VMware Cloud on AWS VMware Certified Design Expert Practice Exam, Exams of Technology

This elite-level simulation evaluates mastery in designing enterprise cloud architectures, including business requirement mapping, risk analysis, capacity planning, SDDC layout strategy, NSX-T security architecture design, inter-cloud DR, operational governance models, and multi-region failover blueprints. The practice exam challenges candidates with case studies requiring both conceptual architecture and detailed design documentation.

Typology: Exams

2025/2026

Available from 01/06/2026

shilpi-jain-1
shilpi-jain-1 🇮🇳

4.2

(5)

29K documents

1 / 94

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
VMware Cloud on AWS VMware Certified
Design Expert Practice Exam
**Question 1.** Which phase of the VMC on AWS design process focuses on capturing
functional and nonfunctional requirements from the customer?
A) Conceptual Design
B) Physical Design
C) Requirements Elicitation and Analysis
D) Implementation Guidance
Answer: C
Explanation: Requirements Elicitation and Analysis is the initial phase where both functional and
nonfunctional needs are gathered and documented.
**Question 2.** In the MoSCoW prioritization method, which category represents
requirements that are optional and may be omitted if time or budget constraints arise?
A) Must have
B) Should have
C) Could have
D) Won’t have
Answer: C
Explanation: “Could have” items are desirable but not essential, allowing flexibility when
constraints exist.
**Question 3.** A customer mandates a maximum latency of 30 ms between the onpremises
data center and VMC on AWS. Which design factor directly addresses this requirement?
A) Choosing an i4i host type
B) Selecting the nearest AWS Region
C) Enabling vSAN deduplication
D) Using AWS Direct Connect with a 1 Gbps link
Answer: B
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e

Partial preview of the text

Download VMware Cloud on AWS VMware Certified Design Expert Practice Exam and more Exams Technology in PDF only on Docsity!

Design Expert Practice Exam

Question 1. Which phase of the VMC on AWS design process focuses on capturing functional and non‑functional requirements from the customer? A) Conceptual Design B) Physical Design C) Requirements Elicitation and Analysis D) Implementation Guidance Answer: C Explanation: Requirements Elicitation and Analysis is the initial phase where both functional and non‑functional needs are gathered and documented. Question 2. In the MoSCoW prioritization method, which category represents requirements that are optional and may be omitted if time or budget constraints arise? A) Must have B) Should have C) Could have D) Won’t have Answer: C Explanation: “Could have” items are desirable but not essential, allowing flexibility when constraints exist. Question 3. A customer mandates a maximum latency of 30 ms between the on‑premises data center and VMC on AWS. Which design factor directly addresses this requirement? A) Choosing an i4i host type B) Selecting the nearest AWS Region C) Enabling vSAN deduplication D) Using AWS Direct Connect with a 1 Gbps link Answer: B

Design Expert Practice Exam

Explanation: Proximity to the AWS Region reduces network latency; selecting the nearest Region helps meet strict latency goals. Question 4. Which AWS service is most appropriate for extending an on‑premises Active Directory to VMC on AWS for identity management? A) AWS Managed Microsoft AD B) Amazon Cognito C) AWS IAM Identity Center D) AWS Directory Service for Microsoft AD Answer: D Explanation: AWS Directory Service for Microsoft AD provides a fully managed AD that can be trusted by VMC on AWS workloads. Question 5. In a VMC on AWS solution, which component is responsible for managing virtual networking, distributed firewall, and load balancing? A) vCenter Server B) NSX‑T Manager C) vSAN Health Service D) HCX Manager Answer: B Explanation: NSX‑T Manager handles logical networking, security policies, and load balancing within the SDDC. Question 6. Which of the following is a primary benefit of using Hybrid Linked Mode (HLM) in VMC on AWS? A) Enables vMotion across regions without HCX B) Provides a single pane of glass for on‑premises and cloud vCenter management

Design Expert Practice Exam

Question 9. Which NSX‑T security component enforces micro‑segmentation at the VM‑to‑VM level? A) Distributed Firewall (DFW) B) Gateway Firewall (GFW) C) Edge Services Router (ESR) D) Service Insertion Policy Answer: A Explanation: The DFW is a kernel‑level firewall that applies rules directly to VM NICs, enabling micro‑segmentation. Question 10. A design calls for a DR site with a Recovery Point Objective (RPO) of 15 minutes. Which VMC on AWS feature best satisfies this requirement? A) vSphere Replication B) VMC Site Recovery (SRM) with synchronous replication C) HCX Bulk Migration D) AWS Backup for EBS volumes Answer: B Explanation: VMC Site Recovery can orchestrate synchronous or near‑synchronous replication to meet tight RPOs. Question 11. Which AWS networking construct is used to extend the VMC on AWS VPC to an on‑premises data center via Direct Connect? A) Transit Gateway B) VPC Peering C) PrivateLink D) Route 53 Resolver Answer: A

Design Expert Practice Exam

Explanation: AWS Transit Gateway can connect multiple VPCs and on‑premises networks via Direct Connect, providing a scalable hub‑and‑spoke model. Question 12. When planning IP address space for a VMC on AWS SDDC, which CIDR size is recommended for the Management subnet to avoid exhaustion? A) / B) / C) / D) / Answer: B Explanation: A /24 provides 256 addresses, sufficient for management components, ESXi hosts, and future growth. Question 13. Which VMware Aria product is specifically designed for cost visibility and optimization across multi‑cloud environments? A) Aria Operations B) Aria Automation C) Aria Cost Insight D) Aria Guardrails Answer: C Explanation: Aria Cost Insight delivers detailed cost analytics and recommendations for optimizing spend across clouds. Question 14. In a VMC on AWS deployment, which storage option would you select for long‑term archival of VM backups that require durability of 99.999999999 %? A) vSAN Capacity Tier B) Amazon S3 Glacier Deep Archive

Design Expert Practice Exam

Question 17. Which component of the Shared Responsibility Model is the customer primarily responsible for in VMC on AWS? A) Physical security of the data center B) Hypervisor patching C) Network traffic encryption in transit D) Underlying hardware maintenance Answer: C Explanation: Customers must secure data in transit (e.g., TLS, VPN) while VMware handles hypervisor and hardware responsibilities. Question 18. To enforce least‑privilege access for VMC on AWS administrators, which integration should be used? A) AWS IAM roles assigned to vCenter users B) vSphere Single Sign‑On with SAML to corporate IdP C) Local vCenter admin accounts with root passwords D) NSX‑T local users with admin role Answer: B Explanation: Integrating vSphere SSO with a corporate IdP via SAML enables role‑based access aligned with least‑privilege principles. Question 19. Which AWS service can be directly consumed by workloads in VMC on AWS without additional network configuration? A) Amazon DynamoDB B) Amazon RDS for PostgreSQL C) Amazon S3 (via VPC Endpoint) D) Amazon Redshift Answer: C

Design Expert Practice Exam

Explanation: VPC Endpoints allow private connectivity to S3 from the VMC VPC without traversing the internet. Question 20. During the physical design stage, which metric is most critical when determining the number of hosts required for a given vCPU workload? A) Host CPU clock speed (GHz) B) vCPU overcommit ratio C) Number of NICs per host D) Host power consumption (kW) Answer: B Explanation: The overcommit ratio defines how many virtual CPUs can be placed on a physical host, directly influencing host count calculations. Question 21. Which of the following is a key advantage of using i4i instances over i3en for a VMC on AWS SDDC? A) Higher local NVMe storage capacity per host B) Lower network latency to other AWS services C) Greater vCPU count per instance type D) Enhanced support for GPU workloads Answer: C Explanation: i4i instances provide higher vCPU counts, beneficial for compute‑heavy workloads. Question 22. In a VMC on AWS design, which NSX‑T component is responsible for providing NAT and load balancing services at the edge? A) Distributed Router (DR) B) Tier‑0 Gateway C) Tier‑1 Gateway

Design Expert Practice Exam

A) “The customer will double their workload in 12 months.” B) “AWS will introduce a new instance type next quarter.” C) “The on‑premises network has 10 Gbps bandwidth to the data center.” D) “The compliance audit will be postponed indefinitely.” Answer: C Explanation: Assuming existing network bandwidth is a factual, verifiable condition, not a speculative risk. Question 26. Which vSAN configuration option reduces storage overhead by eliminating duplicate blocks across VMs? A) RAID‑5/6 erasure coding B) Deduplication and compression C) Mirrored storage policy D) Stretched cluster topology Answer: B Explanation: Deduplication and compression remove redundant data, decreasing the effective storage footprint. Question 27. In the context of VMC on AWS, what does “N+1” redundancy refer to? A) One additional host beyond the required capacity B) One extra network interface per VM C) One extra vSAN disk group per cluster D) One additional AWS Region for failover Answer: A Explanation: N+1 means having one extra host to tolerate a single host failure while maintaining capacity.

Design Expert Practice Exam

Question 28. Which AWS native service can be used to ingest logs from NSX‑T Distributed Firewall for centralized analysis? A) Amazon CloudWatch Logs B) AWS Config C) Amazon Athena D) AWS WAF Answer: A Explanation: CloudWatch Logs can collect and store log data from various sources, including NSX‑T when forwarded. Question 29. Which of the following is a primary design consideration when integrating VMC on AWS workloads with Amazon EKS? A) Matching vCPU counts between ESXi hosts and EKS nodes B) Configuring NSX‑T Service Insertion for pod‑to‑pod encryption C) Ensuring both environments share the same VPC CIDR block D) Using AWS PrivateLink to expose Kubernetes API securely Answer: D Explanation: PrivateLink enables secure, private access to the EKS API endpoint from the VMC VPC without exposing it publicly. Question 30. During a migration runbook, which step should be performed before initiating bulk migration of VMs using HCX? A) Power off all source VMs B) Validate network connectivity and routing between source and destination C) Delete all snapshots on source VMs D) Upgrade the destination ESXi hosts to the latest patch level

Design Expert Practice Exam

B. Use an external load balancer to distribute traffic C. Deploy three NSX‑T Manager instances in a HA cluster D. Run NSX‑T Manager on each ESXi host as a VMkernel service Answer: C Explanation: Deploying three NSX‑T Managers provides HA, ensuring management plane continuity. Question 34. When designing a backup solution for VMs in VMC on AWS, which statement is true regarding using AWS Backup? A) AWS Backup can directly back up vSphere VMs without agents. B) AWS Backup requires vSAN snapshots to be exported to S3. C) AWS Backup integrates with VMC Site Recovery for orchestration. D) AWS Backup only supports file‑level backups, not VM‑level. Answer: A Explanation: AWS Backup provides native integration to back up EC2 instances and can be extended to VMC via the AWS Backup gateway, allowing agent‑less VM backups. Question 35. Which security principle is enforced by NSX‑T Distributed Firewall policies that are scoped to VM tags? A) Zero Trust Network Access B) Role‑Based Access Control C) Defense‑in‑Depth D) Principle of Least Privilege Answer: D Explanation: Tag‑based DFW rules allow fine‑grained control, granting only required access, aligning with least‑privilege.

Design Expert Practice Exam

Question 36. In a multi‑region VMC on AWS architecture, what is the primary purpose of deploying a Transit Gateway in each region? A) To provide DNS resolution across regions B) To enable cross‑region VPC peering without overlapping CIDRs C) To host NSX‑T Edge services centrally D) To aggregate Direct Connect links for higher bandwidth Answer: B Explanation: Transit Gateways simplify cross‑region connectivity and manage overlapping CIDR spaces via hub‑and‑spoke topology. Question 37. Which of the following is a key indicator that a workload is a good candidate for “Cold Migration” using HCX? A) The workload requires zero downtime. B) The workload is storage‑intensive but can tolerate downtime. C) The workload runs critical, real‑time services. D) The workload uses NVMe over Fabrics. Answer: B Explanation: Cold Migration moves VMs offline, suitable for workloads that can afford downtime, especially when large data volumes are involved. Question 38. Which VMware feature provides automated remediation of security misconfigurations in NSX‑T firewalls? A) NSX‑T Security Policy Analyzer B) vRealize Network Insight (vRNI) C) NSX‑T Distributed IDS/IPS D) vSphere Security Hardening Guide Answer: B

Design Expert Practice Exam

D) A Direct Connect link that spans two regions Answer: A Explanation: A stretched vSAN cluster distributes hosts across AZs, providing zone‑level fault tolerance. Question 42. Which of the following is the most appropriate method to enforce compliance with PCI‑DSS for data at rest in VMC on AWS? A) Enable vSAN encryption with a customer‑managed key B) Use NSX‑T DFW to block all traffic C) Deploy a third‑party firewall appliance in the VPC D) Configure AWS IAM policies to restrict S3 access Answer: A Explanation: vSAN encryption protects VM disks at rest, meeting PCI‑DSS encryption requirements. Question 43. Which of the following statements best describes the purpose of an HCX Interconnect? A) It provides a private network link between two VMC SDDCs in the same region. B) It enables vMotion traffic between on‑premises vCenter and VMC on AWS. C) It creates a VPN tunnel for backup traffic to AWS S3. D) It replicates NSX‑T firewall rules across regions. Answer: B Explanation: HCX Interconnect establishes the transport layer for vMotion and migration traffic between environments. Question 44. When designing a VMC on AWS solution for a regulated healthcare organization, which compliance framework must be explicitly addressed?

Design Expert Practice Exam

A) ISO 27001

B) HIPAA

C) SOC 2

D) GDPR

Answer: B Explanation: HIPAA governs the protection of health information, requiring specific controls for data handling in healthcare environments. Question 45. Which vSphere feature allows a VM to be placed on a specific host to meet licensing or hardware requirements? A) DRS (Distributed Resource Scheduler) B) VM‑Host Affinity Rules C) vMotion D) vSphere HA Admission Control Answer: B Explanation: VM‑Host affinity rules bind a VM to a designated host, ensuring placement on required hardware. Question 46. In VMC on AWS, which component is responsible for providing the “Management Gateway (MGW)” functionality? A) NSX‑T Tier‑0 Gateway B) vCenter Server Appliance C) HCX Manager D) AWS Transit Gateway Answer: A Explanation: The Tier‑0 Gateway serves as the MGW, handling north‑south traffic for management traffic.

Design Expert Practice Exam

Answer: A Explanation: Recovery Priority Groups dictate the sequence in which VMs are powered on during failover. Question 50. Which of the following AWS services can be used to centrally manage IAM roles and policies for both AWS and VMC on AWS resources? A) AWS Organizations B) AWS Control Tower C) AWS IAM Identity Center (formerly SSO) D) AWS Config Answer: C Explanation: IAM Identity Center provides single sign‑on and centralized permission management across AWS accounts and integrated services like VMC. Question 51. In a VMC on AWS environment, which tool provides real‑time performance analytics for both the SDDC and guest workloads? A) vRealize Operations (Aria Operations) B) vRealize Log Insight C) vRealize Network Insight D) vRealize Automation Answer: A Explanation: Aria Operations delivers comprehensive performance monitoring for the infrastructure and VMs. Question 52. Which of the following is the recommended way to protect against accidental deletion of critical NSX‑T firewall rules? A) Enable NSX‑T policy versioning

Design Expert Practice Exam

B) Use AWS CloudTrail to log changes C) Configure a backup of the NSX‑T Manager VM D) Apply read‑only permissions to the DFW rule set Answer: A Explanation: NSX‑T policy versioning allows rollback to previous rule configurations, safeguarding against accidental deletions. Question 53. When designing a VMC on AWS solution that must comply with the EU GDPR, which data handling practice is essential? A) Storing all data in a single AWS Region B) Encrypting personal data at rest and in transit C) Using only on‑premises backup solutions D) Disabling all logging to avoid data exposure Answer: B Explanation: GDPR requires encryption of personal data both at rest and during transmission to protect privacy. Question 54. Which of the following is a primary consideration when selecting an AWS Region for a VMC on AWS deployment? A) Availability of i4g instances only B) Proximity to the customer’s end‑users and on‑premises data center C) Number of Availability Zones in the region D) Presence of AWS Lambda Edge services Answer: B Explanation: Region proximity impacts latency and data residency, critical for performance and compliance.