VMware Certified Professional Data Center Virtualization VCP-DCV (VCP-DCV) — Questions 76150

511 questions total · 7pages · All types, answers revealed

Page 1

Page 2 of 7

Page 3
76
Multi-Selecthard

An administrator is troubleshooting a vLCM cluster where remediation fails with 'Host cannot be updated due to missing VIB'. The desired image includes the VIB. Which THREE actions should the administrator take?

Select 3 answers
A.Verify that the software depot URL is accessible from vCenter.
B.Ensure that the host firmware is up to date.
C.Check the host's acceptance level for the VIB.
D.Review the host's current installed VIB list for conflicts.
E.Check if a baseline is attached that conflicts.
AnswersA, C, D

If the depot is unreachable, VIBs cannot be retrieved.

Why this answer

Option A is correct because vLCM retrieves VIBs from a software depot URL configured in the desired image. If vCenter cannot reach that URL (e.g., due to network issues, firewall rules, or DNS resolution failure), the remediation process will fail with 'missing VIB' even though the VIB is listed in the image specification. Verifying accessibility ensures the depot is reachable via HTTP/HTTPS and that the repository metadata can be downloaded.

Exam trap

The trap here is that candidates confuse vLCM's desired image model with legacy baseline-based remediation, leading them to incorrectly select option E about conflicting baselines.

77
Multi-Selectmedium

Which TWO of the following are required to configure vMotion encryption for a VM? (Choose two.)

Select 2 answers
A.The source and destination hosts must be from the same vendor.
B.The source and destination ESXi hosts must be version 6.5 or later.
C.A Key Management Server (KMS) must be configured in vCenter.
D.The virtual hardware version of the VM must be 11 or later.
E.The VM must have encryption enabled at the VM level.
AnswersB, D

vMotion encryption is supported from ESXi 6.5 onward.

Why this answer

Options A and D are correct. Option A: The host must support vMotion encryption (ESXi 6.5+). Option D: The VM must have virtual hardware version 11 or later.

Option B is incorrect because VM encryption is separate; vMotion encryption can be enabled independently. Option C is incorrect because both sides need not be identical; they just need to support encryption. Option E is incorrect because a KMS is not required for vMotion encryption; only for VM encryption.

78
MCQhard

Refer to the exhibit. An administrator notices that two uplinks are down on the VDS. Which step should be taken first to restore redundancy?

A.Check the physical switch ports and cables for uplink2 and uplink3.
B.Increase the MTU to 9000 to improve performance.
C.Disable LACP on the VDS to allow single-uplink operation.
D.Remove the down uplinks from the VDS.
AnswerA

Physical connectivity issues are the most common cause of down uplinks.

79
MCQeasy

Based on the Healthcheck output for a distributed port (DVS Port 1) on dvs0, what can be concluded?

A.The uplinks vmnic0 and vmnic1 are operating at 10 Gbps.
B.The physical switch is correctly configured for VLAN 100 and MTU 1500 on the uplinks connected to this host.
C.The load balancing policy is set to 'Route based on IP hash'.
D.The port is experiencing high packet loss due to misconfiguration.
AnswerB

The VLAN Status and MTU Status are both OK, indicating end-to-end connectivity matches.

Why this answer

Option A is correct because the Healthcheck shows VLAN ID 100 and MTU 1500 with 'OK' status, indicating the physical network is properly configured for those values. Option B is incorrect because the Healthcheck does not evaluate speed/duplex. Option C is incorrect because the teaming policy is shown as 'Route based on originating virtual port', which is a valid policy.

Option D is incorrect because the Healthcheck does not measure performance; it only checks configuration consistency.

80
MCQhard

An administrator wants to deploy a new ESXi host using vSphere Lifecycle Manager (vLCM). The host has a different hardware version than the cluster baseline. Which action is required?

A.Use a host profile to apply the configuration.
B.Create a separate cluster with a compatible image specification for the new host.
C.Replace the host hardware to match the baseline.
D.Manually install the same ESXi version on the host before adding to the cluster.
AnswerB

Hardware differences may require a different image.

Why this answer

Option C is correct. vLCM uses hardware compatibility checks; if the host is not compatible, it must be placed in a separate cluster or remediated via image-based management. Option A is not standard. Option B is handled by vLCM automatically if compatible.

Option D is incorrect as vLCM can handle heterogeneous hardware if using clusters with multiple hardware vendors.

81
Multi-Selecteasy

Which TWO are valid methods to monitor vSphere performance metrics?

Select 2 answers
A.PowerCLI scripts that retrieve performance data.
B.VMware Workstation.
C.vCenter Log Insight.
D.vSphere Performance Charts.
E.esxtop (or resxtop).
AnswersD, E

Built-in tool for performance monitoring.

Why this answer

D is correct because vSphere Performance Charts is a built-in feature of the vSphere Client that provides real-time and historical performance metrics for ESXi hosts, VMs, and other objects. It allows administrators to monitor CPU, memory, network, and disk utilization through customizable graphs and reports, directly integrated into the vCenter management interface.

Exam trap

The trap here is that candidates often confuse log analysis tools (like Log Insight) with performance monitoring tools, or assume that any scripting interface (like PowerCLI) qualifies as a monitoring method, when the VCP-DCV exam specifically tests knowledge of native vSphere monitoring utilities like Performance Charts and esxtop.

82
MCQmedium

Refer to the exhibit. An administrator sees two DRS recommendations. Which action should the administrator take first to reduce cluster imbalance?

A.Migrate Web01 to host04 first
B.Migrate DB01 to host04 first
C.Migrate both VMs simultaneously
D.Ignore the recommendations; the cluster is balanced
AnswerB

DB01 provides a 15% benefit, which is higher, reducing imbalance faster.

Why this answer

The DB01 migration provides a higher benefit (15%) compared to Web01 (10%). Starting with the higher impact migration reduces imbalance more effectively.

83
Multi-Selectmedium

Which TWO of the following are prerequisites for enabling jumbo frames on a vSphere host for storage traffic?

Select 2 answers
A.The virtual machine guest OS must support jumbo frames
B.The VMkernel port must be configured with MTU 9000
C.The storage array must support jumbo frames
D.The vCenter Server must be configured for jumbo frames
E.The physical switches must support jumbo frames
AnswersB, E

The VMkernel interface must have MTU set to 9000.

Why this answer

Jumbo frames require physical switch support and VMkernel port MTU configuration. The storage array, guest OS, and vCenter do not directly affect host-level jumbo frame operation.

84
MCQhard

A vSphere administrator configures a VVol datastore on a Pure Storage array. The administrator creates a storage policy with a custom tag. After attaching the policy to a VM, the VM remains uncompliant. What is the most likely cause?

A.The storage array does not support the capability specified in the policy.
B.The storage array is not VASA-compliant.
C.The datastore cluster is not configured for Storage DRS.
D.The VVol datastore is using NFS protocol instead of iSCSI.
AnswerA

Correct: The policy tag must match a capability advertised by the array.

Why this answer

VVol storage policies rely on capabilities advertised by the array via VASA. If the array does not advertise the tag used in the policy, VMs remain uncompliant. Option A is incorrect because protocols like NFS or iSCSI do not affect VVol compliance.

Option B is incorrect because VVols do not use VMFS. Option D is incorrect because storage DRS is irrelevant for a single VM.

85
MCQmedium

A company has a vSphere cluster with ESXi hosts that are managed by vSphere Lifecycle Manager using a single image. The cluster includes hosts from different hardware vendors. After a recent hardware refresh, new hosts with a different network adapter are added. The administrator applies the cluster image, but the new hosts fail to enter maintenance mode for remediation. What is the most likely cause?

A.The cluster's DRS is set to fully automated, preventing manual maintenance mode.
B.The vCenter Server user account lacks the 'Host.Inventory.Create' permission.
C.The new hosts are not added to the vCenter Server inventory correctly.
D.The cluster image includes an incompatible driver for the new network adapter.
AnswerD

The image must include the correct driver for the host hardware.

Why this answer

Option A is correct because the cluster image may lack the required driver for the new network adapter, causing the host to fail pre-remediation checks. Option B is wrong because permission issues would typically show different errors. Option C is wrong because if hosts were not properly added, they wouldn't appear in the cluster.

Option D is wrong because DRS automation does not prevent maintenance mode initiation.

86
MCQmedium

A vSphere administrator is troubleshooting connectivity issues for a virtual machine that is unable to communicate with other VMs on the same VLAN. The VM is connected to a distributed port group on a vSphere Distributed Switch (vDS). The administrator verifies that the VM's IP configuration is correct and that the port group is configured with the correct VLAN ID. However, the VM can only communicate with other VMs on the same ESXi host. What is the most likely cause?

A.The vDS is not configured with a VLAN trunking policy.
B.The VM's network adapter is configured with the wrong MAC address.
C.The distributed port group has forging transmits set to reject.
D.The physical switch ports connecting the ESXi hosts are not configured as trunk ports for the VLAN.
AnswerD

If physical switch ports are not trunking the VLAN, frames tagged with that VLAN will be dropped, preventing cross-host communication while intra-host communication (no physical switch) works.

Why this answer

Option C is correct because if VMs on the same VLAN cannot communicate across hosts, the physical switch ports connecting ESXi hosts are likely not configured as trunk ports for that VLAN. This prevents VLAN-tagged frames from passing between hosts. Option A is incorrect because VLAN trunking policy on the vDS is not required for basic VLAN communication; the port group VLAN ID handles tagging.

Option B is incorrect because the MAC address is automatically assigned and would not cause host-only communication. Option D is incorrect because the 'forging transmits' security policy controls MAC address changes, not basic connectivity.

87
Multi-Selectmedium

Which THREE memory-related metrics in esxtop indicate that a virtual machine is experiencing memory pressure? (Choose three.)

Select 2 answers
A.SWCUR
B.%SYS
C.ACTV
D.MCTLSZ
E.%RDY
AnswersA, D

SWCUR shows swapped memory, a clear indicator of memory pressure.

Why this answer

ACTV shows active memory; SWCUR indicates current swapped memory; MCTLSZ shows memory balloon driver size. These directly indicate pressure. %SYS is CPU-related, %RDY is CPU ready.

88
MCQmedium

An organization has a vLCM-managed cluster with 5 ESXi 8.0 hosts. The desired image includes ESXi 8.0 U1 and a specific third-party storage driver VIB. The administrator recently updated the desired image to a new version of the storage driver. After remediation, three hosts show 'Compliant' but two hosts show 'Non-Compliant' with the error: 'VIB missing: storage-driver-vib'. The administrator confirms that the VIB is present in the image and that the hosts were recently added to the cluster. What is the most likely cause of the non-compliance on the two hosts?

A.The two hosts have incompatible firmware for the storage driver.
B.The two hosts have a host acceptance level set to 'CommunitySupported' while the VIB requires 'PartnerSupported'.
C.The VIB was not included in the image for those hosts.
D.The vCenter Server cannot reach the software depot for those hosts.
AnswerB

vLCM respects host acceptance levels; if lower, VIB is skipped.

Why this answer

When a host is added to a vLCM-managed cluster, the desired image is applied to it. If the host's acceptance level (e.g., 'CommunitySupported') is lower than the VIB's required acceptance level (e.g., 'PartnerSupported'), vLCM will refuse to install the VIB, causing a 'Non-Compliant' status with a 'VIB missing' error. This is a common issue when hosts are imported from environments with relaxed acceptance policies.

Exam trap

The trap here is that candidates assume 'VIB missing' means the VIB is not in the image, but the real issue is a host-level acceptance policy preventing the VIB from being installed.

How to eliminate wrong answers

Option A is wrong because incompatible firmware would typically cause a different error, such as a hardware compatibility or driver load failure, not a 'VIB missing' error. Option C is wrong because the administrator confirmed the VIB is present in the image, so it is included for all hosts in the cluster. Option D is wrong because vCenter Server cannot reach the software depot would affect all hosts, not just two, and would produce a different error related to download or connectivity failure.

89
MCQeasy

A vSphere administrator needs to ensure that a critical VM restarts automatically if the ESXi host fails. Which feature should be configured?

A.vSphere vMotion
B.vSphere HA
C.vSphere DRS
D.vSphere Fault Tolerance
AnswerB

Correct: HA restarts VMs after host failure.

Why this answer

vSphere HA provides host failure detection and automatic restart of VMs.

90
MCQhard

A financial institution operates a vSphere 7.0 environment with three vCenter Servers in linked mode, each managing separate clusters. The company uses vSAN encryption with an external KMS appliance from a third-party vendor. The KMS appliance has a certificate that expires every two years. The storage administrator recently renewed the KMS certificate as per the vendor's instructions. After the renewal, the vCenter Server's 'Key Management Servers' view shows the KMS status as 'Unhealthy'. The administrator attempts to decrypt a test virtual machine, but the operation fails with an error: 'No key providers are available'. The KMS appliance is reachable from the vCenter Server, and the new certificate is installed on the KMS. The administrator has confirmed that the KMS IP address and port are correctly configured in vCenter. What is the most likely cause of the failure?

A.The vSAN encryption keys were lost during the certificate renewal
B.The KMS cluster in vCenter needs to be recreated
C.The new KMS certificate has not been imported into the vCenter Server trust store
D.The vCenter Server services need to be restarted
AnswerC

vCenter must trust the KMS certificate to communicate; otherwise, it shows the KMS as unhealthy.

Why this answer

Option A is correct: The new KMS certificate must be imported into the vCenter Server's trust store so that vCenter can establish a trusted connection to the KMS. Even if the KMS is reachable, without the new certificate being trusted, vCenter will consider the KMS unhealthy. Option B is unnecessary because the KMS cluster configuration is still valid; option C is a common but ineffective workaround; option D is incorrect because encryption keys are not lost during certificate renewal—they remain stored in the KMS.

91
MCQhard

A vSphere administrator uses vSphere Lifecycle Manager image to manage a cluster. The cluster image is based on ESXi 8.0 U2. The administrator wants to add a new host that is running ESXi 7.0 U3. The administrator adds the host to the cluster. When attempting to remediate the host with the cluster image, the remediation fails with the error: 'The host's current version is too low to be upgraded directly to the target version.' What is the most likely reason for this error?

A.The host's hardware is incompatible with ESXi 8.0.
B.The host must be upgraded to an intermediate version first.
C.The host is not connected to the vLCM depot.
D.The vLCM image does not include the necessary drivers for the host.
AnswerB

Direct upgrade from 7.0 U3 to 8.0 U2 may not be supported; intermediate versions might be needed.

Why this answer

Option C is correct because vLCM may require upgrading to an intermediate version if the gap is too large. Option A is wrong because the host is already added. Option B is wrong because hardware incompatibility would give a different error.

Option D is wrong because depot connectivity issues would manifest differently.

92
MCQeasy

An administrator needs to provide redundancy for VM traffic across multiple physical NICs on a vSphere Standard Switch. Which NIC teaming policy should be used to ensure fault tolerance without load balancing?

A.Route based on IP hash
B.Route based on originating virtual port
C.Use explicit failover order (Active/Standby)
D.Route based on source MAC hash
AnswerC

This provides fault tolerance without load balancing.

Why this answer

Option C is correct because the 'Use explicit failover order (Active/Standby)' policy designates one or more NICs as active and the rest as standby, providing pure fault tolerance without any load balancing. When the active NIC fails, traffic automatically fails over to the standby NIC, ensuring redundancy without distributing traffic across multiple uplinks.

Exam trap

The trap here is that candidates often confuse 'fault tolerance without load balancing' with load-balancing policies like IP hash or source MAC hash, mistakenly thinking any teaming policy provides redundancy, but only the explicit failover order ensures a single active path with no traffic distribution.

How to eliminate wrong answers

Option A is wrong because 'Route based on IP hash' uses a hash of source and destination IP addresses to distribute traffic across multiple active NICs, which provides load balancing but not pure fault tolerance without load balancing. Option B is wrong because 'Route based on originating virtual port' distributes traffic based on the virtual switch port ID, which also load-balances across active NICs and does not guarantee a single active path for fault tolerance. Option D is wrong because 'Route based on source MAC hash' uses the source MAC address to distribute traffic across multiple active NICs, again providing load balancing rather than the required fault tolerance without load balancing.

93
MCQhard

A vSphere administrator is implementing Lockdown Mode on an ESXi host that hosts critical VMs for a healthcare application. After enabling Normal Lockdown Mode, the administrator tests that vCenter can still manage the host, but the local DCUI root account is disabled. Later, a network outage occurs, causing vCenter to become unreachable. The administrator needs to access the host directly via DCUI to perform emergency troubleshooting. The host's DCUI is still running, but the local root account is disabled due to Lockdown Mode. What should the administrator have configured to ensure DCUI access during such an outage?

A.Use the vSphere Web Client to add the host as an exception before the outage.
B.Configure the DCUI access list with specific users or groups before enabling Lockdown Mode.
C.Enable Strict Lockdown Mode to allow vCenter access exclusively.
D.Disable Lockdown Mode only during the maintenance window.
AnswerB

This allows designated users to access DCUI even when Lockdown Mode is active.

Why this answer

Option A is correct. Normal Lockdown Mode allows you to configure a DCUI access list of users (from the host's local authentication or AD) who can log in via DCUI even when Lockdown Mode is active. Option B is wrong because Strict Lockdown Mode disables all local accounts and DCUI entirely.

Option C is wrong because disabling Lockdown Mode would require prior vCenter access. Option D is wrong because the vSphere Web Client is not available during an outage.

94
MCQhard

A vSphere administrator notices that after replacing the vCenter Server machine SSL certificate, all vCenter services start, but from one ESXi host, the vCenter Server appears as disconnected. Other hosts connect fine. What is the most likely cause?

A.The vCenter certificate's Common Name does not match the host's IP address.
B.The ESXi host does not trust the signing certificate authority of the new vCenter certificate.
C.The ESXi host has a different system time than the vCenter Server.
D.The vCenter Server certificate was not imported into the SSO trusted domain.
AnswerB

The host needs the root CA certificate in its trusted store to validate the vCenter certificate.

Why this answer

Option C is correct because if the ESXi host's certificate store does not have the new vCenter certificate's root CA, the verification fails. Option A is incorrect because clock skew usually affects both sides. Option B is incorrect because the vCenter certificate does not need to match the host's IP.

Option D is incorrect because replacing the machine SSL certificate does not inherently break SSO unless the STS certificates were also replaced improperly.

95
MCQmedium

A vSphere administrator deploys a new ESXi host and wants to ensure it is automatically added to a specific cluster and applies the correct host profiles. Which method should the administrator use?

A.Use Clone Host functionality in vSphere Client.
B.Use Auto Deploy with stateful installations.
C.Use Host Profiles to attach the profile to the cluster.
D.Use vCenter Server to add the host manually.
AnswerB

Correct: Auto Deploy automates provisioning and profile application.

Why this answer

Auto Deploy with stateful installations provisions hosts and applies profiles automatically during network boot.

96
MCQhard

A company deploys a VDS with multiple uplinks and uses Route based on originating virtual port for load balancing. The network team reports that traffic from VMs on the same host is not balanced across uplinks. The administrator verifies that the physical switch ports are all in the same port-channel. What could be the cause?

A.The uplinks are configured in active/standby mode
B.The load balancing algorithm is not supported by the physical switch
C.The number of VMs is less than the number of uplinks
D.The teaming policy uses an explicit failover order
AnswerA

In active/standby mode, only one uplink is active, so no load balancing occurs.

Why this answer

Option D is correct because if the uplinks are configured as active/standby, only one uplink is active at a time, so no load balancing occurs regardless of the algorithm. Option A (algorithm not supported) is irrelevant as this is a vSphere algorithm. Option B (few VMs) might reduce distribution but not eliminate it entirely.

Option C (explicit failover order) still allows multiple active uplinks if configured with multiple active paths.

97
MCQhard

A vSphere administrator notices that a VM is performing poorly on a host with a single NUMA node. The VM has 16 vCPUs and 64 GB of memory, but the host has only 32 GB of memory per NUMA node. Which action would MOST LIKELY improve performance?

A.Enable vNUMA in the VM settings.
B.Increase the memory reservation to 64 GB.
C.Reduce the number of vCPUs to 8.
D.Migrate the VM to a host with more memory per NUMA node.
AnswerA

vNUMA exposes the NUMA topology, allowing the guest OS to optimize memory access across nodes.

Why this answer

When a VM's memory exceeds a NUMA node's capacity, the VM is considered a 'wide' VM and spans multiple NUMA nodes, but vNUMA is not automatically exposed if the VM was not configured correctly. Enabling vNUMA ensures the guest OS can optimize memory locality. Increasing memory reservation does not help.

Reducing vCPUs may help but is not the best solution. The host already has one NUMA node, so it's not a multi-node issue.

98
Multi-Selectmedium

A vSphere administrator is using vLCM and needs to ensure that all hosts are compliant with the desired image. Which TWO actions are valid when remediating a vLCM cluster?

Select 2 answers
A.Perform a pre-remediation check to validate the image.
B.Remediate without putting hosts into maintenance mode.
C.Remediate only hosts that are non-compliant.
D.Use Quick Boot to minimize host reboot time.
E.Remediate the cluster even if there are compliance issues.
AnswersA, D

vLCM validates the image before applying it.

Why this answer

Option A is correct because vLCM requires a pre-remediation check to validate that the desired image can be applied successfully to all hosts in the cluster. This check verifies hardware compatibility, driver versions, and firmware prerequisites before any remediation begins, preventing partial or failed updates.

Exam trap

The trap here is that candidates often assume they can remediate only non-compliant hosts to save time, but vLCM enforces cluster-wide consistency by applying the same image to all hosts, even those already compliant, to prevent configuration drift.

99
MCQhard

A vLCM-managed cluster fails remediation with the error: 'Failed to remediate host due to hardware compatibility check failure. The host hardware does not meet the requirements of the cluster image.' The administrator verifies that the host is on the vSphere Compatibility Guide (VCG). What else could cause this error?

A.The cluster image has hardware compatibility enforcement set to 'Strict'.
B.The host has a custom VIB installed that conflicts with the image.
C.The cluster image specifies an incorrect driver version.
D.The host is not in maintenance mode during remediation.
AnswerA

Strict enforcement will fail remediation if any hardware component is not in the VCG, even if the host overall is listed.

Why this answer

Option A is correct because vLCM can enforce strict hardware compatibility checks; if the cluster image has a strict setting, even if the host is on VCG, it may fail if the specific configuration is not supported. Options B, C, D are not plausible causes for this specific error.

100
MCQhard

A large financial institution runs a vSphere 7.0 environment with 100 ESXi hosts and 2,000 VMs. The security team has identified that several VMs are vulnerable to a critical side-channel attack that requires disabling hyperthreading on the ESXi hosts. The administrator needs to implement a solution that minimizes performance impact while ensuring compliance. The environment uses DRS clusters with varying workloads: some VMs are CPU-intensive (financial modeling) and others are memory-bound (database servers). The administrator cannot afford to take hosts offline for maintenance during business hours. The change must be implemented within 48 hours. Which course of action should the administrator take?

A.Use a vSphere DRS rule to disable hyperthreading for all VMs in the cluster, avoiding the need to modify host BIOS.
B.Place each host in maintenance mode individually, disable hyperthreading in the host BIOS, reboot the host, and then move to the next host. Rebalance VMs after all hosts are updated.
C.Delay the change and schedule a maintenance window for the next month when business impact is lower.
D.Disable hyperthreading on all hosts simultaneously using a vSphere Cluster feature, then reboot all hosts at once during off-peak hours.
AnswerB

This minimizes downtime as VMs are migrated off each host before reboot, and can be completed within 48 hours.

Why this answer

Option B is correct because disabling hyperthreading to mitigate side-channel attacks (e.g., L1TF or MDS) requires a host BIOS change, which necessitates a reboot. The only supported method in vSphere 7.0 is to place each host into maintenance mode, change the BIOS setting, reboot, and then repeat for all hosts. This approach minimizes performance impact by allowing VMs to be migrated via vMotion and avoids simultaneous downtime, meeting the 48-hour requirement without taking all hosts offline during business hours.

Exam trap

The trap here is that candidates mistakenly believe hyperthreading can be disabled via a vSphere software setting (like a DRS rule or cluster feature) without a host reboot, when in reality it requires a physical BIOS change and reboot per host.

How to eliminate wrong answers

Option A is wrong because vSphere DRS rules cannot disable hyperthreading at the VM or host level; hyperthreading is a hardware feature controlled only via BIOS or host-level CPU configuration, and DRS rules only influence VM placement and resource allocation. Option C is wrong because delaying the change for a month violates the explicit requirement to implement the fix within 48 hours, and the security vulnerability demands immediate remediation. Option D is wrong because there is no vSphere Cluster feature to disable hyperthreading across all hosts simultaneously; disabling hyperthreading requires a BIOS change and reboot per host, and rebooting all hosts at once would cause total cluster downtime, violating the constraint of no business-hour outages.

101
Multi-Selecthard

Which THREE of the following are required components for setting up a vSphere Trust Authority (vTA) cluster?

Select 3 answers
A.A Key Provider, such as VMware Key Provider or an external KMS.
B.A dedicated Trust Authority cluster with at least one host.
C.NSX-T Data Center deployed for network segmentation.
D.A physical Trusted Platform Module (TPM) on each trusted host.
E.The Attestation Service and Key Cache services installed on the Trust Authority cluster.
AnswersB, D, E

The Trust Authority cluster hosts the attestation service.

Why this answer

Options A, C, and D are correct. vTA requires at least one trusted ESXi host, a Trust Authority cluster, and an attestation service. Option B is incorrect because a Key Provider is part of vSphere Trusted Infrastructure (vTPM) but not vTA. Option E is incorrect because NSX is not required for vTA.

102
MCQhard

An ESXi host has two VMkernel interfaces as shown in the exhibit. The iSCSI targets are on the same subnet as vmk1 and support jumbo frames. The administrator reports that iSCSI sessions are experiencing high error rates and poor performance. What is most likely the cause?

A.The management network (vmk0) is also using the vDS, causing traffic interference.
B.The iSCSI VMkernel port should not be bound to a vDS.
C.The iSCSI network (vmk1) is on a different subnet than the iSCSI targets.
D.The vDS port group for iSCSI does not have jumbo frames enabled (MTU 9000).
AnswerD

If the vDS port group MTU is 1500, packets up to 9000 will be fragmented, causing errors. The VMkernel interface has MTU 9000, so the port group must match.

Why this answer

Option C is correct because vmk1 is on a vDS (dvs1) and the exhibit shows MTU 9000, which is appropriate for jumbo frames. However, if the physical network is not configured for jumbo frames or the vDS port group MTU is not set to 9000, fragmentation may occur. The exhibit does not show vDS MTU, but the mismatch is a common cause of errors.

Option A is incorrect because management traffic on vmk0 is separate and irrelevant. Option B is incorrect because different subnets are fine. Option D is incorrect because the iSCSI vmkernel port is dedicated.

103
MCQeasy

Which switch type requires a separate vCenter Server to manage its configuration?

A.Virtual Edge Gateway Switch
B.vSphere Distributed Switch
C.vSphere Standard Switch
D.vSphere Edge Switch
AnswerB

Requires vCenter Server for central management.

Why this answer

Option B is correct. vSphere Distributed Switch (VDS) requires vCenter Server for management. Standard switches are managed per host. Options A and D are incorrect because standard switches are host-level.

Option C is not a real switch type.

104
Matchingmedium

Match each vSphere networking component to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Logical grouping of ports with common configuration

Network interface for vSphere services like vMotion

Physical NIC connected to a virtual switch

Segments network traffic at Layer 2

Combining multiple uplinks for load balancing or failover

Why these pairings

Networking constructs in vSphere.

105
MCQmedium

During a cluster upgrade using vLCM, the pre-check reports that Quick Boot is disabled. How does this affect the upgrade?

A.Quick Boot speeds up reboot
B.No effect
C.Hosts will reboot normally
D.Upgrade will fail
AnswerC

With Quick Boot disabled, each host will perform a full reboot, which is slower but still functional.

Why this answer

Option A is correct because Quick Boot is an optimization that reduces reboot time; when disabled, hosts will still reboot normally during remediation. The upgrade does not fail.

106
MCQhard

A vSphere cluster using vSAN is experiencing high latency for some VMs. The administrator checks the vSAN skyline health and finds that all disk groups are healthy. Which additional step should the administrator take to diagnose the issue?

A.Verify that the vSAN network is configured with jumbo frames.
B.Enable vSAN encryption to improve performance.
C.Increase the number of disk groups on each host.
D.Check the vSAN performance service for object latency breakdown.
AnswerD

Correct: Performance service provides detailed latency metrics.

Why this answer

The vSAN performance service provides detailed latency breakdown to identify the source of high latency.

107
MCQeasy

An administrator is designing a new vSphere environment and wants to minimize manual effort for patching and upgrade. Which lifecycle management approach should they choose for vSphere 8 clusters?

A.Use vSphere baselines for granular control.
B.Enable vLCM for all clusters.
C.Use vSphere Update Manager for standalone hosts.
D.Use vLCM only for large clusters with more than 32 hosts.
AnswerB

vLCM is the recommended lifecycle management solution for vSphere 8.

Why this answer

Option C is correct because vLCM is the modern lifecycle management tool for vSphere 8, providing image-based management. Option A is wrong because vLCM is not limited to large environments. Option B is wrong because baselines are legacy.

Option D is wrong because vSphere Update Manager is replaced by vLCM.

108
MCQeasy

An administrator deploys a new vCenter Server Appliance (VCSA) using the CLI installer. The administrator wants to ensure the appliance is highly available. Which deployment option should the administrator choose during the installation?

A.Deploy the VCSA with an embedded Platform Services Controller
B.Enable Enhanced vMotion Compatibility (EVC) on the cluster
C.Configure vSphere HA on the cluster that hosts the VCSA
D.Deploy the VCSA with an external Platform Services Controller and enable vCenter HA later
AnswerD

vCenter HA requires external PSC for multi-node active/passive mode.

Why this answer

Option B is correct because the VCSA can be deployed with an embedded or external Platform Services Controller (PSC); for high availability, the recommended architecture is to deploy the VCSA with an external PSC and then use vCenter HA. Option A is incorrect because embedded PSC does not support vCenter HA. Option C is incorrect because vCenter HA is the correct feature, not Enhanced vMotion.

Option D is incorrect because vSphere HA is for host-level, not vCenter HA.

109
MCQeasy

An administrator sees this health check output. What should be done to verify VLAN 100 connectivity?

A.Create a VMkernel adapter on VLAN 100 and ping a gateway.
B.Enable VLAN pruning on the physical switch.
C.Configure a port group for VLAN 100 and connect a VM.
D.Restart the management agents.
AnswerA

A VMkernel adapter provides a layer 3 test on that VLAN.

Why this answer

Option A is correct because to test VLAN 100, a VMkernel adapter with that VLAN should be created and used to ping a gateway. Option B is for pruning, not testing. Option C would test VM traffic, but VMkernel adapter is more direct for verification.

Option D is not necessary.

110
MCQhard

A company operates a large vSphere environment with 32 ESXi hosts, each featuring 2 sockets, 12 cores per socket (2.6 GHz), and 256 GB RAM. The environment runs a mix of VMs, including several critical database VMs with 16 vCPUs and 128 GB RAM configured. After migrating these database VMs from an older cluster to a new cluster with identical hardware specifications, administrators observe significant performance degradation. vCenter performance charts show high memory ballooning and elevated CPU ready time for these VMs, while overall host utilization remains moderate (CPU 40%, RAM 60%). The new cluster's hosts have two NUMA nodes per socket (each NUMA node spans 6 cores and 64 GB RAM). The older cluster had hosts with a single NUMA node per socket. The administrator confirms that the VMs are running on hosts with sufficient free resources and that no other VMs are contending heavily. What is the most likely cause, and what should the administrator do to resolve the issue?

A.Reduce the number of vCPUs for the database VMs from 16 to 8.
B.Disable Hyper-Threading on the new cluster hosts.
C.Increase the memory reservation for each database VM to prevent ballooning.
D.Enable vNUMA for the database VMs to align with the physical NUMA topology.
AnswerD

vNUMA allows the guest OS to optimize memory access based on physical NUMA nodes, reducing remote memory access and improving performance.

Why this answer

Option B is correct. The database VMs have 16 vCPUs and 128 GB RAM, which triggers vNUMA by default (more than 8 vCPUs). However, the VM's vNUMA topology may not align with the host's physical NUMA topology after migration.

The new hosts have multiple NUMA nodes (two per socket), and the guest OS may not be optimized for that topology. Enabling vNUMA (or ensuring it is properly configured) aligns the VM's memory and CPU resources with the physical NUMA nodes, reducing remote memory access and improving performance. Option A is incorrect because increasing memory reservations prevents ballooning but does not address the underlying NUMA architecture issue; it may even limit flexibility.

Option C is incorrect because reducing vCPUs might lower performance for the database workload. Option D is incorrect because enabling Hyper-Threading would increase logical CPUs but does not solve NUMA misalignment; it could even exacerbate the issue.

111
MCQeasy

An administrator has created a custom role named 'VM Power User' with permissions to power on and off virtual machines. The role is assigned to a group of users at the datacenter level. A user from that group reports they cannot power on a VM in a particular cluster. What is the most likely reason?

A.The user must be assigned the role individually at the VM level
B.The cluster has a permission that blocks inheritance from the datacenter
C.The role is not assigned to a resource pool containing the VM
D.The user is not a member of the group assigned to the role
AnswerB

Blocked inheritance prevents the role from applying.

Why this answer

Option B is correct because permissions are not inherited by default if a child object has explicit permissions set that block propagation. Option A is wrong because the group is assigned the role; individual membership suffices. Option C is wrong because the role does not require resource assignment.

Option D is wrong because the user is part of the group; no separate assignment needed.

112
MCQhard

During a vLCM health check, an administrator sees that the health status for a cluster is 'Error' with the message: 'Unable to connect to the depot service at https://depot.vmware.com'. The cluster is configured to use the online depot. What is the most likely cause?

A.DNS resolution is failing for the vCenter server.
B.The vCenter server's certificate is expired.
C.A firewall is blocking outbound HTTPS access to the internet.
D.The cluster image has an invalid URL.
AnswerC

vLCM needs internet access to the depot; firewall blocks cause connection timeouts.

Why this answer

Option B is correct because a firewall blocking outbound HTTPS traffic to the depot is the most common cause. Option A is wrong because local proxy would be configured differently. Option C is wrong because DNS would cause a different error.

Option D is wrong because certificates are not the primary issue.

113
MCQeasy

An administrator wants to apply a critical security patch to all ESXi hosts in a cluster that is managed by a baseline. The patch is not yet available as an update in the baseline group. What is the best approach to apply this patch quickly?

A.Remediate each host individually using CLI commands.
B.Attach the patch as a new baseline to the cluster alongside existing baselines.
C.Create a new baseline group that includes the patch and attach it to the cluster.
D.Download the patch as an offline bundle and use vLCM to apply it directly.
AnswerB

Attaching a patch baseline allows remediation of the cluster.

Why this answer

Option D is correct because you can attach the patch as a single baseline to the cluster and remediate. Option A is wrong because creating a new baseline group is unnecessary. Option B is wrong because vLCM image-based management is not used here.

Option C is wrong because individual CLI remediation is inefficient.

114
MCQeasy

A vSphere administrator is asked to choose a lifecycle management approach for a new cluster of 100 hosts. The cluster will use vSAN and will be updated frequently. The administrator wants to minimize manual intervention and ensure consistency. Which approach should be recommended?

A.Manually update each host with the latest ESXi ISO.
B.Use vSphere Update Manager with baseline groups for updates.
C.Use vSphere Lifecycle Manager with baseline-based management.
D.Use vSphere Lifecycle Manager with image-based management.
AnswerD

Image-based management provides a single image for the cluster, ensuring all hosts have identical configuration and supports vSAN.

Why this answer

Option D is correct because image-based management with vLCM provides declarative management, ensures consistency, and supports vSAN. Option A is incorrect as baselines are older. Option B is incorrect - vLCM with baselines still uses baselines.

Option C is incorrect - manual update is not recommended.

115
MCQmedium

A vCenter Server's SSL certificate has expired, causing all ESXi hosts to display a certificate warning and some management tasks to fail. The administrator needs to restore secure communication with minimal disruption. Which action should the administrator take?

A.Reboot the vCenter Server appliance to regenerate the certificate automatically.
B.Replace the vCenter Server certificate and then reconnect each ESXi host to vCenter.
C.Replace the SSL certificate on each ESXi host individually using the vSphere Web Client.
D.Use vSphere Auto Deploy to push new certificates to all hosts simultaneously.
AnswerB

This directly resolves the expired certificate and restores trust without host reboots.

Why this answer

Option B is correct because replacing the vCenter Server certificate and then reconnecting each ESXi host is the standard procedure to restore trust. Option A is wrong because replacing certificates on each host individually is inefficient and does not address the vCenter certificate. Option C is wrong because rebooting vCenter does not replace the expired certificate.

Option D is wrong because even if Auto Deploy is used, the vCenter certificate still needs to be replaced.

116
MCQhard

An administrator notices that a VM with high I/O demands is experiencing performance issues because other VMs on the same datastore are consuming too many I/O operations. Which feature can be used to guarantee a minimum I/O share to this VM?

A.Multipathing policy
B.VM storage policy
C.Storage DRS
D.Storage I/O Control shares
AnswerD

SIOC uses shares to allocate relative I/O priority to VMs.

Why this answer

Storage I/O Control (SIOC) allows setting shares, limits, and reservations to allocate I/O bandwidth per VM. Storage DRS balances I/O across datastores, not per-VM; multipathing selects paths; VM storage policies manage provisioning.

117
MCQmedium

A company has a vSphere environment with a vCenter Server Appliance (VCSA) that is running low on disk space. The administrator notices that the /storage/archive partition is nearly full. Which action should the administrator take to reclaim space without impacting the functionality of vCenter Server?

A.Increase the size of the VCSA virtual disk using vSphere Web Client.
B.Run the 'vcenter-delete-archive' script from the command line.
C.Use the Windows Disk Cleanup utility on the VCSA.
D.Manually delete files from the /storage/archive directory using SSH.
AnswerB

This script is designed to safely clean up old archived data.

Why this answer

The VCSA runs on a Linux-based operating system, not Windows, so the Windows Disk Cleanup utility is irrelevant. The /storage/archive partition stores historical data such as stats, events, and tasks. VMware provides the 'vcenter-delete-archive' script as the supported method to safely purge old archived data from this partition without risking corruption of the vCenter Server database or services.

Manually deleting files via SSH can leave the database in an inconsistent state, while increasing the virtual disk only postpones the issue without reclaiming space.

Exam trap

The trap here is that candidates assume any manual deletion or disk expansion is acceptable, but VMware specifically tests the understanding that only the provided script can safely clean the archive without breaking vCenter Server functionality.

How to eliminate wrong answers

Option A is wrong because increasing the VCSA virtual disk size expands the partition but does not reclaim space; it only adds more storage, which is not a cleanup action. Option C is wrong because the VCSA is a Linux-based appliance, not a Windows system, so the Windows Disk Cleanup utility cannot be used. Option D is wrong because manually deleting files from /storage/archive via SSH can corrupt the vCenter Server database and is not a supported or safe method; the correct approach is to use the official VMware script.

118
MCQhard

A company runs a vSphere 7.0 U3 environment with 200 VMs across 10 ESXi hosts in a single cluster managed by vCenter 7.0. The cluster uses vSAN and vLCM with image-based management. The administrator plans to upgrade the entire environment to vSphere 8.0 U2. The vCenter Server is running on a virtual machine on the same cluster. During the pre-upgrade checks, the vCenter Server upgrade fails with an error stating that the 'vSphere ESXi Agent Manager' (EAM) is not compatible. The administrator checks the EAM service status on vCenter and it appears running. What should the administrator do to successfully perform the upgrade?

A.Manually update each ESXi host to 8.0 using a bootable ISO, then attempt the vCenter upgrade again.
B.Perform a clean installation of vCenter 8.0 on a new server and reconnect the existing hosts.
C.Use vLCM to upgrade vCenter by exporting and importing the configuration.
D.Downgrade to vCenter 7.0 U2 and then upgrade directly to 8.0 U2.
AnswerB

Clean install avoids EAM compatibility issues; the old vCenter can be decommissioned.

Why this answer

Option B is correct because EAM is a separate service that may need to be upgraded or restarted after the vCenter upgrade. Option A is incorrect - manually updating each host would not fix the EAM incompatibility. Option C is incorrect - downgrading vCenter is not a solution.

Option D is incorrect - the error is specific to EAM, not general vLCM issue.

119
Multi-Selectmedium

An administrator is planning to upgrade ESXi hosts using vLCM. Which of the following are prerequisites for using vLCM? (Choose TWO)

Select 2 answers
A.All hosts must be connected to the internet.
B.The vCenter must have a valid vLCM license.
C.The hosts must be in a cluster.
D.The vCenter Server must be version 7.0 or later.
E.Each host must have a static IP address.
AnswersC, D

vLCM operates at the cluster level.

Why this answer

Options A and C are correct. A is correct because vLCM requires vCenter 7.0 or later. C is correct because vLCM manages hosts within a cluster.

B is incorrect because hosts can use DHCP. D is incorrect because internet access is not required if using local depots. E is incorrect because vLCM is included in Enterprise Plus, no separate license.

120
MCQhard

An administrator attempts to export a vLCM image but gets an error: 'Export image operation is not supported for this image'. What could be the reason?

A.The vLCM database is corrupt.
B.The image contains a custom component.
C.The image is too large.
D.The vCenter version does not support export.
AnswerB

Custom components (user-generated) are not exportable.

Why this answer

Option A is correct because vLCM does not support exporting images that contain custom components. Option B is wrong because size is not a limitation; Option C is wrong because database corruption would cause different errors; Option D is wrong because vCenter version supports export.

121
Multi-Selecteasy

An organization wants to use vLCM for lifecycle management. Which three components can be managed using vLCM images? (Choose THREE)

Select 3 answers
A.ESXi version
B.vCenter Server version
C.Add-ons like drivers
D.Firmware for supported hardware
E.VMware Tools
AnswersA, C, D

The base ESXi image is managed.

Why this answer

Options A, C, and E are correct. A is correct because ESXi version is part of the image. C is correct because firmware can be included as add-ons.

E is correct because drivers and other add-ons are managed. B is incorrect because VMware Tools is a VM component, not host. D is incorrect because vCenter is managed separately.

122
MCQhard

Refer to the exhibit. An administrator runs the command on an ESXi host to check HTTPS connections. The host is running vCenter Server and several VMs. What is the most likely cause of the TIME_WAIT connection?

A.A firewall is blocking return traffic from that client.
B.The host's TCP stack is misconfigured for high traffic.
C.The host is under memory pressure and dropping connections.
D.A client closed the HTTPS connection and the host is in TIME_WAIT state.
AnswerD

TIME_WAIT is normal after a client disconnects.

Why this answer

Option D is correct because the TIME_WAIT state is a normal part of TCP connection termination. When a client closes an HTTPS connection, the ESXi host (as the server) enters TIME_WAIT to ensure any delayed segments are not misinterpreted by a new connection. This state is expected and not indicative of a problem.

Exam trap

The trap here is that candidates often associate TIME_WAIT with a network or host problem, when in fact it is a standard TCP state indicating a clean connection closure initiated by the remote client.

How to eliminate wrong answers

Option A is wrong because a firewall blocking return traffic would cause connections to remain in SYN_SENT or ESTABLISHED state, not TIME_WAIT, which only occurs after a clean four-way closure. Option B is wrong because a misconfigured TCP stack for high traffic would manifest as excessive retransmissions, connection resets, or SYN drops, not a specific TIME_WAIT state for a single connection. Option C is wrong because memory pressure leads to connection resets (RST) or socket allocation failures, not the orderly TIME_WAIT state, which requires a completed FIN/ACK exchange.

123
MCQmedium

During a vulnerability scan, an ESXi host is found to have the SSLv3 protocol enabled. The administrator wants to disable SSLv3 and enforce TLS 1.2 for all network services on the host. Which approach is most effective?

A.Update the TLS configuration in vCenter Server and reboot the host.
B.Change the host's security settings in the DCUI to require TLS 1.2.
C.Disable all unnecessary services on the host via the DCUI.
D.Set the advanced system option 'SSLv3.Enabled' to false and 'TLSv1.2.Enabled' to true.
AnswerD

These advanced options control which SSL/TLS versions are enabled on the ESXi host.

Why this answer

Option D is correct. The ESXi host's SSL/TLS configuration can be controlled via the Host Advanced Settings by setting the appropriate option to require TLS 1.2. Option A is incorrect because disabling services does not change the protocol.

Option B is incorrect because the vCenter's TLS configuration does not directly affect the host's. Option C is incorrect because there is no direct setting in the DCUI for this.

124
MCQhard

A vSphere administrator is deploying a vSphere Distributed Switch (vDS) version 7.0. The environment has ESXi hosts with hardware version 7.0. The administrator needs to ensure that the vDS supports Network I/O Control version 3 (NIOCv3). What must be true for NIOCv3 to function correctly?

A.All hosts must be running ESXi 7.0 or later.
B.The vDS must be configured with Route based on IP hash teaming.
C.All hosts must have the vDS in Link Aggregation Control Protocol (LACP) mode.
D.The vDS must have a Network Resource Pool configured.
AnswerA

NIOCv3 requires ESXi 7.0 or later.

Why this answer

NIOCv3 is a feature introduced with vSphere 7.0 that provides granular bandwidth allocation and reservation for network traffic. For NIOCv3 to function correctly, all ESXi hosts attached to the vDS must be running ESXi 7.0 or later because the feature relies on kernel-level enhancements and the vSphere Network Resource Management (vNRM) agent that are only present in that version. Hosts on earlier versions lack the necessary drivers and scheduling capabilities, causing NIOCv3 to be unavailable or non-functional.

Exam trap

The trap here is that candidates often assume upgrading the vDS version alone is sufficient to enable NIOCv3, overlooking the critical requirement that every host in the cluster must also be running ESXi 7.0 or later for the feature to function.

How to eliminate wrong answers

Option B is wrong because Route based on IP hash teaming is a load-balancing policy, not a prerequisite for NIOCv3; NIOCv3 works independently of the teaming algorithm and does not require IP hash. Option C is wrong because LACP mode is a link aggregation configuration that is unrelated to NIOCv3; NIOCv3 can function with or without LACP, and forcing LACP is not a requirement. Option D is wrong because a Network Resource Pool is a construct used to allocate bandwidth to specific traffic types within NIOC, but it is not a prerequisite for NIOCv3 to function; NIOCv3 can operate with default resource pools or custom ones, but the feature itself must first be enabled on a vDS that meets the host version requirement.

125
MCQmedium

An administrator has configured a vSphere Distributed Switch (VDS) with Network I/O Control. They need to guarantee bandwidth for a specific set of virtual machines. Which method should be used?

A.Create a port group with a custom network resource pool.
B.Enable SR-IOV on the physical NICs.
C.Set the virtual machine's network adapter to use a specific VLAN.
D.Configure Traffic Shaping on the distributed switch.
AnswerA

Network Resource Pools allow bandwidth reservation and guarantee.

Why this answer

Option C is correct because Network Resource Pools allow bandwidth reservation. Option A is incorrect because traffic shaping only limits bandwidth, not guarantees. Option B is incorrect because SR-IOV provides direct passthrough, not bandwidth control.

Option D is incorrect because VLAN priority does not guarantee bandwidth.

126
MCQhard

In a vSphere 8 environment with vGPU vMotion enabled, an administrator attempts a vMotion of a VM that has a NVIDIA vGPU profile assigned. The vMotion fails with an error. What is the most likely cause?

A.Insufficient network bandwidth between the hosts
B.The destination host has a different GPU model
C.The vGPU license is not assigned to the VM
D.The VM's virtual hardware version is not supported for vGPU vMotion
AnswerD

vGPU vMotion requires hardware version 19 or later; older versions are incompatible.

Why this answer

vGPU vMotion has specific requirements; the VM must use virtual hardware version 19 or later. If the VM uses an older version, vMotion will fail.

127
MCQeasy

An administrator runs the above command on an ESXi host. Which of the following is true about this host?

A.Root user can still access the DCUI or SSH using the allowed exception commands.
B.Lockdown mode is not enabled.
C.The exception user can run any command via the DCUI.
D.The host is in strict lockdown mode.
AnswerA

Root is an exception and has access to term and vimsh.

Why this answer

Option B is correct because the command shows lockdown mode is enabled, root is an exception user, and the exception commands allow terminal access and vimsh. Option A is incorrect because root is in exception list. Option C is incorrect because the host is in normal lockdown, not strict.

Option D is incorrect because the commands allowed are terminal and vimsh, not all commands.

128
MCQeasy

A vSphere administrator needs to provide redundancy for VM traffic on a vSphere Standard Switch by using multiple physical uplinks. Which teaming configuration should be used to ensure that if one uplink fails, traffic automatically fails over to another?

A.Set load balancing to 'Route based on IP hash' and make both uplinks active.
B.Enable 'Use explicit failover order' and configure 'Network failures' detection.
C.Set load balancing to 'Explicit failover order' and set one uplink as active.
D.Set load balancing to 'Route based on originating virtual port' and make one uplink active and one standby.
AnswerD

This provides clear active/standby failover; if the active uplink fails, standby takes over.

Why this answer

Option A is correct because 'Route based on originating virtual port' with active/standby failover ensures one uplink is active and the other is standby, with automatic failover. Option B is incorrect because load balancing distributes traffic but doesn't inherently imply failover; however, active/active can also fail over, but the question asks for failover specifically. Option C is incorrect because 'Explicit failover order' is a method, not a load balancing policy.

Option D is incorrect because uplink failure detection is a setting, not a policy.

129
MCQhard

Refer to the exhibit. What is the most likely cause of the failure?

A.The component is already downloaded.
B.The vLCM service is not running.
C.The component is corrupted.
D.The vCenter cannot reach the VMware depot.
AnswerD

A timeout indicates network connectivity issue.

Why this answer

Option B is correct because the error indicates a connection timeout to the depot. Option A is wrong because the error is about download, not corruption; Option C is wrong because if already downloaded, this error wouldn't occur; Option D is wrong because the vLCM service is logging, so it is running.

130
MCQeasy

A company plans to upgrade the ESXi hosts in their vSphere cluster from version 7.0 Update 3 to 8.0 Update 1 using vSphere Lifecycle Manager (vLCM). The cluster currently uses baseline-based management. What is the recommended approach to prepare for this upgrade?

A.Migrate the cluster to image-based management.
B.Manually upgrade each host using an ISO file.
C.Create a new baseline group and attach it to the cluster.
D.Use vMotion to migrate all VMs to another cluster before upgrading.
AnswerA

Image-based management provides consistency and is the modern approach for vLCM.

Why this answer

Option C is correct because VMware recommends migrating from baseline-based to image-based management for vLCM to ensure consistency and simplify upgrades. Option A is wrong because vMotion is a migration tool, not a lifecycle management method. Option B is wrong because the upgrade can be done without turning off DRS.

Option D is wrong because manual upgrades are not recommended.

131
Multi-Selectmedium

A storage administrator is planning a vSAN stretched cluster for a remote office. The cluster must support stretching across two sites for disaster avoidance. Which two prerequisites must be met? (Choose two.)

Select 2 answers
A.The network latency between sites must be less than 5 ms round-trip.
B.The witness host must be placed at the primary site.
C.Each site must have a minimum of two hosts.
D.All hosts must be configured with a single network adapter for vSAN traffic.
E.A vSAN stretched cluster requires a minimum of four fault domains.
AnswersA, C

Latency must be under 5 ms round-trip to ensure acceptable performance for vSAN synchronization traffic.

Why this answer

Correct options A and D: Each site must have a minimum of two hosts (A) and network latency between sites must be less than 5 ms round-trip (D). Option B is incorrect because the witness host must be placed at a third site, not the primary. Option C is incorrect because a vSAN stretched cluster uses two fault domains (one per site) plus a witness, not four.

Option E is incorrect because hosts can use multiple network adapters for vSAN traffic.

132
MCQmedium

A company has a vLCM-managed cluster with a desired image that includes ESXi 8.0 U1 and multiple VIBs. After remediating, one host fails with an error: 'Failed to retrieve VIBs from depot'. What is the most likely cause?

A.The cluster has a baseline attached that conflicts with the desired image.
B.The image validation failed due to incompatible VIBs.
C.The host firmware is not compatible with the selected VIBs.
D.The vCenter Server does not have internet access to the VMware depot.
AnswerD

vLCM downloads VIBs from the depot; if unreachable, the remediation fails.

Why this answer

The error 'Failed to retrieve VIBs from depot' indicates that vCenter Server cannot reach the depot from which the VIBs are sourced. In a vLCM-managed cluster using a desired image, the image specification includes VIBs that may be hosted on the VMware online depot or a local depot. If vCenter Server lacks internet access to the VMware depot, it cannot download the required VIBs, causing the remediation to fail.

This is the most likely cause because the error is specifically about retrieval, not validation or compatibility.

Exam trap

The trap here is that candidates often confuse a depot retrieval failure with image validation or compatibility issues, but the error message explicitly points to a network or depot accessibility problem, not a VIB-level conflict.

How to eliminate wrong answers

Option A is wrong because vLCM-managed clusters use desired images, not baselines; if a baseline were attached, it would conflict at the cluster level, but the error message points to depot retrieval, not a baseline conflict. Option B is wrong because image validation errors (e.g., incompatible VIBs) would produce a different error, such as 'Image compliance check failed' or 'VIB dependency error', not a depot retrieval failure. Option C is wrong because host firmware incompatibility would manifest as a hardware compatibility error during remediation, not a failure to retrieve VIBs from a depot.

133
Multi-Selectmedium

Which three types of traffic can be assigned to a separate VMkernel adapter on an ESXi host?

Select 3 answers
A.Management traffic
B.vMotion
C.vSAN
D.Virtual machine network traffic
E.Fault Tolerance logging
AnswersA, B, C

Management (host) traffic uses a VMkernel adapter and can be isolated.

Why this answer

The correct answers are A, C, and D. vMotion (A), management (C), and vSAN (D) are all types of traffic that use VMkernel adapters and can be assigned to separate adapters for performance or security. Fault Tolerance logging (B) also uses VMkernel but is not as commonly separated; however, the question asks for exactly three, and B is a distractor. Virtual machine network traffic (E) uses port groups, not VMkernel adapters.

134
MCQeasy

An administrator wants to ensure that VMs running latency-sensitive applications are placed on hosts that minimize CPU scheduling delays. Which DRS setting should be configured?

A.Set DRS migration threshold to the most aggressive setting.
B.Enable vSphere HA with admission control.
C.Enable Distributed Power Management (DPM).
D.Enable Enhanced vMotion Compatibility (EVC).
AnswerA

Aggressive DRS balances load to minimize contention.

Why this answer

DRS migration threshold controls how aggressively DRS moves VMs to balance load. Setting it to the most aggressive level (1) minimizes CPU scheduling delays by proactively migrating VMs to hosts with lower CPU ready times, ensuring latency-sensitive applications have immediate access to CPU resources without waiting for scheduling cycles.

Exam trap

The trap here is that candidates confuse DRS migration threshold with DPM or HA settings, assuming any cluster-wide feature that improves performance must be related to power management or availability, rather than recognizing that only DRS directly controls VM placement aggressiveness for CPU scheduling optimization.

How to eliminate wrong answers

Option B is wrong because vSphere HA with admission control ensures VM availability during host failures, not CPU scheduling performance; it reserves resources for failover, which can actually increase contention. Option C is wrong because Distributed Power Management (DPM) consolidates VMs onto fewer hosts to save power, potentially increasing CPU scheduling delays due to higher consolidation ratios. Option D is wrong because Enhanced vMotion Compatibility (EVC) masks CPU features to enable vMotion across different hardware generations, but does not affect CPU scheduling delays or DRS migration aggressiveness.

135
MCQeasy

Which storage feature in vSphere allows a VM to be migrated from one datastore to another without any downtime?

A.vMotion
B.Distributed Resource Scheduler (DRS)
C.Storage DRS
D.Storage vMotion
AnswerD

Storage vMotion migrates virtual disks with zero downtime.

Why this answer

Storage vMotion is the correct answer because it enables live migration of a virtual machine's virtual disk files from one datastore to another with zero downtime. It uses a mirrored copy mechanism where the source and destination datastores are synchronized before the VM is switched to the destination, ensuring continuous VM availability.

Exam trap

The trap here is confusing vMotion (host migration) with Storage vMotion (datastore migration), as both are live migration technologies but operate on entirely different resources.

How to eliminate wrong answers

Option A is wrong because vMotion migrates a running VM between ESXi hosts, not between datastores; it moves the VM's memory and CPU state, not its storage. Option B is wrong because Distributed Resource Scheduler (DRS) balances compute resources across hosts by recommending or initiating vMotion migrations, but it does not handle storage migrations. Option C is wrong because Storage DRS provides initial placement and ongoing load balancing of VMs across datastores, but it relies on Storage vMotion to perform the actual migration; Storage DRS itself does not execute the migration.

136
MCQhard

A vSphere environment uses vLCM with a desired state model. A host is non-compliant because it has a different firmware version. What is the correct way to remediate?

A.Manually update firmware from vendor
B.Use a baseline to enforce firmware
C.Import a new image with correct firmware
D.Disable vLCM and use Update Manager
AnswerC

vLCM cluster images can include firmware add-ons; importing a new image with the correct firmware and remediating will fix compliance.

Why this answer

Option D is correct because vLCM uses images that include firmware components; importing a new image with the correct firmware will enforce compliance. Other options are either manual or revert to older methods.

137
MCQeasy

An administrator wants to use Storage DRS to balance space usage across datastores. What must be configured?

A.Host affinity rules
B.SIOC
C.Storage DRS automation level
D.Storage policy
AnswerC

The automation level determines how Storage DRS handles load balancing.

Why this answer

The storage DRS automation level (manual, partially automated, fully automated) controls whether migration recommendations are generated or applied automatically. SIOC, policies, and host affinity are not required for space balancing.

138
MCQhard

A vSphere 8 environment uses vLCM. An administrator wants to enable Quick Boot during remediation. What is the prerequisite?

A.ESXi hosts must be version 7.0 or later
B.BIOS must support UEFI
C.Hosts must be in a cluster with DRS enabled
D.vCenter Server must be updated
AnswerA

Quick Boot is available from ESXi 7.0 onwards.

Why this answer

Option C is correct because Quick Boot is supported on ESXi 7.0 and later. vCenter version is not a prerequisite as long as it supports vLCM. DRS and BIOS settings are not directly related.

139
Multi-Selecteasy

An administrator is configuring a vSphere distributed switch. Which TWO are valid uplink teaming policies? (Choose two.)

Select 2 answers
A.Explicit failover order
B.Route based on MAC hash
C.Route based on round robin
D.Route based on physical NIC load
E.Route based on IP hash
AnswersD, E

Valid load balancing policy.

Why this answer

Route based on physical NIC load (option D) is a valid uplink teaming policy in vSphere distributed switches. This policy uses the load metric from the physical NICs to distribute traffic, where the switch selects the uplink with the least current load for outbound traffic, as determined by the vSphere Distributed Switch's load balancing algorithm.

Exam trap

The trap here is that candidates often confuse the valid teaming policies on distributed switches (which include 'Route based on physical NIC load' and 'Route based on IP hash') with those on standard switches (which include 'Route based on MAC hash' and 'Route based on round robin'), leading them to select the wrong options.

140
MCQeasy

A VM configured with 4 vCPUs shows high co-stop time in performance metrics. What does co-stop time indicate and which action should be taken to improve performance?

A.Reduce the number of vCPUs to match workload requirements
B.Add more vCPUs to the VM
C.Enable hyperthreading on the host
D.Increase the VM's memory reservation
AnswerA

Fewer vCPUs reduce co-scheduling demands and can lower co-stop time.

Why this answer

Co-stop time is time when the VM is ready to run but waiting for all vCPUs to be scheduled simultaneously. Reducing the number of vCPUs can alleviate this.

141
MCQeasy

A vSphere administrator wants to restrict direct console access to an ESXi host to authorized administrators only, without interrupting running virtual machines. Which feature should the administrator enable?

A.Lockdown mode
B.Enable DRS
C.Configure a host profile
D.Disable SSH service
AnswerA

Lockdown mode restricts direct console access while allowing vCenter access.

Why this answer

Option A is correct because lockdown mode restricts direct access to the ESXi host via DCUI and SSH, but allows access through vCenter Server while VMs continue to run. Option B is wrong because disabling SSH alone does not restrict DCUI. Option C is wrong because host profiles configure settings but do not enforce access restriction.

Option D is wrong because DRS is for load balancing, not security.

142
MCQhard

An administrator is configuring LACP on a VDS with two uplinks. Which configuration must match between the VDS and the physical switch?

A.LACP mode (active/passive).
B.LACP rate (slow/fast).
C.LACP port key.
D.All of the above.
AnswerD

Port key, mode, and rate must all match.

Why this answer

Option D is correct because for a successful LACP negotiation, the port key, mode (active/passive), and rate (slow/fast) must be consistent on both ends. Option A alone is insufficient. Option B alone is insufficient.

Option C alone is insufficient.

143
MCQhard

Refer to the exhibit. What is the most likely reason the second path is in standby state?

A.The host has not successfully authenticated to the storage on that path.
B.The path is not properly zoned to the storage.
C.The storage array reports that path as non-optimized.
D.The multipathing policy is set to Fixed (VMW_PSP_FIXED).
AnswerC

ALUA arrays report non-optimized paths as standby.

Why this answer

The SATP is ALUA, which uses asymmetric states. 'Standby' indicates a non-optimized path. Zoning issues or authentication errors would result in a dead path, not standby. The PSP is round-robin, so it is not Fixed.

144
MCQhard

Refer to the exhibit. An administrator configures Storage DRS for a datastore cluster. The cluster has datastores with varying performance. Which statement about Storage DRS behavior is correct?

A.Storage DRS will automatically migrate VMs when utilization exceeds 80%.
B.Storage DRS will only balance based on space, ignoring I/O metrics.
C.Storage DRS will balance datastores every 8 hours regardless of thresholds.
D.Storage DRS will generate recommendations but will not perform migrations automatically.
AnswerD

Manual automation means recommendations only.

Why this answer

With manual automation, Storage DRS only generates recommendations and does not automatically migrate VMs. The administrator must review and apply recommendations manually.

145
MCQeasy

Based on the exhibit, if a host in the cluster has a network card that is not on the vSphere Compatibility Guide, what will happen during remediation?

A.The host will automatically update its drivers to become compatible.
B.A warning will be generated but remediation proceeds.
C.The remediation will fail for that host.
D.The host will be skipped with a warning.
AnswerC

Strict enforcement means any hardware not in VCG will cause failure.

Why this answer

Option A is correct because with strict hardware compatibility, vLCM will fail the remediation if any hardware is unsupported. Option B is wrong because strict does not skip hosts. Option C is wrong because no warning, it fails.

Option D is wrong because the image is valid; the issue is hardware.

146
MCQmedium

An administrator needs to allow HTTP traffic from a specific management workstation to an ESXi host while blocking all other inbound traffic. The ESXi firewall uses the default ruleset. What should the administrator do?

A.Open all firewall ports for the management subnet
B.Disable the ESXi firewall and use a network firewall
C.Modify the service console firewall rules
D.Use esxcli network firewall ruleset set to create an allowed IP list for the HTTP ruleset
AnswerD

This allows specific IPs while blocking others.

Why this answer

Option D is correct because the ESXi firewall allows creating allow rules for specific IP addresses via esxcli, which overrides the default deny. Option A is wrong because opening all ports is insecure. Option B is wrong because service console firewall is not used in modern ESXi.

Option C is wrong because disabling firewall is insecure.

147
MCQhard

A vSphere administrator is designing a network for a cluster of ESXi hosts. Each host has four 10GbE uplinks. The cluster will host mission-critical VMs that require maximum throughput and redundancy. The administrator plans to use Network I/O Control (NIOC) and a vSphere Distributed Switch (vDS). Which configuration best ensures consistent network performance for all VMs?

A.Configure a single vDS with all four uplinks, enable NIOC, and set shares and reservations for each traffic type.
B.Configure a single vDS with all four uplinks and enable NetFlow for monitoring.
C.Create two separate vDS, each with two uplinks, and separate VM traffic from VMkernel traffic.
D.Configure a single vDS with all four uplinks and use Route based on IP hash teaming.
AnswerA

NIOC provides minimum bandwidth guarantees and fair sharing.

Why this answer

Option A is correct because NIOC enables per-traffic-type resource management using shares, reservations, and limits, ensuring that mission-critical VMs receive consistent network throughput even under contention. Combining all four uplinks into a single vDS maximizes aggregate bandwidth and provides redundancy through teaming policies, while NIOC prioritizes traffic flows to prevent VMkernel or management traffic from starving VM traffic.

Exam trap

The trap here is that candidates often confuse load-balancing algorithms (like IP hash) with QoS mechanisms, assuming that distributing traffic across uplinks alone guarantees performance, when in fact NIOC's per-traffic-type resource controls are required to enforce consistent throughput for all VMs.

How to eliminate wrong answers

Option B is wrong because NetFlow is a monitoring and traffic analysis tool, not a QoS or performance guarantee mechanism; it does not allocate bandwidth or enforce fairness among traffic types. Option C is wrong because splitting uplinks across two separate vDS reduces the total available bandwidth per vDS and prevents NIOC from managing all traffic centrally, leading to potential underutilization and inconsistent performance. Option D is wrong because Route based on IP hash provides load balancing but does not offer per-traffic-type resource controls like shares and reservations, so it cannot guarantee consistent performance for all VMs under contention.

148
Multi-Selectmedium

Which TWO of the following are valid use cases for vSphere Fault Tolerance (FT)? (Choose two.)

Select 2 answers
A.A VM that has a snapshot for backup purposes.
B.A VM with 4 vCPUs that must be protected from host failure.
C.A VM running a critical application that requires zero downtime in case of host failure.
D.A VM with a physical RDM (Raw Device Mapping) attached.
E.A VM with 16 vCPUs that requires high availability.
AnswersB, C

FT supports up to 8 vCPUs in vSphere 7 and later.

Why this answer

B is correct because vSphere Fault Tolerance (FT) supports VMs with up to 8 vCPUs (vSphere 7.0+) and provides continuous availability by maintaining a secondary VM that mirrors the primary VM's state via vLockstep, ensuring zero downtime in case of host failure. This makes it suitable for protecting a 4-vCPU VM from host failure.

Exam trap

The trap here is that candidates often confuse vSphere FT with vSphere HA, assuming FT can protect any VM regardless of vCPU count or configuration, but FT has strict limits (max 8 vCPUs, no snapshots, no physical RDMs) that are frequently tested in the exam.

149
MCQmedium

An administrator needs to attach a SAN LUN to a VM for a clustered application that requires SCSI-3 persistent reservations. The VM will run on two hosts in a cluster. Which storage option should be used?

A.Create a virtual mode RDM (Raw Device Mapping).
B.Create a physical mode RDM (Raw Device Mapping).
C.Create a thick-provisioned eager zeroed VMDK on VMFS.
D.Create a VVol representing the LUN.
AnswerB

Correct: Physical mode RDM supports SCSI-3 persistent reservations and cluster applications.

Why this answer

Physical RDM (Raw Device Mapping) supports SCSI-3 persistent reservations and allows sharing the LUN between VMs in a cluster. Virtual compatibility mode (virtual RDM) does not support persistent reservations. Option A is incorrect because VMDK on VMFS does not support persistent reservations.

Option B is incorrect because virtual RDM does not support it.

150
MCQeasy

A company's vSphere environment experiences intermittent performance degradation on a critical virtual machine. The VM has 8 vCPUs allocated, and the host has 16 physical cores (2 sockets, 8 cores each). The VM is configured with Hyper-Threading enabled. Which action is most likely to improve performance without increasing resource allocation?

A.Change the VM's CPU affinity to pin it to one socket
B.Enable CPU hot-add for the VM
C.Increase the VM's memory reservation
D.Disable Hyper-Threading on the host
AnswerA

Pinning to one socket ensures all vCPUs run on cores within the same physical CPU package, reducing NUMA cross-socket latency.

Why this answer

Option B is correct because pinning the VM to one socket can reduce NUMA cross-socket latency, improving performance for the 8-vCPU VM. Option A is wrong because disabling Hyper-Threading generally reduces throughput. Option C is wrong as memory reservation does not directly affect CPU performance.

Option D is wrong as CPU hot-add does not improve performance; it allows adding CPUs later.

Page 1

Page 2 of 7

Page 3

All pages