VMware Cloud on AWS VMware Certified Cloud Infrastructure Administrator Practice Exam, Exams of Technology

Designed for hybrid cloud infrastructure administrators, this practice exam includes tasks such as SDDC deployment, vSphere/vSAN/NSX integration, hybrid connectivity (Direct Connect / VPN), workload migrations with HCX, distributed firewall policies, storage scaling, and lifecycle management. Candidates troubleshoot network segments, analyze vMotion issues, manage elastic DRS, and configure identity federation for VMware Cloud environments.

Typology: Exams

2025/2026

Available from 01/06/2026

shilpi-jain-1
shilpi-jain-1 🇮🇳

4.2

(5)

29K documents

1 / 109

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
VMware Cloud on AWS VMware Certified
Cloud Infrastructure Administrator Practice
Exam
**Question 1.** Which component of the VMware Cloud on AWS SDDC provides the hypervisor
layer for running workloads?
A) vCenter Server
B) NSXT Manager
C) ESXi hosts
D) vSAN
Answer: C
Explanation: ESXi hosts are the hypervisor that runs virtual machines in the SDDC. vCenter
manages them, NSXT provides networking, and vSAN provides storage.
**Question 2.** In the shared responsibility model for VMware Cloud on AWS, who is
responsible for patching the underlying EC2 baremetal servers?
A) The customer
B) VMware
C) AWS
D) Both VMware and AWS jointly
Answer: B
Explanation: VMware is responsible for the SDDC stack, including ESXi host patching. AWS
manages the physical infrastructure, but the hypervisor patches are VMware’s responsibility.
**Question 3.** Which AWS construct connects the VMware Cloud on AWS SDDC to a
customerowned VPC?
A) Transit Gateway
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download VMware Cloud on AWS VMware Certified Cloud Infrastructure Administrator Practice Exam and more Exams Technology in PDF only on Docsity!

Cloud Infrastructure Administrator Practice

Exam

Question 1. Which component of the VMware Cloud on AWS SDDC provides the hypervisor layer for running workloads? A) vCenter Server B) NSX‑T Manager C) ESXi hosts D) vSAN Answer: C Explanation: ESXi hosts are the hypervisor that runs virtual machines in the SDDC. vCenter manages them, NSX‑T provides networking, and vSAN provides storage. Question 2. In the shared responsibility model for VMware Cloud on AWS, who is responsible for patching the underlying EC2 bare‑metal servers? A) The customer B) VMware C) AWS D) Both VMware and AWS jointly Answer: B Explanation: VMware is responsible for the SDDC stack, including ESXi host patching. AWS manages the physical infrastructure, but the hypervisor patches are VMware’s responsibility. Question 3. Which AWS construct connects the VMware Cloud on AWS SDDC to a customer‑owned VPC? A) Transit Gateway

Cloud Infrastructure Administrator Practice

Exam

B) VPC peering connection C) Internet Gateway D) NAT Gateway Answer: B Explanation: A VPC peering connection links the SDDC’s VPC to the customer’s VPC, enabling private IP communication between them. Question 4. What is the primary benefit of using VMware Cloud on AWS for disaster recovery? A) Unlimited on‑premises storage B) Automatic failback to the original data center C) Rapid provisioning of a secondary site in the cloud D) Elimination of all backup processes Answer: C Explanation: VMware Cloud on AWS allows quick creation of a DR site in AWS, reducing RTO/RPO compared to building a physical secondary data center. Question 5. Which consumption model charges based on the number of hosts provisioned, regardless of usage? A) On‑demand (pay‑as‑you‑go) B) Subscription (reserved) C) Spot instances D) Free tier

Cloud Infrastructure Administrator Practice

Exam

Question 8. When planning a new SDDC, which factor most directly influences the number of hosts required? A) Number of AWS IAM users B) Desired vSAN capacity and performance C) Size of the AWS account ID D) Number of VPC peering connections Answer: B Explanation: vSAN capacity and performance requirements drive host count, as each host contributes CPU, memory, and storage resources. Question 9. Which feature enables single‑pane‑of‑glass management of on‑premises and cloud SDDCs? A) vMotion B) Hybrid Linked Mode (HLM) C) Distributed Resource Scheduler (DRS) D) vSAN Witness Answer: B Explanation: HLM links on‑premises vCenter with the cloud vCenter, allowing unified management across both environments. Question 10. What is the purpose of an Elastic Network Interface (ENI) in the context of VMware Cloud on AWS?

Cloud Infrastructure Administrator Practice

Exam

A) To provide storage for VMs B) To attach a virtual NIC to an EC2 instance representing an SDDC host C) To enable DNS resolution for the SDDC D) To encrypt traffic between hosts Answer: B Explanation: ENIs are the virtual network adapters attached to EC2 bare‑metal instances that form the SDDC hosts, providing network connectivity. Question 11. Which connectivity option provides the lowest latency between an on‑premises data center and a VMware Cloud on AWS SDDC? A) Site‑to‑site VPN over the internet B) AWS Direct Connect C) AWS Transit Gateway D) Public internet with NAT Answer: B Explanation: Direct Connect offers dedicated, private, low‑latency links compared to VPNs that traverse the public internet. Question 12. In NSX‑T, what is the function of a Tier‑0 (T0) router? A) To provide distributed firewall services to VMs B) To route traffic between the SDDC and external networks C) To host virtual machines

Cloud Infrastructure Administrator Practice

Exam

Explanation: DFW enforces security policies on traffic moving between VMs (east‑west) inside the NSX‑T overlay network. Question 15. Which tool is used to monitor logs from NSX‑T components in VMware Cloud on AWS? A) vRealize Operations Manager B) Aria Operations for Logs (vRealize Log Insight) C) AWS CloudWatch D) vSAN Health Service Answer: B Explanation: Aria Operations for Logs (formerly vRealize Log Insight) aggregates and analyzes logs from NSX‑T and other components. Question 16. When adding a host to an existing SDDC cluster, which operation must be performed first? A) Delete the existing vCenter database B) Increase the vSAN license count C) Ensure the host is a supported EC2 bare‑metal instance type D. Disable NSX‑T Answer: C Explanation: Only supported EC2 bare‑metal instance types (e.g., i3en) can be added as hosts to the SDDC cluster.

Cloud Infrastructure Administrator Practice

Exam

Question 17. Which VMware Cloud on AWS feature allows a VM to retain its IP address when it is migrated between on‑premises and cloud SDDCs? A) vMotion with static MAC address B) NSX‑T NAT rules C) HCX Network Extension D) vSAN Federation Answer: C Explanation: HCX Network Extension preserves IP addressing across migrations, enabling seamless move of VMs without IP changes. Question 18. What is the minimum number of hosts required for a production‑grade SDDC cluster in VMware Cloud on AWS? A) 1 B) 2 C) 3 D) 4 Answer: C Explanation: A minimum of three hosts is required to provide vSAN quorum and HA for production workloads. Question 19. Which of the following statements about VMware Site Recovery (VSR) is TRUE? A) VSR only supports asynchronous replication.

Cloud Infrastructure Administrator Practice

Exam

Answer: B Explanation: Amazon EFS can be mounted as an NFS datastore to the SDDC, providing supplemental file storage. Question 22. What is the primary purpose of a vSAN Witness host in a stretched cluster configuration? A) To provide compute resources for VMs B) To act as a tie‑breaker for quorum when a site loses a host C) To host the vCenter Server Appliance D) To store backup snapshots Answer: B Explanation: The Witness host participates in quorum decisions, ensuring the stretched cluster can continue operating if one site loses a host. Question 23. Which API can be used to automate provisioning of new VMs in a VMware Cloud on AWS SDDC? A) AWS S3 API B) vSphere REST API (PowerCLI) C) Azure Resource Manager API D) Google Cloud Pub/Sub API Answer: B

Cloud Infrastructure Administrator Practice

Exam

Explanation: The vSphere REST API, accessible via PowerCLI or other SDKs, can automate VM provisioning in the SDDC. Question 24. Which vSphere feature automatically balances workloads across hosts based on resource usage? A) vMotion B) Distributed Resource Scheduler (DRS) C) vSAN D) NSX‑T Answer: B Explanation: DRS continuously evaluates host resource usage and recommends or performs VM migrations to balance the load. Question 25. In VMware Cloud on AWS, which component is responsible for providing the data plane for NSX‑T logical switches? A) vCenter Server B) NSX‑T Edge Services Gateways C) NSX‑T Distributed Router (Tier‑1) D) NSX‑T Transport Nodes (ESXi hosts) Answer: D Explanation: Transport Nodes (the ESXi hosts) implement the data plane for logical switches, handling encapsulation/decapsulation of overlay traffic.

Cloud Infrastructure Administrator Practice

Exam

B) The SLA covers compute, storage, and network availability with a 99.9 % guarantee. C) The SLA only applies to the management plane, not the workload plane. D) The SLA allows unlimited scaling without additional cost. Answer: B Explanation: VMware’s SLA provides a 99.9 % availability guarantee across compute, storage, and network components. Question 29. Which of the following best describes a “Cold Migration” using HCX? A) Live vMotion of running VMs without downtime B) Migration of powered‑off VMs using bulk data transfer C) Replication of VM disks in real‑time D) Use of site‑to‑site VPN for migration traffic Answer: B Explanation: Cold migration moves powered‑off VMs, typically using bulk transfer, and does not require live migration capabilities. Question 30. In the context of VMware Cloud on AWS, what is a “Network Extension” used for? A) Extending vSAN across AWS regions B) Extending on‑premises L2 networks into the cloud SDDC C) Extending vCenter licensing to multiple accounts D) Extending IAM roles to the SDDC

Cloud Infrastructure Administrator Practice

Exam

Answer: B Explanation: HCX Network Extension enables L2 network continuity between on‑premises and cloud environments, preserving VLANs and IP subnets. Question 31. Which of the following is NOT a valid method for connecting a VMware Cloud on AWS SDDC to native AWS services (e.g., S3, RDS)? A) VPC peering between the SDDC VPC and the customer VPC B) Direct Connect from the SDDC to AWS services C) Public internet with NAT gateway in the SDDC D) Using AWS PrivateLink endpoints in the customer VPC Answer: B Explanation: Direct Connect connects on‑premises networks to AWS, not the SDDC (which already resides in AWS). Access to native services is achieved via VPC peering, NAT, or PrivateLink. Question 32. Which NSX‑T feature provides load balancing for inbound traffic to VMs? A) Distributed Firewall (DFW) B) NSX‑T Edge Load Balancer (ELB) C) Tier‑0 router static routes D) vSAN Witness Answer: B Explanation: The NSX‑T Edge Load Balancer distributes inbound traffic across VM instances.

Cloud Infrastructure Administrator Practice

Exam

A) AWS Directory Service (AD Connector) B) AWS IAM C) AWS Shield D) AWS Lambda Answer: A Explanation: AD Connector allows on‑premises AD to authenticate AWS resources, including the SDDC when integrated. Question 36. What is the purpose of a “Resource Pool” in vCenter within VMware Cloud on AWS? A) To store VM snapshots B) To group VMs for shared resource allocation and limits C) To define network security policies D) To manage vSAN disk groups Answer: B Explanation: Resource pools enable administrators to allocate CPU and memory resources among groups of VMs. Question 37. Which of the following statements about HCX Bulk Migration is correct? A) It requires VMs to be powered on during migration. B) It transfers VM metadata first, then copies disks in parallel. C) It uses vMotion to move VMs across the WAN.

Cloud Infrastructure Administrator Practice

Exam

D) It only works for Windows guest OSes. Answer: B Explanation: Bulk Migration copies VM metadata (configuration) first, then transfers virtual disks in parallel, allowing powered‑off VMs to migrate efficiently. Question 38. Which of the following metrics is most indicative of a VM experiencing CPU contention in VMware Cloud on AWS? A) High network latency B) High CPU Ready time C) High memory ballooning D) High datastore latency Answer: B Explanation: CPU Ready time measures how long a VM waits for CPU resources, indicating contention. Question 39. In VMware Cloud on AWS, which component is responsible for the “north‑south” traffic routing to the internet? A) vSAN Witness B) NSX‑T Tier‑1 router with NAT configuration C) vCenter Server Appliance D) HCX Interconnect Answer: B

Cloud Infrastructure Administrator Practice

Exam

Question 42. What is the primary function of the “VMware Cloud Console” for administrators? A) To edit AWS IAM policies B) To provision, monitor, and manage the SDDC lifecycle C) To develop custom NSX‑T plugins D) To perform low‑level host firmware updates Answer: B Explanation: The VMware Cloud Console is the web UI used to create, scale, and monitor SDDC resources. Question 43. Which of the following best describes a “vSphere Replication” use case in VMware Cloud on AWS? A) Real‑time block‑level replication to an on‑premises site B) Asynchronous replication of VMs to a secondary SDDC for DR C) Replicating vSAN metadata across AWS regions D) Cloning VMs within the same cluster Answer: B Explanation: vSphere Replication provides asynchronous VM replication to a DR site, which can be another SDDC. Question 44. Which of the following is NOT a supported method for authenticating users to vCenter in VMware Cloud on AWS? A) Local vCenter users

Cloud Infrastructure Administrator Practice

Exam

B) LDAP/AD integration C) SAML‑based Single Sign‑On D) AWS IAM user credentials Answer: D Explanation: AWS IAM credentials cannot directly authenticate to vCenter; authentication must use local, LDAP/AD, or SAML. Question 45. Which NSX‑T component is responsible for providing distributed firewall capabilities at the hypervisor level? A) Edge Services Gateway (ESG) B) Distributed Firewall (DFW) module on each ESXi host C) Tier‑0 router D) vCenter Server Answer: B Explanation: The DFW module runs on each ESXi host, enforcing firewall rules for traffic to/from VMs locally. Question 46. What is the effect of enabling “vSAN Deduplication and Compression” on a storage policy? A) Increases raw capacity usage B) Reduces effective storage consumption for duplicate data C) Disables encryption for the datastore D) Requires all hosts to have SSDs only