Question #1
A cloud administrator is managing a container environment. The application team has complained that they need to manually restart containers in the event of a failure.
Which solution can the administrator implement to solve this issue?
- A . Kubernetes
- B . VMware vSphere High Availability
- C . VMware vSphere Fault Tolerance
- D . Prometheus
Correct Answer: A
A
Explanation:
Kubernetes is an open-source container orchestration system that provides automated deployment, scaling, and management of containers. It can be used to set up an automated restart policy for containers in the event of a failure, ensuring that containers are automatically restarted when they fail.
https://www.vmware.com/pdf/stagemanager1_Users_Guide.pdf VMware Stage Manager User’s Guide
https://www.vmware.com/pdf/stagemanager1_Users_Guide.pdf
A
Explanation:
Kubernetes is an open-source container orchestration system that provides automated deployment, scaling, and management of containers. It can be used to set up an automated restart policy for containers in the event of a failure, ensuring that containers are automatically restarted when they fail.
https://www.vmware.com/pdf/stagemanager1_Users_Guide.pdf VMware Stage Manager User’s Guide
https://www.vmware.com/pdf/stagemanager1_Users_Guide.pdf
Question #2
What is the purpose of the VMware Cloud on AWS Compute Gateway (CGW)?
- A . A Tier-1 router that handles routing and firewalling for the VMware vCenter Server and other management appliances running in the software-defined data center (SDDC)
- B . A Tier-1 router that handles workload traffic that is connected to routed compute network segments
- C . A Tier-0 router that handles routing and firewalling for the VMware vCenter Server and other management appliances running in the software-defined data center (SDDC)
- D . A Tier-0 router that handles workload traffic that is connected to routed compute network segments
Correct Answer: B
B
Explanation:
Compute Gateway (CGW) The CGW is a Tier 1 router that handles network traffic for workload VMs connected to routed compute network segments. Compute gateway firewall rules, along with NAT rules, run on the Tier 0 router. In the default configuration, these rules block all traffic to and from compute network segments (see Configure Compute Gateway Networking and Security). https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/vmc-on-aws-networking-security.pdf The CGW is a Tier 1 router that handles network traffic for workload VMs connected to routed compute network segments. Compute gateway firewall rules, along with NAT rules, run on the Tier 0 router.
B
Explanation:
Compute Gateway (CGW) The CGW is a Tier 1 router that handles network traffic for workload VMs connected to routed compute network segments. Compute gateway firewall rules, along with NAT rules, run on the Tier 0 router. In the default configuration, these rules block all traffic to and from compute network segments (see Configure Compute Gateway Networking and Security). https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/vmc-on-aws-networking-security.pdf The CGW is a Tier 1 router that handles network traffic for workload VMs connected to routed compute network segments. Compute gateway firewall rules, along with NAT rules, run on the Tier 0 router.
Question #3
A cloud administrator is managing a VMware Cloud on AWS environment connected to an on-premises data center using IPSec VPN connection. The administrator is Informed of performance issues with applications replicating data between VMware Cloud and the on-premises data center. The total bandwidth used by this replication is 3.8 Gbps.
What should the administrator do to improve application performance?
- A . Deploy VMware HCX.
- B . Deploy AWS Direct Connect.
- C . Deploy a layer 2 VPN connection.
- D . Contact VMware support to request more bandwidth for IPSec VPN connection.
Correct Answer: B
B
Explanation:
AWS Direct Connect is a service that establishes a dedicated network connection between an on-premises data center and an AWS region. This can improve network performance, reduce costs, and increase security for applications that require high bandwidth and low latency1.
A layer 2 VPN connection would not improve performance as it still relies on the public internet. VMware HCX is a service that simplifies workload migration and mobility between different clouds, but it does not address network performance issues. Contacting VMware support to request more bandwidth for IPSec VPN connection is unlikely to be effective as IPSec VPN has inherent limitations such as encryption overhead and packet fragmentation
B
Explanation:
AWS Direct Connect is a service that establishes a dedicated network connection between an on-premises data center and an AWS region. This can improve network performance, reduce costs, and increase security for applications that require high bandwidth and low latency1.
A layer 2 VPN connection would not improve performance as it still relies on the public internet. VMware HCX is a service that simplifies workload migration and mobility between different clouds, but it does not address network performance issues. Contacting VMware support to request more bandwidth for IPSec VPN connection is unlikely to be effective as IPSec VPN has inherent limitations such as encryption overhead and packet fragmentation
Question #4
With which solution is the cloud administrator interfacing when defining storage policies in a VMware Cloud software-defined data center (SDDC)?
- A . VMware Virtual Volumes (vVols)
- B . VMware vSAN
- C . iSCSI
- D . VMware Virtual Machine File System (VMFS)
Correct Answer: B
B
Explanation:
VMware vSAN is a distributed storage platform that is integrated into the VMware Cloud software-defined data center (SDDC). It provides policy-based storage management, allowing cloud administrators to define storage policies that can be applied to virtual machines and other workloads. These policies govern how data is stored, replicated, and secured, and are used to ensure that data is stored in a consistent and compliant manner. https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vsphere.vmc-aws-manage-data-center-vms.doc/GUID-EDBB551B-51B0-421B-9C44-6ECB66ED660B.html
B
Explanation:
VMware vSAN is a distributed storage platform that is integrated into the VMware Cloud software-defined data center (SDDC). It provides policy-based storage management, allowing cloud administrators to define storage policies that can be applied to virtual machines and other workloads. These policies govern how data is stored, replicated, and secured, and are used to ensure that data is stored in a consistent and compliant manner. https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vsphere.vmc-aws-manage-data-center-vms.doc/GUID-EDBB551B-51B0-421B-9C44-6ECB66ED660B.html
Question #5
When configuring Hybrid Linked Mode, what is the maximum supported latency between an on-premises environment and a VMware Cloud on AWS software-defined data center (SDDC)?
- A . 200 milliseconds round trip
- B . 250 milliseconds round trip
- C . 150 milliseconds round trip
- D . 100 milliseconds round trip
Correct Answer: D
D
Explanation:
Hybrid Linked Mode can tolerate a time skew of up to ten minutes between the on-premises data center and the cloud SDDC. The maximum latency between your cloud SDDC and on-premises data center cannot exceed 100 msec roundtrip.
https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vsphere.vmc-aws-manage-data-center-vms.doc/GUID-BE75F0F1-2864-4926-97FE-37E635471C43.html
D
Explanation:
Hybrid Linked Mode can tolerate a time skew of up to ten minutes between the on-premises data center and the cloud SDDC. The maximum latency between your cloud SDDC and on-premises data center cannot exceed 100 msec roundtrip.
https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vsphere.vmc-aws-manage-data-center-vms.doc/GUID-BE75F0F1-2864-4926-97FE-37E635471C43.html
Question #6
A cloud administrator is In the process of troubleshooting a non-compliant object.
How can the administrator change a VM storage policy for an ISO image?
- A . Modify the default VM storage policy and recreate the ISO image.
- B . Modify the default VM storage policy.
- C . Apply a new VM storage policy.
- D . Attach the ISO Image to a virtual machine.
Correct Answer: C
C
Explanation:
To address a non-compliant object, such as an ISO image, a cloud administrator can apply a new VM storage policy directly to that object. This doesn’t require modifying the default VM storage policy or recreating the ISO image. Applying a new policy to the ISO allows for specific storage requirements to be met without affecting other objects or the default settings.
C
Explanation:
To address a non-compliant object, such as an ISO image, a cloud administrator can apply a new VM storage policy directly to that object. This doesn’t require modifying the default VM storage policy or recreating the ISO image. Applying a new policy to the ISO allows for specific storage requirements to be met without affecting other objects or the default settings.
Question #7
Which four steps must a cloud administrator take to deploy a new private cloud In Azure VMware Solution? (Choose four.)
- A . Identify the maximum number of hosts needed for future capacity.
- B . Identify the desired availability zone.
- C . Identify a management CIDR of size /22.
- D . Open a support request with Microsoft Azure requesting capacity.
- E . Identify a management CIDR of size /20.
- F . Identify the desired region.
- G . Identify the current number of hosts needed.
Correct Answer: CDFG
CDFG
Explanation:
Planning your Azure VMware Solution deployment is critical for a successful production-ready environment for creating virtual machines (VMs) and migration. During the planning process, you’ll identify and gather what’s needed for your deployment. As you plan, make sure to document the information you gather for easy reference during the deployment. A successful deployment results in a production-ready environment for creating virtual machines (VMs) and migration.
In this how-to article, you’ll do the following tasks:
Identify the Azure subscription, resource group, region, and resource name
Identify the size hosts and determine the number of clusters and hosts
Request a host quota for eligible Azure plan
Identify the /22 CIDR IP segment for private cloud management
Identify a single network segment
Define the virtual network gateway
Define VMware HCX network segments
CDFG
Explanation:
Planning your Azure VMware Solution deployment is critical for a successful production-ready environment for creating virtual machines (VMs) and migration. During the planning process, you’ll identify and gather what’s needed for your deployment. As you plan, make sure to document the information you gather for easy reference during the deployment. A successful deployment results in a production-ready environment for creating virtual machines (VMs) and migration.
In this how-to article, you’ll do the following tasks:
Identify the Azure subscription, resource group, region, and resource name
Identify the size hosts and determine the number of clusters and hosts
Request a host quota for eligible Azure plan
Identify the /22 CIDR IP segment for private cloud management
Identify a single network segment
Define the virtual network gateway
Define VMware HCX network segments
Question #8
Which three functions are provided by the components within the Kubernetes control plane? (Choose three.)
- A . Balances pods across the nodes within a Kubernetes cluster.
- B . Ensures that containers are running in a pod.
- C . Configures network rules to route traffic to containers within the Kubernetes cluster.
- D . Stores Kubernetes cluster data in a key-value data store.
- E . Watches the API for changes and responds with appropriate actions.
- F . Stores and distributes container images.
Correct Answer: ADE
ADE
Explanation:
https://kubernetes.io/docs/concepts/overview/components/#control-plane-components
https://kubernetes.io/docs/concepts/overview/components/
ADE
Explanation:
https://kubernetes.io/docs/concepts/overview/components/#control-plane-components
https://kubernetes.io/docs/concepts/overview/components/
Question #9
Which Tanzu Kubernetes Grid component is used to create, scale, upgrade and delete workload clusters?
- A . Tanzu Kubernetes cluster
- B . Tanzu CLI
- C . Tanzu Supervisor cluster
- D . Tanzu Kubernetes Grid extensions
Correct Answer: B
B
Explanation:
https://docs.vmware.com/en/VMware-vSphere/7.0/vmware-vsphere-with-tanzu/GUID-4D0D375F-C001-4F1D-AAB1-1789C5577A94.html
Tanzu CLI is a command-line interface used to create, scale, upgrade, and delete workload clusters that are part of the Tanzu Kubernetes Grid [1]. Tanzu CLI also allows you to manage the components of the Tanzu Kubernetes Grid [1], such as the Tanzu Kubernetes cluster and the Tanzu Supervisor cluster. It also provides access to the Tanzu Kubernetes Grid extensions [1], which allow you to extend the functionality of the Tanzu Kubernetes cluster. https://docs.vmware.com/en/VMware-Tanzu-CLI/index.html
B
Explanation:
https://docs.vmware.com/en/VMware-vSphere/7.0/vmware-vsphere-with-tanzu/GUID-4D0D375F-C001-4F1D-AAB1-1789C5577A94.html
Tanzu CLI is a command-line interface used to create, scale, upgrade, and delete workload clusters that are part of the Tanzu Kubernetes Grid [1]. Tanzu CLI also allows you to manage the components of the Tanzu Kubernetes Grid [1], such as the Tanzu Kubernetes cluster and the Tanzu Supervisor cluster. It also provides access to the Tanzu Kubernetes Grid extensions [1], which allow you to extend the functionality of the Tanzu Kubernetes cluster. https://docs.vmware.com/en/VMware-Tanzu-CLI/index.html
Question #10
A cloud administrator wants to migrate a virtual machine using VMware vSphere vMotlon from their on-premises data center to their VMware Cloud on AWS software-defined data center (SDDC), using an existing private line to the cloud SDDC.
Which two requirements must be met before the migration can occur? (Choose two.)
- A . The versions of VMware vSphere need to match between the on-premises data center and the cloud SDDC.
- B . A Layer 2 connection is configured between the on-premises data center and the cloud SDDC.
- C . AWS Direct Connect is configured between the on-premises data center and the cloud SDDC.
- D . IPsec VPN is configured between the on-premises data center and the cloud SDDC.
- E . Cluster-level Enhanced vMotion Compatibility (EVC) is configured in the on-premises data center and the cloud SDDC.
Correct Answer: BC
BC
Explanation:
For migrating a virtual machine using VMware vSphere vMotion from an on-premises data center to VMware Cloud on AWS SDDC, specific network requirements must be met. A Layer 2 connection (B) ensures that VMs can retain the same IP address and network settings post-migration, facilitating
seamless migration without the need for reconfiguration. AWS Direct Connect (C) establishes a dedicated network connection between the on-premises data center and AWS, providing a more reliable and consistent network experience compared to internet-based connections. This setup is crucial for high-bandwidth, low-latency connections required by vMotion to efficiently transfer VM memory and state information during migration.
BC
Explanation:
For migrating a virtual machine using VMware vSphere vMotion from an on-premises data center to VMware Cloud on AWS SDDC, specific network requirements must be met. A Layer 2 connection (B) ensures that VMs can retain the same IP address and network settings post-migration, facilitating
seamless migration without the need for reconfiguration. AWS Direct Connect (C) establishes a dedicated network connection between the on-premises data center and AWS, providing a more reliable and consistent network experience compared to internet-based connections. This setup is crucial for high-bandwidth, low-latency connections required by vMotion to efficiently transfer VM memory and state information during migration.
Question #11
A company needs to Increase its Infrastructure capacity quickly to accommodate their rapid business growth.
Which cloud use case describes their requirement?
- A . Maintain and Modernize
- B . Consolidate and Migrate
- C . Disaster Recovery
- D . Maintain and Expand
Correct Answer: D
D
Explanation:
The cloud use case that describes the requirement of increasing the infrastructure capacity quickly to accommodate the rapid business growth is Maintain and Expand1. This use case is suitable for organizations that want to leverage the cloud to scale their existing data center capacity on demand, without changing their existing applications or processes1. VMware Cloud on AWS enables this use case by providing a consistent and compatible cloud platform that can be integrated with the on-premises VMware environment1. VMware Cloud on AWS allows customers to add or remove hosts from their SDDC cluster in minutes, using the Elastic DRS feature2. Customers can also use the VMware HCX service to migrate workloads between on-premises and cloud SDDCs seamlessly and securely3.
Reference: 1: Use Cases for VMware Cloud on AWS, 2: Manage Elasticity in SDDC Clusters – VMware Docs, 3: Migrate Workloads Using VMware HCX – VMware Docs
D
Explanation:
The cloud use case that describes the requirement of increasing the infrastructure capacity quickly to accommodate the rapid business growth is Maintain and Expand1. This use case is suitable for organizations that want to leverage the cloud to scale their existing data center capacity on demand, without changing their existing applications or processes1. VMware Cloud on AWS enables this use case by providing a consistent and compatible cloud platform that can be integrated with the on-premises VMware environment1. VMware Cloud on AWS allows customers to add or remove hosts from their SDDC cluster in minutes, using the Elastic DRS feature2. Customers can also use the VMware HCX service to migrate workloads between on-premises and cloud SDDCs seamlessly and securely3.
Reference: 1: Use Cases for VMware Cloud on AWS, 2: Manage Elasticity in SDDC Clusters – VMware Docs, 3: Migrate Workloads Using VMware HCX – VMware Docs
Question #12
Which out-of-the-box role is required in order to create a content library In VMware Cloud on AWS?
- A . CloudGlobalAdmln
- B . CloudAdmin
- C . Active Directory ESXi Admin
- D . Ad mlnistrator@vSphere. local
Correct Answer: B
B
Explanation:
The CloudAdmin role has the privileges necessary to create and manage SDDC workloads and related objects such as storage policies, content libraries, vSphere tags, and resource pools
The CloudAdmin role has the following privileges in SDDC Version 1.18.
ContentLibrary.AddCertToTrustStore
ContentLibrary.AddLibraryItem
ContentLibrary.CheckInTemplate
ContentLibrary.CheckOutTemplate
ContentLibrary.CreateLocalLibrary
ContentLibrary.CreateSubscribedLibrary
ContentLibrary.DeleteCertFromTrustStore
ContentLibrary.DeleteLibraryItem
ContentLibrary.DeleteLocalLibrary
ContentLibrary.DeleteSubscribedLibrary
ContentLibrary.DownloadSession
ContentLibrary.EvictLibraryItem
ContentLibrary.EvictSubscribedLibrary
ContentLibrary.GetConfiguration
ContentLibrary.ImportStorage
ContentLibrary.ProbeSubscription
ContentLibrary.ReadStorage
ContentLibrary.SyncLibrary
ContentLibrary.SyncLibraryItem
ContentLibrary.TypeIntrospection
ContentLibrary.UpdateConfiguration
ContentLibrary.UpdateLibrary
ContentLibrary.UpdateLibraryItem
ContentLibrary.UpdateLocalLibrary
ContentLibrary.UpdateSession
ContentLibrary.UpdateSubscribedLibrary
https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vsphere.vmc-aws-manage-data-center-vms.doc/GUID-DFB3C048-5728-4DE9-9380-7240748875C3.html
B
Explanation:
The CloudAdmin role has the privileges necessary to create and manage SDDC workloads and related objects such as storage policies, content libraries, vSphere tags, and resource pools
The CloudAdmin role has the following privileges in SDDC Version 1.18.
ContentLibrary.AddCertToTrustStore
ContentLibrary.AddLibraryItem
ContentLibrary.CheckInTemplate
ContentLibrary.CheckOutTemplate
ContentLibrary.CreateLocalLibrary
ContentLibrary.CreateSubscribedLibrary
ContentLibrary.DeleteCertFromTrustStore
ContentLibrary.DeleteLibraryItem
ContentLibrary.DeleteLocalLibrary
ContentLibrary.DeleteSubscribedLibrary
ContentLibrary.DownloadSession
ContentLibrary.EvictLibraryItem
ContentLibrary.EvictSubscribedLibrary
ContentLibrary.GetConfiguration
ContentLibrary.ImportStorage
ContentLibrary.ProbeSubscription
ContentLibrary.ReadStorage
ContentLibrary.SyncLibrary
ContentLibrary.SyncLibraryItem
ContentLibrary.TypeIntrospection
ContentLibrary.UpdateConfiguration
ContentLibrary.UpdateLibrary
ContentLibrary.UpdateLibraryItem
ContentLibrary.UpdateLocalLibrary
ContentLibrary.UpdateSession
ContentLibrary.UpdateSubscribedLibrary
https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vsphere.vmc-aws-manage-data-center-vms.doc/GUID-DFB3C048-5728-4DE9-9380-7240748875C3.html
Question #13
What is one way in which VMware Multi-Cloud addresses challenges with the cloud computing model?
- A . Provides savings on capital expenses and the use of a flexible payment structure where payment Is only done based on the resources used.
- B . Provides visibility and tools to manage resources, workloads and operations across clouds from a common operating environment.
- C . Eliminates worry associated with managing IT infrastructures and shifts focus to application development and other priorities using the most up-to-date technology.
- D . Increases agility that encompasses scalability, customizability, and access to the cloud service from anywhere and on any device.
Correct Answer: B
B
Explanation:
https://www.vmware.com/topics/glossary/content/multi-cloud.html
VMware Multi-Cloud provides visibility and tools to manage resources, workloads and operations across clouds from a common operating environment. This eliminates the need to manage multiple cloud environments in different clouds and provides a unified view of all cloud resources and applications. This makes it easier to monitor and manage workloads across clouds, reducing complexity and increasing agility. VMware Multi-Cloud also provides powerful automation and orchestration capabilities to help streamline operations and improve efficiency. [1]
[1] https://www.vmware.com/products/vmware-multi-cloud.html
B
Explanation:
https://www.vmware.com/topics/glossary/content/multi-cloud.html
VMware Multi-Cloud provides visibility and tools to manage resources, workloads and operations across clouds from a common operating environment. This eliminates the need to manage multiple cloud environments in different clouds and provides a unified view of all cloud resources and applications. This makes it easier to monitor and manage workloads across clouds, reducing complexity and increasing agility. VMware Multi-Cloud also provides powerful automation and orchestration capabilities to help streamline operations and improve efficiency. [1]
[1] https://www.vmware.com/products/vmware-multi-cloud.html
Question #14
A customer is looking to leverage a VMware Public Cloud solution to provide them with additional compute capacity as seasonal demand increases for their online business.
The current on-premises data center is configured as follows:
• VMware vSphere 7.0
• VMware vSphere Distributed Switch (vDS) 7.0
• Management and Server network – 172.18.0.0/16
• vMotion network – 192.168.120.0/24
• 250 application servers
Given the information in the scenario, which capability of VMware HCX will the customer not be able to utilize?
- A . Cold migration
- B . Layer 2 extension
- C . Bulk migration
- D . WAN optimization
Correct Answer: B
B
Explanation:
According to the VMware official guide, VMware Tanzu Service Mesh is a cloud-native service mesh platform that simplifies the secure communication between microservices running in Kubernetes clusters . It provides secure and consistent network communication between services and enables policy-driven authorization and observability. With its distributed tracing capabilities, Tanzu Service Mesh can help administrators easily monitor and troubleshoot their applications. It also provides a unified platform to manage the lifecycle of Tanzu Kubernetes clusters, including provisioning, upgrades, patching, and more.
Management “and Server” network – 172.18.0.0/16 “and Server” being the 250 application servers.
https://docs.vmware.com/en/VMware-HCX/4.6/hcx-user-guide/GUID-DBDB4D1B-60B6-4D16-936B-4AC632606909.html
Detected and Restricted Source Network Types
The HCX Network Extension service detects and prevents several non-supported Network Extension scenarios (items are dimmed in the Network Extension UI): • vSphere infrastructure networks (ESXi VMkernel networks).
B
Explanation:
According to the VMware official guide, VMware Tanzu Service Mesh is a cloud-native service mesh platform that simplifies the secure communication between microservices running in Kubernetes clusters . It provides secure and consistent network communication between services and enables policy-driven authorization and observability. With its distributed tracing capabilities, Tanzu Service Mesh can help administrators easily monitor and troubleshoot their applications. It also provides a unified platform to manage the lifecycle of Tanzu Kubernetes clusters, including provisioning, upgrades, patching, and more.
Management “and Server” network – 172.18.0.0/16 “and Server” being the 250 application servers.
https://docs.vmware.com/en/VMware-HCX/4.6/hcx-user-guide/GUID-DBDB4D1B-60B6-4D16-936B-4AC632606909.html
Detected and Restricted Source Network Types
The HCX Network Extension service detects and prevents several non-supported Network Extension scenarios (items are dimmed in the Network Extension UI): • vSphere infrastructure networks (ESXi VMkernel networks).
Question #15
Refer to the exhibit.
A cloud administrator is deploying a new VMware Cloud on AWS virtual private cloud (VPC). After clicking on deploy, the screen refreshes and displays the information that is provided in the exhibit.
What is the issue with the management CIDR that is causing the deployment to fall?
- A . It overlaps with the AWS subnet.
- B . It overlaps with the AWS VPC CIDR.
- C . It is part of the reserved CIDRs.
- D . It is an invalid size.
Correct Answer: A
A
Explanation:
https://docs.aws.amazon.com/whitepapers/latest/sddc-deployment-and-best-practices/deploying-vmware-cloud-on-aws-sddc.htmlThis must be a RFC1918 private address space (10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16) with CIDR block sizes of /16, /20, or /23. The management CIDR block cannot be changed after the SDDC is deployed. Choose a range of IP addresses that does not overlap with the AWS subnet you are connecting to. If you plan to connect the SDDC to an on-premises DC or another environment, the IP subnet must be unique within your enterprise network infrastructure. Choose a CIDR that will give you future scalability.
A
Explanation:
https://docs.aws.amazon.com/whitepapers/latest/sddc-deployment-and-best-practices/deploying-vmware-cloud-on-aws-sddc.htmlThis must be a RFC1918 private address space (10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16) with CIDR block sizes of /16, /20, or /23. The management CIDR block cannot be changed after the SDDC is deployed. Choose a range of IP addresses that does not overlap with the AWS subnet you are connecting to. If you plan to connect the SDDC to an on-premises DC or another environment, the IP subnet must be unique within your enterprise network infrastructure. Choose a CIDR that will give you future scalability.
Question #16
Which two steps should an administrator take to allow HTTPS access to a specific virtual machine (VM) through the public Internet for VMware Cloud on AWS? (Choose two.)
- A . Create a custom service called HTTPS using port 443.
- B . Configure AWS Direct Connect.
- C . Configure a SNAT rule translating an internal IP address to a public IP address.
- D . Request a public IP address in the VMware Cloud console.
- E . Configure a DNAT rule translating a public IP address to an internal IP address.
Correct Answer: DE
DE
Explanation:
https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws-networking-security/GUID-0E34C56D-C49C-49B6-A9CF-FBFAF14A126C.html
To allow HTTPS access to a specific VM through the public Internet for VMware Cloud on AWS, the administrator should take the following two steps:
Request a public IP address in the VMware Cloud console. This is required because the VM needs a public IP address to be reachable from the Internet1. The administrator can request a public IP address from the Networking & Security tab in the VMware Cloud console1. The public IP address is allocated from the AWS pool and is associated with the SDDC1.
Configure a DNAT rule translating a public IP address to an internal IP address. This is required because the VM has an internal IP address assigned by the SDDC DHCP server, and the DNAT rule maps the public IP address to the internal IP address of the VM2. The administrator can configure a DNAT rule from the Networking & Security tab in the VMware Cloud console2. The DNAT rule must specify the public IP address as the source, the internal IP address as the destination, and the HTTPS service (TCP 443) as the applied to2.
Reference: 1: Request a Public IP Address – VMware Docs, 2: Configure NAT Rules – VMware Docs
DE
Explanation:
https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws-networking-security/GUID-0E34C56D-C49C-49B6-A9CF-FBFAF14A126C.html
To allow HTTPS access to a specific VM through the public Internet for VMware Cloud on AWS, the administrator should take the following two steps:
Request a public IP address in the VMware Cloud console. This is required because the VM needs a public IP address to be reachable from the Internet1. The administrator can request a public IP address from the Networking & Security tab in the VMware Cloud console1. The public IP address is allocated from the AWS pool and is associated with the SDDC1.
Configure a DNAT rule translating a public IP address to an internal IP address. This is required because the VM has an internal IP address assigned by the SDDC DHCP server, and the DNAT rule maps the public IP address to the internal IP address of the VM2. The administrator can configure a DNAT rule from the Networking & Security tab in the VMware Cloud console2. The DNAT rule must specify the public IP address as the source, the internal IP address as the destination, and the HTTPS service (TCP 443) as the applied to2.
Reference: 1: Request a Public IP Address – VMware Docs, 2: Configure NAT Rules – VMware Docs
Question #17
An administrator wants to have a global view of all managed Tanzu Kubernetes clusters and manage the policies across them.
Which solution would the administrator use?
- A . VMware Tanzu Mission Control
- B . VMware Tanzu Observability by Wavefront
- C . VMware Tanzu Service Mesh
- D . VMware Tanzu Kubernetes Grid
Correct Answer: A
A
Explanation:
VMware Tanzu Mission Control provides a central platform to manage and view all Tanzu Kubernetes
clusters and workloads running in the environment. It allows administrators to set policies across
multiple clusters, set up cluster identities, monitor cluster health and performance, and much more.
Tanzu Mission Control also provides access to a variety of cloud-native tools, such as Kubernetes
Dashboard, Helm, and Kubeapps.
https://vcdx.vmware.com/content/dam/digitalmarketing/vmware/ru/pdf/techpaper/vmware-horizon-7-application-publishing.pdf
Publishing Applications with VMware Horizon 7
https://vcdx.vmware.com/content/dam/digitalmarketing/vmware/ru/pdf/techpaper/vmware-horizon-7-application-publishing.pdf
https://www.vmware.com/pdf/techsupportguide.pdf
VMware Technical Support Guide
https://www.vmware.com/pdf/techsupportguide.pdf
https://techzone.vmware.com/resource/quick-start-tutorial-vmware-dynamic-environment-manager Quick-Start Tutorial for VMware Dynamic Environment Manager …
https://techzone.vmware.com/resource/quick-start-tutorial-vmware-dynamic-environment-manager "VMware Tanzu® Mission ControlTM is a centralized management platform for consistently operating, managing, and securing Kubernetes infrastructure and modern applications across teams and clouds. It provides a global view of all of the Kubernetes clusters. You can use the resource hierarchy to manage and enforce consistent policies across Kubernetes clusters. "
A
Explanation:
VMware Tanzu Mission Control provides a central platform to manage and view all Tanzu Kubernetes
clusters and workloads running in the environment. It allows administrators to set policies across
multiple clusters, set up cluster identities, monitor cluster health and performance, and much more.
Tanzu Mission Control also provides access to a variety of cloud-native tools, such as Kubernetes
Dashboard, Helm, and Kubeapps.
https://vcdx.vmware.com/content/dam/digitalmarketing/vmware/ru/pdf/techpaper/vmware-horizon-7-application-publishing.pdf
Publishing Applications with VMware Horizon 7
https://vcdx.vmware.com/content/dam/digitalmarketing/vmware/ru/pdf/techpaper/vmware-horizon-7-application-publishing.pdf
https://www.vmware.com/pdf/techsupportguide.pdf
VMware Technical Support Guide
https://www.vmware.com/pdf/techsupportguide.pdf
https://techzone.vmware.com/resource/quick-start-tutorial-vmware-dynamic-environment-manager Quick-Start Tutorial for VMware Dynamic Environment Manager …
https://techzone.vmware.com/resource/quick-start-tutorial-vmware-dynamic-environment-manager "VMware Tanzu® Mission ControlTM is a centralized management platform for consistently operating, managing, and securing Kubernetes infrastructure and modern applications across teams and clouds. It provides a global view of all of the Kubernetes clusters. You can use the resource hierarchy to manage and enforce consistent policies across Kubernetes clusters. "
Question #18
A cloud administrator is asked to evaluate a number of disaster recovery solutions for the business.
The current on-premises environment Is built around the latest version of VMware vSphere 7.0.
The following requirements must be met:
• Follow an on-demand cloud consumption model
• Must be a managed offering
• Deliver a recovery point objective (RPO) of no more than 30 minutes
• Rapid power-on of recovered virtual machines/ assuming cloud capacity availability
• Must accommodate for single region failure
Which solution would meet these requirements?
- A . VMware Cloud Disaster Recovery
- B . VMware Cloud on AWS Stretched Cluster
- C . VMware vSphere Replication
- D . VMware Site Recovery Manager
Correct Answer: A
A
Explanation:
VMware Cloud Disaster Recovery is a managed disaster recovery-as-a-service offering that is built on the latest version of VMware vSphere 7.0. It provides an on-demand cloud consumption model, allowing administrators to rapidly power-on recovered virtual machines in the cloud, assuming cloud capacity availability. Additionally, VMware Cloud Disaster Recovery delivers a recovery point objective (RPO) of no more than 30 minutes, and can accommodate for single region failure. https://vcdx.vmware.com/content/dam/digitalmarketing/vmware/ru/pdf/techpaper/vmware-horizon-7-application-publishing.pdf
Publishing Applications with VMware Horizon 7
https://vcdx.vmware.com/content/dam/digitalmarketing/vmware/ru/pdf/techpaper/vmware-horizon-7-application-publishing.pdf
https://www.vmware.com/pdf/techsupportguide.pdf
VMware Technical Support Guide
https://www.vmware.com/pdf/techsupportguide.pdf
https://techzone.vmware.com/resource/quick-start-tutorial-vmware-dynamic-environment-manager
Quick-Start Tutorial for VMware Dynamic Environment Manager …
https://techzone.vmware.com/resource/quick-start-tutorial-vmware-dynamic-environment-manager
VMware Cloud Disaster Recovery —————————————————–
* Protect your workloads running on VMware Cloud on AWS SDDC using high-frequency snapshots to achieve RPOs as low as 30 minutes.
* Availability Zone Failure Handling
https://docs.vmware.com/en/VMware-Cloud-Disaster-Recovery/services/vmware-cloud-disaster-recovery/GUID-067EE6DF-80CC-44D2-94E6-D7183A239D9A.html
https://docs.vmware.com/en/VMware-Cloud-Disaster-Recovery/services/rn/vmware-cloud-disaster-recovery-release-notes/index.html
A
Explanation:
VMware Cloud Disaster Recovery is a managed disaster recovery-as-a-service offering that is built on the latest version of VMware vSphere 7.0. It provides an on-demand cloud consumption model, allowing administrators to rapidly power-on recovered virtual machines in the cloud, assuming cloud capacity availability. Additionally, VMware Cloud Disaster Recovery delivers a recovery point objective (RPO) of no more than 30 minutes, and can accommodate for single region failure. https://vcdx.vmware.com/content/dam/digitalmarketing/vmware/ru/pdf/techpaper/vmware-horizon-7-application-publishing.pdf
Publishing Applications with VMware Horizon 7
https://vcdx.vmware.com/content/dam/digitalmarketing/vmware/ru/pdf/techpaper/vmware-horizon-7-application-publishing.pdf
https://www.vmware.com/pdf/techsupportguide.pdf
VMware Technical Support Guide
https://www.vmware.com/pdf/techsupportguide.pdf
https://techzone.vmware.com/resource/quick-start-tutorial-vmware-dynamic-environment-manager
Quick-Start Tutorial for VMware Dynamic Environment Manager …
https://techzone.vmware.com/resource/quick-start-tutorial-vmware-dynamic-environment-manager
VMware Cloud Disaster Recovery —————————————————–
* Protect your workloads running on VMware Cloud on AWS SDDC using high-frequency snapshots to achieve RPOs as low as 30 minutes.
* Availability Zone Failure Handling
https://docs.vmware.com/en/VMware-Cloud-Disaster-Recovery/services/vmware-cloud-disaster-recovery/GUID-067EE6DF-80CC-44D2-94E6-D7183A239D9A.html
https://docs.vmware.com/en/VMware-Cloud-Disaster-Recovery/services/rn/vmware-cloud-disaster-recovery-release-notes/index.html
Question #19
A cloud administrator is planning to migrate 1,000 VMs from their existing on-premises location into VMware Cloud on AWS. The migration will need to be completed as quickly as possible. Upon completion, the users will need the most reliable, lowest latency connection possible.
Which on-premises data center connectivity option will meet these requirements?
- A . Layer 2 VPN
- B . AWS Direct Connect
- C . VMware Transit Connect
- D . IPsec VPN
Correct Answer: B
B
Explanation:
The best option to meet the requirements of quickly migrating 1,000 VMs with the lowest latency and most reliable connection possible is to use AWS Direct Connect. AWS Direct Connect provides a dedicated network connection between an on-premises data center and the Amazon Web Services (AWS) cloud, allowing for the transfer of data across the two locations. It is more reliable and has lower latency than other options such as Layer 2 VPN, VMware Transit Connect, and IPsec VPN.
Additionally, AWS Direct Connect provides the highest performance and throughput of any of the on-premises data center connectivity options.
https://communities.vmware.com/t5/VMware-Education-Services/Why-does-VMware-refuse-to-educate-their-customers/td-p/2005973
Why does VMware refuse to educate their customers … – VMware …
https://communities.vmware.com/t5/VMware-Education-Services/Why-does-VMware-refuse-to-educate-their-customers/td-p/2005973
https://www.vmware.com/pdf/techsupportguide.pdf
VMware Technical Support Guide
https://www.vmware.com/pdf/techsupportguide.pdf
https://vcdx.vmware.com/content/dam/digitalmarketing/vmware/ru/pdf/techpaper/vmware-horizon-7-application-publishing.pdf
Publishing Applications with VMware Horizon 7 https://vcdx.vmware.com/content/dam/digitalmarketing/vmware/ru/pdf/techpaper/vmware-horizon-7-application-publishing.pdf
B
Explanation:
The best option to meet the requirements of quickly migrating 1,000 VMs with the lowest latency and most reliable connection possible is to use AWS Direct Connect. AWS Direct Connect provides a dedicated network connection between an on-premises data center and the Amazon Web Services (AWS) cloud, allowing for the transfer of data across the two locations. It is more reliable and has lower latency than other options such as Layer 2 VPN, VMware Transit Connect, and IPsec VPN.
Additionally, AWS Direct Connect provides the highest performance and throughput of any of the on-premises data center connectivity options.
https://communities.vmware.com/t5/VMware-Education-Services/Why-does-VMware-refuse-to-educate-their-customers/td-p/2005973
Why does VMware refuse to educate their customers … – VMware …
https://communities.vmware.com/t5/VMware-Education-Services/Why-does-VMware-refuse-to-educate-their-customers/td-p/2005973
https://www.vmware.com/pdf/techsupportguide.pdf
VMware Technical Support Guide
https://www.vmware.com/pdf/techsupportguide.pdf
https://vcdx.vmware.com/content/dam/digitalmarketing/vmware/ru/pdf/techpaper/vmware-horizon-7-application-publishing.pdf
Publishing Applications with VMware Horizon 7 https://vcdx.vmware.com/content/dam/digitalmarketing/vmware/ru/pdf/techpaper/vmware-horizon-7-application-publishing.pdf
Question #20
Which two networking planes are converged in a VMware NSX-T Data Center? (Choose two.)
- A . Control Plane
- B . I/O Plane
- C . Management Plane
- D . Consumption Plane
- E . Data Plane
Correct Answer: AC
AC
Explanation:
According to 1, VMware NSX-T Data Center implements three separate but integrated planes:
management, control, and data.
The management plane provides a single point of configuration and REST API entry-points for NSX-T Data Center components.
The control plane is responsible for computing network state based on configuration from the management plane and topology information from transport nodes.
The data plane consists of transport nodes that provide connectivity for workloads and enforce network policies.
Overview of NSX-T Data Center: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/installation/GUID-10B1A61D-4DF2-481E-A93E-C694726393F9.html
AC
Explanation:
According to 1, VMware NSX-T Data Center implements three separate but integrated planes:
management, control, and data.
The management plane provides a single point of configuration and REST API entry-points for NSX-T Data Center components.
The control plane is responsible for computing network state based on configuration from the management plane and topology information from transport nodes.
The data plane consists of transport nodes that provide connectivity for workloads and enforce network policies.
Overview of NSX-T Data Center: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/installation/GUID-10B1A61D-4DF2-481E-A93E-C694726393F9.html
Question #21
A cloud administrator with an existing virtual private cloud (VPC) needs to create a dedicated connection to VMware Cloud on AWS.
Which connection type would meet this requirement?
- A . Public virtual interface
- B . AWS Direct Connect
- C . Transit virtual interface
- D . Private virtual interface
Correct Answer: D
D
Explanation:
D
Explanation:
Question #22
A cloud administrator is responsible for managing a VMware Cloud solution and would like to ensure that I/O-intensive workloads run in the most optimum way possible.
Which two steps should the administrator complete on I/O-intensive workloads to meet this requirement? (Choose two.)
- A . Ensure that the VMware hardware version is 7 or later.
- B . Enable the memory hot-add feature.
- C . Configure the LSI Logic Parallel SCSI controller.
- D . Configure the VMware Paravirtual SCSI (PVSCSI) adapter.
- E . Configure a maximum of two CPU cores per socket.
Correct Answer: AD
AD
Explanation:
The two steps that the cloud administrator should complete on I/O-intensive workloads to ensure the best performance possible are to configure the VMware Paravirtual SCSI (PVSCSI) adapter and to ensure that the VMware hardware version is 7 or later. The PVSCSI adapter provides improved performance and scalability compared to the LSI Logic Parallel SCSI controller. Additionally, the hardware version should be 7 or later to ensure that the virtual machine is able to take advantage of the latest features and enhancements. Enabling the memory hot-add feature and configuring a maximum of two CPU cores per socket will not improve the performance of I/O-intensive workloads. https://communities.vmware.com/t5/VMware-Education-Services/Why-does-VMware-refuse-to-educate-their-customers/td-p/2005973
Why does VMware refuse to educate their customers … – VMware …
https://communities.vmware.com/t5/VMware-Education-Services/Why-does-VMware-refuse-to-educate-their-customers/td-p/2005973
https://www.vmware.com/pdf/techsupportguide.pdf
VMware Technical Support Guide
https://www.vmware.com/pdf/techsupportguide.pdf
https://vcdx.vmware.com/content/dam/digitalmarketing/vmware/ru/pdf/techpaper/vmware-horizon-7-application-publishing.pdf
Publishing Applications with VMware Horizon 7 https://vcdx.vmware.com/content/dam/digitalmarketing/vmware/ru/pdf/techpaper/vmware-horizon-7-application-publishing.pdf
AD
Explanation:
The two steps that the cloud administrator should complete on I/O-intensive workloads to ensure the best performance possible are to configure the VMware Paravirtual SCSI (PVSCSI) adapter and to ensure that the VMware hardware version is 7 or later. The PVSCSI adapter provides improved performance and scalability compared to the LSI Logic Parallel SCSI controller. Additionally, the hardware version should be 7 or later to ensure that the virtual machine is able to take advantage of the latest features and enhancements. Enabling the memory hot-add feature and configuring a maximum of two CPU cores per socket will not improve the performance of I/O-intensive workloads. https://communities.vmware.com/t5/VMware-Education-Services/Why-does-VMware-refuse-to-educate-their-customers/td-p/2005973
Why does VMware refuse to educate their customers … – VMware …
https://communities.vmware.com/t5/VMware-Education-Services/Why-does-VMware-refuse-to-educate-their-customers/td-p/2005973
https://www.vmware.com/pdf/techsupportguide.pdf
VMware Technical Support Guide
https://www.vmware.com/pdf/techsupportguide.pdf
https://vcdx.vmware.com/content/dam/digitalmarketing/vmware/ru/pdf/techpaper/vmware-horizon-7-application-publishing.pdf
Publishing Applications with VMware Horizon 7 https://vcdx.vmware.com/content/dam/digitalmarketing/vmware/ru/pdf/techpaper/vmware-horizon-7-application-publishing.pdf
https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/vmc-aws-performance.pdf VMware Cloud on AWS also includes a paravirtualized SCSI storage adapter, PVSCSI (also called VMware Paravirtual). The PVSCSI adapter offers a significant reduction in CPU utilization as well as potentially increased throughput compared to the default virtual storage adapters, and is thus the best choice for environments with very I/O-intensive guest applications. In order to use PVSCSI, virtual machine must be using virtual hardware version 7 .or later https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/vmc-aws-performance.pdf
Question #23
Which three factors should a cloud administrator consider when sizing a new VMware Cloud software-defined data center (SDDC) to support the migration of workloads from an on-premises SDDC? (Choose three.)
- A . Total number of 10Gb network ports required
- B . Host hardware type in the target VMware Cloud
- C . Total number of on-premises hosts
- D . Total number of workloads
- E . Total amount of available storage across all on-premises datastores
- F . Average size of workload resources (CPU & RAM)
Correct Answer: DEF
DEF
Explanation:
Total number of workloads. This determines how many hosts are needed in the VMware Cloud SDDC cluster.
Total amount of available storage across all on-premises datastores. This determines how much storage capacity is needed in the VMware Cloud SDDC cluster.
Average size of workload resources (CPU & RAM). This determines how much compute capacity is needed in the VMware Cloud SDDC cluster.
https://docs.vmware.com/en/VMware-Cloud/services/vmc-cloud-sizer-user/GUID-7CECF719-E56B-4830-84ED-77206A2A118D.html
DEF
Explanation:
Total number of workloads. This determines how many hosts are needed in the VMware Cloud SDDC cluster.
Total amount of available storage across all on-premises datastores. This determines how much storage capacity is needed in the VMware Cloud SDDC cluster.
Average size of workload resources (CPU & RAM). This determines how much compute capacity is needed in the VMware Cloud SDDC cluster.
https://docs.vmware.com/en/VMware-Cloud/services/vmc-cloud-sizer-user/GUID-7CECF719-E56B-4830-84ED-77206A2A118D.html
Question #24
A cloud administrator requires an external secure connection into their data center to use Border Gateway Protocol (BGP).
Which connection type can they use to connect to an Instance of VMware Cloud?
- A . Policy-based virtual private network (VPN)
- B . Public IPs over the Internet
- C . Private L2 virtual private network (VPN)
- D . Route-based virtual private network (VPN)
Correct Answer: D
D
Explanation:
https://docs.vmware.com/en/VMware-Cloud-Disaster-Recovery/services/vmware-cloud-dr-security-best-practices/GUID-BCC03463-437B-4DBE-BE21-0D43D5BA5776.html
A cloud administrator requires an external secure connection into their data center to use Border Gateway Protocol (BGP). The best connection type to use for this purpose is a Route-based virtual private network (VPN). This type of VPN is secure, as it uses encryption and authentication to protect the data transmitted over the connection. Additionally, it allows for the configuration of BGP to ensure that the data traffic is routed to the desired destination. https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/vmc-aws/preparing-for-vmware-cloud-on-aws.pdf
PREPARING FOR VMWARE CLOUD ON AWS
https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/vmc-aws/preparing-for-vmware-cloud-on-aws.pdf
https://vcdx.vmware.com/content/dam/digitalmarketing/vmware/ru/pdf/techpaper/vmware-horizon-7-application-publishing.pdf
Publishing Applications with VMware Horizon 7
https://vcdx.vmware.com/content/dam/digitalmarketing/vmware/ru/pdf/techpaper/vmware-horizon-7-application-publishing.pdf
https://www.vmware.com/topics/glossary/content/network-virtualization.html
What is Network Virtualization? | VMware Glossary https://www.vmware.com/topics/glossary/content/network-virtualization.html
https://aws.amazon.com/es/blogs/apn/connectivity-options-for-vmware-cloud-on-aws-software-defined-data-centers/
D
Explanation:
https://docs.vmware.com/en/VMware-Cloud-Disaster-Recovery/services/vmware-cloud-dr-security-best-practices/GUID-BCC03463-437B-4DBE-BE21-0D43D5BA5776.html
A cloud administrator requires an external secure connection into their data center to use Border Gateway Protocol (BGP). The best connection type to use for this purpose is a Route-based virtual private network (VPN). This type of VPN is secure, as it uses encryption and authentication to protect the data transmitted over the connection. Additionally, it allows for the configuration of BGP to ensure that the data traffic is routed to the desired destination. https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/vmc-aws/preparing-for-vmware-cloud-on-aws.pdf
PREPARING FOR VMWARE CLOUD ON AWS
https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/vmc-aws/preparing-for-vmware-cloud-on-aws.pdf
https://vcdx.vmware.com/content/dam/digitalmarketing/vmware/ru/pdf/techpaper/vmware-horizon-7-application-publishing.pdf
Publishing Applications with VMware Horizon 7
https://vcdx.vmware.com/content/dam/digitalmarketing/vmware/ru/pdf/techpaper/vmware-horizon-7-application-publishing.pdf
https://www.vmware.com/topics/glossary/content/network-virtualization.html
What is Network Virtualization? | VMware Glossary https://www.vmware.com/topics/glossary/content/network-virtualization.html
https://aws.amazon.com/es/blogs/apn/connectivity-options-for-vmware-cloud-on-aws-software-defined-data-centers/
Question #25
An administrator is tasked with collecting a support bundle from a Tanzu Kubernetes cluster for a support case.
How can the administrator collect this support bundle for the Tanzu Kubernetes cluster?
- A . Run the -tkc-support-bundler command.
- B . Run the kubact1 logs my-pod command
- C . Run a compression tool of the log files located in /var/log/vmware/wcp/.
- D . Run the vm-support command.
Correct Answer: A
A
Explanation:
https://kb.vmware.com/s/article/80949
Tanzu Kubernetes Grid (TKG) provides a command line tool called tkg-support-bundler which can be used to collect the necessary information and logs for troubleshooting and support cases. The command can be run on the TKG CLI and it will gather all the necessary information and logs from the TKG control plane and worker nodes, and package them into a single compressed bundle file. This bundle file can then be provided to VMware support for further analysis.
A
Explanation:
https://kb.vmware.com/s/article/80949
Tanzu Kubernetes Grid (TKG) provides a command line tool called tkg-support-bundler which can be used to collect the necessary information and logs for troubleshooting and support cases. The command can be run on the TKG CLI and it will gather all the necessary information and logs from the TKG control plane and worker nodes, and package them into a single compressed bundle file. This bundle file can then be provided to VMware support for further analysis.
Question #26
Which three components can be part of a virtual machine template? (Choose three.)
- A . Installed applications, tools, and patches
- B . vSphere tags
- C . Custom attributes
- D . Virtual Machine hardware configuration
- E . Guest operating system
- F . Virtual machine snapshots
Correct Answer: ADE
ADE
Explanation:
To create a virtual machine template, you will need to configure the virtual machine hardware configuration, install the necessary applications, tools, and patches, and select the guest operating system. The template can also include vSphere tags and custom attributes to further customize the virtual machine. Additionally, the template can include virtual machine snapshots which will save the current state of the virtual machine and can be used to quickly restore the machine to the same state.
https://www.vmware.com/pdf/techsupportguide.pdf
VMware Technical Support Guide
https://www.vmware.com/pdf/techsupportguide.pdf
https://vcdx.vmware.com/content/dam/digitalmarketing/vmware/ru/pdf/techpaper/vmware-horizon-7-application-publishing.pdf
Publishing Applications with VMware Horizon 7
https://vcdx.vmware.com/content/dam/digitalmarketing/vmware/ru/pdf/techpaper/vmware-horizon-7-application-publishing.pdf
https://www.vmware.com/topics/glossary/content/server-virtualization.html
What is Server Virtualization? | VMware Glossary https://www.vmware.com/topics/glossary/content/server-virtualization.html
ADE
Explanation:
To create a virtual machine template, you will need to configure the virtual machine hardware configuration, install the necessary applications, tools, and patches, and select the guest operating system. The template can also include vSphere tags and custom attributes to further customize the virtual machine. Additionally, the template can include virtual machine snapshots which will save the current state of the virtual machine and can be used to quickly restore the machine to the same state.
https://www.vmware.com/pdf/techsupportguide.pdf
VMware Technical Support Guide
https://www.vmware.com/pdf/techsupportguide.pdf
https://vcdx.vmware.com/content/dam/digitalmarketing/vmware/ru/pdf/techpaper/vmware-horizon-7-application-publishing.pdf
Publishing Applications with VMware Horizon 7
https://vcdx.vmware.com/content/dam/digitalmarketing/vmware/ru/pdf/techpaper/vmware-horizon-7-application-publishing.pdf
https://www.vmware.com/topics/glossary/content/server-virtualization.html
What is Server Virtualization? | VMware Glossary https://www.vmware.com/topics/glossary/content/server-virtualization.html
Question #27
Refer to the exhibit.
A cloud administrator is investigating a reported performance issue on a virtual machine (VM). The administrator observes low latency on the datastore but high latency within the VM. The administrator notes that it is a standard operating procedure to take a snapshot of the VM whenever there is an application or operating system upgrade on this VM.
Based on the exhibit, which snapshot characteristic will result in performance degradation?
- A . Snapshot chain length
- B . Snapshot size
- C . Snapshot type
- D . Snapshot age
Correct Answer: A
A
Explanation:
https://www.nakivo.com/blog/vmware-snapshots-vsphere-how-to/#title-12
Follow these recommendations to get the best performance when using snapshots:
・ Use snapshots as a temporary measure only.
The presence of snapshots can have a significant impact on guest application performance, especially in a VMFS environment, for I/O intensive workloads. The guest applications fully recover performance after snapshots are deleted.
・ Keep the snapshot chain length short when possible, to minimize the guest application performance impact.
Performance degradation is higher as the snapshot chain length increases.
・ If you need to increase the size of a virtual disk that has snapshots associated with it, you must delete the snapshots first before you can increase the virtual disk’s size.
A
Explanation:
https://www.nakivo.com/blog/vmware-snapshots-vsphere-how-to/#title-12
Follow these recommendations to get the best performance when using snapshots:
・ Use snapshots as a temporary measure only.
The presence of snapshots can have a significant impact on guest application performance, especially in a VMFS environment, for I/O intensive workloads. The guest applications fully recover performance after snapshots are deleted.
・ Keep the snapshot chain length short when possible, to minimize the guest application performance impact.
Performance degradation is higher as the snapshot chain length increases.
・ If you need to increase the size of a virtual disk that has snapshots associated with it, you must delete the snapshots first before you can increase the virtual disk’s size.
Question #28
A cloud administrator is tasked with moving critical business workloads between two VMware Cloud on AWS software-defined data centers (SDDCs) located in different geographical regions.
The following requirements must be met:
• Migrate 300 virtual machines from region A to region B with minimal downtime of the applications.
• Non-disruptively resume application access of the targeted virtual machines in the event the migration fails.
• Support concurrent switch over of the application workloads to occur during a pre-defined maintenance window.
Which VMware HCX migration type should be used to meet these requirements?
- A . VMware HCX Cold Migration
- B . VMware HCX Bulk Migration
- C . VMware HCX vMotion
- D . VMware HCX Replication Assisted vMotion
Correct Answer: D
D
Explanation:
https://docs.vmware.com/en/VMware-HCX/4.5/hcx-user-guide/GUID-741F47D5-A3C9-4D74-9672-E54D8791D8F0.html
"VMware HCX Replication Assisted vMotion (RAV) uses the HCX Interconnect appliance along with replication and vMotion technologies to provide large scale, parallel migrations with zero downtime." Understanding VMware HCX Replication Assisted vMotion: https://docs.vmware.com/en/VMware-HCX/4.6/hcx-user-guide/GUID-741F47D5-A3C9-4D74-9672-E54D8791D8F0.html#GUID-741F47D5-A3C9-4D74-9672-E54D8791D8F0
D
Explanation:
https://docs.vmware.com/en/VMware-HCX/4.5/hcx-user-guide/GUID-741F47D5-A3C9-4D74-9672-E54D8791D8F0.html
"VMware HCX Replication Assisted vMotion (RAV) uses the HCX Interconnect appliance along with replication and vMotion technologies to provide large scale, parallel migrations with zero downtime." Understanding VMware HCX Replication Assisted vMotion: https://docs.vmware.com/en/VMware-HCX/4.6/hcx-user-guide/GUID-741F47D5-A3C9-4D74-9672-E54D8791D8F0.html#GUID-741F47D5-A3C9-4D74-9672-E54D8791D8F0
Question #29
When preparing to deploy VMware Cloud on Dell EMC or VMware Cloud on AWS Outposts In a data center, which two physical constraints must be considered? (Choose two.)
- A . Having enough existing rack space for the components
- B . Distance between loading dock and datacenter
- C . Size of the doorways between loading dock and datacenter
- D . Having enough people to carry the equipment
- E . Floor and elevator weight capacity between loading dock and datacenter
Correct Answer: CE
CE
Explanation:
When deploying VMware Cloud on Dell EMC or VMware Cloud on AWS Outposts, the Dell or AWS guys will bring a populated rack to the on-prem DC to extend the private cloud. They will bring technisians on-site to carry, install and configure the devices. AWS Outposts rack hardware specs: https://aws.amazon.com/outposts/rack/hardware-specs/?nc=sn&loc=4
https://docs.vmware.com/en/VMware-Cloud-on-Dell-EMC/services/vmc.dell.emc.datasheet/GUID-9252D1FC-FE9C-4317-8EEB-4C019A21CAA9.html
CE
Explanation:
When deploying VMware Cloud on Dell EMC or VMware Cloud on AWS Outposts, the Dell or AWS guys will bring a populated rack to the on-prem DC to extend the private cloud. They will bring technisians on-site to carry, install and configure the devices. AWS Outposts rack hardware specs: https://aws.amazon.com/outposts/rack/hardware-specs/?nc=sn&loc=4
https://docs.vmware.com/en/VMware-Cloud-on-Dell-EMC/services/vmc.dell.emc.datasheet/GUID-9252D1FC-FE9C-4317-8EEB-4C019A21CAA9.html
Question #30
A virtual machine running in VMware Cloud on AWS Is experiencing poor CPU performance.
What are two steps the cloud administrator can take to troubleshoot this issue? (Choose two.)
- A . Physically access the console of the VMware ESXi host where the virtual machine resides and use the command line to review the logs.
- B . Use the Troubleshooting Workbench in VMware vRealize Operations Cloud to look for potential evidence.
- C . Set the power management policy on the VMware ESXi host to "High Performance."
- D . Log in to the VMware ESXi host using SSH and run ‘esxtop’ to examine CPU statistics.
- E . Use the VMware vSphere Client to connect to the VMware vCenter which manages the virtual machine and examine Its performance statistics.
Correct Answer: BE
BE
Explanation:
"It is a good idea to periodically monitor the CPU usage of the host. This can be done through the vSphere Client, using the VMware vRealizeOperations management suite, or by using resxtop. Below we describe how to interpret resxtop" https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/vmc-aws-performance.pdf
Use the VMware vSphere Client to connect to the VMware vCenter which manages the virtual machine and examine its performance statistics. You can use charts, alarms, and events to identify CPU bottlenecks or contention.
Use the Troubleshooting Workbench in VMware vRealize Operations Cloud to look for potential evidence. You can use dashboards, alerts, metrics, logs, and recommendations to diagnose and resolve CPU performance issues.
https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/vmc-aws-performance.pdf
BE
Explanation:
"It is a good idea to periodically monitor the CPU usage of the host. This can be done through the vSphere Client, using the VMware vRealizeOperations management suite, or by using resxtop. Below we describe how to interpret resxtop" https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/vmc-aws-performance.pdf
Use the VMware vSphere Client to connect to the VMware vCenter which manages the virtual machine and examine its performance statistics. You can use charts, alarms, and events to identify CPU bottlenecks or contention.
Use the Troubleshooting Workbench in VMware vRealize Operations Cloud to look for potential evidence. You can use dashboards, alerts, metrics, logs, and recommendations to diagnose and resolve CPU performance issues.
https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/vmc-aws-performance.pdf
Question #31
A cloud administrator needs to configure a VM storage policy for virtual machines that will host a business critical application. The environment consists of a single cluster with six hosts. The application is storage I/O intensive and redundancy must be provided at the highest level possible.
Which VM storage policy settings should the administrator configure to meet these requirements?
- A . RAID-1 FTT = 3
- B . RAID-1 FTT = 2
- C . RAID-5
- D . RAID-6
Correct Answer: B
B
Explanation:
RAID-1 is a mirror configuration that provides high availability by creating multiple copies of a VMDK. RAID-5 and RAID-6 are erasure coding configurations that provide fault tolerance by distributing data and parity across multiple hosts.
The number of failures to tolerate (FTT) determines how many copies or parity blocks are created for each VMDK. For example, RAID-1 FTT = 2 means that there are three copies of each VMDK. Therefore, based on your requirements, a possible VM storage policy setting could be RAID-1 FTT = 2, which would provide redundancy at the highest level possible with six hosts. https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vsphere.vmc-aws-manage-data-center-vms.doc/GUID-EDBB551B-51B0-421B-9C44-6ECB66ED660B.html
B
Explanation:
RAID-1 is a mirror configuration that provides high availability by creating multiple copies of a VMDK. RAID-5 and RAID-6 are erasure coding configurations that provide fault tolerance by distributing data and parity across multiple hosts.
The number of failures to tolerate (FTT) determines how many copies or parity blocks are created for each VMDK. For example, RAID-1 FTT = 2 means that there are three copies of each VMDK. Therefore, based on your requirements, a possible VM storage policy setting could be RAID-1 FTT = 2, which would provide redundancy at the highest level possible with six hosts. https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vsphere.vmc-aws-manage-data-center-vms.doc/GUID-EDBB551B-51B0-421B-9C44-6ECB66ED660B.html
Question #32
A cloud administrator wants to restrict Junior administrators to creating, deleting, and managing virtual machines in the Development folder In the VMware Cloud on AWS vCenter Server instance.
Which type of access should be granted to these junior administrators?
- A . CloudAdmln role and global permissions
- B . CloudAdmin role on the Development folder
- C . Administrator role on the Development folder
- D . Administrator role on the cloud vCenter Server instance
Correct Answer: B
B
Explanation:
This role is designed to give administrators access to manage virtual machines, networks, and other settings within the folder. The CloudAdmin role will also give the junior administrators access to all global permissions that are associated with the Development folder.
"The CloudAdmin role is designed to give administrators access to manage a single folder. This role grants access to manage virtual machines, networks, and other settings within the folder. Additionally, this role grants access to all global permissions that are associated with the folder. For example, if the folder has global permissions that allow users to create or delete virtual machines, the CloudAdmin role will grant access to those permissions within the folder."
The CloudAdmin user can grant other users or groups read-only access to VMware Cloud on AWS vCenter management objects such as the Mgmt-ResourcePool, Management VMs folder, Discovered Virtual Machines folder, vmc-hostswitch, and vsanDatastore. Because this read-only access does not propagate to management objects, you cannot grant it as a Global Permission and instead must explicitly grant it for each management object. VMware Cloud on AWS runs a script once a day that updates any newly-created management objects (such as objects in a new cluster) so that the CloudAdmin user and CloudAdminGroup SSO group have the updated role applied. The script itself does not grant additional access to any user or group, so you’ll need to wait until it completes before the CloudAdmin can use this workflow to grant read-only access to those objects.
Reference: https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vsphere.vmc-aws-manage-data-center-vms.doc/GUID-06B8A15B-4BE9-4236-8BEA-3F4F7C55D87A.html
B
Explanation:
This role is designed to give administrators access to manage virtual machines, networks, and other settings within the folder. The CloudAdmin role will also give the junior administrators access to all global permissions that are associated with the Development folder.
"The CloudAdmin role is designed to give administrators access to manage a single folder. This role grants access to manage virtual machines, networks, and other settings within the folder. Additionally, this role grants access to all global permissions that are associated with the folder. For example, if the folder has global permissions that allow users to create or delete virtual machines, the CloudAdmin role will grant access to those permissions within the folder."
The CloudAdmin user can grant other users or groups read-only access to VMware Cloud on AWS vCenter management objects such as the Mgmt-ResourcePool, Management VMs folder, Discovered Virtual Machines folder, vmc-hostswitch, and vsanDatastore. Because this read-only access does not propagate to management objects, you cannot grant it as a Global Permission and instead must explicitly grant it for each management object. VMware Cloud on AWS runs a script once a day that updates any newly-created management objects (such as objects in a new cluster) so that the CloudAdmin user and CloudAdminGroup SSO group have the updated role applied. The script itself does not grant additional access to any user or group, so you’ll need to wait until it completes before the CloudAdmin can use this workflow to grant read-only access to those objects.
Reference: https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vsphere.vmc-aws-manage-data-center-vms.doc/GUID-06B8A15B-4BE9-4236-8BEA-3F4F7C55D87A.html
Question #33
A cloud administrator is deploying a new software-defined data center (SDDC) in VMware Cloud on AWS. Long-term planning indicates that a minimum of 30 hosts are required.
What is a valid management network CIDR based on the requirements?
- A . 10.4.0.0/23
- B . 10.3.0.0/24
- C . 10.2.0.0/16
- D . 10.1.0.0/20
Correct Answer: D
D
Explanation:
A valid management network CIDR based on the requirements is 10.1.0.0/20, as this provides a range of 4096 IP addresses, which is more than enough for 30 hosts. A /23 CIDR only provides 512 IP addresses, which is not enough for 30 hosts, while a /24 CIDR provides 256 IP addresses and a /16 CIDR provides 65,536 IP addresses, which is more than is needed for the 30 hosts. https://blogs.vmware.com/cloud/2019/10/03/selecting-ip-subnets-sddc/
D
Explanation:
A valid management network CIDR based on the requirements is 10.1.0.0/20, as this provides a range of 4096 IP addresses, which is more than enough for 30 hosts. A /23 CIDR only provides 512 IP addresses, which is not enough for 30 hosts, while a /24 CIDR provides 256 IP addresses and a /16 CIDR provides 65,536 IP addresses, which is more than is needed for the 30 hosts. https://blogs.vmware.com/cloud/2019/10/03/selecting-ip-subnets-sddc/
Question #34
A cloud administrator is looking to migrate several dozen workloads from their on-premises location to a VMware public cloud using the vMotlon feature of VMware HCX. A total of three networks will need to be stretched for the migration. They will also be utilizing the capabilities of the WAN appliance to optimize migration traffic.
Based on this scenario, how many IP addresses would need to be reserved for the on-premises deployment of VMware HCX?
- A . four
- B . five
- C . three
- D . six
Correct Answer: B
B
Explanation:
"The VMware HCX on-premises deployment requires five IP addresses: two for the WAN appliance, two for the vMotion feature, and one for the management network."
In this scenario, the cloud administrator is utilizing the vMotion feature of VMware HCX to migrate several dozen workloads from an on-premises location to a VMware public cloud. They are also stretching three networks for the migration. When using vMotion, two IP addresses will be needed per vMotioned virtual machine: one for the source and one for the target. For the migration of several dozen workloads, this will require several dozens of IP addresses. Additionally, the administrator is also utilizing the capabilities of the WAN appliance to optimize migration traffic. In order to optimize the traffic, one IP address will be needed for the WAN appliance on the on-premises site, and another IP address will be needed for the WAN appliance on the public cloud side. Therefore, the total number of IP addresses that need to be reserved for the on-premises deployment of VMware HCX is the number of IP addresses required for the virtual machines plus one IP address for the WAN appliance on the on-premises site plus another IP address for the WAN appliance on the public cloud side, which totals to five IP addresses.
B
Explanation:
"The VMware HCX on-premises deployment requires five IP addresses: two for the WAN appliance, two for the vMotion feature, and one for the management network."
In this scenario, the cloud administrator is utilizing the vMotion feature of VMware HCX to migrate several dozen workloads from an on-premises location to a VMware public cloud. They are also stretching three networks for the migration. When using vMotion, two IP addresses will be needed per vMotioned virtual machine: one for the source and one for the target. For the migration of several dozen workloads, this will require several dozens of IP addresses. Additionally, the administrator is also utilizing the capabilities of the WAN appliance to optimize migration traffic. In order to optimize the traffic, one IP address will be needed for the WAN appliance on the on-premises site, and another IP address will be needed for the WAN appliance on the public cloud side. Therefore, the total number of IP addresses that need to be reserved for the on-premises deployment of VMware HCX is the number of IP addresses required for the virtual machines plus one IP address for the WAN appliance on the on-premises site plus another IP address for the WAN appliance on the public cloud side, which totals to five IP addresses.
Question #35
Which two service management tasks In VMware Cloud on AWS are performed by VMware? (Choose two.)
- A . Capacity management of the cloud software-defined data centers (SDDCs)
- B . Updates to VMware hardware compatibility
- C . Notifications sent before a regular update
- D . Updates to the software-defined data center (SDDC) software
- E . Creation and configuration of VPC during the software-defined data center (SDDC) deployment
Correct Answer: CD
CD
Explanation:
CD
Explanation:
Question #36
A cloud administrator wants to view and manage workloads across both an on-premises environment and a VMware Cloud on AWS software-defined data center (SDDC).
Which solution meets this requirement?
- A . Enhanced Linked Mode
- B . VMware HCX
- C . vCenter Single Sign-On
- D . Hybrid Linked Mode
Correct Answer: D
D
Explanation:
Hybrid Linked Mode allows you to link your cloud vCenter Server instance with an on-premises vCenter Single Sign-On domain. https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vsphere.vmc-aws-manage-data-center-vms.doc/GUID-91C57891-4D61-4F4C-B580-74F3000B831D.html
Hybrid Linked Mode is the solution that meets the requirement of viewing and managing workloads across both an on-premises environment and a VMware Cloud on AWS SDDC. Hybrid Linked Mode allows customers to link their on-premises vCenter Server with their VMware Cloud on AWS vCenter Server and use a single interface to manage both environments1. Hybrid Linked Mode also enables customers to perform cold and live migrations of workloads between on-premises and cloud SDDCs2. Hybrid Linked Mode leverages the existing vCenter Single Sign-On domain and does not require any additional components or licenses1.
Reference: 1: Hybrid Linked Mode – VMware Docs, 2: VMware Cloud on AWS Documentation
D
Explanation:
Hybrid Linked Mode allows you to link your cloud vCenter Server instance with an on-premises vCenter Single Sign-On domain. https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vsphere.vmc-aws-manage-data-center-vms.doc/GUID-91C57891-4D61-4F4C-B580-74F3000B831D.html
Hybrid Linked Mode is the solution that meets the requirement of viewing and managing workloads across both an on-premises environment and a VMware Cloud on AWS SDDC. Hybrid Linked Mode allows customers to link their on-premises vCenter Server with their VMware Cloud on AWS vCenter Server and use a single interface to manage both environments1. Hybrid Linked Mode also enables customers to perform cold and live migrations of workloads between on-premises and cloud SDDCs2. Hybrid Linked Mode leverages the existing vCenter Single Sign-On domain and does not require any additional components or licenses1.
Reference: 1: Hybrid Linked Mode – VMware Docs, 2: VMware Cloud on AWS Documentation
Question #37
How much throughput does a Google Cloud VMware Engine private cloud network provide?
- A . 25 Gbps
- B . 40 Gbps
- C . 100 Gbps
- D . 10 Gbps
Correct Answer: C
C
Explanation:
The throughput provided by a Google Cloud VMware Engine private cloud network is 100 Gbps. This allows for a high level of performance and scalability, and supports a variety of services and applications. Additionally, the private cloud network is secure and reliable, providing support for different authentication methods and encryption standards.
100Gb dedicated for cluster (vSAN + east-west) 4x mellanox connect-4 lx dual port 25GbE.
C
Explanation:
The throughput provided by a Google Cloud VMware Engine private cloud network is 100 Gbps. This allows for a high level of performance and scalability, and supports a variety of services and applications. Additionally, the private cloud network is secure and reliable, providing support for different authentication methods and encryption standards.
100Gb dedicated for cluster (vSAN + east-west) 4x mellanox connect-4 lx dual port 25GbE.
Question #38
A cloud administrator is asked to validate a proposed internetworking design that will provide connectivity to a VMware Cloud on AWS environment from multiple company locations.
The following requirements must be met:
• Connectivity to the VMware Cloud on AWS environment must support high-throughput data transfer.
• Connectivity to the VMware Cloud on AWS environment must NOT have a single point of failure.
• Any network traffic between on-premises company locations must be sent over a private IP address space.
Which design decisions should be made to meet these network connectivity requirements?
- A . • Configure a Direct Connect from headquarters to VMware Cloud on AWS.
• Use a private VIF for this connection.
• Configure a secondary, standby Direct Connect from headquarters using a public VIF.
• Configure dual, redundant, policy-based IPsec VPN connections from each regional office to VMware Cloud on AWS. - B . • Configure a Direct Connect from headquarters to VMware Cloud on AWS.
• Use a public VIF for this connection.
• Configure a route-based IPsec VPN tunnel as a secondary method of connectivity from headquarters to VMware Cloud on AWS.
• Configure dual, redundant, route-based IPsec VPN connections from each regional office to VMware Cloud on AWS. - C . • Configure a Direct Connect from headquarters to VMware Cloud on AWS.
• Use a private VIF for this connection.
• Configure a route-based IPsec VPN tunnel as a secondary method of connectivity from headquarters to VMware Cloud on AWS, taking care to enable the "Use VPN as Backup to Direct Connect" option.
• Configure dual, redundant, route-based IPsec VPN connections from each regional office to VMware Cloud on AWS. - D . • Configure a Direct Connect from headquarters to VMware Cloud on AWS.
• Use a private VIF for this connection.
• Configure a policy-based IPsec VPN tunnel as a secondary method of connectivity from headquarters to VMware Cloud on AWS, taking care to enable the "Use VPN as Backup to Direct Connect" option.
• Configure dual, redundant, policy-based IPsec VPN connections from each regional office to VMware Cloud on AWS.
Correct Answer: C
C
Explanation:
Option C is the best design decision that meets the network connectivity requirements. Configuring a Direct Connect from headquarters to VMware Cloud on AWS with a private VIF will ensure high-throughput data transfer and eliminate the single point of failure. To ensure that all network traffic between on-premises company locations is sent over a private IP address space, a route-based IPsec VPN tunnel should be configured as a secondary method of connectivity from headquarters to VMware Cloud on AWS, taking care to enable the "Use VPN as Backup to Direct Connect" option. Finally, dual, redundant, route-based IPsec VPN connections should be configured from each regional office to VMware Cloud on AWS.
A route-based VPN creates an IPsec tunnel interface and routes traffic through it as dictated by the SDDC routing table. A route-based VPN provides resilient, secure access to multiple subnets. When you use a route-based VPN, new routes are added automatically when new networks are created. https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws-networking-security/GUID-5AF45CE6-FA53-45C0-83E5-25F8E3A055E9.html
C
Explanation:
Option C is the best design decision that meets the network connectivity requirements. Configuring a Direct Connect from headquarters to VMware Cloud on AWS with a private VIF will ensure high-throughput data transfer and eliminate the single point of failure. To ensure that all network traffic between on-premises company locations is sent over a private IP address space, a route-based IPsec VPN tunnel should be configured as a secondary method of connectivity from headquarters to VMware Cloud on AWS, taking care to enable the "Use VPN as Backup to Direct Connect" option. Finally, dual, redundant, route-based IPsec VPN connections should be configured from each regional office to VMware Cloud on AWS.
A route-based VPN creates an IPsec tunnel interface and routes traffic through it as dictated by the SDDC routing table. A route-based VPN provides resilient, secure access to multiple subnets. When you use a route-based VPN, new routes are added automatically when new networks are created. https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws-networking-security/GUID-5AF45CE6-FA53-45C0-83E5-25F8E3A055E9.html
Question #39
A cloud administrator needs to create a secure connection over the Internet between an on-premises data center and a VMware Cloud software-defined data center (SDDC).
Which solution can accomplish this goal?
- A . VMware Site Recovery Manager
- B . VMware vRealize Network Insight
- C . VMware NSX
- D . VMware Cloud Director
Correct Answer: C
C
Explanation:
VMware NSX is a network virtualization and security platform that provides a range of features for creating and managing virtual networks, including the ability to create secure connections over the Internet between on-premises data centers and VMware Cloud software-defined data centers (SDDCs). NSX allows you to create logical networks that are isolated from the underlying physical infrastructure, providing enhanced security and flexibility. With NSX, you can create secure, encrypted connections between your on-premises data center and your VMware Cloud SDDC, allowing you to easily and securely connect your workloads and applications running in the cloud to your on-premises resources.
C
Explanation:
VMware NSX is a network virtualization and security platform that provides a range of features for creating and managing virtual networks, including the ability to create secure connections over the Internet between on-premises data centers and VMware Cloud software-defined data centers (SDDCs). NSX allows you to create logical networks that are isolated from the underlying physical infrastructure, providing enhanced security and flexibility. With NSX, you can create secure, encrypted connections between your on-premises data center and your VMware Cloud SDDC, allowing you to easily and securely connect your workloads and applications running in the cloud to your on-premises resources.
Question #40
A cloud administrator is managing a VMware Cloud on AWS environment. Currently, there Is a single cluster consisting of four 13.metal hosts. Due to an increased demand, cluster capacity has to be expanded by 60 cores and 640 GB of memory.
What should the administrator do to meet the demand?
- A . Add 16 CPU cores to the existing hosts.
- B . Add three c4.metal hosts to the cluster.
- C . Add two i3.metal hosts to the cluster.
- D . Add one i3en.metal host to the cluster.
Correct Answer: C
C
Explanation:
According to the VMware Cloud on AWS documentation, the minimum capacity of an i3.metal host is 8 vCPUs and 64 GB of memory. Therefore, to meet the demand of an additional 60 cores and 640 GB of memory, the administrator should add two i3.metal hosts to the cluster. For more information, please refer to the official VMware Cloud on AWS documentation at: https://docs.vmware.com/en/VMware-Cloud-on-AWS/index.html.
C
Explanation:
According to the VMware Cloud on AWS documentation, the minimum capacity of an i3.metal host is 8 vCPUs and 64 GB of memory. Therefore, to meet the demand of an additional 60 cores and 640 GB of memory, the administrator should add two i3.metal hosts to the cluster. For more information, please refer to the official VMware Cloud on AWS documentation at: https://docs.vmware.com/en/VMware-Cloud-on-AWS/index.html.
Question #41
Which VMware Cloud tool would an administrator use to forward all the monitored traffic to a network appliance for analysis and remediation?
- A . vRealize Log Insight
- B . Traceflow
- C . Port mirroring
- D . IPFIX
Correct Answer: C
C
Explanation:
Port mirroring is a VMware Cloud tool that an administrator can use to forward all the monitored traffic to a network appliance for analysis and remediation. The network appliance can then analyze the mirrored traffic and take the appropriate remedial action. Port mirroring can also be used to identify and troubleshoot network issues, as well as monitor network activities.
Port mirroring lets you replicate and redirect all of the traffic coming from a source. The mirrored traffic is sent encapsulated within a Generic Routing Encapsulation (GRE) tunnel to a collector so that all of the original packet information is preserved while traversing the network to a remote destination.
Port mirroring is used in the following scenarios:
Troubleshooting – Analyze the traffic to detect intrusion and debug and diagnose errors on a network.
Compliance and monitoring – Forward all of the monitored traffic to a network appliance for analysis
and remediation.
Port mirroring includes a source group where the data is monitored and a destination group where the collected data is copied to. The source group membership criteria require VMs to be grouped based on the workload such as web group or application group. The destination group membership criteria require VMs to be grouped based on IP addresses. Port mirroring has one enforcement point, where you can apply policy rules to your SDDC environment.
The traffic direction for port mirroring is Ingress, Egress, or Bi Directional traffic: Ingress is the outbound network traffic from the VM to the logical network. Egress is the inbound network traffic from the logical network to the VM.
Bi Directional is the traffic from the VM to the logical network and from the logical network to the VM. This is the default option.
https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws-networking-security/GUID-3268A0D3-89D0-406F-B44F-156DD1A30E00.html
C
Explanation:
Port mirroring is a VMware Cloud tool that an administrator can use to forward all the monitored traffic to a network appliance for analysis and remediation. The network appliance can then analyze the mirrored traffic and take the appropriate remedial action. Port mirroring can also be used to identify and troubleshoot network issues, as well as monitor network activities.
Port mirroring lets you replicate and redirect all of the traffic coming from a source. The mirrored traffic is sent encapsulated within a Generic Routing Encapsulation (GRE) tunnel to a collector so that all of the original packet information is preserved while traversing the network to a remote destination.
Port mirroring is used in the following scenarios:
Troubleshooting – Analyze the traffic to detect intrusion and debug and diagnose errors on a network.
Compliance and monitoring – Forward all of the monitored traffic to a network appliance for analysis
and remediation.
Port mirroring includes a source group where the data is monitored and a destination group where the collected data is copied to. The source group membership criteria require VMs to be grouped based on the workload such as web group or application group. The destination group membership criteria require VMs to be grouped based on IP addresses. Port mirroring has one enforcement point, where you can apply policy rules to your SDDC environment.
The traffic direction for port mirroring is Ingress, Egress, or Bi Directional traffic: Ingress is the outbound network traffic from the VM to the logical network. Egress is the inbound network traffic from the logical network to the VM.
Bi Directional is the traffic from the VM to the logical network and from the logical network to the VM. This is the default option.
https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws-networking-security/GUID-3268A0D3-89D0-406F-B44F-156DD1A30E00.html
Question #42
A cloud administrator is trying to Increase the disk size of a virtual machine (VM) within a VMware Cloud solution. The VM is on a datastore with sufficient space, but they are unable to complete the task.
Which file is preventing the administrator from completing this task?
- A . The .nvram file
- B . The .vmtx file
- C . The .vmdk file
- D . The .vmsn file
Correct Answer: D
D
Explanation:
.vmsn (VMware Snapshot State File): This file stores the state of a virtual machine’s memory and running processes when a snapshot is taken. The presence of a .vmsn file indicates that the VM has an active snapshot. Snapshots essentially "freeze" the virtual disk (.vmdk) configuration, preventing changes like disk expansion.
D
Explanation:
.vmsn (VMware Snapshot State File): This file stores the state of a virtual machine’s memory and running processes when a snapshot is taken. The presence of a .vmsn file indicates that the VM has an active snapshot. Snapshots essentially "freeze" the virtual disk (.vmdk) configuration, preventing changes like disk expansion.
Question #43
How is a Tanzu Kubernetes cluster deployed in a VMware Cloud environment?
- A . Using the VMware Cloud Console
- B . Using VMware Tanzu Mission Control
- C . Using the standard open-source kubectl
- D . Using the vSphere Plugln for kubectl
Correct Answer: A
A
Explanation:
Tanzu Kubernetes clusters can be deployed in a VMware Cloud environment using the VMware Cloud Console. The VMware Cloud Console provides a user-friendly interface that allows users to quickly deploy and manage Tanzu Kubernetes clusters. The standard open-source kubectl can also be used to deploy Tanzu Kubernetes clusters. However, this requires a more in-depth knowledge of the kubectl command-line interface. Additionally, users can use the vSphere Plugin for kubectl to deploy and manage Tanzu Kubernetes clusters. This plugin provides a graphical user interface to manage the clusters, as well as additional features such as the ability to make cluster-level changes https://docs.vmware.com/en/VMware-Tanzu-for-Kubernetes-Operations/1.4/tko-reference-architecture/GUID-deployment-guides-tanzu-standard-on-vmc-aws.html
A
Explanation:
Tanzu Kubernetes clusters can be deployed in a VMware Cloud environment using the VMware Cloud Console. The VMware Cloud Console provides a user-friendly interface that allows users to quickly deploy and manage Tanzu Kubernetes clusters. The standard open-source kubectl can also be used to deploy Tanzu Kubernetes clusters. However, this requires a more in-depth knowledge of the kubectl command-line interface. Additionally, users can use the vSphere Plugin for kubectl to deploy and manage Tanzu Kubernetes clusters. This plugin provides a graphical user interface to manage the clusters, as well as additional features such as the ability to make cluster-level changes https://docs.vmware.com/en/VMware-Tanzu-for-Kubernetes-Operations/1.4/tko-reference-architecture/GUID-deployment-guides-tanzu-standard-on-vmc-aws.html
Question #44
A customer needs to set up a self-managed VDI solution that can be deployed to any VMware Cloud.
Which two VMware solutions can meet this requirement? (Choose two.)
- A . VMware Dynamic Environment Manager (DEM)
- B . VMware ThinApp
- C . VMware Workspace ONE Unified Endpoint Management (UEM)
- D . VMware Horizon
- E . VMware Workspace ONE Access
Correct Answer: DE
DE
Explanation:
The two VMware solutions that can meet the customer’s requirement for a self-managed VDI solution are D. VMware Horizon and E. VMware Workspace ONE Access. VMware Horizon is a virtual desktop and application virtualization platform that enables customers to set up and deploy a virtual desktop infrastructure in any cloud environment. VMware Workspace ONE Access provides secure access to applications, data, and devices in any cloud environment.
DE
Explanation:
The two VMware solutions that can meet the customer’s requirement for a self-managed VDI solution are D. VMware Horizon and E. VMware Workspace ONE Access. VMware Horizon is a virtual desktop and application virtualization platform that enables customers to set up and deploy a virtual desktop infrastructure in any cloud environment. VMware Workspace ONE Access provides secure access to applications, data, and devices in any cloud environment.
Question #45
A cloud administrator is notified by VMware that their VMware Cloud on AWS Instance will be updated in seven days.
Which action does the cloud administrator need to take to allow the update?
- A . Add capacity.
- B . Select a date for the upgrade.
- C . Respond to the notification.
- D . Nothing needs to be done.
Correct Answer: D
D
Explanation:
VMware Cloud on AWS is a managed service, and VMware handles the updates and patches to the infrastructure. When VMware notifies customers of upcoming maintenance or updates, it is usually for informational purposes, so the customer is aware. Unless there’s a specific action item mentioned in the notification (which would be unusual), no action is required from the customer’s end.
Upgrades for VMware Cloud on AWS SDDCs are deployed in a rollout across the service. When an upgrade rollout is available for your organization, you receive an email notification and a notification in the VMware Cloud Console. Typically, you receive this notification 30 to 60 days before upgrades begin for a rollout. After you receive the notification, you can submit a scheduling request for any of your SDDCs. So respond is required for initial schedule. If you receive the notification 7 days before start, this means you already responded to the proposed date and agree on it. https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws-operations/GUID-EE89B216-BE93-4A1A-9280-8F20E2A5266F.html https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws-operations/GUID-7725CAAC-BBDB-4F80-991F-1D1ADDE12216.html#GUID-7725CAAC-BBDB-4F80-991F-1D1ADDE12216
D
Explanation:
VMware Cloud on AWS is a managed service, and VMware handles the updates and patches to the infrastructure. When VMware notifies customers of upcoming maintenance or updates, it is usually for informational purposes, so the customer is aware. Unless there’s a specific action item mentioned in the notification (which would be unusual), no action is required from the customer’s end.
Upgrades for VMware Cloud on AWS SDDCs are deployed in a rollout across the service. When an upgrade rollout is available for your organization, you receive an email notification and a notification in the VMware Cloud Console. Typically, you receive this notification 30 to 60 days before upgrades begin for a rollout. After you receive the notification, you can submit a scheduling request for any of your SDDCs. So respond is required for initial schedule. If you receive the notification 7 days before start, this means you already responded to the proposed date and agree on it. https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws-operations/GUID-EE89B216-BE93-4A1A-9280-8F20E2A5266F.html https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws-operations/GUID-7725CAAC-BBDB-4F80-991F-1D1ADDE12216.html#GUID-7725CAAC-BBDB-4F80-991F-1D1ADDE12216