Exam 2V0-17.25 Topic 2 Question 14 Discussion
Actual exam question for VMware's 2V0-17.25 exam
Question #: 14
Topic #: 2
Question #: 14
Topic #: 2
Following an update to the Information Security policy, an administrator has been reviewing the status SSL certificates within the VMware Cloud Foundation (VCF) solution.
The new Information Security Policy states:
- All SSL certificates must be generated and signed from the shared Microsoft Certificate Authority (CA).
The administrator has discovered the following:
- All Aria Suite Components already use CA-signed Subject Alternate Name (SAN) SSL certificates.
- All other VCF-based SSL certificates are either self-signed or generated using the VMware Certificate Authority (VMCA).
Which three steps must the administrator take to ensure the VCF solution remains compliant and managed by SDDC Manager? (Choose three.)
The new Information Security Policy states:
- All SSL certificates must be generated and signed from the shared Microsoft Certificate Authority (CA).
The administrator has discovered the following:
- All Aria Suite Components already use CA-signed Subject Alternate Name (SAN) SSL certificates.
- All other VCF-based SSL certificates are either self-signed or generated using the VMware Certificate Authority (VMCA).
Which three steps must the administrator take to ensure the VCF solution remains compliant and managed by SDDC Manager? (Choose three.)
Suggested Answer: C,D,F Vote an answer
Comprehensive and Detailed Explanation From Exact Extract:
As per the VMware Cloud Foundation Administration Guide, the official and supported process for moving all solution certificates under a Microsoft Certificate Authority, while keeping management and lifecycle operations compliant with SDDC Manager, is as follows:
C). Integrate the Microsoft CA into SDDC Manager.
Exact Extract:
"To replace SSL certificates for VMware Cloud Foundation components using SDDC Manager, you must first integrate your Microsoft CA with SDDC Manager. This allows SDDC Manager to automate the certificate signing process using the organization's enterprise CA." F). In SDDC Manager, replace the SSL certificates for vCenter, ESXi, NSX Manager, SDDC Manager and Aria Suite Lifecycle.
Exact Extract:
"With Microsoft CA integration, you can use SDDC Manager to generate and replace SSL certificates for all key solution components, including vCenter, ESXi, NSX Manager, SDDC Manager, and Aria Suite Lifecycle. This process ensures full visibility and management through SDDC Manager." D). In SDDC Manager, replace the SSL certificates for vCenter, NSX Manager, SDDC Manager and Aria Suite Lifecycle.
Exact Extract:
"Certificate replacement workflows in SDDC Manager allow you to select which managed components have their certificates replaced with CA-signed certificates. You must select and update all components that are not already using compliant CA-signed certificates." Why Not the Other Options?
A: ESXi certificate replacement should be managed via SDDC Manager for compliance, not directly in vCenter.
B: OpenSSL CA is not part of the company's security policy or supported by the current workflow.
E: Aria Suite Lifecycle and its components already use CA-signed certificates, so this action is not needed.
Summary:
To ensure compliance with the updated security policy and maintain management with SDDC Manager, the administrator must:
Integrate the Microsoft CA into SDDC Manager (C),
Use SDDC Manager to replace all relevant solution SSL certificates for vCenter, ESXi, NSX Manager, SDDC Manager, and Aria Suite Lifecycle (F), And use SDDC Manager's certificate replacement workflow to update any components still requiring CA-signed certificates (D).
These steps are mandated and supported by VMware Cloud Foundation official documentation.
As per the VMware Cloud Foundation Administration Guide, the official and supported process for moving all solution certificates under a Microsoft Certificate Authority, while keeping management and lifecycle operations compliant with SDDC Manager, is as follows:
C). Integrate the Microsoft CA into SDDC Manager.
Exact Extract:
"To replace SSL certificates for VMware Cloud Foundation components using SDDC Manager, you must first integrate your Microsoft CA with SDDC Manager. This allows SDDC Manager to automate the certificate signing process using the organization's enterprise CA." F). In SDDC Manager, replace the SSL certificates for vCenter, ESXi, NSX Manager, SDDC Manager and Aria Suite Lifecycle.
Exact Extract:
"With Microsoft CA integration, you can use SDDC Manager to generate and replace SSL certificates for all key solution components, including vCenter, ESXi, NSX Manager, SDDC Manager, and Aria Suite Lifecycle. This process ensures full visibility and management through SDDC Manager." D). In SDDC Manager, replace the SSL certificates for vCenter, NSX Manager, SDDC Manager and Aria Suite Lifecycle.
Exact Extract:
"Certificate replacement workflows in SDDC Manager allow you to select which managed components have their certificates replaced with CA-signed certificates. You must select and update all components that are not already using compliant CA-signed certificates." Why Not the Other Options?
A: ESXi certificate replacement should be managed via SDDC Manager for compliance, not directly in vCenter.
B: OpenSSL CA is not part of the company's security policy or supported by the current workflow.
E: Aria Suite Lifecycle and its components already use CA-signed certificates, so this action is not needed.
Summary:
To ensure compliance with the updated security policy and maintain management with SDDC Manager, the administrator must:
Integrate the Microsoft CA into SDDC Manager (C),
Use SDDC Manager to replace all relevant solution SSL certificates for vCenter, ESXi, NSX Manager, SDDC Manager, and Aria Suite Lifecycle (F), And use SDDC Manager's certificate replacement workflow to update any components still requiring CA-signed certificates (D).
These steps are mandated and supported by VMware Cloud Foundation official documentation.
by Abner at Nov 22, 2025, 02:35 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).