




























































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
This practice exam covers advanced hybrid cloud administration: provisioning secure SDDCs, optimizing cross-region deployments, configuring complex NSX-T topologies, performing live migrations, implementing backup/DRS strategies, monitoring via vRealize/Aria tools, and automating operational tasks using APIs and Terraform. Troubleshooting challenges include diagnosing latency, addressing HA isolation events, and optimizing cluster performance.
Typology: Exams
1 / 100
This page cannot be seen from the preview
Don't miss anything!





























































































Question 1. Which of the following is a primary benefit of cloud computing that VMware emphasizes for VMC on AWS? A) Fixed hardware lifecycle B) Unlimited on‑premise storage C) Elastic scaling of resources D) Mandatory long‑term contracts Answer: C Explanation: VMware highlights elasticity—ability to scale compute, storage, and networking resources up or down on demand—as a core cloud benefit for VMC on AWS. Question 2. In VMware’s multi‑cloud vision, which component provides a single pane of glass to manage workloads across different hyperscalers? A) vCenter Server Appliance B) VMware Cloud Services Portal (CSP) C) NSX Manager D) HCX Manager Answer: B Explanation: The Cloud Services Portal is the centralized UI where administrators can provision, monitor, and manage SDDCs across AWS, Azure, Google Cloud, etc. Question 3. What does the term “Software‑Defined Data Center” (SDDC) refer to in the context of VMC on AWS? A) Physical rack servers located in an AWS data center B) A collection of software components that abstract compute, storage, and networking C) A proprietary VMware hardware appliance D) The AWS VPC that hosts the VMC workloads
Answer: B Explanation: An SDDC is defined by VMware software (vSphere, vSAN, NSX) that virtualizes and abstracts the underlying hardware resources. Question 4. Which VMware component is responsible for providing distributed virtual networking and firewalling in the VMC SDDC? A) vCenter Server B) vSAN C) NSX Manager D) HCX Answer: C Explanation: NSX Manager orchestrates the networking and security services, including distributed firewalls, logical switches, and routers. Question 5. Hybrid Linked Mode (HLM) differs from Enhanced Linked Mode (ELM) primarily because HLM allows linking of which environments? A) Two on‑premise vCenter instances only B) An on‑premise vCenter with a VMC on AWS SDDC C) Multiple VMC SDDCs in the same AWS region D) vCenter with vRealize Operations only Answer: B Explanation: HLM enables a single pane of management across an on‑prem vCenter and a cloud‑based VMC SDDC, whereas ELM links only vCenter Servers within the same environment. Question 6. Which connectivity option provides the lowest latency and highest bandwidth between an on‑premises data center and a VMC on AWS SDDC? A) Site‑to‑site IPSec VPN
Question 9. vSphere Storage vMotion is primarily used to: A) Move a VM’s compute resources between clusters B) Change a VM’s network adapter type C) Relocate a VM’s virtual disks between datastores or storage policies D) Upgrade a VM’s hardware version Answer: C Explanation: Storage vMotion migrates a VM’s virtual disks to a different datastore or changes its storage policy without VM downtime. Question 10. What does DRS stand for and what is its primary function in VMC on AWS? A) Distributed Resource Scheduler; balances VM workloads across hosts B) Disaster Recovery Service; replicates VMs to another region C) Data Replication System; syncs vSAN data D) Dynamic Routing Service; manages VPC routing tables Answer: A Explanation: DRS automatically places VMs on the most appropriate host based on resource utilization and load balancing rules. Question 11. Which of the following scaling options allows you to add more hosts to an existing VMC SDDC without redeploying the entire environment? A) Static SDDC scaling B) Dynamic SDDC scale‑out C) vSphere HA scaling D) NSX Edge scaling Answer: B
Explanation: Dynamic SDDC scale‑out lets you provision additional host nodes to an existing SDDC, expanding capacity seamlessly. Question 12. Which authentication method is NOT supported for logging into the VMware Cloud Services Portal? A) SAML‑based single sign‑on B) Local vCenter username/password C) Okta or Azure AD integration via SSO D) LDAP authentication directly to CSP Answer: D Explanation: The CSP does not accept direct LDAP authentication; it relies on SAML‑based SSO or native VMware credentials. Question 13. How does VMware Cloud on Dell EMC differ from VMware Cloud on AWS? A) It runs on AWS bare metal servers B) It provides an on‑premises, fully‑managed SDDC using Dell PowerEdge hardware C) It only supports vSAN 6. D) It does not include NSX networking Answer: B Explanation: VMware Cloud on Dell EMC delivers a fully‑managed SDDC on Dell hardware located in customer data centers, extending the same software stack as VMC on AWS. Question 14. Which AWS native service can be directly consumed from workloads running inside a VMC on AWS SDDC? A) Amazon S B) Azure Blob Storage
A) Automating vCenter patching B) Providing disaster recovery replication only C) Enabling workload mobility across on‑premises, VMC, and other clouds D) Managing NSX firewall rules Answer: C Explanation: HCX offers capabilities such as WAN optimization, vMotion across clouds, and bulk migration, facilitating workload movement between environments. Question 18. Which disaster‑recovery solution provides near‑zero RPO by replicating VMs to a secondary AWS region within the VMC ecosystem? A) VMware Site Recovery (SRM) with vSphere Replication B) VMware Cloud Disaster Recovery (VCDR) using AWS CloudEndure C) Traditional tape backups D) Manual snapshot copy Answer: B Explanation: VCDR leverages CloudEndure to continuously replicate workloads with sub‑second RPO, enabling rapid failover to another AWS region. Question 19. When planning a VMC on AWS deployment, which factor is most critical for determining the required number of hosts? A) Number of AWS IAM users B) Desired vSAN capacity and VM CPU/memory requirements C) Length of the VPN tunnel D) Number of NSX Edge appliances Answer: B
Explanation: Host sizing must consider vSAN storage capacity, CPU and memory allocation for the intended VM workload mix. Question 20. Which AWS networking component must be created to enable communication between a VMC on AWS SDDC and other AWS services in the same region? A) Internet Gateway B) VPC Peering Connection C) Direct Connect Gateway D) Transit Gateway attachment specific to the SDDC VPC Answer: D Explanation: VMC on AWS provisions a dedicated VPC; attaching it to an AWS Transit Gateway enables connectivity to other VPCs and services. Question 21. Which of the following is a valid method to provision a new VMC SDDC through automation? A) Manually clicking the “Create” button in the CSP UI only B) Using the VMware Cloud on AWS API (REST) or Terraform provider C) Editing the AWS CloudFormation template directly D) Deploying a custom Linux script on a host VM Answer: B Explanation: VMware provides a REST API and Terraform provider to automate SDDC provisioning, enabling Infrastructure‑as‑Code workflows. Question 22. In a VMC on AWS environment, which component stores the VM templates that can be used for rapid provisioning? A) vCenter Content Library B) NSX Edge firewall rule set
A) vSAN uses local SSDs on AWS bare‑metal servers to create a shared datastore B) vSAN requires external SAN arrays for storage C) vSAN is not available in VMC on AWS D) vSAN only supports NFS protocols Answer: A Explanation: VMC on AWS leverages the local NVMe/SSD storage of the underlying AWS bare‑metal hosts to build a distributed vSAN datastore. Question 26. Which VMware Tanzu component provides a ready‑to‑run Kubernetes control plane inside the VMC SDDC? A) Tanzu Mission Control B) Tanzu Kubernetes Grid (TKG) Service C) vRealize Automation D) NSX Advanced Load Balancer Answer: B Explanation: Tanzu Kubernetes Grid deploys fully‑managed Kubernetes clusters that run on the same vSphere infrastructure as the SDDC. Question 27. In the context of Tanzu, what does the API server primarily handle? A) Hypervisor scheduling decisions B) Storage provisioning for vSAN C) Receiving and processing RESTful API calls for cluster management D. Managing NSX firewall rules Answer: C Explanation: The Kubernetes API server is the front‑end for all RESTful requests, handling cluster state and resource definitions.
Question 28. Which of the following is a benefit of using VMware Cloud Disaster Recovery (VCDR) over traditional backup solutions? A) Requires no network connectivity B) Provides near‑real‑time replication with automated failover C. Stores backups on local disks only D. Only works for physical servers, not VMs Answer: B Explanation: VCDR continuously replicates workloads to AWS, enabling automated, rapid recovery with low RPO/RTO. Question 29. When configuring a site‑to‑site VPN between an on‑premises data center and VMC on AWS, which protocol is used for the tunnel? A) HTTP B) GRE C) IPSec D. SSH Answer: C Explanation: IPSec is the standard protocol for establishing encrypted site‑to‑site VPN tunnels between on‑prem networks and AWS VPCs. Question 30. Which of the following best describes the function of a “Transit Gateway” in an AWS‑VMC integration? A) It provides DNS resolution for VMs B) It aggregates multiple VPC connections and on‑prem VPNs into a single hub C) It stores VM snapshots
A) Direct HTTPS connection from the internet B) Access through the VMware Cloud Services Portal SSO C) VPN‑based connection to the management segment D) AWS Systems Manager Session Manager Answer: D Explanation: AWS Systems Manager Session Manager is not used to access vCenter; access is via HTTPS through the CSP or a VPN into the management network. Question 34. What is the primary purpose of the “VMware Cloud Gateway Appliance” in a Hybrid Linked Mode deployment? A) To provide DNS services for the SDDC B) To enable secure connectivity between on‑prem vCenter and cloud vCenter C) To act as a vSAN cache tier D) To host the NSX Edge services Answer: B Explanation: The Cloud Gateway Appliance creates a secure tunnel that links on‑prem vCenter with the cloud‑based vCenter, enabling HLM. Question 35. Which of the following statements about vSphere HA Admission Control is correct in VMC on AWS? A) It disables HA for all VMs B) It reserves capacity to guarantee VM restart in case of host failure C) It only works with vSAN stretched clusters D) It is disabled by default and must be manually turned on Answer: B
Explanation: Admission Control ensures that enough resources remain available to restart VMs if a host fails, preserving HA guarantees. Question 36. When using HCX for bulk migration, which feature allows you to move many VMs without downtime? A) HCX vMotion Optimizer B) HCX Push‑Button Upgrade C) HCX Network Extension D) HCX Disaster Recovery Answer: A Explanation: HCX vMotion Optimizer enables bulk, live migration of VMs across clouds with minimal impact. Question 37. In a VMC on AWS SDDC, which component stores the NSX configuration database? A) vCenter Server Appliance B) NSX Manager (embedded) C) HCX Manager D) vSAN Witness Host Answer: B Explanation: NSX Manager hosts the NSX database that stores logical networking and security configurations. Question 38. Which of the following is a recommended practice for securing the management segment of a VMC SDDC? A) Open all inbound ports to the internet B) Place the segment in a public subnet
Question 41. Which of the following AWS services can be directly integrated with VMC on AWS for centralized logging? A) AWS CloudTrail B) Amazon S3 (as a log archive) C) Amazon GuardDuty D) All of the above Answer: D Explanation: VMC workloads can send logs to CloudTrail, S3, GuardDuty, and other AWS services for unified security and compliance monitoring. Question 42. Which VMware product provides a unified view for managing multiple Kubernetes clusters across clouds? A) vRealize Automation B) Tanzu Mission Control (TMC) C) NSX Advanced Load Balancer D) vSphere Distributed Switch Answer: B Explanation: Tanzu Mission Control offers centralized lifecycle management, policy enforcement, and observability for Kubernetes clusters across environments. Question 43. In VMC on AWS, what is the maximum number of hosts that can be provisioned in a single SDDC cluster as of the latest release? A) 4 B) 8 C) 12 D) 16
Answer: C Explanation: VMware currently allows up to 12 hosts per SDDC cluster, providing scale while maintaining manageability. Question 44. Which of the following actions is required to enable a VMC SDDC to use an existing AWS Direct Connect connection? A) Create a new VPC peering connection B) Associate the Direct Connect virtual interface with the VMC VPC using a private virtual interface C) Enable AWS Transit Gateway auto‑accept D) Deploy a NAT gateway in the management segment Answer: B Explanation: The Direct Connect private virtual interface must be attached to the VMC VPC to route traffic over the dedicated link. Question 45. What is the primary purpose of a “vSAN Witness Host” in a stretched cluster configuration? A) To run NSX Edge services B) To provide a quorum for metadata when a site loses a majority of hosts C) To host VM workloads D) To store backup snapshots only Answer: B Explanation: The witness host holds a copy of the vSAN metadata, ensuring cluster quorum and preventing split‑brain scenarios. Question 46. Which of the following is a valid reason to use “VMware Cloud on AWS Outposts” instead of a standard VMC on AWS deployment?
Explanation: Traffic from the VM goes through the NSX Edge (if routed) into the VPC’s private subnet where the RDS endpoint resides. Question 49. Which of the following best describes “vSphere Distributed Switch” (VDS) in a VMC on AWS environment? A) A physical switch located in an AWS data center B) A logical switch that provides centralized network configuration across all hosts C) A component of NSX Edge only D) A backup solution for VM snapshots Answer: B Explanation: VDS is a virtual switch that spans multiple ESXi hosts, allowing consistent networking policies and monitoring. Question 50. Which security principle is enforced by NSX Distributed Firewall by default on all VM NICs? A) Allow all inbound traffic B) Deny all inbound traffic unless explicitly allowed (default‑deny) C) Allow all outbound traffic only D) No traffic filtering is applied by default Answer: B Explanation: NSX DFW follows a default‑deny posture, blocking all traffic that does not match an explicit rule. Question 51. When configuring a VMC on AWS SDDC, which of the following must be true about the CIDR block of the connected VPC? A) It must overlap with the SDDC management CIDR B) It must be a /16 or larger network
C) It must not overlap with any SDDC segment CIDR ranges D. It must be a public IP range only Answer: C Explanation: Overlapping CIDRs cause routing conflicts; the connected VPC must use a distinct address space from SDDC segments. Question 52. Which of the following is a primary benefit of using “vSphere vMotion” across regions in a VMC on AWS environment? A) Reduces VM storage cost automatically B) Enables zero‑downtime migration of workloads to a different AWS region for disaster recovery or load balancing C) Converts VMs to containers D) Automatically upgrades the VM hardware version Answer: B Explanation: Cross‑region vMotion (via HCX) allows live migration of VMs between regions, supporting DR and workload distribution without downtime. Question 53. Which of the following is NOT a supported method for backing up VMs in a VMC on AWS SDDC? A) VMware Cloud Disaster Recovery (VCDR) B) Native AWS Backup integration with vSphere C) Third‑party backup appliances using NFS mounts on vSAN D) Manual copy of VM files to an external S3 bucket via PowerCLI Answer: B Explanation: While AWS Backup can protect AWS services, there is no native integration that directly backs up vSphere VMs without additional agents or solutions.