VCP 6.5 DCV Study – Week 1 – Section 1; Configure and Administer vSphere 6.x Security

This is week 1 out of 10 of my VCP 6.5 Study Plan. More info and links to the other weeks can be found at the Study Plan Intro page. Subscribe to to the Study Plan using this feed.

The first section of the 10 sections in the VCP 6.5 blueprint covers Security in vSphere.

Practice Exams

Simon Long’s VCP 6.5 Practice Exams – Section 1

Study Material

The first section is made up of 4 high level objectives;

Full Section 1 Objectives List

  • Objective 1.1 – Configure and Administer Role-based Access Control
    • Compare and contrast propagated and explicit permission assignments
    • View/Sort/Export user and group lists
    • Add/Modify/Remove permissions for users and groups on vCenter Server inventory objects
    • Determine how permissions are applied and inherited in vCenter Server
    • Create/Clone/Edit vCenter Server Roles
    • Configure VMware Identity Sources
    • Apply a role to a User/Group and to an object or group of objects
    • Change permission validation settings
    • Determine the appropriate set of privileges for common tasks in vCenter Server
    • Compare and contrast default system/sample roles
    • Determine the correct permissions needed to integrate vCenter Server with other VMware products
  • Objective 1.2 – Secure ESXi and vCenter Server
    • Configure Encrypted vMotion
    • Describe Secure Boot
    • Harden ESXi hosts
      • Enable/Configure/Disable services in the ESXi firewall
      • Change default account access
      • Add an ESXi Host to a directory service
      • Apply permissions to ESXi Hosts using Host Profiles
      • Enable Lockdown Mode
      • Control access to hosts (DCUI/Shell/SSH/MOB)
    • Harden vCenter Server
      • Control datastore browser access
      • Create/Manage vCenter Server Security Certificates
      • Control MOB access
      • Change default account access
      • Restrict administrative privileges
    • Understand the implications of securing a vSphere environment
  • Objective 1.3 –Configure and Enable SSO and Identity Sources
    • Describe PSC architecture and components
    • Differentiate available authentication methods with VMware vCenter
    • Perform a multi-site PSC installation
    • Configure/Manage Identity Sources
    • Configure/Manage Platform Services Controller (PSC)
    • Configure/Manage VMware Certificate Authority (VMCA)
    • Enable/Disable Single Sign-On (SSO) Users
    • Upgrade a single/complex PSC installation
    • Configure SSO policies
    • Add an ESXi host to an AD domain
    • Configure and Manage KMS for VM Encryption
  • Objective 1.4 – Secure vSphere Virtual Machines
    • Enable/Disable Virtual Machine Encryption
    • Describe Secure Boot
    • Harden virtual machine access
      • Control VMware Tools installation
      • Control VM data access
      • Configure virtual machine security policies
    • Harden a virtual machine against Denial-of-Service attacks
      • Control VM-VM communications
      • Control VM device connections
      • Configure network security policies
    • Configure encrypted vMotion

One comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s