Chapter 7: vSphere Security

Question 1

What is the default approach to provisioning certificates in vSphere 7.0?

Answer 1

The VMware Certificate Authority (VMCA).

Question 2

Describe the function of the VMware Endpoint Certificate Store (VECS).

Answer 2

To store custom certificates.

Question 3

What term best describes the following?

“A service that serves as an identity source that handles SAML certificate management for authentication with vCenter SSO.”

Answer 3

The VMware Directory Service (vmdir).

Question 4

Describe the function of the VMware Certificate Authority (VMCA).

Answer 4

To issue certificates for users and machines.

Question 5

What core identity service must be used to store all vCenter certificates and keys?

Answer 5

The VMware Endpoint Certificate Store (VECS).

Question 6

In regards to certificate requirements, what is the supported range for key size?

Answer 6

2048 to 16384 bits.

Question 7

What PEM formats are supported by VMware?

Answer 7

PKCS8 & PKCS1.

Question 8

What version of x509 is required to support certificates in vSphere?

Answer 8

Version 3.

Question 9

What format of the certificate file is required in vSphere?

Answer 9

CRT format.

Question 10

What keys must be available for vSphere certificates?

Answer 10

Digital signature and encipherment.

Question 11

Are wildcard certificates supported by VMCA?

Answer 11

No.