CCNA Virtual Machines and Hypervisors Questions

58 questions · Virtual Machines and Hypervisors · All types, answers revealed

1
Drag & Dropmedium

Drag and drop the steps of NUMA-aware VM placement process into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

NUMA-aware placement begins with checking the host topology. Then, the VM's vCPU count is compared to the NUMA node size. Next, the VM is assigned to a specific NUMA node.

After that, memory is allocated from that node. Finally, the VM is started to enforce the placement.

2
MCQmedium

Consider the following BGP configuration: router bgp 65000 bgp router-id 10.0.0.1 neighbor 10.0.0.2 remote-as 65001 neighbor 10.0.0.2 route-map SET-MED out ! route-map SET-MED permit 10 set metric 50 ! What is the effect of this route-map on outbound updates to neighbor 10.0.0.2?

A.It sets the MED to 50 for all routes advertised to 10.0.0.2, but only if they match a prefix-list.
B.It sets the MED to 50 for all routes advertised to 10.0.0.2.
C.It sets the local preference to 50 for routes received from 10.0.0.2.
D.It filters all routes to 10.0.0.2 because there is no match statement.
AnswerB

Correct. The route-map permits all routes and sets MED to 50.

Why this answer

The route-map SET-MED is applied to outbound updates to neighbor 10.0.0.2 with a permit sequence 10 and a set metric 50 command, but no match statement. In BGP, a route-map with a permit clause and no match condition matches all routes by default. Therefore, the MED (Multi-Exit Discriminator) attribute is set to 50 for every route advertised to that neighbor.

Exam trap

Cisco often tests the misconception that a route-map without a match statement will deny or filter all routes, but in reality, a permit clause with no match matches everything and applies the set actions.

How to eliminate wrong answers

Option A is wrong because the route-map does not reference any prefix-list, so it applies to all routes, not only those matching a prefix-list. Option C is wrong because the set metric command modifies the MED, not local preference; local preference is set with set local-preference and is an inbound attribute. Option D is wrong because a permit route-map without a match statement does not filter routes; it matches all routes and applies the set actions.

3
MCQmedium

Examine the following partial configuration on a Cisco IOS-XE device: interface GigabitEthernet0/1 ip address 10.1.1.1 255.255.255.0 ip ospf hello-interval 5 ip ospf dead-interval 20 ! What is the effect of this configuration?

A.The router will send OSPF hello packets every 5 seconds and declare a neighbor dead after 20 seconds of no hello.
B.The router will send OSPF hello packets every 10 seconds and declare a neighbor dead after 40 seconds, overriding the configuration.
C.The configuration is invalid because the dead interval must be exactly four times the hello interval.
D.The router will not form OSPF adjacencies because the hello and dead intervals are not default.
AnswerA

Correct. The hello interval is 5 seconds, dead interval is 20 seconds, maintaining the 4:1 ratio.

Why this answer

Option A is correct because the `ip ospf hello-interval 5` command sets the OSPF hello interval to 5 seconds, and the `ip ospf dead-interval 20` command sets the dead interval to 20 seconds. These per-interface commands override the default hello interval of 10 seconds and dead interval of 40 seconds for broadcast networks, allowing the router to send hello packets every 5 seconds and declare a neighbor dead after 20 seconds of no hello reception.

Exam trap

Cisco often tests the misconception that the dead interval must always be exactly four times the hello interval, but in reality, while the default ratio is 4:1, you can configure any values as long as they match on neighboring routers.

How to eliminate wrong answers

Option B is wrong because it incorrectly states that the router will send hello packets every 10 seconds and use a dead interval of 40 seconds, which would only occur if the default intervals were used; the explicit configuration overrides these defaults. Option C is wrong because while the dead interval is typically four times the hello interval by default, Cisco IOS-XE allows manual configuration of any hello and dead intervals, and the configuration is valid as long as both intervals are set consistently on neighboring routers. Option D is wrong because the router can still form OSPF adjacencies with non-default hello and dead intervals, provided that the neighboring routers are configured with matching hello and dead intervals; mismatched intervals prevent adjacency formation, not the fact that they are non-default.

4
Matchingmedium

Drag and drop each CPU feature on the left to its matching virtualization purpose on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Enables hardware-assisted virtualization for Intel CPUs

Reduces memory overhead for nested page tables

Allows direct assignment of PCIe devices to VMs

Enables hardware-assisted virtualization for AMD CPUs

Improves TLB management across VM context switches

Why these pairings

VT-x enables hardware-assisted virtualization for Intel CPUs, EPT reduces memory overhead for nested page tables, SR-IOV allows direct device assignment to VMs, AMD-V is AMD's equivalent of VT-x, and VPID improves TLB management across VM switches.

5
Matchingmedium

Drag and drop each VM storage type on the left to its matching characteristic on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Allocates storage on demand, grows as needed

Pre-allocates full storage at creation

Provides direct access to a physical LUN

VMware virtual disk file format

Hyper-V virtual disk file format

Why these pairings

Thin provisioning allocates space on demand, thick provisioning allocates full space at creation, RDM provides direct LUN access, VMDK is VMware's virtual disk format, and VHDX is Hyper-V's virtual disk format.

6
MCQmedium

A network engineer is migrating a physical server running a critical database to a virtual machine on a VMware vSphere cluster. The database requires high I/O performance and low latency. The engineer decides to use VMFS datastores with multiple extents to improve performance. After migration, the database performance is worse than on the physical server. What is the most likely reason?

A.VMFS datastores with multiple extents can cause I/O to span multiple LUNs, increasing latency.
B.The VMFS datastore does not support files larger than 2 TB.
C.The virtual disk is configured as thin provisioned, causing write amplification.
D.The virtual disk is configured as thick eager zeroed, causing slow initial writes.
AnswerA

Correct because multiple extents can lead to I/O being split across LUNs, adding overhead.

Why this answer

VMFS datastores with multiple extents distribute data across multiple LUNs, which can cause I/O operations to span physical storage devices. This introduces additional latency due to the need for coordination across LUNs, negating the performance benefit expected from a single, contiguous LUN. For a database requiring high I/O and low latency, this spanning effect degrades performance compared to a physical server with direct-attached storage.

Exam trap

Cisco often tests the misconception that multiple extents improve performance by aggregating bandwidth, when in fact they increase latency due to I/O spanning and SCSI locking overhead.

How to eliminate wrong answers

Option B is wrong because VMFS datastores support files larger than 2 TB; VMFS-5 and later allow virtual disks up to 62 TB, so file size is not the issue. Option C is wrong because thin provisioning can cause write amplification due to on-demand allocation, but the question specifies the engineer used multiple extents, and thin provisioning is not mentioned as the chosen configuration; the primary performance issue here is the extent spanning. Option D is wrong because thick eager zeroed pre-allocates and zeros blocks during creation, which can slow initial writes but does not explain ongoing poor performance after migration; the problem is persistent latency from multi-extent I/O.

7
MCQmedium

An architect is designing a virtualized service chain for a campus network using NFV. The chain must include a firewall, WAN optimizer, and IPS. The architect needs to minimize latency by placing VNFs on the same hypervisor host. Which design consideration is most important?

A.Ensure all VNFs are pinned to the same NUMA node on the hypervisor host.
B.Use a Type 2 hypervisor to reduce overhead.
C.Place each VNF on a separate physical host to avoid resource contention.
D.Enable DPDK on the virtual switch to accelerate packet processing.
AnswerA

This minimizes memory access latency and improves performance for the service chain.

Why this answer

Option A is correct because pinning all VNFs to the same NUMA node on the hypervisor host minimizes inter-NUMA memory access latency, which is critical for achieving low-latency packet processing in an NFV service chain. When VNFs are placed on different NUMA nodes, memory accesses must traverse the QPI/UPI interconnect, adding significant latency. By co-locating the firewall, WAN optimizer, and IPS on the same NUMA node, the architect ensures that all packet processing stays within the same memory domain, reducing latency to the minimum possible on that host.

Exam trap

Cisco often tests the misconception that DPDK or a Type 2 hypervisor is the primary solution for low-latency NFV, when in fact NUMA awareness is the foundational requirement that must be addressed first.

How to eliminate wrong answers

Option B is wrong because Type 2 hypervisors (hosted on an OS) introduce additional overhead from the host OS scheduler and drivers, which increases latency compared to Type 1 (bare-metal) hypervisors; the question requires minimizing latency, so a Type 2 hypervisor is counterproductive. Option C is wrong because placing each VNF on a separate physical host forces packets to traverse the network between hosts, adding switching and link latency that is far higher than any intra-host contention; this directly contradicts the goal of minimizing latency. Option D is wrong because enabling DPDK on the virtual switch accelerates packet processing by bypassing the kernel, but it does not address the fundamental latency penalty of cross-NUMA memory access; DPDK is a performance optimization, not a substitute for proper NUMA placement.

8
MCQeasy

An engineer is configuring a virtual machine on a Microsoft Hyper-V host. The VM runs a legacy application that requires a static MAC address. The engineer sets the MAC address in the VM settings. After the VM starts, the application cannot communicate on the network. The engineer verifies that the MAC address is not duplicated on the network. What is the most likely cause?

A.The static MAC address is not within the allowed range for Hyper-V virtual machines.
B.The VM is configured to use a dynamic MAC address, overriding the static setting.
C.The VM's network adapter is set to use the legacy network adapter type.
D.The VM is a generation 2 VM, which does not support static MAC addresses.
AnswerA

Correct because Hyper-V enforces a specific MAC address range for static assignments to avoid conflicts.

Why this answer

Hyper-V enforces a specific range for static MAC addresses assigned to virtual machines. The default allowed range is 00-15-5D-XX-XX-XX, derived from the Microsoft Organizationally Unique Identifier (OUI). If the engineer configured a MAC address outside this range (e.g., starting with a different OUI), Hyper-V will not allow the VM to use it, effectively breaking network communication even though the address is not duplicated on the network.

Exam trap

Cisco often tests the misconception that any static MAC address can be assigned to a Hyper-V VM, when in reality the address must fall within the Microsoft OUI range (00-15-5D-XX-XX-XX) to be accepted by the hypervisor.

How to eliminate wrong answers

Option B is wrong because if the engineer explicitly sets a static MAC address in the VM settings, Hyper-V does not override it with a dynamic address; the static setting takes precedence. Option C is wrong because the legacy network adapter type (used for PXE boot or older OS compatibility) does support static MAC addresses and would not prevent communication solely due to its type. Option D is wrong because Generation 2 VMs fully support static MAC addresses; the misconception that they do not is incorrect, as static MAC assignment is a standard feature across both Generation 1 and Generation 2 VMs.

9
Matchingmedium

Drag and drop each VM storage type on the left to its matching characteristic on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Allocates storage only as data is written

Allocates all required storage at creation

Provides direct LUN access to a VM

VMware virtual disk file format

Microsoft virtual hard disk format

Why these pairings

Thin provisioning allocates space on demand. Thick provisioning allocates all space at creation. RDM (Raw Device Mapping) provides direct access to a LUN.

VMDK is the virtual disk file format. VHDX is Microsoft’s virtual hard disk format.

10
Multi-Selecthard

Which three statements about virtual machine (VM) resource allocation and overcommitment are true? (Choose three.)

Select 3 answers
A.Memory overcommitment allows the sum of all virtual machine memory allocations to exceed the physical RAM of the host.
B.CPU overcommitment is achieved by scheduling virtual CPUs onto physical cores, often with a ratio greater than 1:1.
C.Overcommitment always guarantees better performance for all virtual machines.
D.Storage overcommitment is supported by thin provisioning, where virtual disks consume only the space actually used.
E.A hypervisor cannot overcommit CPU resources because each vCPU must be pinned to a dedicated physical core.
AnswersA, B, D

Correct because hypervisors can use techniques like ballooning to overcommit memory.

Why this answer

Memory overcommitment allows more total vRAM than physical RAM. CPU overcommitment is common and can be managed. Overcommitment can cause performance issues if resources are oversubscribed.

Storage is not typically overcommitted in the same manner as CPU/memory.

11
MCQmedium

Given the following EIGRP configuration: router eigrp 100 network 10.0.0.0 0.255.255.255 metric weights 0 1 1 1 0 0 ! What is the effect of the 'metric weights' command?

A.It sets the EIGRP metric to use bandwidth, load, and delay, ignoring reliability and MTU.
B.It disables EIGRP metric calculation and uses a fixed metric of 1.
C.It sets the EIGRP metric to use only bandwidth and delay, ignoring load, reliability, and MTU.
D.It configures EIGRP to use the default K values (1,0,1,0,0).
AnswerA

Correct. K1=1 (bandwidth), K2=1 (load), K3=1 (delay), K4=0, K5=0.

Why this answer

The 'metric weights' command in EIGRP allows you to modify the K values used in the composite metric calculation. The syntax is 'metric weights tos k1 k2 k3 k4 k5'. Here, the values are 0 1 1 1 0 0, meaning k1 (bandwidth) = 1, k2 (load) = 1, k3 (delay) = 1, k4 (reliability) = 0, k5 (MTU) = 0.

This results in the metric using bandwidth, load, and delay, while ignoring reliability and MTU. Option A correctly describes this effect.

Exam trap

Cisco often tests the exact mapping of the 'metric weights' command arguments to K values, and the trap here is that candidates confuse the order or assume that a value of 0 disables the entire metric calculation rather than just that specific component.

How to eliminate wrong answers

Option B is wrong because the 'metric weights' command does not disable metric calculation or set a fixed metric; it customizes the K values used in the composite metric formula. Option C is wrong because it states that only bandwidth and delay are used, but the configuration includes k2=1, which includes load in the calculation. Option D is wrong because the default K values are 1,0,1,0,0 (k1=1, k2=0, k3=1, k4=0, k5=0), but the given command sets k2=1, which deviates from the default.

12
Drag & Dropmedium

Drag and drop the steps of SR-IOV configuration for VM network bypass into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The configuration begins with enabling SR-IOV in the BIOS, then creating virtual functions, assigning them to the VM, and finally installing drivers inside the VM.

13
Multi-Selectmedium

Which two statements about Type 1 and Type 2 hypervisors are true? (Choose two.)

Select 2 answers
A.Type 1 hypervisors have direct access to physical hardware resources.
B.Type 2 hypervisors run directly on the physical server without a host operating system.
C.Type 1 hypervisors require a host operating system for resource management.
D.Type 2 hypervisors rely on the host operating system for device drivers and resource scheduling.
E.Type 1 hypervisors can only support a single virtual machine per physical host.
AnswersA, D

Correct because Type 1 hypervisors run directly on the hardware, allowing direct resource access.

Why this answer

Type 1 hypervisors run directly on hardware and are commonly used in data centers; Type 2 hypervisors run on a host OS and are often used for testing or desktop virtualization. Option A is correct because Type 1 hypervisors have direct access to hardware resources, which improves performance. Option D is correct because Type 2 hypervisors rely on the host OS for resource management, adding overhead.

Option B is incorrect because Type 2 hypervisors do not run directly on hardware. Option C is incorrect because Type 1 hypervisors do not require a host OS. Option E is incorrect because Type 1 hypervisors can support multiple VMs, not just one.

14
MCQeasy

A network engineer is designing a disaster recovery solution using VMware vSphere. The engineer needs to replicate virtual machines from the primary site to a secondary site with minimal downtime. The application VMs are running on NFS datastores. The engineer plans to use vSphere Replication. What prerequisite must be met for vSphere Replication to work with NFS datastores?

A.The NFS datastores must be mounted on both the source and target ESXi hosts.
B.The NFS datastores must be backed by a storage array that supports snapshot offloading.
C.The VMs must be configured with thick provisioning eager zeroed disks.
D.The NFS datastores must be part of a vSAN cluster.
AnswerA

Correct because vSphere Replication needs access to the source datastore to read data and the target datastore to write replicas.

Why this answer

vSphere Replication operates at the hypervisor level, replicating VM data from the source ESXi host to the target ESXi host. For NFS datastores, the source and target hosts must each have the NFS datastore mounted because vSphere Replication reads the VM files from the source NFS mount and writes them to the target NFS mount. Without both mounts, the replication engine cannot access the source data or place the replica on the target storage.

Exam trap

Cisco often tests the misconception that NFS datastores require array-level features (like snapshot offloading) or special disk provisioning for replication, when in fact vSphere Replication only needs both source and target hosts to have the NFS datastore mounted to read and write VM data.

How to eliminate wrong answers

Option B is wrong because snapshot offloading is a feature of storage array-based replication (e.g., VAAI for array snapshots), not a requirement for vSphere Replication, which uses host-based replication and does not depend on storage array capabilities. Option C is wrong because vSphere Replication supports thin and thick provisioned disks; thick provisioning eager zeroed is not a prerequisite, and using it would unnecessarily consume storage space without enabling replication. Option D is wrong because vSAN is a separate hyper-converged storage solution; vSphere Replication works independently of vSAN and does not require NFS datastores to be part of a vSAN cluster.

15
MCQmedium

A network engineer is deploying a new virtualized application on a VMware vSphere cluster. The application requires dedicated CPU cores to meet licensing requirements, and the engineer must ensure that no other virtual machine can use those cores. The cluster uses VMware ESXi 7.0. Which configuration should the engineer apply to the virtual machine?

A.Configure CPU affinity to pin the VM to specific physical cores.
B.Set a CPU reservation equal to the number of vCPUs.
C.Enable NUMA node affinity for the VM.
D.Configure a CPU limit equal to the number of vCPUs.
AnswerA

Correct because CPU affinity binds the VM to designated cores, ensuring exclusive use.

Why this answer

CPU affinity (option A) is the correct configuration because it explicitly binds a virtual machine's vCPUs to specific physical cores, ensuring that no other VM can use those cores. This meets the licensing requirement for dedicated CPU cores by preventing co-scheduling or sharing of those physical cores with other workloads, which CPU reservation alone does not guarantee.

Exam trap

The trap here is that candidates confuse CPU reservation with dedicated core assignment, assuming that reserving CPU resources guarantees exclusive access to physical cores, when in fact reservation only guarantees resource availability, not exclusivity.

How to eliminate wrong answers

Option B is wrong because a CPU reservation guarantees that the specified amount of CPU resources (in MHz) will be available to the VM, but it does not prevent other VMs from using the same physical cores; the hypervisor can still schedule other VMs on those cores when the VM is idle. Option C is wrong because NUMA node affinity optimizes memory locality for performance by binding a VM to a specific NUMA node, but it does not provide exclusive access to individual CPU cores; other VMs can still run on cores within that NUMA node. Option D is wrong because a CPU limit caps the maximum CPU usage of the VM, but it does not reserve or dedicate cores; it only restricts the VM from consuming more than the specified amount, and other VMs can still use the same physical cores.

16
MCQeasy

A network team is planning to migrate from a Type 2 hypervisor to a Type 1 hypervisor for their production VMs. They need to understand the architectural impact. Which statement correctly describes a key difference between Type 1 and Type 2 hypervisors?

A.Type 1 hypervisors run directly on the physical hardware, while Type 2 hypervisors run on top of a host operating system.
B.Type 1 hypervisors require a host OS for device drivers, while Type 2 hypervisors include their own drivers.
C.Type 2 hypervisors are always more secure than Type 1 because of the additional OS layer.
D.Type 1 hypervisors cannot support hardware passthrough, but Type 2 can.
AnswerA

This is the fundamental architectural difference.

Why this answer

Option A is correct because Type 1 hypervisors (bare-metal) run directly on the physical hardware without an underlying operating system, providing direct access to hardware resources and better performance. Type 2 hypervisors (hosted) run as an application on top of a host operating system, which introduces additional overhead and resource contention. This architectural difference is fundamental to understanding virtualization performance and isolation in production environments.

Exam trap

Cisco often tests the misconception that Type 2 hypervisors are more secure due to an additional OS layer, but the trap here is that the extra layer actually increases the attack surface and reduces security isolation compared to a Type 1 hypervisor.

How to eliminate wrong answers

Option B is wrong because Type 1 hypervisors include their own built-in device drivers and do not require a host OS for device drivers; Type 2 hypervisors rely on the host OS for driver support. Option C is wrong because Type 2 hypervisors are generally less secure than Type 1 due to the larger attack surface introduced by the host OS layer, not more secure. Option D is wrong because Type 1 hypervisors fully support hardware passthrough (e.g., PCIe passthrough via Intel VT-d or AMD IOMMU), while Type 2 hypervisors often have limited or more complex passthrough support due to the host OS abstraction.

17
MCQmedium

A data center architect is designing a virtualized environment for a latency-sensitive application. The application requires dedicated CPU cores and memory to avoid performance degradation. Which hypervisor feature should be configured to meet this requirement?

A.Enable CPU pinning and memory reservation for the VM.
B.Use a shared storage solution to reduce I/O latency.
C.Configure the VM with a large vNUMA node to spread memory access.
D.Enable memory overcommitment to maximize utilization.
AnswerA

This guarantees dedicated resources and avoids contention with other VMs.

Why this answer

Option A is correct because CPU pinning binds a VM's virtual CPUs to specific physical cores, ensuring dedicated processing resources and preventing CPU contention from other VMs. Memory reservation guarantees that the specified amount of physical memory is always available to the VM, eliminating the risk of memory swapping or ballooning that would introduce latency. Together, these features provide the deterministic performance required for latency-sensitive applications in a virtualized environment.

Exam trap

Cisco often tests the distinction between resource allocation features that guarantee performance (CPU pinning and memory reservation) versus features that optimize utilization or storage I/O, leading candidates to mistakenly select shared storage or memory overcommitment when the question explicitly demands dedicated resources.

How to eliminate wrong answers

Option B is wrong because shared storage solutions (e.g., NFS, iSCSI, Fibre Channel) address I/O latency for storage access, not CPU or memory contention; the question specifically requires dedicated CPU cores and memory, not storage performance. Option C is wrong because configuring a VM with a large vNUMA node spreads memory access across multiple NUMA nodes, which can increase remote memory access latency and degrade performance for latency-sensitive applications; the goal is to keep memory access local, not spread it. Option D is wrong because memory overcommitment allows the hypervisor to allocate more virtual memory to VMs than physical memory exists, relying on swapping or ballooning to reclaim memory, which introduces unpredictable latency and violates the requirement for dedicated memory.

18
Multi-Selecthard

Which three statements about virtual networking and hypervisor switches are true? (Choose three.)

Select 3 answers
A.A standard virtual switch (vSwitch) operates at Layer 2 and can forward frames between virtual machines on the same host.
B.A distributed virtual switch (DVS) provides consistent network configuration across multiple ESXi hosts in a cluster.
C.Virtual switches support VLAN tagging using IEEE 802.1Q trunking between the hypervisor and physical switches.
D.Spanning Tree Protocol (STP) must always be enabled on virtual switches to prevent loops in the virtual network.
E.A virtual switch can only be configured with a single port group for all virtual machines.
AnswersA, B, C

Correct because a vSwitch is a Layer 2 switch that connects VMs within a host.

Why this answer

Virtual switches (vSwitch) forward frames between VMs and physical NICs. They support VLANs and port groups. A distributed switch spans multiple hosts.

Virtual switches do not require STP because loops are prevented by design.

19
Drag & Dropmedium

Drag and drop the steps of deploying a virtual machine from a template in VMware vSphere into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

Deploying from a template begins with selecting the template and specifying a name and location. Next, the compute resource (host or cluster) is chosen, followed by storage. Customization specifications (like hostname and IP) are applied, and finally the VM is powered on.

20
MCQeasy

An architect is designing a virtualized environment for network functions that require direct access to physical NICs for performance. The hypervisor must support PCI passthrough. Which hypervisor type is best suited for this requirement?

A.Type 1 hypervisor (e.g., VMware ESXi or KVM).
B.Type 2 hypervisor (e.g., VirtualBox or VMware Workstation).
C.Container runtime (e.g., Docker).
D.Bare-metal server without virtualization.
AnswerA

Type 1 hypervisors have direct hardware control and support PCI passthrough.

Why this answer

A Type 1 hypervisor (bare-metal) runs directly on the hardware and has direct access to physical resources, including PCIe devices. It supports PCI passthrough (e.g., Intel VT-d or AMD IOMMU), which allows a virtual machine to directly access a physical NIC without hypervisor intervention, maximizing performance for network functions. VMware ESXi and KVM are common Type 1 hypervisors that implement this capability.

Exam trap

Cisco often tests the distinction between Type 1 and Type 2 hypervisors, and the trap here is that candidates may assume any hypervisor can support PCI passthrough, overlooking the architectural overhead of Type 2 hypervisors that prevents direct hardware access.

How to eliminate wrong answers

Option B is wrong because a Type 2 hypervisor (e.g., VirtualBox or VMware Workstation) runs on top of a host OS, adding an extra layer that introduces latency and typically does not support direct PCI passthrough to physical NICs for production-grade performance. Option C is wrong because container runtimes (e.g., Docker) share the host kernel and do not provide direct access to physical PCI devices; they rely on the host's network stack, which cannot achieve the same performance as PCI passthrough for network functions. Option D is wrong because a bare-metal server without virtualization cannot host multiple virtualized network functions simultaneously, which defeats the purpose of a virtualized environment; the question explicitly requires virtualization.

21
MCQhard

A network engineer is troubleshooting performance issues on a VMware ESXi host running multiple VMs. The host has two physical CPUs, each with 8 cores (16 logical processors with Hyper-Threading enabled). One VM, configured with 8 vCPUs, experiences high CPU ready time. Other VMs on the host are idle. What is the most likely cause of the high CPU ready time?

A.The VM's vCPUs span multiple NUMA nodes, causing memory access delays.
B.Hyper-Threading is disabled on the ESXi host.
C.The host is overcommitted with too many vCPUs.
D.The VM has more vCPUs than physical cores on a single socket.
AnswerA

Correct because when vCPUs are spread across NUMA nodes, memory access becomes non-local, increasing ready time.

Why this answer

The VM has 8 vCPUs, but each physical CPU has only 8 cores (16 logical processors with Hyper-Threading). Since a single NUMA node typically corresponds to one physical CPU socket, an 8-vCPU VM cannot fit entirely within one NUMA node if the VM's vCPUs exceed the number of physical cores on that socket (8 cores). The hypervisor must span the VM across both NUMA nodes, causing remote memory access and increasing CPU ready time due to NUMA latency.

Exam trap

Cisco often tests the misconception that CPU ready time is always caused by overcommitment, but here the trap is that a VM with vCPUs equal to the number of cores per socket can still suffer NUMA spanning if the hypervisor schedules vCPUs across sockets, especially when Hyper-Threading is enabled and the VM size matches a socket's core count but not its logical processor count.

How to eliminate wrong answers

Option B is wrong because Hyper-Threading is enabled on the host (16 logical processors per socket), and disabling it would reduce logical CPUs, not cause high ready time for an 8-vCPU VM on an otherwise idle host. Option C is wrong because the host is not overcommitted; other VMs are idle, and the total vCPUs (only 8 from this VM) are far below the 32 logical processors available. Option D is wrong because the VM has 8 vCPUs, which equals the number of physical cores on a single socket (8 cores), not more; the issue is that vCPUs are scheduled across sockets, not that they exceed core count.

22
MCQhard

A network engineer is troubleshooting a VMware vSphere cluster where a VM with a large memory footprint (256 GB) is experiencing poor performance. The host has two NUMA nodes, each with 128 GB of memory. The VM is configured with 256 GB of memory and 4 vCPUs. Performance monitoring shows high memory latency and CPU ready time. What is the most likely cause?

A.The VM's memory size forces it to span multiple NUMA nodes, increasing memory access latency.
B.The VM has too few vCPUs for the memory size.
C.The host is using memory ballooning to reclaim memory from other VMs.
D.The host's memory is overcommitted.
AnswerA

Correct because when a VM's memory exceeds a single NUMA node, memory accesses cross nodes, causing higher latency.

Why this answer

The VM is configured with 256 GB of memory, but each NUMA node on the host has only 128 GB. Since a single NUMA node cannot satisfy the VM's memory allocation, the hypervisor must split the VM across both NUMA nodes. This forces memory accesses to cross the NUMA interconnect (e.g., QPI or UPI), which introduces significantly higher latency compared to local memory access, directly causing the observed high memory latency and increased CPU ready time.

Exam trap

Cisco often tests the misconception that memory performance issues are always due to overcommitment or ballooning, but the trap here is that the VM's memory size exactly matches the total host memory, leading candidates to overlook the NUMA boundary constraint.

How to eliminate wrong answers

Option B is wrong because the number of vCPUs (4) is not directly related to memory latency; CPU ready time is affected by vCPU-to-pCPU scheduling contention, not by memory size. Option C is wrong because memory ballooning reclaims memory from VMs to avoid overcommitment, but it does not cause high memory latency or CPU ready time; it would instead cause guest OS swapping or performance degradation due to memory pressure. Option D is wrong because memory overcommitment would lead to ballooning or swapping, not specifically to NUMA-spanning latency; the host has exactly 256 GB total memory, so the VM's allocation is not overcommitted.

23
Drag & Dropmedium

Drag and drop the steps of vSphere VM snapshot creation and revert steps into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The correct order ensures that the snapshot is taken and then, if needed, the VM is powered off before reverting to the snapshot, and finally powered back on.

24
Multi-Selecthard

Which three statements about hypervisor security and isolation are true? (Choose three.)

Select 3 answers
A.A VM escape attack occurs when an attacker breaks out of a virtual machine to access the hypervisor or other VMs.
B.Virtual machines are inherently isolated from each other and do not require any additional security measures.
C.The hypervisor must enforce memory and device isolation to prevent one VM from accessing another VM's data.
D.Regularly patching the hypervisor and reducing its attack surface are important security practices.
E.Virtual machines have direct access to physical hardware resources such as CPU and memory.
AnswersA, C, D

Correct because VM escape is a known security risk that compromises isolation.

Why this answer

Hypervisor security is critical to prevent VM escape and ensure isolation. Option A is correct because VM escape is a serious vulnerability where code in a VM breaks out to the hypervisor. Option C is correct because the hypervisor should enforce strict isolation between VMs to prevent data leakage.

Option D is correct because keeping the hypervisor patched and minimizing its attack surface are key security practices. Option B is incorrect because VMs are not inherently isolated from each other; isolation depends on hypervisor design. Option E is incorrect because VMs do not have direct access to physical hardware; the hypervisor mediates access.

25
MCQmedium

An architect is planning a virtualized infrastructure for a branch office that will host a Cisco ISRv router and a local DHCP server. The architect wants to minimize management overhead and ensure the VMs can be easily backed up. Which hypervisor deployment model is most appropriate?

A.Deploy a Type 1 hypervisor on the branch server and manage VMs via a centralized vCenter or similar tool.
B.Use a Type 2 hypervisor on a desktop PC at the branch.
C.Run the ISRv and DHCP server as containers on the same host.
D.Install the ISRv directly on physical hardware without virtualization.
AnswerA

This provides robust management, backup, and performance for production VMs.

Why this answer

A Type 1 hypervisor (bare-metal) runs directly on the server hardware, providing near-native performance for the Cisco ISRv router and DHCP server. Centralized management via vCenter or similar tools reduces administrative overhead and enables efficient VM backup and recovery, meeting the architect's requirements for minimal management overhead and easy backup.

Exam trap

Cisco often tests the distinction between Type 1 and Type 2 hypervisors in the context of network functions like ISRv, where the trap is that candidates may choose a Type 2 hypervisor for simplicity, overlooking the performance and management overhead penalties for production branch office deployments.

How to eliminate wrong answers

Option B is wrong because a Type 2 hypervisor runs on top of an existing operating system (e.g., VMware Workstation on Windows), which adds overhead, reduces performance for network functions like ISRv, and complicates backup and centralized management. Option C is wrong because containers share the host OS kernel and do not provide the full virtualization isolation required for a Cisco ISRv router, which expects a dedicated virtual machine environment; containers also complicate backup compared to VM snapshots. Option D is wrong because installing ISRv directly on physical hardware eliminates virtualization benefits, making backup more difficult (physical server backup vs.

VM snapshots) and increasing management overhead for the branch office.

26
Matchingmedium

Drag and drop each container technology on the left to its matching orchestration tool on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Kubernetes

LXD

Kubernetes

Kubernetes

Proxmox VE

Why these pairings

Docker is orchestrated by Docker Swarm or Kubernetes, but Kubernetes is the primary orchestrator; LXC/LXD is orchestrated by LXD; containerd is often used with Kubernetes; rkt was orchestrated by Kubernetes; and OpenVZ is managed by Proxmox VE.

27
Matchingmedium

Drag and drop each hypervisor product on the left to its matching vendor on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

VMware

Red Hat

Microsoft

Citrix

Oracle

Why these pairings

VMware vSphere is from VMware, KVM is from Red Hat (open source, but Red Hat is the primary commercial backer), Microsoft Hyper-V is from Microsoft, Xen is from Citrix (originally from the Xen Project), and Oracle VM is from Oracle.

28
Multi-Selectmedium

Which two statements about virtual machine migration (vMotion and cold migration) are true? (Choose two.)

Select 3 answers
A.vMotion migrates a running virtual machine from one host to another with no downtime.
B.Cold migration requires the virtual machine to be powered off before it can be moved to a different host.
C.Storage vMotion allows the virtual machine's disk files to be moved between datastores while the VM remains running.
D.vMotion requires that both source and destination hosts share the same physical storage.
E.Cold migration can only be performed within the same vCenter Server and cannot move VMs to a different datacenter.
AnswersB, C, D

Correct because cold migration moves a VM that is in a powered-off state.

Why this answer

vMotion allows live migration of a running VM with minimal downtime. Cold migration requires the VM to be powered off. Storage vMotion moves VM files between datastores.

Shared storage is required for vMotion.

29
Drag & Dropmedium

Drag and drop the steps of KVM VM provisioning via virsh CLI into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The provisioning process starts with defining the VM XML, then starting it, installing the OS, and finally accessing the console.

30
MCQmedium

Examine the following configuration: interface GigabitEthernet0/0 ip address 172.16.1.1 255.255.255.0 ipv6 address 2001:db8:1::1/64 ipv6 ospf 100 area 0 ! What is missing from this configuration to enable OSPFv3 on this interface?

A.The configuration is complete; no additional commands are needed.
B.The command 'ipv6 router ospf 100' must be added globally to create the OSPFv3 process.
C.The interface needs the 'ipv6 ospf network point-to-point' command to work.
D.The 'ipv6 unicast-routing' command must be enabled globally.
AnswerB

Correct. The global OSPFv3 process must be created before interface configuration will take effect.

Why this answer

Option B is correct because OSPFv3 requires an active OSPFv3 process on the router before it can be enabled on any interface. The 'ipv6 router ospf 100' global command creates the OSPFv3 process with process ID 100, which is necessary for the interface-level 'ipv6 ospf 100 area 0' command to function. Without this global process, the interface configuration is incomplete and OSPFv3 will not operate.

Exam trap

Cisco often tests the requirement that an OSPFv3 process must be created globally with 'ipv6 router ospf <process-id>' before interface-level OSPFv3 commands will work, leading candidates to mistakenly think the interface configuration alone is sufficient.

How to eliminate wrong answers

Option A is wrong because the configuration is not complete; the OSPFv3 process must be created globally with 'ipv6 router ospf 100' for the interface command to take effect. Option C is wrong because 'ipv6 ospf network point-to-point' is an optional command used to override the default network type (e.g., broadcast) and is not required for basic OSPFv3 operation on this interface. Option D is wrong because 'ipv6 unicast-routing' enables IPv6 routing globally but is not specifically required for OSPFv3; OSPFv3 can run without it as long as IPv6 is configured, though it is commonly enabled for practical routing.

31
Matchingmedium

Drag and drop each CPU feature on the left to its matching virtualization purpose on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Intel hardware virtualization support

Reduces memory virtualization overhead

Enables direct VM access to physical NIC

Provides direct I/O device assignment

AMD hardware virtualization support

Why these pairings

VT-x enables hardware-assisted virtualization for Intel CPUs. EPT (Extended Page Tables) reduces memory overhead by handling guest page tables in hardware. SR-IOV allows a physical NIC to appear as multiple virtual functions.

VT-d provides direct I/O access for VMs. AMD-V is AMD’s equivalent of VT-x.

32
Drag & Dropmedium

Drag and drop the steps of vSphere VM snapshot creation and revert steps into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The correct order starts with taking the snapshot and ends with reverting to it. First, the snapshot is taken while the VM is running. Then, changes are made to the VM.

Next, the snapshot is reverted to restore the previous state. After that, the snapshot is deleted to free storage. Finally, the VM continues running without the snapshot.

33
Drag & Dropmedium

Drag and drop the steps of NUMA-aware VM placement process into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The order starts with enabling NUMA in the BIOS, then configuring the hypervisor, creating the VM with NUMA settings, and finally verifying placement and performance.

34
MCQmedium

An enterprise is deploying a KVM-based virtualization platform for network functions. The architect must choose a networking model that allows VNFs to communicate with minimal overhead and supports VLAN trunking. Which virtual networking component should be used?

A.Linux bridge with VLAN tagging enabled on the bridge interface.
B.macvtap in bridge mode, which bypasses the Linux bridge.
C.Open vSwitch with DPDK for maximum performance.
D.Host-only networking with NAT to isolate VNFs.
AnswerA

This provides VLAN trunking and low-overhead connectivity for VNFs.

Why this answer

A Linux bridge with VLAN tagging enabled on the bridge interface is the correct choice because it provides a standard Layer 2 forwarding path with native 802.1Q VLAN trunking support, allowing VNFs to communicate with minimal overhead. Unlike more complex solutions, the Linux bridge operates in kernel space with low latency and does not require additional userspace processing, making it ideal for KVM-based NFV deployments where performance and simplicity are key.

Exam trap

Cisco often tests the misconception that macvtap in bridge mode is a drop-in replacement for a Linux bridge, but it fails to support VLAN trunking because it does not expose a bridge interface for VLAN filtering on the host.

How to eliminate wrong answers

Option B is wrong because macvtap in bridge mode bypasses the Linux bridge entirely and does not support VLAN trunking natively; it creates a direct connection between the VM and the physical interface, preventing the use of 802.1Q tags on the host side. Option C is wrong because Open vSwitch with DPDK, while offering maximum performance through userspace packet processing, introduces significant complexity and overhead for a scenario that only requires basic bridging and VLAN trunking, and is not necessary for minimal overhead. Option D is wrong because host-only networking with NAT isolates VNFs from the external network and does not support VLAN trunking; it is designed for private communication between VMs and the host, not for production NFV deployments requiring VLAN segmentation.

35
MCQmedium

A network team is deploying a virtualized WAN optimization appliance. The appliance must be able to process traffic at line rate on a 10 Gbps link. The hypervisor host has multiple physical NICs. Which design choice will best ensure the VM can achieve the required throughput?

A.Assign the VM a virtual function (VF) using SR-IOV on the physical NIC.
B.Use a standard virtual switch with a single vCPU for the VM.
C.Enable jumbo frames on the virtual switch only.
D.Configure the VM with multiple vNICs and use NIC teaming.
AnswerA

SR-IOV provides near-native performance by giving the VM direct NIC access.

Why this answer

SR-IOV (Single Root I/O Virtualization) allows a physical NIC to present multiple virtual functions (VFs) directly to a VM, bypassing the hypervisor's virtual switch. This reduces CPU overhead and latency, enabling the VM to achieve near line-rate throughput on a 10 Gbps link by allowing direct hardware access for data plane traffic.

Exam trap

Cisco often tests the misconception that adding more vNICs or teaming can solve throughput issues, but the real bottleneck is the hypervisor's software switching overhead, which SR-IOV eliminates by providing direct hardware pass-through.

How to eliminate wrong answers

Option B is wrong because a standard virtual switch with a single vCPU introduces significant CPU overhead and context-switching latency, which cannot sustain 10 Gbps line-rate processing. Option C is wrong because enabling jumbo frames on the virtual switch only does not reduce the hypervisor's I/O bottleneck; jumbo frames must also be supported end-to-end on the physical NIC and VM to improve throughput, but they alone cannot guarantee line rate. Option D is wrong because multiple vNICs with NIC teaming in the VM adds complexity and still relies on the hypervisor's virtual switch for packet forwarding, which introduces software overhead that prevents achieving line-rate performance on a 10 Gbps link.

36
MCQeasy

What is the default OSPF hello interval on a broadcast multi-access network (e.g., Ethernet)?

A.10 seconds
B.30 seconds
C.5 seconds
D.40 seconds
AnswerA

Correct. The default hello interval on broadcast networks is 10 seconds.

Why this answer

On a broadcast multi-access network like Ethernet, OSPF defaults to a hello interval of 10 seconds. This is defined in RFC 2328 and is used to quickly detect neighbor failures while keeping control traffic overhead manageable. The corresponding dead interval is 40 seconds (4 times the hello interval).

Exam trap

Cisco often tests the distinction between hello and dead intervals, and candidates confuse the 40-second dead interval with the hello interval, or incorrectly recall the NBMA hello interval of 30 seconds.

How to eliminate wrong answers

Option B is wrong because 30 seconds is the default hello interval for OSPF on non-broadcast multi-access (NBMA) networks, not broadcast multi-access. Option C is wrong because 5 seconds is not a standard OSPF hello interval; it is sometimes used in tuned configurations but is not the default. Option D is wrong because 40 seconds is the default dead interval on broadcast networks, not the hello interval.

37
MCQmedium

An enterprise is migrating a legacy application from a physical server to a virtual machine on a KVM-based hypervisor. The application requires direct access to a PCIe network interface card for performance reasons. The engineer needs to provide the VM with dedicated hardware access while maintaining isolation from other VMs. Which technology should the engineer use?

A.Use PCI passthrough to assign the NIC directly to the VM.
B.Enable SR-IOV and assign a virtual function to the VM.
C.Configure a paravirtualized network driver (virtio).
D.Attach the VM to a Linux bridge using macvtap.
AnswerA

Correct because PCI passthrough gives the VM exclusive access to the physical NIC.

Why this answer

PCI passthrough (Option A) is correct because it assigns the entire physical PCIe NIC directly to the VM, giving it exclusive, dedicated hardware access with full performance and no hypervisor overhead. This meets the requirement for direct access while maintaining isolation, as other VMs cannot use the same device.

Exam trap

Cisco often tests the distinction between PCI passthrough (dedicated, exclusive access) and SR-IOV (shared, but with virtual functions), and the trap here is that candidates may choose SR-IOV thinking it provides 'dedicated' access, when in fact it still involves the PF and is designed for sharing the physical NIC among multiple VMs.

How to eliminate wrong answers

Option B is wrong because SR-IOV assigns a virtual function (VF) to the VM, which provides near-direct access but still involves the physical function (PF) and the hypervisor's IOMMU for mediation, not fully dedicated hardware access like passthrough. Option C is wrong because paravirtualized drivers (virtio) emulate a network device in software, adding hypervisor overhead and not providing direct PCIe hardware access. Option D is wrong because macvtap connects the VM to a Linux bridge via a tap interface, which uses software switching and does not grant direct hardware access to the NIC.

38
Matchingmedium

Drag and drop each VM network mode on the left to its matching behavior description on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

VM appears as a separate device on the physical network

VM uses host IP for outbound connectivity

VM communicates only with host and other VMs on same virtual switch

VM communicates only with other VMs on same virtual switch, not with host

VM connects to a user-defined virtual switch

Why these pairings

Bridged mode connects the VM to the physical network as if it were a separate host. NAT mode allows the VM to share the host’s IP address for outbound access. Host-only mode creates an isolated network between the host and VMs.

Internal mode isolates VMs from the host. Custom mode allows the user to select a specific virtual switch.

39
Drag & Dropmedium

Drag and drop the steps of Docker container networking with bridge mode into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The order reflects the default bridge network creation, container attachment, IP assignment, and then communication with the outside world via NAT.

40
Drag & Dropmedium

Drag and drop the steps of KVM VM provisioning via virsh CLI into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

KVM provisioning via virsh begins with defining the VM XML configuration. Then, the VM is started using virsh start. Next, the VM's console is accessed to complete OS installation.

After that, the VM is shut down gracefully. Finally, the VM is restarted for production use.

41
MCQeasy

What is the maximum hop count for EIGRP?

A.15
B.255
C.16
D.100
AnswerB

Correct. EIGRP has a maximum hop count of 255.

Why this answer

EIGRP uses a maximum hop count of 255, which is a hard limit encoded in the protocol's metric field. This allows EIGRP to scale to much larger networks than distance-vector protocols like RIP, which have a hop count limit of 15. The hop count is not used as a primary metric in EIGRP but serves as a loop-prevention mechanism, and routes with a hop count exceeding 255 are considered unreachable.

Exam trap

Cisco often tests the difference between RIP's 15-hop limit and EIGRP's 255-hop limit, and the trap here is that candidates confuse the hop count limit with the administrative distance (100) or the RIP unreachable metric (16).

How to eliminate wrong answers

Option A is wrong because 15 is the maximum hop count for RIP (Routing Information Protocol), not EIGRP; this is a classic confusion between distance-vector protocols. Option C is wrong because 16 is the 'unreachable' metric in RIP, not a valid EIGRP hop count limit. Option D is wrong because 100 is the default administrative distance for EIGRP internal routes, not the maximum hop count.

42
Matchingmedium

Drag and drop each container technology on the left to its matching orchestration tool on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Kubernetes

OpenShift

Multi-container local orchestration

HashiCorp orchestrator

Container runtime used by Kubernetes

Why these pairings

Docker containers are orchestrated by Docker Swarm or Kubernetes (Kubernetes is the most common). Kubernetes is itself an orchestration tool for containers (including Docker). OpenShift is Red Hat’s Kubernetes-based platform.

Docker Compose is used for multi-container local development. Nomad is HashiCorp’s orchestrator for containers and other workloads.

43
MCQmedium

Consider the following configuration snippet: router bgp 65000 bgp router-id 192.168.1.1 neighbor 10.0.0.2 remote-as 65001 neighbor 10.0.0.2 timers 10 30 ! What is the effect of the 'timers 10 30' command under the BGP neighbor?

A.It sets the keepalive interval to 10 seconds and the hold time to 30 seconds for all BGP neighbors.
B.It sets the keepalive interval to 10 seconds and the hold time to 30 seconds for neighbor 10.0.0.2 only.
C.It sets the BGP keepalive interval to 30 seconds and the hold time to 10 seconds for neighbor 10.0.0.2.
D.It configures the BGP session to use a keepalive of 10 seconds and a hold time of 30 seconds, but only if the neighbor supports it.
AnswerB

Correct. The timers command under a neighbor applies only to that neighbor.

Why this answer

Option B is correct because the 'timers 10 30' command under the BGP neighbor configuration mode sets the keepalive interval to 10 seconds and the hold time to 30 seconds specifically for that neighbor (10.0.0.2). This per-neighbor timer configuration overrides any global BGP timers set under the router bgp process, allowing granular control over individual BGP sessions.

Exam trap

Cisco often tests the distinction between global and per-neighbor BGP timer configuration, and the trap here is that candidates confuse the 'timers' command under neighbor with the global 'timers bgp' command, or misorder the keepalive and hold time values.

How to eliminate wrong answers

Option A is wrong because the command is applied under the neighbor configuration, not globally; global BGP timers are set using the 'timers bgp' command under router bgp, which affects all neighbors. Option C is wrong because it reverses the order: the first value is the keepalive interval (10 seconds), and the second is the hold time (30 seconds), not the other way around. Option D is wrong because BGP timers are unilaterally configured and advertised to the neighbor; the session will use the configured values if the neighbor accepts them, but the command does not conditionally apply only if the neighbor supports it—it is always sent in the OPEN message.

44
MCQmedium

Which BGP attribute is preferred when it has the lowest value?

A.Weight
B.Local Preference
C.MED (Multi-Exit Discriminator)
D.AS Path Length
AnswerC

Correct. A lower MED is preferred.

Why this answer

The Multi-Exit Discriminator (MED) is a BGP attribute used to influence inbound traffic from neighboring ASes. A lower MED value is preferred when multiple paths are received from the same neighboring AS, making it the correct answer for an attribute preferred with the lowest value.

Exam trap

Cisco often tests the misconception that all BGP attributes follow a 'higher is better' rule, but MED is a key exception where lower is better, and candidates may confuse it with Local Preference or Weight which are higher-is-better.

How to eliminate wrong answers

Option A is wrong because Weight is a Cisco-proprietary attribute that is preferred when it has the highest value, not the lowest. Option B is wrong because Local Preference is used to influence outbound traffic from an AS and is preferred with the highest value. Option D is wrong because AS Path Length is preferred when it is the shortest (lowest number of AS hops), but the question asks for an attribute preferred with the lowest value, and MED is the only one among the options that explicitly uses a lower-is-better metric for its specific purpose.

45
Multi-Selectmedium

Which two statements about virtual machine migration (vMotion/VMware) or live migration (Hyper-V) are true? (Choose two.)

Select 2 answers
A.During live migration, the virtual machine must be powered off to transfer memory contents.
B.Live migration copies the memory state of the VM from the source host to the destination host while the VM continues to run.
C.Live migration requires that both source and destination hosts use the same shared storage for the VM's virtual disks.
D.Both source and destination hosts must have compatible CPU feature sets to ensure the VM does not encounter instruction errors after migration.
E.After a live migration, the virtual machine's IP address changes to match the new network segment.
AnswersB, D

Correct because the hypervisor iteratively copies memory pages to the destination with minimal downtime.

Why this answer

Live migration moves a running VM between hosts with minimal downtime. Option B is correct because live migration typically copies memory pages iteratively while the VM runs. Option D is correct because both the source and destination hosts must have compatible CPU features (e.g., same CPU family or Enhanced vMotion Compatibility).

Option A is incorrect because the VM must remain powered on during live migration. Option C is incorrect because shared storage is often used but not mandatory; storage vMotion can migrate without shared storage. Option E is incorrect because the VM retains its IP address and network state after migration.

46
MCQhard

A company is deploying Cisco CSR1000v virtual routers in a KVM environment. The architect needs to ensure high availability by allowing VMs to move between physical hosts without service interruption. Which feature must be supported by the hypervisor and storage?

A.Live migration with shared storage (e.g., NFS or iSCSI).
B.Cold migration with local storage only.
C.Storage vMotion without shared storage.
D.Using a distributed virtual switch without shared storage.
AnswerA

This allows the VM to move while preserving memory state and disk access.

Why this answer

Live migration (also known as VM migration) allows a running virtual machine to move between physical hosts with zero downtime. For this to work in a KVM environment with Cisco CSR1000v routers, the hypervisor must support live migration, and the storage must be shared (e.g., NFS or iSCSI) so that the VM's disk image remains accessible from both source and destination hosts. Without shared storage, the VM's disk state cannot be preserved during migration, causing service interruption.

Exam trap

Cisco often tests the distinction between live migration (requires shared storage) and vMotion/Storage vMotion (VMware-specific terms), leading candidates to confuse cross-hypervisor features or assume distributed virtual switches solve storage issues.

How to eliminate wrong answers

Option B is wrong because cold migration requires the VM to be powered off, which causes service interruption, contradicting the requirement for high availability without service interruption. Option C is wrong because Storage vMotion is a VMware-specific feature that allows migration without shared storage, but the question specifies a KVM environment, and even in VMware, it requires shared storage for live migration; without shared storage, the VM's disk must be copied, causing downtime. Option D is wrong because a distributed virtual switch (DVS) is a networking abstraction that does not address storage requirements; without shared storage, the VM's disk is inaccessible on the destination host, preventing live migration.

47
MCQmedium

An engineer is deploying a Linux virtual machine on a KVM hypervisor. The VM needs to be connected to a virtual network that provides isolation from other VMs on the same host but allows communication with the host and external networks. The engineer creates a Linux bridge and attaches the VM's tap interface to it. However, the VM cannot reach the external network. The host has a physical NIC (eth0) connected to the corporate network. What is the missing configuration step?

A.Add the physical NIC (eth0) as a port to the Linux bridge.
B.Configure a default gateway on the VM's network interface.
C.Assign an IP address to the Linux bridge interface.
D.Enable IP forwarding and configure NAT on the host.
AnswerA

Correct because the bridge must include the physical NIC to forward traffic to the external network.

Why this answer

A Linux bridge acts like a virtual switch. To allow the VM to reach the external network, the physical NIC (eth0) must be added as a port to the bridge. This bridges the VM's tap interface with the host's physical network, enabling Layer 2 connectivity to the corporate network and upstream routing.

Exam trap

The trap here is that candidates confuse bridging with NAT or routing, assuming that IP forwarding or NAT is required for external access, when in fact a bridged setup simply needs the physical NIC as a bridge port to extend Layer 2 connectivity.

How to eliminate wrong answers

Option B is wrong because a default gateway on the VM is necessary for routing beyond the local subnet, but it is not the missing step—the VM cannot even reach the host or external network without the bridge being connected to the physical NIC. Option C is wrong because assigning an IP to the bridge interface is required for the host to communicate on the bridged network, but the VM's inability to reach the external network is due to the lack of physical connectivity, not the bridge's IP. Option D is wrong because enabling IP forwarding and NAT is only needed if the host is acting as a router for the VM (e.g., in a routed or NAT-based setup), but the scenario describes a bridged network where the VM should be on the same Layer 2 segment as the host's physical network, not NAT'd.

48
Matchingmedium

Drag and drop each VM network mode on the left to its matching behavior on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

VM appears as a separate device on the physical network

VM uses host IP address for outbound traffic

VM can communicate only with the host and other VMs on the same host

VM can communicate only with other VMs on the same host

VM connects to a specific virtual switch

Why these pairings

Bridged mode shares the host's physical network, NAT uses the host's IP for outbound traffic, host-only isolates VMs from external networks, internal mode allows VM-to-VM communication only, and custom mode uses a specific virtual switch.

49
Drag & Dropmedium

Drag and drop the steps of creating a virtual machine in VMware ESXi using the vSphere Client into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

Creating a VM starts with naming it and selecting a compatibility level. Then the guest OS is chosen, followed by storage. Virtual hardware (CPU, memory, disk) is configured, and the VM is finalized and powered on.

50
MCQhard

A company is deploying a virtualized firewall on a VMware ESXi host. The firewall VM requires high network throughput and low latency. The engineer decides to use SR-IOV to assign a virtual function (VF) from a physical NIC to the VM. After configuration, the VM can communicate, but the host's management network becomes unreachable. What is the most likely cause?

A.The physical NIC's PF is also used for the host management network, and SR-IOV configuration disrupted it.
B.The VM's VF is using the same MAC address as the host management interface.
C.The ESXi host requires a dedicated physical NIC for management when using SR-IOV.
D.The VM's VF is consuming all available bandwidth on the NIC.
AnswerA

Correct because SR-IOV can interfere with the PF if the management network is on the same port.

Why this answer

When SR-IOV is enabled on a physical NIC, the Physical Function (PF) is shared between the host management network and the Virtual Functions (VFs). If the PF is used for the host management network, enabling SR-IOV can disrupt the PF's driver or configuration, causing the management network to become unreachable. This is a common misconfiguration where the same NIC is used for both management and SR-IOV VFs.

Exam trap

Cisco often tests the misconception that SR-IOV requires a dedicated management NIC, but the real issue is that the same PF cannot serve both management and SR-IOV VFs without disruption.

How to eliminate wrong answers

Option B is wrong because SR-IOV VFs are assigned unique MAC addresses by the hypervisor, and a MAC address conflict would cause connectivity issues for the VM, not the host management network. Option C is wrong because ESXi does not require a dedicated physical NIC for management when using SR-IOV; it only requires that the PF used for management is not also used for SR-IOV VFs. Option D is wrong because bandwidth consumption by the VM's VF would degrade performance but would not make the host management network unreachable; the management network would still be accessible, albeit potentially slower.

51
Multi-Selecthard

Which three statements about virtual machine (VM) resource allocation and overcommitment are true? (Choose three.)

Select 3 answers
A.Memory overcommitment allows a hypervisor to run VMs with total allocated memory exceeding physical RAM.
B.CPU overcommitment can lead to performance degradation if the physical CPU cores are insufficient for the workload.
C.Overcommitment guarantees that each VM receives its allocated resources without interference.
D.Storage overcommitment using thin provisioning can cause performance issues if the underlying storage runs out of space.
E.Resource overcommitment is only applicable to memory, not CPU or storage.
AnswersA, B, D

Correct because hypervisors use techniques like ballooning to reclaim memory from idle VMs.

Why this answer

Resource overcommitment allows a hypervisor to allocate more virtual resources than physical resources, but careful monitoring is required to avoid performance issues. Option A is correct because memory overcommitment uses techniques like ballooning or swapping. Option B is correct because CPU overcommitment can lead to contention if many VMs compete for CPU time.

Option D is correct because storage overcommitment can cause performance degradation if thin provisioning leads to oversubscription. Option C is incorrect because overcommitment does not guarantee isolation; it can actually reduce isolation. Option E is incorrect because overcommitment is not limited to memory; it applies to CPU and storage as well.

52
Drag & Dropmedium

Drag and drop the steps of SR-IOV configuration for VM network bypass into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

SR-IOV configuration starts with enabling SR-IOV in the BIOS. Then, virtual functions (VFs) are created on the physical NIC. Next, the hypervisor is configured to pass a VF to the VM.

After that, the VM is assigned the VF as a PCI device. Finally, the VM boots and uses the VF directly.

53
Drag & Dropmedium

Drag and drop the steps of Docker container networking with bridge mode into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

Bridge networking starts with creating a Docker bridge network. Then, a container is run attached to that bridge. Next, the container gets an IP from the bridge subnet.

After that, port mapping is configured for external access. Finally, the container communicates with others via the bridge.

54
MCQmedium

A company is deploying a multi-tenant data center using VMware vSphere. The architect must ensure that each tenant’s virtual machines (VMs) are isolated at Layer 2 while sharing the same physical NICs. Which design approach best meets this requirement?

A.Configure a single standard virtual switch and assign each VM to a separate port group with unique VLAN IDs.
B.Deploy a separate physical NIC for each tenant and bridge them to the VMs.
C.Use a distributed virtual switch with VLAN trunking and assign all VMs to the same port group.
D.Enable promiscuous mode on the virtual switch to allow all VMs to see each other’s traffic.
AnswerA

This isolates traffic at Layer 2 using VLANs, meeting the requirement.

Why this answer

Option A is correct because configuring a standard virtual switch with separate port groups and unique VLAN IDs provides Layer 2 isolation between tenants by leveraging 802.1Q VLAN tagging. Each VM’s traffic is tagged with its assigned VLAN ID, ensuring that VMs in different port groups cannot communicate directly at Layer 2, even though they share the same physical NICs.

Exam trap

The trap here is that candidates often confuse VLAN trunking (which carries multiple VLANs on a single link) with port group assignment, mistakenly thinking that placing all VMs in the same port group with trunking provides isolation, when in fact it collapses all tenants into a single broadcast domain.

How to eliminate wrong answers

Option B is wrong because deploying a separate physical NIC for each tenant defeats the requirement to share the same physical NICs, and bridging them to VMs does not provide efficient Layer 2 isolation in a multi-tenant design. Option C is wrong because using a distributed virtual switch with VLAN trunking and assigning all VMs to the same port group would place all tenants in the same broadcast domain, breaking Layer 2 isolation. Option D is wrong because enabling promiscuous mode on the virtual switch allows all VMs to see each other’s traffic, which completely violates the isolation requirement.

55
Matchingmedium

Drag and drop each hypervisor product on the left to its matching vendor on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

VMware

Red Hat

Microsoft

Citrix

Oracle

Why these pairings

VMware vSphere is from VMware, KVM is from Red Hat (open source, often associated with Red Hat), Hyper-V is from Microsoft, Xen is from Citrix, and Oracle VM Server is from Oracle.

56
Drag & Dropmedium

Drag and drop the steps of a VM live migration process in vSphere into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

In vSphere live migration (vMotion), the source host first copies memory pages to the destination while the VM continues running. It then marks pages as dirty and iteratively copies them. Once the remaining dirty pages are small enough, the VM is quiesced, final memory and state are copied, and the VM resumes on the destination host.

57
Multi-Selectmedium

Which two statements about Type 1 and Type 2 hypervisors are true? (Choose two.)

Select 2 answers
A.A Type 1 hypervisor runs directly on the physical hardware without a host operating system.
B.A Type 2 hypervisor runs directly on the physical hardware without a host operating system.
C.VMware ESXi is an example of a Type 2 hypervisor.
D.VMware Workstation is an example of a Type 2 hypervisor.
E.Type 1 hypervisors are typically used for desktop virtualization in enterprise environments.
AnswersA, D

Correct because Type 1 hypervisors (bare-metal) install directly on the server hardware.

Why this answer

Type 1 hypervisors run directly on hardware and are used in data centers. Type 2 hypervisors run on a host OS and are common in labs. VMware ESXi is a Type 1 hypervisor.

VMware Workstation is Type 2.

58
MCQmedium

Review the following OSPF configuration: router ospf 1 network 192.168.1.0 0.0.0.255 area 0 network 10.0.0.0 0.255.255.255 area 1 default-information originate always metric 20 metric-type 1 ! What is the effect of the 'default-information originate always metric 20 metric-type 1' command?

A.It injects a default route into OSPF only if a default route exists in the routing table, with metric 20 and type E1.
B.It injects a default route into OSPF unconditionally, with metric 20 and type E1.
C.It injects a default route into OSPF with metric 20 and type E2, but only if a default route exists.
D.It injects a default route into OSPF with metric 20 and type E1, but only for area 0.
AnswerB

Correct. 'always' forces advertisement even without a default route. Metric-type 1 means E1.

Why this answer

The 'default-information originate always' command injects a default route into the OSPF link-state database unconditionally, even if no default route exists in the routing table. The 'metric 20' sets the OSPF cost to 20, and 'metric-type 1' makes it an E1 (Type 1) external route, meaning the metric includes the internal cost to the ASBR plus the external cost.

Exam trap

Cisco often tests the distinction between 'default-information originate' (conditional) and 'default-information originate always' (unconditional), and the difference between metric-type 1 (E1) and metric-type 2 (E2), to see if candidates understand the exact behavior of each keyword.

How to eliminate wrong answers

Option A is wrong because the 'always' keyword causes the default route to be injected unconditionally, not only if a default route exists in the routing table. Option C is wrong because the command specifies 'metric-type 1', which results in an E1 route, not an E2 route; additionally, the 'always' keyword removes the condition of a pre-existing default route. Option D is wrong because the 'default-information originate' command applies to the entire OSPF process, not just area 0; the network statements define which interfaces participate in which areas, but the default route is advertised into all areas unless filtered.

Ready to test yourself?

Try a timed practice session using only Virtual Machines and Hypervisors questions.