaces for TKG Clusters on Supervisor. A user/group granted the Can view role permission on a vSphere Namespace has read-only access to TKG clusters provisioned in that vSphere Namespace. A user/group granted the Can edit role permission on a vSphere Namespace can create, read, update, and delete TKG clusters in that vSphere Namespace. A user/group granted the Owner permission on a vSphere Namespace can administer TKG clusters in that vSphere Namespace, and can create and delete additional vSphere Namespaces using kubectl.

imPranayKOption: B

Option A and D are not specific to Kubernetes namespaces and may provide more access than necessary, similarly Option C is related to the overall management of the Supervisor Cluster but does not specifically address permissions within a vSphere Namespace in the context of Kubernetes workloads. So, option B should be the correct.