Download VMware Cloud Foundation 9.0 Administrator Associate Cert and more Exams Network security in PDF only on Docsity!
Exam Code: 2V0-17.
Exam Name: VMware Cloud Foundation 9.
Administrator Associate Certification: VCP
VCF Administrator 2026 version latest
1. DRAG DROP
Arrange the steps in the correct order to resolve host connectivity issues. Answer:
- Which feature of vSphere helps mitigate the impact of a single host’s performance bottleneck or hardware failure on overall cluster health? A. Fault Tolerance (FT) B. Distributed Resource Scheduler (DRS) C. Storage vMotion D. Resource Pools Answer: B Explanation: DRS distributes workloads to avoid performance hotspots and, in conjunction with HA, reduces
Explanation: Workload Management integrates the vSphere Supervisor with NSX networking to provide Kubernetes control plane connectivity. It enables Kubernetes-based container orchestration directly on the vSphere cluster via the Supervisor control plane.
- Which vSphere security guidelines or tools help protect sensitive virtual machines? A. Restricting console access via role-based permissions B. Enabling vSphere HA Admission Control for better user authentication C. Using VM Encryption for data at rest D. Configuring VM Isolation settings in the virtual network layer Answer: A, C, D Explanation: Securing VM console access (A), encrypting VMs (C), and isolating sensitive VMs via network security (D) are recommended. HA Admission Control (B) pertains to resource availability, not authentication.
- When implementing a hybrid approach that combines vSAN with external NAS or SAN datastores, which storage design principle should generally be followed? A. Do not place the same VM’s disks on both vSAN and external storage B. Use a single datastore cluster containing vSAN and SAN for SIOC C. Configure ephemeral bridging between vSAN objects and LUNs D. Deploy multiple active cluster master nodes for vSAN Answer: A Explanation: Typically, a given VM’s disks should reside entirely on a single storage type (vSAN or SAN/NAS), rather than split across different storage solutions to avoid complexity. SIOC is for block-based LUNs, ephemeral bridging (C) isn’t supported, and vSAN doesn’t have multiple “active cluster master nodes” (D) in that sense.
- An organization is integrating VMware vCenter with Active Directory (AD) to streamline user authentication. As part of this process, the administrator needs to add AD as an identity source in vCenter. Which three steps must be performed to successfully add AD as an identity source? (Choose three.) A. Enter the Domain Name and the credentials of an AD user with a minimum of read-only
access to Base DN for users and groups. B. Select 'Identity Sources' and choose 'Active Directory Domain'. C. Configure DNS settings on all ESXi hosts to point to the AD DNS servers. D. Navigate to the vCenter Single Sign-On configuration in the vSphere Client. E. Create an Active Directory object for the vCenter Server Appliance. F. Reboot the vCenter to apply the identity source settings. Answer: A,B,D Explanation: You must provide the AD domain name plus credentials (read-only is sufficient) to bind and query the Base DN for users and groups. In the vSphere Client’s Identity Sources section, choose “Active Directory Domain” when adding a new source. These options are found under Administration? Single Sign-On? Configuration? Identity Sources in the vSphere Client.
- A vSphere administrator wants to integrate array-based storage management features with VMware, such as snapshot offloading and QoS. Which approaches facilitate this? A. vSphere Virtual Volumes (vVols) integration B. In-guest iSCSI driver configuration C. Vendor-specific VIBs or plug-ins installed on ESXi D. Using Resource Pools for disk-based QoS Answer: A, C Explanation: vVols enable direct integration with storage arrays, and installing vendor-specific VIBs/plug-ins lets ESXi communicate advanced storage features. In-guest iSCSI (B) bypasses many vSphere- managed features. Resource Pools (D) manage CPU/memory, not storage QoS at the array level.
- During a network reconfiguration, an administrator wants to minimize disruptions for critical VMs. Which strategies support minimal downtime? A. Use vMotion to move VMs before making major network changes B. Disable DRS to prevent any automated host migrations C. Schedule maintenance windows for host networking updates D. Employ NIC teaming and failover policies
C. Aria Operations for Logs D. Aria Automation Answer: D Explanation: Aria Automation (formerly vRealize Automation) is designed to automate the deployment of applications and infrastructure across hybrid cloud environments. It enables the provisioning, management, and orchestration of IT services, helping organizations streamline their service delivery.
- A host in a vSphere environment needs to be taken offline for hardware maintenance. An administrator needs to put the host in maintenance mode without causing VM downtime. What three steps should the administrator follow? (Choose three.) A. Select the "Fractional data migration" option B. Migrate all VMs off the host using vMotion C. Verify that no VMs are running on the host before maintenance D. Select the host and enter maintenance mode from the vSphere Client E. Ensure that the host is not part of a vSphere HA cluster Answer: B, D, E Explanation: Using vMotion to migrate all virtual machines off the host ensures that there is no downtime for the VMs during the maintenance process. The administrator should then select the host and initiate maintenance mode from the vSphere Client to begin the maintenance process. Ensuring the host is not part of a vSphere HA cluster before maintenance is important to avoid triggering unnecessary VM restarts or failovers during the process.
- Which step must an administrator take to configure Application Virtual Networks (AVNs) from SDDC Manager while preparing to deploy VMware Aria Suite Lifecycle? A. Deploy NSX Edge Cluster. B. Ensure that an NSX load balancer is available. C. Enable AVNs in the vCenter Server. D. Assign AVNs to specific ESXi hosts. Answer: A Explanation: Comprehensive and Detailed Explanation From Exact Extract: Before configuring Application Virtual Networks (AVNs) from SDDC Manager, the administrator
must deploy an NSX Edge Cluster. The official VMware Cloud Foundation documentation specifies that an NSX Edge Cluster is required to provide the necessary network services and routing capabilities for AVNs, which are used to support management components such as VMware Aria Suite Lifecycle. Without the NSX Edge Cluster, AVN creation and related network functionalities cannot be configured or used from SDDC Manager. Steps such as enabling AVNs in vCenter Server, ensuring a load balancer, or assigning AVNs to specific ESXi hosts are not the prerequisites required by the workflow.
- An administrator is managing a VMware Cloud Foundation (VCF) environment. To support virtual machine backup using a third-party tool, the administrator has been tasked with assigning a service account (srvbackup01) access to the Production Virtual Machine (VM) folder and all child objects. The company security policy dictates that only the minimum required permissions must be assigned to service accounts to ensure they can function as designed. Which three actions should the administrator take in the vSphere Client to complete the objective? (Choose three.) A. Select the necessary privileges for the backup_service role. B. Assign the backup_service role to the srvbackup01 user on the Production VM folder only. C. Assign the Administrator role to the srvbackup01 user on the Production VM folder and propagate to all child objects. D. Create a new Role called backup_service. E. Assign the backup_service role to the srvbackup01 user on the Production VM folder and propagate to all child objects. F. Clone the Administrator Role to create the backup_service role. Answer: A,D,E Explanation: You need a dedicated backup_service role to tailor permissions. Populate that role with only the required privileges for backup operations. Assign the backup_service role to srvbackup01 on the Production VM folder and enable propagation so all child VMs inherit those minimal permissions.
- What is the primary purpose of configuring VM storage policies in a VMware vSphere environment? A. To manage network traffic between VMs. B. To enforce specific storage requirements such as performance, availability, and redundancy. C. To configure CPU and memory reservations for VMs. D. To automate the backup of virtual machines.
D. Enable HA Admission Control Answer: B Explanation: VM-VM Anti-Affinity rules in DRS direct VMs to not run on the same host. A Resource Pool with a high share value does not prevent co-location, and Storage vMotion or HA Admission Control do not specifically separate VMs across hosts at runtime.
- An organization wants to centralize its VM templates, ISO images, and scripts to streamline deployment processes across multiple sites using Content Libraries. Which three steps are required to create a new Content Library? (Choose three.) A. Configure the library to automatically sync with the vSphere Update Manaqer. B. Choose "Create a new library" and enter a name and description for the library. C. Select "Local content library" and choose the datastore to store the library contents. D. Navigate to the Content Libraries section in the vSphere Client. E. Add the necessary permissions to allow users to upload content to the library. Answer: B, C, D Explanation: When creating a new Content Library, you first need to specify a name and description to define the library's purpose. For a Local Content Library, you need to choose the datastore where the library contents will be stored. This is essential for proper organization and accessibility of content. To create and manage content libraries, you must navigate to the Content Libraries section in the vSphere Client.
- An administrator is responsible for maintaining a VMware Cloud Foundation (VCF) instance. The administrator has been tasked with scaling the CPU and RAM resources of a virtual machine. Which three configuration limitations must the administrator consider when completing the task? (Choose three.) A. To add Memory to a powered on virtual machine, Memory Hot Add must be enabled. B. To remove Memory to a powered on virtual machine, Memory Hot Add must be enabled. C. To add vCPUs to a powered on virtual machine CPU Hot Add must be enabled. D. To enable Memory Hot Add feature, the virtual machine compatibility must be ESXi 7. Update 2 or later. E. To add vCPUs to a powered down virtual machine, CPU Hot Add must be enabled.
F. To enable the CPU Hot Add or Memory Hot Add feature, the virtual machine must be powered off. Answer: A, C, F Explanation: Comprehensive and Detailed Explanation From Exact Extract: When scaling CPU and RAM for a virtual machine in a VMware Cloud Foundation environment, the administrator must consider these limitations: To add Memory to a powered on virtual machine, Memory Hot Add must be enabled (A): Without Memory Hot Add, adding memory requires the VM to be powered off. To add vCPUs to a powered on virtual machine CPU Hot Add must be enabled (C): CPU Hot Add allows additional virtual CPUs to be added while the VM is powered on; otherwise, the VM must be powered off. To enable the CPU Hot Add or Memory Hot Add feature, the virtual machine must be powered off (F): These features can only be activated or changed when the VM is not running. Removing memory while powered on is not supported, and enabling these hot add features does not require the VM to be at a specific hardware compatibility level unless specified by certain new functionalities, but the core requirement is the VM must be powered off to enable the features. Adding vCPUs to a powered off VM does not require CPU Hot Add.
- An organization is planning to manage a diverse set of databases across multiple VMware Cloud Foundation (VCF) environments using Data Services Manager. Which three capabilities of Data Services Manager would help the organization managing these databases efficiently? (Choose three.) A. Centralized monitoring and alerting for all managed databases B. Automated database migration between on-premises and cloud environments C. Policy-based backup and recovery for databases D. Integration with vSAN for optimized storage management E. Automated database provisioning and deployment Answer: A, C, E Explanation: Comprehensive and Detailed Explanation From Exact Extract: Data Services Manager provides several key capabilities that help organizations efficiently manage databases across VMware Cloud Foundation environments. The official documentation describes the following functions: Centralized monitoring and alerting for all managed databases (A): Data Services Manager offers a single pane of glass for monitoring health, usage, and generating alerts for all
Answer: A,B,C Explanation: Running a compatibility pre-check validates that vCenter, ESXi, NSX, and other components meet the requirements for the target VCF version. Backing up SDDC Manager, vCenter, NSX, and other critical components ensures you can roll back if the upgrade encounters issues. The SDDC Manager UI provides an orchestrated upgrade workflow, downloading and applying the required bundles in the correct order.
- When configuring storage on an ESXi host, which of the following must be set up correctly to ensure a stable environment? A. Properly defined storage adapters (e.g., iSCSI initiators) B. Datastore heartbeats for HA cluster monitoring C. Multipathing policies for redundant paths to storage D. Direct RAW device mapping of host USB drives for production VMs Answer: A, B, C Explanation: Setting up storage adapters, heartbeat mechanisms (for HA), and multipathing are important for stable operations. Mapping host USB drives (D) to production VMs is not typically a best practice and is rarely used in an enterprise environment.
- Which tasks can be automated using vRealize Orchestrator in a vSphere environment? A. Deploying new VMs from templates B. Performing daily Windows OS patches inside VMs C. Integrating custom scripts or workflows with vCenter Server events D. Managing network port groups for distributed switches Answer: A, C, D Explanation: vRealize Orchestrator can automate VM deployments, custom scripts, and network changes. Patching OS-level components (B) typically relies on separate patch management tools that may integrate with Orchestrator, but it’s not the primary function out of the box.
- Which two operations can be completed in the SDDC Manager UI on an NSX Edge cluster after it has been deployed into a workload domain? (Choose two.) A. Redeploy B. Expand
C. Sync D. Delete E. Shrink Answer: B, E Explanation: Comprehensive and Detailed Explanation From Exact Extract: After an NSX Edge cluster is deployed into a workload domain, SDDC Manager provides built in operations to adjust the cluster size. According to the VMware Cloud Foundation 5.2 documentation: “After you create an NSX Edge cluster, you can use SDDC Manager to expand or shrink it by adding or deleting NSX Edge nodes.” Breakdown of options: B .? Expand C You can add one or more Edge nodes to increase the cluster size. E .? Shrink C You can remove Edge nodes to decrease the cluster size. These two actions are the only supported cluster scaling operations available in SDDC Manager post-deployment. Other operations?such as Redeploy, Sync, or Delete?are not available via the UI for a deployed Edge cluster and are either manual or unsupported in that context. Summary: Selected choices B and E match the documented capability to scale an NSX Edge cluster via SDDC Manager. No other operations (A, C, D) are supported for an existing Edge cluster through the UI.
- An administrator is using VMware Aria Automation to automate the provisioning of virtual machines in their VMware Cloud Foundation (VCF) environment. They notice that the deployment requests are failing frequently. What step should the administrator take in VMware Aria Operations for Logs to diagnose the cause of the failures? A. Check the Audit Logs to see if there are any unauthorized access attempts. B. Review the Alert Definitions to ensure alerts for request failures are configured and enabled. C. Access the Dashboard page to get an overview of system health and performance metrics. D. Use the Interactive Analytics feature to search for error messages related to the requests. Answer: D Explanation: Using Interactive Analytics in Aria Operations for Logs lets you query and filter log data for specific error messages tied to provisioning requests, pinpointing the root cause of failures.
Answer: A, B, F Explanation: Comprehensive and Detailed Explanation From Exact Extract: According to the VMware Cloud Foundation 5.2 Administration Guide and the official vSphere Networking documentation, prioritizing virtual machine (VM) network traffic for business-critical applications in a VCF environment requires configuring Network I/O Control (NIOC) on the vSphere Distributed Switch (vDS), allocating bandwidth resources, and creating resource pools for VM traffic. Below are the exact extracts and official explanations: Option A: Configure a bandwidth resource allocation for the virtual machine traffic type. Extract from official VMware documentation: “With Network I/O Control (NIOC) enabled on the vSphere Distributed Switch, you can allocate bandwidth to specific network resource types such as virtual machine traffic. Configuring bandwidth allocation ensures that business-critical VM traffic is prioritized on the physical network.” (VMware vSphere Networking Guide) Option B: Enable Network I/O control (NIOC) on the workload domain vSphere Distributed Switch (vDS). Extract: “Network I/O Control must be enabled on the vSphere Distributed Switch to use features such as bandwidth allocation and resource pools. This allows you to guarantee minimum bandwidth and prioritize specific traffic types, including VM traffic.” (VMware vSphere Networking Guide, VMware Cloud Foundation Administration Guide) Option F: Configure a new network resource pool to assign shares, limits and reservations for the virtual machine traffic. Extract: “Network resource pools allow administrators to assign shares, limits, and reservations to virtual machine traffic on the vSphere Distributed Switch. This ensures that business-critical workloads receive the necessary network resources, even in times of contention.” (VMware vSphere Networking Guide) Why Not the Other Options? Option C: Creating a new vDS is not required specifically for prioritizing VM traffic; this can be done within the existing vDS. Option D: While dedicated adapters can help with physical separation, they do not control network priority among traffic types within the vDS. Option E: Disabling all other allocations is not recommended or supported and could disrupt other network operations. Summary:
To ensure business-critical virtual machine traffic is prioritized over other types, the administrator should: Enable NIOC on the vDS (B), Configure bandwidth resource allocations for VM traffic (A), and Create a new network resource pool to set shares, limits, and reservations for VM traffic (F). These steps are outlined and supported by the official VMware Cloud Foundation and vSphere Networking documentation.
- An administrator has a requirement to share the contents of a Content Library across multiple vCenter instances. What steps should the administrator perform to meet this requirement? A. Create a Subscribed content library on a single vCenter instance and perform a synchronization B. Create a Subscribed content library on each vCenter instance and enable publishing C. Create a Local content library on each vCenter instance and perform a synchronization D. Create a Local content library on a single vCenter instance and enable publishing Answer: D Explanation: To share the contents of a Content Library across multiple vCenter instances, you need to create a Local content library on one vCenter instance and enable publishing. This allows the library to be accessible by other vCenter instances, where they can subscribe to it, ensuring the content is shared.
- An administrator is enabling VMware's Virtual Machine Encryption for an existing VMware Cloud Foundation (VCF) Workload Domain in order to meet their organization's compliance regulations. Which three steps should the administrator take to complete this task? (Choose three.) A. Configure a Key Management Server (KMS) and add it to the vCenter. B. Enable SSH on the ESXi hosts to manage encryption keys. C. Create an encryption policy in vCenter. D. Apply the encryption policy to the ESXi hosts. E. Apply the encryption policy to the existing VMs. F. Enable the encryption feature on the ESXi hosts. Answer: A,C,E Explanation:
B. To enable network virtualization and security. C. To automate workload deployments across multiple cloud environments. D. To provide comprehensive monitoring, analytics, and performance management of the cloud infrastructure. Answer: D Explanation: Aria Operations (formerly known as vRealize Operations) is used to monitor, analyze, and manage the performance of cloud infrastructures, providing insights into capacity, utilization, and overall health. It helps in optimizing resources, preventing downtime, and ensuring the smooth running of applications and services in a VMware environment.
- While deploying the first VI workload domain in a VMware Cloud Foundation (VCF) solution, which two steps will always be performed by SDDC Manager? (Choose two.) A. Deploy an NSX Edge cluster and configure BGP routing on the T0 Gateway. B. Deploy a new NSX Manager instance for the VI workload domain. C. Configure vSAN as a principal storage for the VI workload domain. D. Deploy and configure a new vCenter Server instance for the VI workload domain. E. Connect a new vCenter Server instance to the Application Virtual Network. Answer: B,D Explanation: SDDC Manager always deploys a dedicated NSX Manager instance and a new vCenter Server for each VI workload domain during initial deployment.
- Which vSphere solution integrates with public cloud providers to allow on-demand burst capacity or disaster recovery? A. vSphere Replication to local NFS datastores B. VMware Cloud on AWS C. vRealize Log Insight D. vSAN File Services Answer: B Explanation: VMware Cloud on AWS provides a consistent vSphere-based environment that can integrate with on-premises deployments for burst capacity or DR scenarios. vSphere Replication, Log Insight, and vSAN File Services don’t inherently provide cloud expansion.
- When troubleshooting a virtual machine that has stopped responding in vSphere, which of
the following actions or checks might help? A. Checking the VM’s CPU ready time in performance charts B. Reinstalling the guest OS from scratch immediately C. Reviewing the vSphere Events and Tasks for errors D. Verifying if there is any Storage I/O Control contention Answer: A, C, D Explanation: High CPU ready times can indicate CPU contention, event logs might show errors or misconfigurations, and SIOC might be throttling storage access. Reinstalling the OS (B) is an extreme step and not the typical first move.
- An administrator needs to deploy a Kubernetes cluster on a vSphere IaaS control plane (formerly vSphere with Tanzu) to host a new application. Which three steps should be followed to successfully deploy the Kubernetes cluster? (Choose three.) A. Configure a Load Balancer for the Kubernetes control plane nodes. B. Create a new VM template for the Kubernetes nodes. C. Configure a vSphere Namespace and assign resource quotas. D. Enable Workload Management on the vSphere Cluster. E., Deploy a vSphere Pod Service. Answer: A, C, D Explanation: A Load Balancer is needed for the Kubernetes control plane nodes to distribute traffic across the control plane and ensure high availability for the Kubernetes management layer. A vSphere Namespace must be configured to define a logical boundary for Kubernetes workloads, and resource quotas help ensure that resources are allocated appropriately for the workloads. Enabling Workload Management on the vSphere Cluster is necessary to integrate Kubernetes with vSphere and manage the lifecycle of Kubernetes clusters using vSphere with Tanzu.
- During a routine maintenance operation, an administrator needs to move a running VM from one host to another without downtime. Which vSphere feature is used? A. vSphere Replication B. vMotion C. vRealize Orchestrator