Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsVCP-DCVExam Questions

VMware · Free Practice Questions · Last reviewed May 2026

VCP-DCV Exam Questions and Answers

36real exam-style questions organised by domain, each with the correct answer highlighted and a plain-English explanation of why it's right — and why the others are wrong.

70 exam questions
135 min time limit
Pass: 300/1000 / 1000
6 exam domains
OverviewDomain BlueprintStudy GuideAll QuestionsSample by Domain
1. vSphere Architecture, Products and Solutions2. Configure and Manage vSphere Networking3. Configure and Manage vSphere Storage4. vSphere Lifecycle Management5. vSphere Security6. vSphere Performance and Scaling
1

Domain 1: vSphere Architecture, Products and Solutions

All vSphere Architecture, Products and Solutions questions
Q1
easyFull explanation →

A vSphere administrator is designing a new cluster for a mission-critical application that requires maximum availability. The cluster will consist of four ESXi hosts. Which vSphere feature should be enabled to protect against host failures while minimizing resource waste?

A

Enable vSphere DRS and set the migration threshold to the most aggressive setting.

B

Enable vSphere HA and configure admission control to reserve resources for one host failure.

This provides the required availability while optimizing resource usage.

C

Enable vSphere Fault Tolerance on all VMs in the cluster.

D

Configure vSphere Replication for all VMs to replicate to a secondary site.

Why: Option B is correct because vSphere HA with admission control configured to reserve resources for one host failure ensures that if a host fails, the VMs can be restarted on the remaining hosts without overcommitting resources. This provides maximum availability for mission-critical applications while minimizing resource waste by only reserving enough capacity for a single host failure, not for multiple or all hosts.
Q2
mediumFull explanation →

A company has a vSphere environment with a vCenter Server Appliance (VCSA) that is running low on disk space. The administrator notices that the /storage/archive partition is nearly full. Which action should the administrator take to reclaim space without impacting the functionality of vCenter Server?

A

Increase the size of the VCSA virtual disk using vSphere Web Client.

B

Run the 'vcenter-delete-archive' script from the command line.

This script is designed to safely clean up old archived data.

C

Use the Windows Disk Cleanup utility on the VCSA.

D

Manually delete files from the /storage/archive directory using SSH.

Why: The VCSA runs on a Linux-based operating system, not Windows, so the Windows Disk Cleanup utility is irrelevant. The /storage/archive partition stores historical data such as stats, events, and tasks. VMware provides the 'vcenter-delete-archive' script as the supported method to safely purge old archived data from this partition without risking corruption of the vCenter Server database or services. Manually deleting files via SSH can leave the database in an inconsistent state, while increasing the virtual disk only postpones the issue without reclaiming space.
Q3
hardFull explanation →

An administrator is troubleshooting a VM that is experiencing high latency on its virtual disks. The VM is connected to a vSphere datastore backed by an NFS share. The ESXi host has multiple VMkernel ports configured for NFS traffic. Which configuration change is most likely to improve storage performance?

A

Configure multiple VMkernel ports for NFS and enable port binding with a route based on originating port ID policy.

This leverages multiple network paths to improve performance and redundancy.

B

Use a single VMkernel port for NFS and configure it with the highest priority.

C

Enable jumbo frames on the NFS VMkernel port and the physical switches.

D

Increase the disk queue depth on the VM's virtual SCSI controller.

Why: Option A is correct because NFS port binding (also known as NFS multipathing) allows multiple VMkernel ports to be used for NFS traffic, and when combined with a 'route based on originating port ID' load-balancing policy, it enables the ESXi host to distribute NFS I/O across multiple physical NICs and paths. This increases aggregate throughput and reduces latency by avoiding congestion on a single VMkernel port or physical link, which is the most effective change for improving storage performance in this scenario.
Q4
easyFull explanation →

An organization wants to migrate a VM from one vCenter Server to another without shutting down the VM. Both vCenter Servers are in Enhanced Linked Mode. Which migration method should the administrator use?

A

Cold migration

B

Cross-vCenter vMotion

This enables live migration across vCenter Servers when they are in Enhanced Linked Mode.

C

Storage vMotion

D

Export the VM as OVF and import it to the other vCenter

Why: Cross-vCenter vMotion (option B) is the correct method because it allows a live, zero-downtime migration of a running VM between vCenter Server instances, even when both are in Enhanced Linked Mode. This feature uses the vMotion protocol to transfer memory and execution state across vCenter boundaries without requiring shared storage, as long as the source and destination hosts are in the same vCenter Single Sign-On domain and meet compatibility requirements.
Q5
mediumFull explanation →

A vSphere administrator is planning to deploy a vCenter Server Appliance (VCSA) with an embedded Platform Services Controller (PSC). The company policy requires that all vCenter services be highly available. Which deployment topology should the administrator choose?

A

Deploy a single VCSA with embedded PSC on a standalone host.

B

Deploy a VCSA with an external PSC, and install the PSC on a separate VM.

C

Deploy a VCSA with embedded PSC on a cluster with vSphere HA enabled.

vSphere HA restarts the VCSA if the host fails, providing high availability.

D

Deploy two VCSAs in separate vCenter Single Sign-On domains and configure multi-site.

Why: Option C is correct because deploying a VCSA with an embedded PSC on a cluster with vSphere HA enabled ensures that if the ESXi host running the VCSA fails, the VCSA is automatically restarted on another host in the cluster, providing high availability for all vCenter services. The embedded PSC topology is fully supported with vSphere HA, and this approach meets the policy requirement without the complexity of external PSCs or multi-site configurations.
Q6
hardFull explanation →

An administrator is troubleshooting a performance issue where a VM is not receiving the expected CPU resources. The VM is a member of a resource pool with a CPU Shares value of 2000. The host has two other resource pools: one with 1000 shares and another with 500 shares. All resource pools are competing for CPU. The VM's reservation is set to 2 GHz, and the host has 8 GHz available. What is the minimum CPU allocation the VM is guaranteed?

A

4 GHz (based on share ratio)

B

2 GHz

The reservation guarantees 2 GHz regardless of other resource pool shares.

C

8 GHz (all host CPU)

D

0 GHz (no guarantee without reservation)

Why: The VM's reservation of 2 GHz guarantees that the host will reserve at least that amount of CPU capacity for the VM, regardless of contention or share values. Shares only affect the distribution of excess resources beyond reservations, not the guaranteed minimum. Since the host has 8 GHz available, the reservation is fully satisfiable, so the VM is guaranteed 2 GHz.

Want more vSphere Architecture, Products and Solutions practice?

Practice this domain
2

Domain 2: Configure and Manage vSphere Networking

All Configure and Manage vSphere Networking questions
Q1
mediumFull explanation →

A vSphere administrator is troubleshooting connectivity issues for a virtual machine on a standard switch. The VM is configured with VLAN 100, but cannot ping the default gateway. The VMkernel port on the host is on VLAN 200. The physical switch port connected to the host is configured as a trunk port allowing VLANs 100 and 200. Which action should the administrator take to resolve the issue?

A

Enable promiscuous mode on the VM port group.

B

Change the physical switch port to access mode on VLAN 100.

C

Ensure the VM port group is set to VLAN 100.

The VM port group must match the VM's VLAN.

D

Set the VM port group VLAN to 4095.

Why: The VM is configured with VLAN 100, and the physical switch trunk port already allows VLAN 100 and 200. The VMkernel port on VLAN 200 is working, so the issue is that the VM port group must be explicitly set to VLAN 100 to tag egress frames with VLAN 100 and to accept only VLAN 100-tagged frames on ingress. Option C ensures the standard switch port group applies the correct VLAN ID, matching the physical switch trunk configuration.
Q2
easyFull explanation →

An administrator needs to provide redundancy for VM traffic across multiple physical NICs on a vSphere Standard Switch. Which NIC teaming policy should be used to ensure fault tolerance without load balancing?

A

Route based on IP hash

B

Route based on originating virtual port

C

Use explicit failover order (Active/Standby)

This provides fault tolerance without load balancing.

D

Route based on source MAC hash

Why: Option C is correct because the 'Use explicit failover order (Active/Standby)' policy designates one or more NICs as active and the rest as standby, providing pure fault tolerance without any load balancing. When the active NIC fails, traffic automatically fails over to the standby NIC, ensuring redundancy without distributing traffic across multiple uplinks.
Q3
hardFull explanation →

A vSphere administrator is designing a network for a cluster of ESXi hosts. Each host has four 10GbE uplinks. The cluster will host mission-critical VMs that require maximum throughput and redundancy. The administrator plans to use Network I/O Control (NIOC) and a vSphere Distributed Switch (vDS). Which configuration best ensures consistent network performance for all VMs?

A

Configure a single vDS with all four uplinks, enable NIOC, and set shares and reservations for each traffic type.

NIOC provides minimum bandwidth guarantees and fair sharing.

B

Configure a single vDS with all four uplinks and enable NetFlow for monitoring.

C

Create two separate vDS, each with two uplinks, and separate VM traffic from VMkernel traffic.

D

Configure a single vDS with all four uplinks and use Route based on IP hash teaming.

Why: Option A is correct because NIOC enables per-traffic-type resource management using shares, reservations, and limits, ensuring that mission-critical VMs receive consistent network throughput even under contention. Combining all four uplinks into a single vDS maximizes aggregate bandwidth and provides redundancy through teaming policies, while NIOC prioritizes traffic flows to prevent VMkernel or management traffic from starving VM traffic.
Q4
mediumFull explanation →

A VM on a vSphere Distributed Switch is unable to receive traffic from external networks. The VM can send traffic out successfully. The VM port group has no security policies set (default). The physical switch port is configured as an access port on VLAN 100. The VM port group VLAN is set to 100. What is the most likely cause?

A

VLAN mismatch between VM port group and physical switch

B

The VM's NIC is in promiscuous mode

C

The VM is using a different default gateway than the VMkernel interface

Asymmetric routing can cause one-way traffic.

D

The physical switch port is configured as an access port instead of a trunk

Why: Option C is correct because the VM can send traffic out successfully but cannot receive traffic from external networks, which indicates a routing issue rather than a switching or VLAN problem. The most likely cause is that the VM's default gateway is set to the VMkernel interface's IP address instead of the physical network's gateway, causing return traffic to be misrouted. This is a common misconfiguration where the VM's default gateway does not match the subnet's gateway, preventing inbound traffic from reaching the VM.
Q5
easyFull explanation →

An administrator is creating a new vSphere Standard Switch on an ESXi host. The host has two physical NICs: vmnic0 and vmnic1. The administrator wants to use vmnic0 for VM traffic and vmnic1 for management traffic. How should the administrator configure the switch?

A

Create one standard switch with vmnic0 only and use VLANs for separation.

B

Create one standard switch with both vmnics and separate port groups for VM and VMkernel.

C

Create two standard switches: one with vmnic0 and a VM port group, and another with vmnic1 and a VMkernel port group.

Separation of traffic types.

D

Create a vSphere Distributed Switch with both vmnics.

Why: Option C is correct because the requirement is to use separate physical NICs for different traffic types (VM traffic on vmnic0 and management traffic on vmnic1). In vSphere, a standard switch is a per-host virtual switch that connects virtual machines and VMkernel interfaces to physical NICs. To isolate traffic at the physical NIC level, you must create two distinct standard switches: one with vmnic0 and a VM port group for VM traffic, and another with vmnic1 and a VMkernel port group for management traffic. This ensures that management traffic never traverses vmnic0 and VM traffic never traverses vmnic1, providing physical separation and avoiding contention.
Q6
hardFull explanation →

A vSphere administrator is deploying a vSphere Distributed Switch (vDS) version 7.0. The environment has ESXi hosts with hardware version 7.0. The administrator needs to ensure that the vDS supports Network I/O Control version 3 (NIOCv3). What must be true for NIOCv3 to function correctly?

A

All hosts must be running ESXi 7.0 or later.

NIOCv3 requires ESXi 7.0 or later.

B

The vDS must be configured with Route based on IP hash teaming.

C

All hosts must have the vDS in Link Aggregation Control Protocol (LACP) mode.

D

The vDS must have a Network Resource Pool configured.

Why: NIOCv3 is a feature introduced with vSphere 7.0 that provides granular bandwidth allocation and reservation for network traffic. For NIOCv3 to function correctly, all ESXi hosts attached to the vDS must be running ESXi 7.0 or later because the feature relies on kernel-level enhancements and the vSphere Network Resource Management (vNRM) agent that are only present in that version. Hosts on earlier versions lack the necessary drivers and scheduling capabilities, causing NIOCv3 to be unavailable or non-functional.

Want more Configure and Manage vSphere Networking practice?

Practice this domain
3

Domain 3: Configure and Manage vSphere Storage

All Configure and Manage vSphere Storage questions
Q1
easyFull explanation →

An administrator notices that a VM with a 500 GB virtual disk stored on an NFS datastore is performing poorly during backup operations. The NFS datastore is mounted with default settings. Which change will most likely improve performance?

A

Move the VM to a cluster with more memory.

B

Enable jumbo frames on the ESXi host's VMkernel adapter for NFS.

C

Increase the size of the NFS datastore to 1 TB.

D

Configure the NFS datastore to use vStorage APIs for Array Integration (VAAI).

VAAI offloads storage operations to the array, improving performance.

Why: Option D is correct because VAAI for NFS offloads storage operations like hardware-assisted locking and full-file/clone operations to the NAS array, reducing CPU overhead on the ESXi host and improving performance during backup-intensive tasks. Since the NFS datastore is mounted with default settings, VAAI is not automatically enabled and must be explicitly configured to leverage array-based primitives.
Q2
mediumFull explanation →

A vSphere administrator is troubleshooting a VM that has been disconnected from its virtual disk. The VM's virtual disk file (vmdk) is still present on the datastore, but the VM cannot be powered on. Which step should the administrator take first to resolve the issue?

A

Create a new VM and attach the existing vmdk file.

B

Re-add the virtual disk from the datastore browser to the VM.

C

Use the vmkfstools command to re-register the virtual disk.

vmkfstools -i can recreate the descriptor file from the flat vmdk.

D

Perform a storage vMotion of the VM to another datastore.

Why: Option C is correct because when a VM is disconnected from its virtual disk but the .vmdk file remains on the datastore, the issue is often a corrupt or missing disk descriptor file. The vmkfstools command with the -fix option can repair the descriptor file, re-establishing the connection between the VM and its virtual disk without requiring VM recreation or manual re-attachment.
Q3
hardFull explanation →

A company is designing a vSphere environment for a critical database application. The storage array supports both Fibre Channel (FC) and iSCSI. The application requires low latency and high IOPS. Which storage protocol and path policy should be recommended?

A

FC with Fixed path policy.

B

FC with Most Recently Used (MRU) path policy.

C

iSCSI with Round Robin path policy.

D

FC with Round Robin path policy.

FC is low latency; Round Robin balances I/O across paths.

Why: FC provides lower latency and higher IOPS than iSCSI due to dedicated hardware and lower protocol overhead, making it ideal for critical database workloads. The Round Robin path policy is recommended for FC with active-active storage arrays because it distributes I/O across all available paths, maximizing throughput and load balancing, which aligns with the requirement for high IOPS.
Q4
mediumFull explanation →

A vSphere administrator is planning to configure VMware vSAN. Which TWO requirements must be met for a vSAN cluster?

A

A dedicated 10 GbE network for vSAN traffic.

B

All hosts must have identical CPU models.

C

Each host must have at least one SSD and one HDD for capacity.

vSAN uses SSD for caching and HDD for capacity.

D

A minimum of 3 ESXi hosts in the cluster.

Standard vSAN requires at least 3 hosts.

E

A shared storage array accessible by all hosts.

Why: Option C is correct because vSAN requires at least one SSD (or NVMe) for the cache tier and one HDD (or SSD) for the capacity tier on each host to form a disk group. This hybrid or all-flash configuration is fundamental to vSAN's storage architecture, where the cache tier accelerates writes and reads, while the capacity tier provides persistent storage.
Q5
hardFull explanation →

An administrator is configuring Storage DRS on a datastore cluster. Which THREE conditions must be met for Storage DRS to migrate virtual disks?

A

The source and destination datastores must be part of the same datastore cluster.

Storage DRS operates within a datastore cluster.

B

The ESXi host must have a valid Storage vMotion license.

Storage vMotion is required for migration.

C

The virtual disk must not be attached to a snapshot.

D

The storage array must support VAAI.

E

The virtual machine must be powered on.

Storage DRS migrates disks only for powered on VMs.

Why: Option A is correct because Storage DRS operates within a single datastore cluster, which is a collection of datastores that share resources and are managed as a single entity. For Storage DRS to migrate virtual disks via Storage vMotion, both the source and destination datastores must be members of the same datastore cluster; cross-cluster migrations are not supported by Storage DRS.
Q6
easyFull explanation →

Which storage feature in vSphere allows a VM to be migrated from one datastore to another without any downtime?

A

vMotion

B

Distributed Resource Scheduler (DRS)

C

Storage DRS

D

Storage vMotion

Storage vMotion migrates virtual disks with zero downtime.

Why: Storage vMotion is the correct answer because it enables live migration of a virtual machine's virtual disk files from one datastore to another with zero downtime. It uses a mirrored copy mechanism where the source and destination datastores are synchronized before the VM is switched to the destination, ensuring continuous VM availability.

Want more Configure and Manage vSphere Storage practice?

Practice this domain
4

Domain 4: vSphere Lifecycle Management

All vSphere Lifecycle Management questions
Q1
mediumFull explanation →

A vSphere administrator is planning to upgrade a vSphere 7.0 U2 cluster to vSphere 8.0 U1. The cluster is managed by a vCenter Server 7.0 U2. The administrator wants to use vSphere Lifecycle Manager (vLCM) to manage the upgrade. What must the administrator do first?

A

Enable vLCM on the cluster and set the desired image to ESXi 8.0 U1.

B

Upgrade vCenter Server to version 8.0 U1.

vCenter must be upgraded before managing ESXi 8.0 hosts with vLCM.

C

Upgrade one ESXi host to 8.0 U1 manually to test compatibility.

D

Create a baseline for ESXi 8.0 U1 in vLCM.

Why: vLCM relies on the vCenter Server to orchestrate and push images to ESXi hosts. Since the vCenter Server version must be equal to or higher than the target ESXi version, upgrading vCenter Server to 8.0 U1 first is a prerequisite. Without this, vLCM cannot manage the ESXi 8.0 U1 image because the older vCenter lacks the necessary APIs and compatibility.
Q2
hardFull explanation →

An administrator is using vLCM to manage a cluster with 4 ESXi hosts. After a remediation, two hosts show a compliance status of 'Non-Compliant' with the message 'Firmware is not compatible with the selected image'. What is the most likely cause?

A

The selected image includes a firmware component that is not compatible with the hosts.

B

The firmware update requires a different ESXi version and was skipped.

C

The hosts were put into maintenance mode during remediation and autopassivation failed.

D

The cluster does not have a Hardware Support Manager configured.

HSM is required for firmware compliance checks.

Why: The correct answer is D because vLCM relies on a Hardware Support Manager (HSM) to validate firmware compatibility against the selected ESXi image. Without an HSM configured, vLCM cannot check firmware versions, so it flags hosts as 'Non-Compliant' with the message 'Firmware is not compatible with the selected image' even if the firmware is actually compatible. This is a common misconfiguration when using vLCM with vSAN or other hardware-dependent clusters.
Q3
easyFull explanation →

An administrator needs to apply a security patch to a vLCM-managed cluster. The patch is available as an ESXi image in the vSphere Lifecycle Manager depot. What is the correct procedure?

A

Create a new desired state image with the patch, validate, and remediate the cluster.

vLCM requires updating the desired image and then remediating.

B

Attach a patch baseline to the cluster and remediate.

C

Export the current image, add the patch, and import it to the cluster.

D

Use Quick Boot to apply the patch to each host individually.

Why: In a vLCM-managed cluster, the correct procedure to apply a security patch is to create a new desired state image that includes the patch from the vSphere Lifecycle Manager depot, validate the image against the cluster's hardware and software compatibility, and then remediate the cluster. This ensures all hosts are updated to the exact same image specification, maintaining consistency and compliance with the desired state.
Q4
mediumFull explanation →

A company has a vLCM-managed cluster with a desired image that includes ESXi 8.0 U1 and multiple VIBs. After remediating, one host fails with an error: 'Failed to retrieve VIBs from depot'. What is the most likely cause?

A

The cluster has a baseline attached that conflicts with the desired image.

B

The image validation failed due to incompatible VIBs.

C

The host firmware is not compatible with the selected VIBs.

D

The vCenter Server does not have internet access to the VMware depot.

vLCM downloads VIBs from the depot; if unreachable, the remediation fails.

Why: The error 'Failed to retrieve VIBs from depot' indicates that vCenter Server cannot reach the depot from which the VIBs are sourced. In a vLCM-managed cluster using a desired image, the image specification includes VIBs that may be hosted on the VMware online depot or a local depot. If vCenter Server lacks internet access to the VMware depot, it cannot download the required VIBs, causing the remediation to fail. This is the most likely cause because the error is specifically about retrieval, not validation or compatibility.
Q5
hardFull explanation →

An administrator is troubleshooting a vLCM cluster where a host fails to remediate with the error: 'Host does not meet the requirements of the selected image'. The host is running ESXi 7.0 U3 and the desired image is ESXi 8.0 U1. What should the administrator check first?

A

Verify that all VIBs in the image are compatible with ESXi 7.0 U3.

B

Ensure that the host has internet access to download the image.

C

Check that the vCenter Server version is at least 8.0.

D

Verify that the host is in maintenance mode before remediation.

vLCM requires hosts to be in maintenance mode for upgrades that require reboot.

Why: Option D is correct because vLCM requires the host to be in maintenance mode before applying a new image, especially when upgrading across major ESXi versions (e.g., 7.0 U3 to 8.0 U1). The error 'Host does not meet the requirements of the selected image' typically occurs when the host is not in maintenance mode, as vLCM cannot stage or reboot the host to apply the new image while VMs are running. Placing the host in maintenance mode ensures that all VMs are migrated or powered off, allowing the remediation process to proceed without disruption.
Q6
easyFull explanation →

An administrator wants to use vLCM to manage a cluster with 10 ESXi hosts. After enabling vLCM, what is the first step to ensure all hosts are running the same desired image?

A

Define a desired state image for the cluster.

vLCM uses a desired image to enforce compliance.

B

Remediate the cluster immediately to apply the default image.

C

Place all hosts into maintenance mode.

D

Create a host upgrade baseline and attach it to the cluster.

Why: With vLCM, the first step after enabling it on a cluster is to define a desired state image. This image specifies the exact ESXi version, firmware, and driver versions that all hosts in the cluster must match. Without defining this image, vLCM has no target configuration to validate or enforce against the hosts.

Want more vSphere Lifecycle Management practice?

Practice this domain
5

Domain 5: vSphere Security

All vSphere Security questions
Q1
mediumFull explanation →

An administrator is troubleshooting a situation where a virtual machine cannot be powered on. The error message indicates insufficient permissions. The VM is in a folder named 'Production' and the administrator has been assigned a custom role with 'Virtual machine > Power On' permission at the folder level. However, the VM is also in a resource pool. What additional permission is most likely missing?

A

Network > Assign network permission on the network

B

Resource > Assign virtual machine to resource pool permission on the resource pool

This permission is necessary to assign the VM to the resource pool during power on.

C

Datastore > Allocate space permission on the datastore

D

Virtual machine > Configuration permission on the VM

Why: To power on a virtual machine that resides in a resource pool, the user must have the 'Resource > Assign virtual machine to resource pool' permission on that resource pool. Even though the user has 'Virtual machine > Power On' at the folder level, the VM's association with the resource pool introduces an additional authorization check. Without this resource pool permission, the power-on operation fails with an insufficient permissions error.
Q2
hardFull explanation →

A security audit reveals that an ESXi host has been compromised due to an attacker gaining root access via the DCUI. The host is configured with a default DCUI password. Which security best practice should have been implemented to prevent this?

A

Configure the DCUI lockdown mode to 'Normal'

Normal lockdown mode restricts DCUI access to local console only.

B

Disable the DCUI service

C

Set a strong password for the root account

D

Disable SSH access

Why: DCUI Lockdown Mode 'Normal' disables direct root access via the Direct Console User Interface (DCUI) by requiring authentication through vCenter Single Sign-On (SSO). This prevents an attacker from using the default or weak DCUI password to gain root access, as the root account is no longer accepted for DCUI login. The mode still allows authorized vCenter administrators to access the host via the DCUI using their SSO credentials, maintaining manageability while eliminating the root password attack vector.
Q3
easyFull explanation →

A vSphere administrator needs to ensure that all HTTPS traffic to ESXi hosts is encrypted using TLS 1.2. Where should the administrator configure the minimum TLS version?

A

Host Advanced Settings (Config.HostAgent.plugins.vimsvc.auth.minTLSVersion)

This advanced setting controls the minimum TLS version.

B

Security Profile in the vSphere Client

C

vCenter Server Appliance (VAMI) web interface

D

ESXi Firewall rules

Why: Option A is correct because the minimum TLS version for ESXi host HTTPS traffic is configured via the host advanced setting `Config.HostAgent.plugins.vimsvc.auth.minTLSVersion`. This setting directly controls the TLS protocol version used by the ESXi host's HTTP services, including the vSphere Client and API endpoints, ensuring only TLS 1.2 or higher is accepted.
Q4
mediumFull explanation →

An administrator is configuring a distributed switch and needs to ensure that all virtual machine traffic on a specific VLAN is isolated. The administrator creates a port group with VLAN ID 100. However, a security scanner reports that packets from this VLAN are appearing on other VLANs. Which security policy setting on the distributed switch should the administrator verify?

A

MAC address changes

B

Forged transmits

C

VLAN trunking

VLAN trunking ensures proper tagging.

D

Promiscuous mode

Why: The VLAN trunking policy on a distributed switch controls whether a port group can pass multiple VLAN IDs (trunk mode) or is restricted to a single VLAN (access mode). When VLAN trunking is enabled, the port group may forward traffic from VLAN 100 onto other VLANs if the virtual switch is configured to allow it, breaking isolation. The administrator should verify that VLAN trunking is disabled (set to 'Reject') to ensure strict VLAN isolation.
Q5
hardFull explanation →

A vSphere environment uses Active Directory for authentication. The administrator notices that users from a specific AD group cannot log in to the vCenter Server, although other AD users can. The group is added to vCenter Server with the correct permissions. What is the most likely cause?

A

The users are not members of the vCenter Single Sign-On domain

B

The user accounts have expired passwords

C

The group is nested within another group

D

The domain of the group is not configured as an identity source in vCenter Single Sign-On

Without the identity source, authentication fails.

Why: The most likely cause is that the domain of the group is not configured as an identity source in vCenter Single Sign-On. Even if the group is added with correct permissions in vCenter Server, vCenter SSO must be able to authenticate users against the domain. Without the domain listed as an identity source, vCenter cannot validate the credentials of users from that group, causing authentication failures for all users in that domain.
Q6
easyFull explanation →

Which TWO actions are recommended to secure the vCenter Server Appliance (VCSA)?

A

Enable the auto-lock feature for the admin account

B

Change the default 'root' password

Default passwords should be changed.

C

Disable SSH access

Disabling SSH reduces attack surface.

D

Configure the password policy for local accounts

E

Enable FIPS 140-2 compliance mode

Why: Option B is correct because changing the default 'root' password is a fundamental security best practice for the VCSA. The default password is well-known and documented, leaving the appliance vulnerable to unauthorized access if not changed immediately after deployment. This action directly mitigates the risk of brute-force or credential-based attacks against the root account.

Want more vSphere Security practice?

Practice this domain
6

Domain 6: vSphere Performance and Scaling

All vSphere Performance and Scaling questions
Q1
mediumFull explanation →

A company's vSphere environment has multiple clusters with varying workloads. The operations team notices that one cluster consistently shows high CPU ready times on several hosts. Which action should be taken to address this performance issue?

A

Increase the memory allocation of VMs with high CPU ready times.

B

Increase the CPU reservation for VMs with high ready times.

C

Reduce the number of virtual CPUs assigned to VMs and consider adding more hosts.

Reducing vCPUs and adding hosts reduces CPU contention.

D

Enable Storage DRS to balance storage I/O load.

Why: High CPU ready times indicate that VMs are contending for physical CPU resources because the host is over-provisioned with vCPUs relative to available pCPUs. Reducing the number of vCPUs per VM decreases scheduling overhead and contention, while adding more hosts increases the total pCPU count, directly alleviating the bottleneck. Option C correctly addresses both the demand-side (vCPU reduction) and supply-side (host addition) of the CPU scheduling issue.
Q2
hardFull explanation →

An administrator wants to ensure that a critical database VM has consistent low-latency access to its virtual disks. The VM currently resides on a datastore backed by a hybrid array. Which configuration change best meets this requirement?

A

Create a VM storage policy that requires flash-based storage and apply it to the VM.

A storage policy with rule set for flash ensures placement on low-latency storage.

B

Configure the VM to use multiple paths with Round Robin policy.

C

Assign a separate VMDK for each critical VM on a dedicated datastore.

D

Enable Storage I/O Control (SIOC) on the datastore.

Why: Option A is correct because creating a VM storage policy that requires flash-based storage and applying it to the VM ensures that the virtual disks are placed on an all-flash datastore, which provides consistent low-latency access. This leverages vSphere Storage Policy-Based Management (SPBM) to enforce placement on flash media, eliminating the variable latency introduced by the HDD tier in a hybrid array.
Q3
easyFull explanation →

A vSphere administrator is planning the storage configuration for a new cluster of 10 hosts running VDI workloads. Each VM requires approximately 100 IOPS for typical operation. Which storage design best balances performance and scalability?

A

Implement vSAN using HDDs with a flash cache tier.

B

Deploy a centralized all-flash FC SAN with multiple paths.

C

Configure each host with local NVMe or SSD drives and use vSphere Local Storage.

Local flash storage provides high IOPS per host and scales with hosts.

D

Use a single NFS datastore on a large spinning-disk array.

Why: Option C is correct because VDI workloads are highly I/O-intensive and latency-sensitive, and local NVMe or SSD drives provide the lowest possible latency by eliminating network and SAN controller overhead. vSphere Local Storage allows each host to independently serve its VMs, which scales linearly with the number of hosts and avoids the contention and cost of a shared storage fabric. This design balances performance and scalability for a 10-host cluster where each VM requires only 100 IOPS, as local flash easily meets that demand without the complexity of a SAN or vSAN.
Q4
mediumFull explanation →

During a performance review, an administrator notices that a VM with 4 vCPUs and 16 GB memory is experiencing over 10% CPU ready time. The host has two 8-core sockets (hyper-threading enabled) and 256 GB memory. The host runs 15 other VMs with varying CPU loads. What is the most likely cause?

A

NUMA node mismatch causing cross-node memory access.

B

CPU hot-add is enabled on the VM.

C

Memory over-provisioning causing ballooning.

D

Over-provisioning of vCPUs on the host leading to contention.

Too many vCPUs relative to cores causes CPU ready time.

Why: Option D is correct because the host has 16 physical cores (with hyper-threading, 32 logical processors), but running 16 VMs with a total of 4 vCPUs each would require 64 vCPUs. This 2:1 over-provisioning ratio, combined with varying CPU loads, leads to contention for physical CPU resources, manifesting as CPU ready time exceeding 10%. CPU ready time measures the percentage of time a VM is ready to run but waiting for a physical CPU to become available.
Q5
hardFull explanation →

A company runs a large vSphere environment with multiple clusters using vSAN. The performance team observes that some VMs are experiencing high latency on reads. The vSAN cluster is configured with 5 hosts, each having one cache tier (NVMe) and one capacity tier (SATA SSD). The VMs are all-flash storage policies. What should the administrator check first?

A

Disable deduplication and compression on the vSAN datastore.

B

Check the vSAN cache hit ratio and verify that the cache tier size is adequate.

Low cache hit ratio leads to reads from capacity tier, increasing latency.

C

Reconfigure the disk groups to use multiple cache devices.

D

Increase the network bandwidth between hosts.

Why: High read latency in an all-flash vSAN environment often indicates that the cache tier is being overwhelmed or is undersized. The cache hit ratio directly measures how often read requests are served from the fast NVMe cache versus the slower SATA SSD capacity tier. A low cache hit ratio means the capacity tier is handling too many reads, causing latency. Checking this ratio is the first diagnostic step before making configuration changes.
Q6
easyFull explanation →

An administrator wants to ensure that VMs running latency-sensitive applications are placed on hosts that minimize CPU scheduling delays. Which DRS setting should be configured?

A

Set DRS migration threshold to the most aggressive setting.

Aggressive DRS balances load to minimize contention.

B

Enable vSphere HA with admission control.

C

Enable Distributed Power Management (DPM).

D

Enable Enhanced vMotion Compatibility (EVC).

Why: DRS migration threshold controls how aggressively DRS moves VMs to balance load. Setting it to the most aggressive level (1) minimizes CPU scheduling delays by proactively migrating VMs to hosts with lower CPU ready times, ensuring latency-sensitive applications have immediate access to CPU resources without waiting for scheduling cycles.

Want more vSphere Performance and Scaling practice?

Practice this domain

Frequently asked questions

How many questions are on the VCP-DCV exam?

The VCP-DCV exam has 70 questions and must be completed in 135 minutes. The passing score is 300/1000.

What types of questions appear on the VCP-DCV exam?

Scenario-based questions covering exam objectives with detailed answer explanations.

How are VCP-DCV questions organised by domain?

The exam covers 6 domains: vSphere Architecture, Products and Solutions, Configure and Manage vSphere Networking, Configure and Manage vSphere Storage, vSphere Lifecycle Management, vSphere Security, vSphere Performance and Scaling. Questions are weighted by domain — higher-weight domains appear more on your actual exam.

Are these the actual VCP-DCV exam questions?

No. These are original exam-style practice questions written against the official VMware VCP-DCV exam objectives. They are not copied from the real exam. Courseiva focuses on genuine understanding, not memorisation of braindumps.

Ready to practice all 70 VCP-DCV questions?

Courseiva tracks your accuracy per domain and routes you toward weak areas automatically. Free, no account required.

Browse all VCP-DCV questionsTake a timed practice test