




























































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Designed for hybrid cloud infrastructure administrators, this practice exam includes tasks such as SDDC deployment, vSphere/vSAN/NSX integration, hybrid connectivity (Direct Connect / VPN), workload migrations with HCX, distributed firewall policies, storage scaling, and lifecycle management. Candidates troubleshoot network segments, analyze vMotion issues, manage elastic DRS, and configure identity federation for VMware Cloud environments.
Typology: Exams
1 / 109
This page cannot be seen from the preview
Don't miss anything!





























































































Question 1. Which component of the VMware Cloud on AWS SDDC provides the hypervisor layer for running workloads? A) vCenter Server B) NSX‑T Manager C) ESXi hosts D) vSAN Answer: C Explanation: ESXi hosts are the hypervisor that runs virtual machines in the SDDC. vCenter manages them, NSX‑T provides networking, and vSAN provides storage. Question 2. In the shared responsibility model for VMware Cloud on AWS, who is responsible for patching the underlying EC2 bare‑metal servers? A) The customer B) VMware C) AWS D) Both VMware and AWS jointly Answer: B Explanation: VMware is responsible for the SDDC stack, including ESXi host patching. AWS manages the physical infrastructure, but the hypervisor patches are VMware’s responsibility. Question 3. Which AWS construct connects the VMware Cloud on AWS SDDC to a customer‑owned VPC? A) Transit Gateway
B) VPC peering connection C) Internet Gateway D) NAT Gateway Answer: B Explanation: A VPC peering connection links the SDDC’s VPC to the customer’s VPC, enabling private IP communication between them. Question 4. What is the primary benefit of using VMware Cloud on AWS for disaster recovery? A) Unlimited on‑premises storage B) Automatic failback to the original data center C) Rapid provisioning of a secondary site in the cloud D) Elimination of all backup processes Answer: C Explanation: VMware Cloud on AWS allows quick creation of a DR site in AWS, reducing RTO/RPO compared to building a physical secondary data center. Question 5. Which consumption model charges based on the number of hosts provisioned, regardless of usage? A) On‑demand (pay‑as‑you‑go) B) Subscription (reserved) C) Spot instances D) Free tier
Question 8. When planning a new SDDC, which factor most directly influences the number of hosts required? A) Number of AWS IAM users B) Desired vSAN capacity and performance C) Size of the AWS account ID D) Number of VPC peering connections Answer: B Explanation: vSAN capacity and performance requirements drive host count, as each host contributes CPU, memory, and storage resources. Question 9. Which feature enables single‑pane‑of‑glass management of on‑premises and cloud SDDCs? A) vMotion B) Hybrid Linked Mode (HLM) C) Distributed Resource Scheduler (DRS) D) vSAN Witness Answer: B Explanation: HLM links on‑premises vCenter with the cloud vCenter, allowing unified management across both environments. Question 10. What is the purpose of an Elastic Network Interface (ENI) in the context of VMware Cloud on AWS?
A) To provide storage for VMs B) To attach a virtual NIC to an EC2 instance representing an SDDC host C) To enable DNS resolution for the SDDC D) To encrypt traffic between hosts Answer: B Explanation: ENIs are the virtual network adapters attached to EC2 bare‑metal instances that form the SDDC hosts, providing network connectivity. Question 11. Which connectivity option provides the lowest latency between an on‑premises data center and a VMware Cloud on AWS SDDC? A) Site‑to‑site VPN over the internet B) AWS Direct Connect C) AWS Transit Gateway D) Public internet with NAT Answer: B Explanation: Direct Connect offers dedicated, private, low‑latency links compared to VPNs that traverse the public internet. Question 12. In NSX‑T, what is the function of a Tier‑0 (T0) router? A) To provide distributed firewall services to VMs B) To route traffic between the SDDC and external networks C) To host virtual machines
Explanation: DFW enforces security policies on traffic moving between VMs (east‑west) inside the NSX‑T overlay network. Question 15. Which tool is used to monitor logs from NSX‑T components in VMware Cloud on AWS? A) vRealize Operations Manager B) Aria Operations for Logs (vRealize Log Insight) C) AWS CloudWatch D) vSAN Health Service Answer: B Explanation: Aria Operations for Logs (formerly vRealize Log Insight) aggregates and analyzes logs from NSX‑T and other components. Question 16. When adding a host to an existing SDDC cluster, which operation must be performed first? A) Delete the existing vCenter database B) Increase the vSAN license count C) Ensure the host is a supported EC2 bare‑metal instance type D. Disable NSX‑T Answer: C Explanation: Only supported EC2 bare‑metal instance types (e.g., i3en) can be added as hosts to the SDDC cluster.
Question 17. Which VMware Cloud on AWS feature allows a VM to retain its IP address when it is migrated between on‑premises and cloud SDDCs? A) vMotion with static MAC address B) NSX‑T NAT rules C) HCX Network Extension D) vSAN Federation Answer: C Explanation: HCX Network Extension preserves IP addressing across migrations, enabling seamless move of VMs without IP changes. Question 18. What is the minimum number of hosts required for a production‑grade SDDC cluster in VMware Cloud on AWS? A) 1 B) 2 C) 3 D) 4 Answer: C Explanation: A minimum of three hosts is required to provide vSAN quorum and HA for production workloads. Question 19. Which of the following statements about VMware Site Recovery (VSR) is TRUE? A) VSR only supports asynchronous replication.
Answer: B Explanation: Amazon EFS can be mounted as an NFS datastore to the SDDC, providing supplemental file storage. Question 22. What is the primary purpose of a vSAN Witness host in a stretched cluster configuration? A) To provide compute resources for VMs B) To act as a tie‑breaker for quorum when a site loses a host C) To host the vCenter Server Appliance D) To store backup snapshots Answer: B Explanation: The Witness host participates in quorum decisions, ensuring the stretched cluster can continue operating if one site loses a host. Question 23. Which API can be used to automate provisioning of new VMs in a VMware Cloud on AWS SDDC? A) AWS S3 API B) vSphere REST API (PowerCLI) C) Azure Resource Manager API D) Google Cloud Pub/Sub API Answer: B
Explanation: The vSphere REST API, accessible via PowerCLI or other SDKs, can automate VM provisioning in the SDDC. Question 24. Which vSphere feature automatically balances workloads across hosts based on resource usage? A) vMotion B) Distributed Resource Scheduler (DRS) C) vSAN D) NSX‑T Answer: B Explanation: DRS continuously evaluates host resource usage and recommends or performs VM migrations to balance the load. Question 25. In VMware Cloud on AWS, which component is responsible for providing the data plane for NSX‑T logical switches? A) vCenter Server B) NSX‑T Edge Services Gateways C) NSX‑T Distributed Router (Tier‑1) D) NSX‑T Transport Nodes (ESXi hosts) Answer: D Explanation: Transport Nodes (the ESXi hosts) implement the data plane for logical switches, handling encapsulation/decapsulation of overlay traffic.
B) The SLA covers compute, storage, and network availability with a 99.9 % guarantee. C) The SLA only applies to the management plane, not the workload plane. D) The SLA allows unlimited scaling without additional cost. Answer: B Explanation: VMware’s SLA provides a 99.9 % availability guarantee across compute, storage, and network components. Question 29. Which of the following best describes a “Cold Migration” using HCX? A) Live vMotion of running VMs without downtime B) Migration of powered‑off VMs using bulk data transfer C) Replication of VM disks in real‑time D) Use of site‑to‑site VPN for migration traffic Answer: B Explanation: Cold migration moves powered‑off VMs, typically using bulk transfer, and does not require live migration capabilities. Question 30. In the context of VMware Cloud on AWS, what is a “Network Extension” used for? A) Extending vSAN across AWS regions B) Extending on‑premises L2 networks into the cloud SDDC C) Extending vCenter licensing to multiple accounts D) Extending IAM roles to the SDDC
Answer: B Explanation: HCX Network Extension enables L2 network continuity between on‑premises and cloud environments, preserving VLANs and IP subnets. Question 31. Which of the following is NOT a valid method for connecting a VMware Cloud on AWS SDDC to native AWS services (e.g., S3, RDS)? A) VPC peering between the SDDC VPC and the customer VPC B) Direct Connect from the SDDC to AWS services C) Public internet with NAT gateway in the SDDC D) Using AWS PrivateLink endpoints in the customer VPC Answer: B Explanation: Direct Connect connects on‑premises networks to AWS, not the SDDC (which already resides in AWS). Access to native services is achieved via VPC peering, NAT, or PrivateLink. Question 32. Which NSX‑T feature provides load balancing for inbound traffic to VMs? A) Distributed Firewall (DFW) B) NSX‑T Edge Load Balancer (ELB) C) Tier‑0 router static routes D) vSAN Witness Answer: B Explanation: The NSX‑T Edge Load Balancer distributes inbound traffic across VM instances.
A) AWS Directory Service (AD Connector) B) AWS IAM C) AWS Shield D) AWS Lambda Answer: A Explanation: AD Connector allows on‑premises AD to authenticate AWS resources, including the SDDC when integrated. Question 36. What is the purpose of a “Resource Pool” in vCenter within VMware Cloud on AWS? A) To store VM snapshots B) To group VMs for shared resource allocation and limits C) To define network security policies D) To manage vSAN disk groups Answer: B Explanation: Resource pools enable administrators to allocate CPU and memory resources among groups of VMs. Question 37. Which of the following statements about HCX Bulk Migration is correct? A) It requires VMs to be powered on during migration. B) It transfers VM metadata first, then copies disks in parallel. C) It uses vMotion to move VMs across the WAN.
D) It only works for Windows guest OSes. Answer: B Explanation: Bulk Migration copies VM metadata (configuration) first, then transfers virtual disks in parallel, allowing powered‑off VMs to migrate efficiently. Question 38. Which of the following metrics is most indicative of a VM experiencing CPU contention in VMware Cloud on AWS? A) High network latency B) High CPU Ready time C) High memory ballooning D) High datastore latency Answer: B Explanation: CPU Ready time measures how long a VM waits for CPU resources, indicating contention. Question 39. In VMware Cloud on AWS, which component is responsible for the “north‑south” traffic routing to the internet? A) vSAN Witness B) NSX‑T Tier‑1 router with NAT configuration C) vCenter Server Appliance D) HCX Interconnect Answer: B
Question 42. What is the primary function of the “VMware Cloud Console” for administrators? A) To edit AWS IAM policies B) To provision, monitor, and manage the SDDC lifecycle C) To develop custom NSX‑T plugins D) To perform low‑level host firmware updates Answer: B Explanation: The VMware Cloud Console is the web UI used to create, scale, and monitor SDDC resources. Question 43. Which of the following best describes a “vSphere Replication” use case in VMware Cloud on AWS? A) Real‑time block‑level replication to an on‑premises site B) Asynchronous replication of VMs to a secondary SDDC for DR C) Replicating vSAN metadata across AWS regions D) Cloning VMs within the same cluster Answer: B Explanation: vSphere Replication provides asynchronous VM replication to a DR site, which can be another SDDC. Question 44. Which of the following is NOT a supported method for authenticating users to vCenter in VMware Cloud on AWS? A) Local vCenter users
B) LDAP/AD integration C) SAML‑based Single Sign‑On D) AWS IAM user credentials Answer: D Explanation: AWS IAM credentials cannot directly authenticate to vCenter; authentication must use local, LDAP/AD, or SAML. Question 45. Which NSX‑T component is responsible for providing distributed firewall capabilities at the hypervisor level? A) Edge Services Gateway (ESG) B) Distributed Firewall (DFW) module on each ESXi host C) Tier‑0 router D) vCenter Server Answer: B Explanation: The DFW module runs on each ESXi host, enforcing firewall rules for traffic to/from VMs locally. Question 46. What is the effect of enabling “vSAN Deduplication and Compression” on a storage policy? A) Increases raw capacity usage B) Reduces effective storage consumption for duplicate data C) Disables encryption for the datastore D) Requires all hosts to have SSDs only