VMware Certified Professional Data Center Virtualization VCP-DCV (VCP-DCV) — Questions 226300

511 questions total · 7pages · All types, answers revealed

Page 3

Page 4 of 7

Page 5
226
MCQmedium

Refer to the exhibit. What type of virtual disk is represented by this descriptor file?

A.Thin provisioned VMDK
B.Thick provisioned eager zeroed VMDK
C.Sparse disk with multiple extents
D.Physical mode RDM
AnswerB

Correct: The descriptor shows a flat.vmdk file with 'vmfs' type, typical of a thick disk.

Why this answer

The descriptor shows createType="vmfs" and a single extent with a "flat.vmdk" file. This is a standard thick virtual disk on VMFS, not an RDM. An RDM would have createType="vmfsRaw" or "vmfsRawDeviceMap" and reference a device.

Option A is incorrect because it is not an RDM. Option C is incorrect because thin would show createType="vmfsThin". Option D is incorrect because there is only one extent.

227
MCQhard

An administrator has configured jumbo frames on a VDS and all physical switches. Virtual machines on different hosts can ping each other but cannot transfer files larger than 1500 bytes. What is the most likely cause?

A.The physical NICs are not configured for jumbo frames.
B.The TCP/IP offload engine is causing fragmentation.
C.The VMkernel adapters are not configured with MTU 9000.
D.The virtual machine's operating system MTU is set to 1500.
AnswerD

The OS MTU must be 9000 for jumbo frames to work.

Why this answer

Option B is correct because the virtual machine's operating system MTU must be set to 9000 to use jumbo frames; otherwise, the OS will fragment packets. Option A is incorrect because VMkernel adapters do not affect VM data traffic. Option C is incorrect because physical NICs are already configured.

Option D is incorrect because TCP offload would not cause this.

228
MCQeasy

A VM is experiencing high CPU ready time. The host has 16 physical cores and 20 vCPUs total across all VMs. Which action is MOST likely to reduce the CPU ready time on the VM?

A.Migrate the VM to another host with the same CPU load.
B.Decrease the number of vCPUs on the VM.
C.Increase the number of vCPUs on the VM.
D.Increase the memory reservation for the VM.
AnswerB

Reducing vCPUs decreases scheduling contention and lowers CPU ready time.

Why this answer

Reducing the number of vCPUs on an over-provisioned VM decreases scheduling contention, lowering CPU ready time. Increasing vCPUs would worsen the issue. Migrating to another host with similar load would not help long-term.

Increasing memory does not directly reduce CPU contention.

229
MCQhard

An organization wants to upgrade ESXi hosts from 7.0 to 8.0 using vLCM. They have a cluster with mixed hardware (different NICs and HBAs). What is the best practice?

A.Create a custom image that includes all necessary drivers and add-ons for the mixed hardware.
B.Use vSphere Update Manager baselines instead of vLCM.
C.Use a single image with the latest ESXi version and no add-ons.
D.Upgrade hosts manually by booting from installation media.
AnswerA

A comprehensive image ensures all hosts can comply.

Why this answer

Option B is correct because vLCM image must include all required components for each hardware type. Option A ignores hardware diversity; Option C uses deprecated baselines; Option D is not a viable method.

230
MCQeasy

A vSphere cluster with DRS enabled is experiencing an imbalance in resource utilization across hosts. DRS is set to 'Manual' mode. What action should the administrator take to resolve the imbalance?

A.Change DRS to 'Fully Automated' mode.
B.Manually migrate VMs using vMotion.
C.Enable HA admission control.
D.Increase the DRS migration threshold.
AnswerB

Manual vMotion moves VMs to balance resources now.

Why this answer

In Manual mode, DRS only provides recommendations; the administrator must manually migrate VMs using vMotion. Option B is correct. Option A would automate future migrations but does not resolve current imbalance.

Option C changes threshold but won't act immediately. Option D is unrelated.

231
MCQmedium

Refer to the exhibit. An administrator attempts to add a host to a vSAN cluster and receives this error. Which step should the administrator take to resolve the issue?

A.Reconfigure the vMotion interface (vmk1) to also carry vSAN traffic.
B.Add the host to the cluster without vSAN and enable vSAN later.
C.Create a new VMkernel adapter (vmk3) on the host's network and enable vSAN traffic.
D.Enable vSAN traffic on the existing vmk0 interface.
AnswerC

vSAN requires its own VMkernel interface with vSAN enabled.

Why this answer

vSAN requires a dedicated VMkernel interface with the vSAN service enabled. The host has management, vMotion, and provisioning interfaces but none with vSAN enabled. The administrator must create a new VMkernel adapter (e.g., vmk3) on a host network and enable the vSAN service on it.

232
MCQhard

A company is upgrading vCenter Server from 7.0 U3 to 8.0 U2. The environment includes a distributed switch with multiple port groups, a vSAN cluster, and VUM (now vLCM). During the pre-upgrade checks, vCenter reports that the upgrade cannot proceed because the 'vSphere Authentication Proxy' service is not compatible. The administrator verifies that the service is running and set to automatic. What is the most likely cause?

A.The ESXi hosts are running an unsupported version of ESXi 7.0.
B.The upgrade installer did not have network access to the ESXi hosts.
C.The vSphere Authentication Proxy service is disabled on the source vCenter Server.
D.The vSphere Authentication Proxy service version is not compatible with vCenter 8.0; it must be upgraded separately.
AnswerD

vSphere Authentication Proxy requires its own upgrade path when moving to 8.0.

Why this answer

Option B is correct: vCenter 8.0 requires the vSphere Authentication Proxy to be deployed as a separate appliance or upgraded to a compatible version. Option A is incorrect because the installer would handle that. Option C is incorrect - OS version could be a factor but not specifically for this service.

Option D is incorrect - the service is running, so not disabled.

233
Drag & Dropmedium

Sequence the steps to configure a DRS rule that keeps two VMs on different hosts.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Access cluster config, add rule, name it, choose type, and assign VMs.

234
MCQmedium

An administrator is planning to scale a vSphere cluster from 8 to 16 hosts. Which consideration is most important for maintaining vSphere HA effectiveness?

A.Assign multiple master hosts to the cluster
B.Increase the number of heartbeat datastores per host
C.Disable admission control to reduce complexity
D.Adjust the slot size for admission control
AnswerB

With more hosts, ensuring hosts have enough heartbeat datastores prevents false isolation detection.

Why this answer

As cluster size increases, the number of heartbeat datastores must be sufficient to ensure isolation detection. Admission control policy and slot size also matter but heartbeat datastores are critical for scaling.

235
MCQeasy

Which setting must be consistent across all hosts in a vMotion migration to ensure that virtual machines maintain optimal performance after migration?

A.Enhanced vMotion Compatibility (EVC) mode.
B.Resource pool shares configuration.
C.Distributed Power Management (DPM) threshold.
D.NUMA node alignment for each VM.
AnswerA

EVC ensures that all hosts present the same CPU feature set to VMs, preventing performance drops after migration.

Why this answer

Option A is correct because Enhanced vMotion Compatibility (EVC) ensures that the CPU features exposed to VMs are consistent across hosts, preventing performance degradation due to feature masking. Option B is incorrect because while NUMA alignment is important, it is not a prerequisite for vMotion. Option C is incorrect because DPM can cause issues but is not directly related to vMotion performance.

Option D is incorrect because resource pools do not affect vMotion compatibility.

236
MCQeasy

An administrator needs to apply a security patch to a vLCM-managed cluster. The patch is available as an ESXi image in the vSphere Lifecycle Manager depot. What is the correct procedure?

A.Create a new desired state image with the patch, validate, and remediate the cluster.
B.Attach a patch baseline to the cluster and remediate.
C.Export the current image, add the patch, and import it to the cluster.
D.Use Quick Boot to apply the patch to each host individually.
AnswerA

vLCM requires updating the desired image and then remediating.

Why this answer

In a vLCM-managed cluster, the correct procedure to apply a security patch is to create a new desired state image that includes the patch from the vSphere Lifecycle Manager depot, validate the image against the cluster's hardware and software compatibility, and then remediate the cluster. This ensures all hosts are updated to the exact same image specification, maintaining consistency and compliance with the desired state.

Exam trap

The trap here is confusing vLCM's image-based management with the legacy baseline-based patching method, leading candidates to incorrectly select attaching a patch baseline (Option B) instead of creating a new desired state image.

How to eliminate wrong answers

Option B is wrong because attaching a patch baseline is a legacy approach used with baseline-based updates, not supported in vLCM-managed clusters which use image-based management. Option C is wrong because exporting the current image, adding the patch, and importing it is not a supported workflow; vLCM requires creating a new desired state image from the depot, not manual image manipulation. Option D is wrong because Quick Boot is a feature to reduce reboot time during remediation, not a method to apply patches individually; vLCM applies updates to all hosts in the cluster via a single remediation operation.

237
MCQhard

A financial institution operates a vSphere 7 environment with 1,000 VMs, many of which process sensitive data. The security team mandates VM encryption at rest using a Key Management Server (KMS) cluster. The administrator has configured the KMS cluster as a key provider in vCenter and enabled encryption on a test VM, which works correctly. However, after adding a new ESXi host to the cluster and attempting to power on a previously encrypted VM, the VM fails to start with the error: 'Key provider unavailable for host <hostname>.' The new host is correctly licensed for encryption and has network connectivity to the KMS. The administrator verifies that the KMS cluster is operational and that other hosts can power on encrypted VMs. What is the most likely cause of this issue?

A.The ESXi host has not been added to the Key Provider's trust list or KMS configuration.
B.The ESXi host's firewall is blocking outbound connections to the KMS cluster.
C.The ESXi host does not have the required encryption feature license.
D.The VM's encryption policy is set to 'vSphere Native Key Provider' instead of 'KMS'.
AnswerA

Hosts must be trusted by the KMS to retrieve keys; a newly added host is not automatically trusted.

Why this answer

Option B is correct because when a new ESXi host is added, it must be explicitly added to the Key Provider's trust list (or the KMS must be configured to trust the host's certificate). Without this, the host cannot retrieve keys. Option A is wrong because the host has network connectivity to the KMS as verified.

Option C is wrong because the error is about key provider availability, not policy. Option D is wrong because the host is correctly licensed.

238
MCQmedium

Refer to the exhibit. Based on the esxtop output, what is the likely cause of performance degradation for VM 'AppSrv'?

A.CPU contention
B.Network congestion
C.Memory contention
D.Storage I/O latency
AnswerC

%MLMTD of 8.5 indicates memory resource contention.

Why this answer

High %MLMTD (memory load management) indicates memory contention. The VM is waiting for memory resources to be reclaimed, which degrades performance. Option B is correct.

CPU metrics are low, so not A. No storage or network metrics shown, so C and D are not indicated.

239
Multi-Selecteasy

Which TWO actions are recommended to secure the vCenter Server Appliance (VCSA)?

Select 2 answers
A.Enable the auto-lock feature for the admin account
B.Change the default 'root' password
C.Disable SSH access
D.Configure the password policy for local accounts
E.Enable FIPS 140-2 compliance mode
AnswersB, C

Default passwords should be changed.

Why this answer

Option B is correct because changing the default 'root' password is a fundamental security best practice for the VCSA. The default password is well-known and documented, leaving the appliance vulnerable to unauthorized access if not changed immediately after deployment. This action directly mitigates the risk of brute-force or credential-based attacks against the root account.

Exam trap

The trap here is that candidates often confuse 'recommended security actions' with 'all possible security configurations,' leading them to select options like enabling FIPS or configuring password policies, which are not the two primary actions emphasized in VMware's official security hardening guidance for the VCSA.

240
MCQhard

A vSphere administrator is troubleshooting a failed remediation attempt on an ESXi host in a cluster managed by vLCM. The image compliance status shows 'Non-Compliant'. The host is in maintenance mode. The administrator sees the following error: 'Failed to apply the software specification. Reason: The host's firmware version is incompatible with the selected ESXi image.' What is the most likely cause?

A.The hardware support manager (HSM) is not configured or the firmware baseline is outdated.
B.The host must be taken out of maintenance mode for the remediation to proceed.
C.The ESXi 8.0 image has deprecated certain drivers that are still in use.
D.The vLCM image is corrupted and needs to be re-imported.
AnswerA

vLCM uses HSM to validate firmware compatibility; mismatch causes failure.

Why this answer

The error indicates that the host's firmware version is incompatible with the selected ESXi image. In vLCM, hardware compatibility is managed by the Hardware Support Manager (HSM), which provides firmware baselines. If the HSM is not configured or the firmware baseline is outdated, vLCM cannot validate or update the firmware to match the ESXi image requirements, leading to a 'Non-Compliant' status and remediation failure.

This is the most likely cause because the error directly points to firmware incompatibility, not driver issues or image corruption.

Exam trap

The trap here is that candidates may confuse firmware incompatibility with driver deprecation (Option C) or assume the host must be in maintenance mode (Option B), but the error message explicitly points to firmware version mismatch, which is managed by the HSM.

How to eliminate wrong answers

Option B is wrong because the host is already in maintenance mode, which is a prerequisite for remediation; taking it out of maintenance mode would not resolve the firmware incompatibility error. Option C is wrong because the error specifically mentions firmware version incompatibility, not deprecated drivers; while driver deprecation could cause issues, it would typically result in a different error message about missing or unsupported drivers. Option D is wrong because a corrupted vLCM image would likely produce a different error, such as 'Image import failed' or 'Invalid image', not a firmware version incompatibility error.

241
Matchingmedium

Match each vSphere error/message to its meaning.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

VM is ready to run but waiting for CPU scheduling

VM waiting for memory pages to be swapped in

VM memory reclaimed by vmmemctl driver

Balances storage I/O and space across datastores

All Paths Down - no storage connectivity

Why these pairings

Common vSphere performance indicators and error conditions.

242
MCQeasy

A vSphere administrator is planning the storage configuration for a new cluster of 10 hosts running VDI workloads. Each VM requires approximately 100 IOPS for typical operation. Which storage design best balances performance and scalability?

A.Implement vSAN using HDDs with a flash cache tier.
B.Deploy a centralized all-flash FC SAN with multiple paths.
C.Configure each host with local NVMe or SSD drives and use vSphere Local Storage.
D.Use a single NFS datastore on a large spinning-disk array.
AnswerC

Local flash storage provides high IOPS per host and scales with hosts.

Why this answer

Option C is correct because VDI workloads are highly I/O-intensive and latency-sensitive, and local NVMe or SSD drives provide the lowest possible latency by eliminating network and SAN controller overhead. vSphere Local Storage allows each host to independently serve its VMs, which scales linearly with the number of hosts and avoids the contention and cost of a shared storage fabric. This design balances performance and scalability for a 10-host cluster where each VM requires only 100 IOPS, as local flash easily meets that demand without the complexity of a SAN or vSAN.

Exam trap

The trap here is that candidates often assume VDI requires shared storage for features like vMotion or HA, but vSphere Local Storage with host-based replication or vSAN can provide those capabilities, and for pure performance/scalability, local flash is superior to any shared HDD or SAN design.

How to eliminate wrong answers

Option A is wrong because vSAN with HDDs and a flash cache tier introduces write latency and cache-miss penalties that degrade VDI performance, and the flash cache is often insufficient for bursty VDI workloads, leading to unpredictable IOPS. Option B is wrong because a centralized all-flash FC SAN, while fast, creates a single point of contention and a costly, complex fabric that does not scale linearly with host count; for only 100 IOPS per VM, the overhead of FC zoning and multipathing is unnecessary. Option D is wrong because a single NFS datastore on a large spinning-disk array creates a severe I/O bottleneck, as HDDs cannot sustain the random I/O patterns of VDI, and the single datastore becomes a failure domain and performance chokepoint.

243
Multi-Selectmedium

Which THREE prerequisites are required to implement vLCM image-based management? (Choose three.)

Select 3 answers
A.vSAN enabled
B.ESXi hosts version 7.0 or later
C.vCenter Server version 7.0 or later
D.vSphere DRS enabled
E.vSphere Lifecycle Manager enabled
AnswersB, C, E

Image-based management requires ESXi 7.0 or later.

Why this answer

Options A, B, and C are correct. vCenter Server 7.0 or later supports vLCM, ESXi 7.0 or later is required for the image-based feature, and vSphere Lifecycle Manager must be enabled. Option D is incorrect because DRS is not a prerequisite. Option E is incorrect because vSAN is optional.

244
Multi-Selecteasy

Which TWO statements are true regarding vMotion requirements?

Select 2 answers
A.Both source and destination ESXi hosts must be licensed for vMotion.
B.The VM's virtual disks must be stored on shared storage.
C.Both hosts must be in the same cluster.
D.The VM must be powered on.
E.Both hosts must be in the same vCenter Server instance.
AnswersA, D

Correct: vMotion is a licensed feature.

Why this answer

vMotion requires both source and destination hosts to be licensed for vMotion, and the VM must be powered on.

245
MCQmedium

A company experiences high latency on a VM running a critical database. The storage is a VMFS datastore on a SAN. The administrator notices that other VMs on the same datastore are idle. What should the administrator configure to ensure the database VM gets sufficient storage I/O resources?

A.Configure Storage I/O Control and set the database VM's shares to High.
B.Set storage I/O limits on all other VMs to 100 IOPS.
C.Configure Storage I/O Control and set a latency threshold of 5 ms.
D.Use Storage DRS to migrate idle VMs to another datastore.
AnswerA

Correct: SIOC with high shares gives the database VM priority during congestion.

Why this answer

Storage I/O Control (SIOC) enables dynamic sharing of storage I/O resources among VMs on a datastore. By setting a higher share value for the database VM, it will get priority when congestion occurs. Option B is wrong because shares do not set a limit; they are relative weighting.

Option C is wrong because limiting all other VMs would be inefficient and may cause starvation. Option D is wrong because DRS is for compute load balancing, not storage I/O.

246
Multi-Selecteasy

Which TWO actions are required to enable vSphere VM encryption? (Choose two.)

Select 2 answers
A.Configure a Key Management Server (KMS) or native key provider
B.Enable SSH on each ESXi host to manage encryption keys
C.Disable vMotion on the cluster
D.Assign an encryption storage policy to the virtual machine or enable encryption on the VM
E.Place the ESXi hosts in lockdown mode
AnswersA, D

A key provider is necessary to store and manage encryption keys.

Why this answer

Options B and D are correct. A key provider (KMS) must be configured and associated with the vCenter Server, and then encryption must be enabled on the VM (via storage policy or directly). Option A is wrong because encryption does not require disabling vMotion.

Option C is wrong because SSH access is not required. Option E is wrong because host lockdown mode is unrelated.

247
Multi-Selecteasy

Which two are benefits of using vLCM over legacy baseline-based patching? (Choose two.)

Select 2 answers
A.Support for heterogeneous cluster configurations.
B.No requirement to put hosts in maintenance mode.
C.Real-time compliance monitoring of all hosts.
D.Built-in integration with vRealize Automation.
E.Single image management for cluster consistency.
AnswersC, E

vLCM continuously checks compliance against the cluster image.

Why this answer

Options B and C are correct because vLCM uses a single cluster image for consistency and provides real-time compliance monitoring. Option A is wrong because vLCM is designed for homogeneous clusters, not heterogeneous. Option D is wrong because maintenance mode is still required.

Option E is wrong because integration with vRealize is not a core benefit specific to vLCM.

248
Multi-Selecteasy

Which TWO of the following are required for vSphere Storage DRS to function?

Select 2 answers
A.VM storage policies defined
B.VASA provider registered
C.vMotion enabled on the hosts
D.Multiple datastores in a datastore cluster
E.SIOC enabled on each datastore
AnswersC, D

vMotion is used to move VMs between datastores.

Why this answer

Storage DRS requires multiple datastores in a datastore cluster and vMotion to migrate VMs between them. SIOC, VASA, and storage policies are optional.

249
MCQmedium

A vSphere administrator is observing that a VM with a 2 TB thin-provisioned virtual disk on a VMFS6 datastore is reporting 1.5 TB of used space inside the guest OS, but the datastore shows only 800 GB consumed by the VM. What is the most likely cause of this discrepancy?

A.The virtual disk needs to be defragmented to reclaim space.
B.The VM has a snapshot that is consolidating, reducing storage usage.
C.The virtual disk is thick-provisioned lazy zeroed, which delays allocation.
D.The virtual disk is thin-provisioned, so only the actual written blocks consume space on the datastore.
AnswerD

Thin provisioning allocates space as data is written.

Why this answer

The discrepancy is because the virtual disk is thin-provisioned. Thin provisioning means the virtual disk file (VMDK) on the datastore only occupies space for blocks that have been written to by the guest OS, not the full allocated size. The guest OS reports 1.5 TB of used space because it sees the logical file system usage, but the datastore only shows 800 GB consumed because that is the actual physical storage used by the written blocks.

Exam trap

The trap here is that candidates may confuse guest OS reported usage with datastore consumption, not realizing that thin provisioning only allocates storage for blocks actually written, leading them to incorrectly suspect snapshots or defragmentation issues.

How to eliminate wrong answers

Option A is wrong because defragmentation reorganizes data within the guest OS but does not reclaim space on the datastore for thin-provisioned disks; it may even increase fragmentation of the underlying VMDK. Option B is wrong because a consolidating snapshot would temporarily increase storage usage, not decrease it, and the scenario describes a lower datastore consumption, not higher. Option C is wrong because a thick-provisioned lazy zeroed disk allocates all space at creation (2 TB) and does not show only 800 GB consumed; it would show the full 2 TB allocated on the datastore regardless of guest usage.

250
MCQeasy

A vSphere administrator notices that a cluster managed by vSphere Lifecycle Manager image has drifted from the desired state. The administrator wants to correct the drift. What is the recommended action?

A.Run a compliance check and remediate any non-compliant hosts.
B.Remove the cluster image and reattach baselines.
C.Rebuild the image from scratch and reapply.
D.Use vSphere Lifecycle Manager to remediate the cluster.
AnswerD

Remediation applies the desired state image to correct drift.

Why this answer

Option D is correct because running a compliance check and remediating non-compliant hosts will restore the desired state. Option A is wrong because rebuilding the image from scratch is unnecessary. Option B is wrong because removing the image would lose management.

Option C is wrong because applying baselines is not compatible with image-based management.

251
MCQmedium

A company has a vSphere 7 cluster with 6 hosts, each with 2 sockets (16 cores per socket, hyperthreading enabled) and 1 TB RAM. The cluster uses DRS with a migration threshold of 4 (moderate). A single VM runs a latency-sensitive trading platform with 12 vCPUs and 256 GB RAM. During market hours, the administrator notices that the VM's CPU ready time spikes to 15%, and the application reports high response times. The administrator runs esxtop on the host and sees the following: %RDY for the VM is 15%, %CSTP is low, and the host's overall CPU utilization is 60%. The VM is on a host that also has 5 other VMs with smaller resource footprints. The administrator wants to minimize disruption while improving performance. Which action should the administrator take first?

A.Manually migrate the VM to a host with fewer running VMs.
B.Increase the VM's CPU reservations to guarantee CPU cycles.
C.Reduce the VM's vCPU count from 12 to 8.
D.Configure the VM's NUMA node preference to use a single NUMA node.
AnswerD

This reduces remote memory access, which is a common cause of high ready time in large VMs.

Why this answer

Trading VMs with high vCPU counts often benefit from NUMA-awareness. The host has 2 NUMA nodes (one per socket). With 12 vCPUs, the VM likely spans both nodes, causing remote memory access.

By setting the VM to prefer one NUMA node (or limiting vCPUs to 8), performance improves. Option D is the most effective immediate step. Option A may cause excessive vMotion.

Option B might not address the root cause. Option C would reduce parallelism and might not help if the application is multithreaded.

252
MCQeasy

A company with a small vSphere environment has a single vCenter Server managing three ESXi hosts. The hosts are running ESXi 6.7 and the company wants to upgrade to ESXi 7.0. The vCenter Server is version 6.7 and runs on Windows. The administrator plans to use vSphere Update Manager (VUM) for the upgrade. The administrator attaches a baseline of ESXi 7.0 to the cluster and starts remediation. The remediation fails on all hosts with an error stating that the upgrade cannot be performed from a host that is part of a cluster. What is the likely issue?

A.The ESXi hosts are part of a cluster; VUM cannot remediate clustered hosts.
B.vSphere DRS is not enabled on the cluster.
C.The vCenter Server must be upgraded to version 7.0 before upgrading the ESXi hosts.
D.The hosts are not in maintenance mode; put them in maintenance mode and retry.
AnswerC

vCenter must be at or above the target ESXi version to manage upgrades.

Why this answer

Option D is correct - vCenter 6.7 cannot upgrade ESXi hosts to 7.0; vCenter must be upgraded first. Option A is incorrect - host is in cluster but that is fine. Option B is incorrect - if hosts are in maintenance mode, upgrade would work.

Option C is incorrect - DRS enabled or not does not prevent upgrade.

253
MCQhard

A company has a vSphere cluster with 8 ESXi 7.0 U3 hosts managed by vCenter Server 7.0 U3. The administrator wants to upgrade the cluster to ESXi 8.0 U1 using vLCM. The administrator has already upgraded the vCenter Server to 8.0 U1 and enabled vLCM on the cluster. The desired image is set to ESXi 8.0 U1 with no additional VIBs. However, when attempting to remediate, the first host fails with error: 'Failed to remediate host: The host does not support the selected image'. The other hosts are still pending. The administrator checks the host hardware and confirms it is on the HCL for ESXi 8.0. What is the most likely cause?

A.The host firmware is not compatible with the desired image and HSM is not configured.
B.The host was not put into maintenance mode before remediation.
C.The host was already upgraded to ESXi 8.0 U1, causing a conflict.
D.The vCenter Server version is not compatible with the host.
AnswerA

If firmware is not compatible and no HSM is configured, vLCM may prevent remediation.

Why this answer

Option A is correct because the error 'The host does not support the selected image' typically indicates a hardware compatibility issue that vLCM cannot resolve without Hardware Support Manager (HSM) configured. Even if the host is on the HCL, the firmware version may not meet the requirements for ESXi 8.0 U1, and vLCM uses HSM to validate and remediate firmware as part of the image compliance process. Without HSM, vLCM cannot ensure the firmware is compatible, leading to the remediation failure.

Exam trap

The trap here is that candidates assume HCL compliance alone guarantees compatibility, but vLCM requires HSM to enforce firmware-level compliance, and the error message is often misinterpreted as a general hardware or version mismatch.

How to eliminate wrong answers

Option B is wrong because vLCM automatically places hosts into maintenance mode during remediation if not already in that state, so this would not cause the specific error. Option C is wrong because if the host were already upgraded to ESXi 8.0 U1, vLCM would detect compliance and not attempt remediation, or would show a different error; the error message explicitly states the host does not support the image, not a version conflict. Option D is wrong because the vCenter Server was already upgraded to 8.0 U1, which is compatible with ESXi 8.0 U1 hosts; the error is host-specific, not vCenter-related.

254
MCQmedium

An organization is deploying vCenter Server in a DMZ. Which security best practice should the administrator implement to protect the vCenter Server appliance?

A.Join the vCenter Server to the corporate Active Directory domain
B.Enable SSH for remote administration
C.Enable FIPS 140-2 mode on the vCenter Server appliance
D.Delete the root user account
AnswerC

FIPS mode enforces strong cryptography.

Why this answer

Option D is correct because enabling FIPS mode on the appliance ensures cryptographic compliance and strengthens security. Option A is wrong because joining Active Directory may introduce attack surface. Option B is wrong because vCenter does not use SSH by default for management.

Option C is wrong because vCenter does not use root account in the same way; the appliance uses the 'root' user but best practice is to limit its use, not delete.

255
MCQmedium

An administrator is troubleshooting a VM that is running slowly. The VM has 4 vCPUs and 16 GB of memory. The host has 2 physical CPUs with 10 cores each, hyper-threading enabled. The administrator runs esxtop and sees that %RDY for the VM is consistently above 15%. Which action would most likely reduce the ready time?

A.Increase the CPU shares for the VM.
B.Increase the number of vCPUs to 8 to improve parallelism.
C.Increase the memory allocation to 32 GB.
D.Reduce the number of vCPUs to 2 if the workload does not require 4.
AnswerD

Correct: Fewer vCPUs reduce the need for simultaneous scheduling slots.

Why this answer

A %RDY value consistently above 15% indicates the VM is ready to run but is waiting for CPU scheduling time on the host. With 4 vCPUs on a host that has 20 logical CPUs (2 sockets × 10 cores × 2 threads), the VM is likely over-provisioned relative to its workload needs, causing co-scheduling contention. Reducing the number of vCPUs to 2 decreases the co-scheduling demands and reduces ready time, as the VM will require fewer physical CPUs to be available simultaneously.

Exam trap

The trap here is that candidates often assume adding more vCPUs will improve performance, but in reality, over-provisioning vCPUs increases co-scheduling overhead and ready time, making reduction the correct fix.

How to eliminate wrong answers

Option A is wrong because increasing CPU shares only affects relative priority during contention, not the underlying scheduling contention caused by too many vCPUs; it does not reduce %RDY. Option B is wrong because increasing vCPUs to 8 would worsen co-scheduling overhead and likely increase %RDY, not reduce it. Option C is wrong because memory allocation does not directly affect CPU ready time; %RDY is a CPU scheduling metric, not a memory metric.

256
MCQmedium

A vSphere administrator is troubleshooting connectivity issues for a virtual machine on a standard switch. The VM is configured with VLAN 100, but cannot ping the default gateway. The VMkernel port on the host is on VLAN 200. The physical switch port connected to the host is configured as a trunk port allowing VLANs 100 and 200. Which action should the administrator take to resolve the issue?

A.Enable promiscuous mode on the VM port group.
B.Change the physical switch port to access mode on VLAN 100.
C.Ensure the VM port group is set to VLAN 100.
D.Set the VM port group VLAN to 4095.
AnswerC

The VM port group must match the VM's VLAN.

Why this answer

The VM is configured with VLAN 100, and the physical switch trunk port already allows VLAN 100 and 200. The VMkernel port on VLAN 200 is working, so the issue is that the VM port group must be explicitly set to VLAN 100 to tag egress frames with VLAN 100 and to accept only VLAN 100-tagged frames on ingress. Option C ensures the standard switch port group applies the correct VLAN ID, matching the physical switch trunk configuration.

Exam trap

The trap here is that candidates often confuse the VM port group VLAN setting with the VMkernel port VLAN, or think that a trunk port on the physical switch automatically passes all VLANs to the VM without requiring the port group to be set to a specific VLAN ID.

How to eliminate wrong answers

Option A is wrong because enabling promiscuous mode on the VM port group allows the VM to see all traffic on the switch, but it does not affect VLAN tagging or connectivity to the default gateway; it is a security setting unrelated to VLAN mismatch. Option B is wrong because changing the physical switch port to access mode on VLAN 100 would strip VLAN tags and break the VMkernel port's connectivity on VLAN 200, which is required for management and other functions; the trunk port is correctly configured. Option D is wrong because setting the VM port group VLAN to 4095 enables VLAN trunking to the VM (allowing the VM to handle its own VLAN tags), but the VM is not configured to tag frames internally; this would cause the VM to send untagged frames that the physical switch would drop or misclassify.

257
Multi-Selecthard

A company is implementing vSphere with Tanzu for containerized workloads. To secure the workload management plane, which THREE security features should be configured? (Choose three.)

Select 3 answers
A.Pod Security Policies
B.vCenter Single Sign-On
C.Content Library
D.vSphere Native Key Provider
E.Network Policies
AnswersA, D, E

Enforces security standards for pods.

Why this answer

Options A, B, and C are correct. Pod Security Policies enforce security standards for pods. vSphere Native Key Provider enables encryption for Kubernetes objects. Network Policies control traffic between pods.

Option D is incorrect because vCenter SSO is already in place for authentication, not a new feature. Option E is incorrect because Content Library is for content management, not security.

258
Multi-Selectmedium

Which two prerequisites must be met before enabling vLCM on a vSphere cluster? (Choose two.)

Select 2 answers
A.VMware Tools must be installed on all VMs.
B.vSAN must be enabled on the cluster.
C.vCenter Server must be version 7.0 or later.
D.NSX must be installed and configured.
E.ESXi hosts must be version 7.0 or later.
AnswersC, E

vLCM was introduced in vSphere 7.0.

Why this answer

Option A and D are correct because vLCM requires vCenter Server 7.0 or later and ESXi hosts 7.0 or later. Options B, C, and E are not prerequisites for vLCM functionality.

259
MCQhard

A vSphere environment uses Active Directory for authentication. The administrator notices that users from a specific AD group cannot log in to the vCenter Server, although other AD users can. The group is added to vCenter Server with the correct permissions. What is the most likely cause?

A.The users are not members of the vCenter Single Sign-On domain
B.The user accounts have expired passwords
C.The group is nested within another group
D.The domain of the group is not configured as an identity source in vCenter Single Sign-On
AnswerD

Without the identity source, authentication fails.

Why this answer

The most likely cause is that the domain of the group is not configured as an identity source in vCenter Single Sign-On. Even if the group is added with correct permissions in vCenter Server, vCenter SSO must be able to authenticate users against the domain. Without the domain listed as an identity source, vCenter cannot validate the credentials of users from that group, causing authentication failures for all users in that domain.

Exam trap

The trap here is that candidates often assume that adding a group to vCenter permissions is sufficient for authentication, overlooking the prerequisite that the group's domain must first be registered as an identity source in vCenter Single Sign-On.

How to eliminate wrong answers

Option A is wrong because vCenter Single Sign-On domains are not the same as Active Directory domains; users are not members of the SSO domain unless they are explicitly created there, and the question states the users are from an AD group, meaning they are AD users, not SSO domain users. Option B is wrong because expired passwords would affect individual users, not an entire group, and the symptom is that all users from the specific group cannot log in, which points to a domain-level issue rather than individual password expiration. Option C is wrong because nested groups are fully supported in Active Directory and vCenter Server; if the group is nested within another group, the permissions would still apply as long as the parent group has the correct permissions, and this would not cause a complete authentication failure for all users in the group.

260
MCQeasy

An ESXi host is connected to an iSCSI storage array using software iSCSI initiator. The administrator has configured two NICs for iSCSI traffic. During setup, the administrator selects 'Round Robin' as the path policy for the storage device. What is the benefit of this path policy?

A.It uses a single path until failure, then switches to another
B.It minimizes latency by always using the path with lowest latency
C.It load balances I/O across all active paths
D.It provides the highest performance for all workloads
AnswerC

Round Robin alternates I/O requests among paths.

Why this answer

Round Robin policy distributes I/O across all active paths, improving load balancing. Option A is correct. Option B (poor) is false.

Option C (fixed) is different. Option D (MRU) is not load balancing.

261
MCQmedium

An administrator sees the above output from a vLCM pre-check prior to remediation. The administrator wants to remediate all hosts in the cluster with the image. What should the administrator do first?

A.Remove the incompatible host from the cluster.
B.Change the image firmware requirement to false.
C.Add the required network card driver component to the image.
D.Reboot the host esx-02 to apply a firmware update.
AnswerC

Adding the driver to the image will make the host compatible.

Why this answer

Option B is correct because the host is incompatible due to a missing driver. Adding the required driver component to the image resolves the incompatibility. Option A is wrong because a reboot alone won't add the driver.

Option C is wrong because removing the host is not necessary. Option D is wrong because the firmware requirement is not the issue.

262
Multi-Selecthard

Which THREE actions can be performed on a VMFS datastore without unmounting it or putting the ESXi host into maintenance mode?

Select 3 answers
A.Remove the datastore from the host's inventory.
B.Upgrade the datastore from VMFS5 to VMFS6.
C.Add a new extent to the datastore from a different LUN.
D.Increase the size of the datastore by expanding an existing extent.
E.Rename the datastore.
AnswersA, D, E

Removing from inventory is possible if no VMs are registered on it.

Why this answer

Option A is correct because removing a datastore from the host's inventory simply detaches the datastore object from the ESXi host's configuration without affecting the underlying LUN or requiring the host to enter maintenance mode. This operation only modifies the host's metadata, not the storage device itself, so it can be performed while VMs are running on other datastores.

Exam trap

The trap here is that candidates often assume any storage-level operation requires maintenance mode or unmounting, but VMware specifically allows certain non-disruptive metadata changes like removal from inventory and renaming while the datastore remains fully accessible to running VMs.

263
MCQeasy

An administrator needs to create a datastore cluster for a set of VMs that require high availability. The VMs should be automatically balanced across datastores based on I/O latency. Which feature must be enabled on the datastore cluster?

A.Storage I/O Control (SIOC) on each datastore.
B.vSphere HA for the datastore cluster.
C.Storage DRS without I/O metric, using space only.
D.Storage DRS with I/O metric enabled.
AnswerD

Correct: Storage DRS with I/O metric can balance VMs based on storage I/O latency.

Why this answer

Storage DRS with I/O metric enabled allows automatic balancing based on I/O latency. Option A is incorrect because SIOC is per-datastore, not for the cluster. Option C is incorrect because vSphere HA is for host failures, not storage balancing.

Option D is incorrect because Storage DRS can be enabled without SIOC, but I/O balancing requires the I/O metric.

264
MCQhard

A vSphere administrator manages a cluster of 50 ESXi hosts using vLCM with image-based management. The cluster includes hosts from two different hardware vendors. The administrator needs to ensure firmware updates are consistently applied across all hosts. What is the best practice for this scenario?

A.Use baseline groups to manage firmware separately.
B.Create a single cluster image that includes firmware for both vendors.
C.Create separate cluster images for each hardware vendor and apply to respective hosts.
D.Manually update firmware using vendor tools, then use vLCM for ESXi updates.
AnswerC

vLCM supports multiple images; each hardware vendor needs its own image with correct firmware.

Why this answer

Option D is correct because different hardware vendors require different firmware; separate cluster images per hardware type ensure correct firmware is applied. Option A is wrong because a single image cannot handle multiple firmware sets. Option B is wrong because baseline groups are deprecated.

Option C is wrong because manual firmware updates are not standardized.

265
MCQhard

A vSphere administrator is preparing for a PCI DSS audit. The auditor requires that all virtual machine disks be encrypted at rest. The environment uses vSAN with storage policies. Which storage policy-based management (SPBM) rule should be applied to ensure encryption?

A.Set the rule 'EncryptionEnabled' to 'True'.
B.Set the rule 'SPBM.Encryption' to 'Enabled'.
C.Set the rule 'VSAN.encryption' to 'Required'.
D.Set the rule 'VSAN.encryption' to 'Yes'.
AnswerD

This is the correct SPBM rule to enable vSAN encryption for a VM storage policy.

Why this answer

Option A is correct. vSAN storage policies include a rule for encryption; setting it to 'Yes' ensures all VMs using that policy are encrypted. Option B is incorrect because 'SPBM.Encryption' is not a valid rule. Option C is incorrect because 'EncryptionEnabled' is not a standard rule.

Option D is incorrect because the rule must be set to 'Yes' to enable encryption.

266
MCQmedium

A vSphere administrator is troubleshooting a VM that shows high 'CPU ready' time in vCenter performance charts. The host has 32 logical CPUs (16 cores with HT). Which tool should be used to identify which other VMs are contending for CPU resources?

A.vRealize Operations Manager
B.Resxtop with CPU view
C.Esxtop with CPU world view
D.vCenter Resource Allocation chart
AnswerC

Esxtop CPU world view lists all worlds (VMs, processes) with their ready time, allowing identification of CPU contention sources.

Why this answer

Option D is correct because esxtop with the CPU world view shows per-vCPU ready time and which worlds are consuming CPU. Option A is wrong; vCenter charts show aggregate VM ready time but not per-world contention. Option B is wrong; resxtop is remote esxtop, but 'CPU view' refers to the summary view; the CPU world view is more detailed.

Option C is wrong; vROps can show trends but not real-time per-world details.

267
MCQhard

During a period of high network contention, management traffic is starved while NFS traffic gets the most bandwidth. Which configuration change would best address the issue?

A.Increase management shares to 100.
B.Increase the NFS limit to 1000 Mbps.
C.Set a reservation for management traffic.
D.Enable traffic shaping on the management port group.
E.Remove the reservation from vMotion.
AnswerC

Reservation guarantees minimum bandwidth for management.

Why this answer

Option B is correct because setting a reservation for management traffic guarantees a minimum bandwidth. Option A increases shares but does not guarantee. Option C configures shaping on the port group, not NIOC.

Option D increases the NFS limit, which does not help management. Option E removes vMotion reservation, which may free bandwidth but does not guarantee management.

268
MCQeasy

An administrator needs to upgrade the ESXi hosts in a cluster to version 7.0 U3. The administrator uses vSphere Lifecycle Manager (vLCM) with a cluster image. After staging the image on one host, the administrator attempts to remediate that host but gets an error that the host is not compliant. Which is the most likely reason?

A.The host is not in maintenance mode
B.The ESXi version difference between the image and the host is too large
C.The host does not have the required firmware version
D.The vCenter Server service needs to be restarted
AnswerA

Hosts must be in maintenance mode for remediation using cluster images.

Why this answer

Option A is correct because vLCM requires hosts to be in an acceptable state (e.g., in maintenance mode, connected) for remediation. Option B is incorrect because vLCM does not require vCenter Server reboot. Option C is incorrect because ESXi 7.0 U2 to U3 is supported.

Option D is incorrect because vLCM manages firmware through vendor add-ons, but not having firmware does not cause non-compliance; it depends on the image specifications.

269
Multi-Selecthard

Which three are common causes for hosts in a vLCM-managed cluster to show non-compliant status? (Choose three.)

Select 3 answers
A.The cluster image has been updated but hosts have not been remediated.
B.A legacy baseline is attached to the host.
C.The host is not in maintenance mode.
D.The host's software image has drifted from the cluster image.
E.Network connectivity to the depot is intermittent, causing partial downloads.
AnswersA, D, E

If the image changes, hosts become non-compliant until remediated.

Why this answer

Options A, D, and E are correct because vLCM checks compliance against the cluster image; differences in image, network issues, or drift can cause non-compliance. Options B and C are not common causes; baselines are not used, and maintenance mode is not a compliance factor.

270
MCQmedium

A VM with a large memory footprint is experiencing high swap rates. The host has free memory but the swap rate is still high. What is the most likely cause?

A.The VM's virtual machine swap file is on a slow datastore.
B.The VM's memory limit is set too low.
C.The host is using software iSCSI causing high latency.
D.The VM's memory reservation is set too high.
AnswerB

A low memory limit restricts the VM's memory usage, causing the guest OS to swap.

Why this answer

If the VM's memory limit is set lower than its active memory, the guest OS may be forced to swap even if host memory is available. Option B is correct. Option A (high reservation) would not cause swapping.

Option C is unrelated to memory swapping. Option D involves the swap file location but the host has free memory, so swapping should not occur.

271
Multi-Selecteasy

An administrator is troubleshooting performance issues on a vSphere cluster. Which TWO metrics should be monitored to identify CPU ready time contention?

Select 2 answers
A.Disk Kernel Latency
B.Memory Swap In Rate
C.Co-Stop
D.Network Packet Drop Rate
E.%RDY (CPU Ready)
AnswersC, E

Measures time vCPUs are co-scheduled but waiting due to HT.

Why this answer

CPU ready time contention occurs when a virtual machine is ready to execute instructions but the ESXi host's CPU scheduler cannot immediately allocate physical CPU cycles. The %RDY metric directly measures the percentage of time a VM is waiting to be scheduled on a physical CPU, while Co-Stop specifically tracks time lost when vCPUs in a single VM are forcibly co-scheduled and then descheduled due to contention on the same physical core. Both metrics are primary indicators of CPU scheduling pressure.

Exam trap

The trap here is that candidates confuse CPU ready time with memory or storage metrics, especially since high CPU ready time can manifest as general VM slowness, leading them to incorrectly select Disk Kernel Latency or Memory Swap In Rate instead of the correct CPU-specific counters.

272
MCQmedium

An organization is upgrading from vSphere 7.0 Update 3 to vSphere 8.0. The current environment uses legacy baselines for patching. They want to move to vLCM. What must the administrator do to enable vLCM for the existing clusters?

A.Upgrade all ESXi hosts to vSphere 8 before enabling vLCM.
B.Create a new cluster and migrate hosts to it.
C.Remove all legacy baseline attachments from the cluster before enabling vLCM.
D.Enable vLCM on the cluster directly; it is backward compatible.
AnswerC

vLCM requires that no legacy baselines are attached to the cluster.

Why this answer

Option D is correct because vLCM cannot be enabled if legacy baselines are attached; they must be removed first. Option A is wrong because vCenter upgrade is required but vLCM can be used after. Option B is wrong because vLCM is supported in vSphere 8 but requires baseline removal.

Option C is wrong because vLCM can be configured on existing clusters.

273
MCQeasy

What is the default block size of a VMFS5 datastore?

A.1 MB
B.8 MB
C.2 MB
D.4 MB
AnswerA

The default block size for VMFS5 is 1 MB.

Why this answer

VMFS5 uses a default block size of 1 MB. Larger block sizes are available but not default.

274
MCQhard

An administrator is designing a new vSphere cluster for a mission-critical application that requires extremely low network latency between VMs within the same cluster. The cluster will use vSphere vMotion for maintenance. Which network configuration best meets these requirements?

A.Create separate standard switches for VM traffic and management.
B.Enable SR-IOV on the physical NICs and assign virtual functions to VMs.
C.Configure a distributed switch with jumbo frames and a dedicated VLAN for VM traffic.
D.Use a single vSphere Standard Switch for all traffic.
AnswerC

Distributed switch provides QoS, jumbo frames, and performance isolation.

Why this answer

Option C is correct because a distributed switch with jumbo frames (MTU 9000) reduces CPU overhead and improves throughput for latency-sensitive VM traffic, while a dedicated VLAN isolates VM traffic from management and vMotion, minimizing contention. Jumbo frames allow larger payloads per packet, reducing the number of packets and interrupt processing, which is critical for low-latency applications. The distributed switch also provides consistent network policy across hosts, essential for vMotion compatibility.

Exam trap

The trap here is that candidates often choose SR-IOV (Option B) because it offers the lowest raw latency, but they overlook that SR-IOV disables vMotion, which is explicitly required in the question for maintenance, making the distributed switch with jumbo frames the correct balance of performance and operational flexibility.

How to eliminate wrong answers

Option A is wrong because separate standard switches for VM and management traffic do not inherently reduce latency; they only provide isolation, and standard switches lack advanced features like jumbo frames and load balancing that are needed for low-latency workloads. Option B is wrong because SR-IOV bypasses the hypervisor’s virtual switch, which can reduce latency but breaks vMotion compatibility (VM migration requires the virtual switch to remap network state), making it unsuitable for a cluster that uses vMotion for maintenance. Option D is wrong because a single standard switch for all traffic (VM, management, vMotion) causes contention and lacks jumbo frame support, leading to higher latency and packet drops under load.

275
Multi-Selecthard

Which THREE are valid methods to isolate and secure management traffic on a vSphere Distributed Switch? (Choose three.)

Select 3 answers
A.Enable Route based on IP hash on the management port group.
B.Assign a specific VLAN ID to the management port group.
C.Use Private VLANs on the management port group.
D.Configure the ESXi firewall to restrict management access.
E.Create a dedicated VMkernel port group for management.
AnswersB, D, E

VLANs provide isolation.

Why this answer

Assigning a specific VLAN ID to the management port group isolates management traffic at Layer 2 by tagging frames with a unique VLAN identifier. This prevents unauthorized access from other VLANs and ensures that management traffic is logically separated from other network traffic on the same vSphere Distributed Switch.

Exam trap

The trap here is that candidates often confuse load-balancing policies (like Route based on IP hash) with security features, or they overcomplicate isolation by choosing Private VLANs instead of the simpler and more reliable VLAN assignment.

276
MCQhard

A vSphere administrator manages a cluster for a VDI workload using VMware Horizon. Each virtual desktop runs a GPU-intensive application and is assigned a vGPU profile (profile: grid_m60-1q) with 4 vCPUs and 8 GB RAM. The ESXi hosts are equipped with NVIDIA M60 GPUs (each host has 2 GPUs, each with 2 physical GPUs? Actually M60 has 2 GPUs on one card, but let's keep generic). The administrator receives complaints of poor graphics performance and high latency. The administrator runs esxtop and observes that the total CPU utilization for the hosts is low (average 30%), but the GPU memory utilization is consistently above 95%, and the vGPU scheduler reports high 'GPU mem' wait times. The number of VMs per host is within the GPU profile limits. What is the most effective way to improve performance?

A.Change the vGPU profile to a larger profile (e.g., grid_m60-2q) for all VMs.
B.Increase the CPU reservation for each VDI VM.
C.Reduce the number of vCPUs per VM from 4 to 2.
D.Upgrade the hosts to support GPUs with larger memory capacity or add additional GPUs to each host.
AnswerD

Increasing GPU memory capacity directly resolves the memory contention bottleneck.

Why this answer

The bottleneck is GPU memory, not CPU. The most effective solution is to upgrade to GPUs with higher memory capacity or add more GPUs. Option D directly addresses this.

Option A would increase GPU memory per VM but reduce the total number of VMs, possibly not needed. Option B might not help. Option C could reduce GPU load but at the cost of user experience.

277
MCQmedium

Refer to the exhibit. What is the cause of the compliance failure?

A.The vLCM service is down.
B.The host is missing a required driver.
C.The vLCM depot does not contain the required component.
D.The host has an incompatible component.
AnswerC

The error states the component is not available from any depot.

Why this answer

Option B is correct because the error indicates the component is not available from any depot. Option A is misleading because the component is missing, not just a driver; Option C is wrong because incompatible_components is empty; Option D is wrong because the error is not about the service.

278
MCQmedium

A company has multiple clusters with different hardware. They want to create separate vLCM images for each cluster. What is the best practice?

A.Create a single image that includes all possible components.
B.Use baseline groups instead of images.
C.Create separate images for each cluster tailored to their hardware.
D.Use Auto Deploy with a single image.
AnswerC

Each cluster's specific add-ons and firmware can be included per image.

Why this answer

Option B is correct because each cluster may have unique hardware requirements. Option A would cause compliance failures; Option C uses deprecated baselines; Option D is not applicable for standard hosts.

279
MCQeasy

A vSphere cluster has DRS enabled and hosts with unbalanced resource usage. Which DRS feature automatically migrates VMs to balance CPU and memory loads across hosts?

A.High Availability (HA)
B.Distributed Resource Scheduler (DRS)
C.Enhanced vMotion Compatibility (EVC)
D.Storage I/O Control (SIOC)
AnswerB

DRS continuously monitors and balances resource usage by migrating VMs.

Why this answer

DRS (Distributed Resource Scheduler) uses vMotion to migrate VMs based on resource utilization thresholds, balancing workloads across hosts. HA provides failover, EVC ensures compatibility, and SIOC manages storage I/O.

280
Multi-Selectmedium

Which TWO conditions are required to use vLCM for firmware management? (Select TWO.)

Select 2 answers
A.Hardware support manager (HSM) installed for each vendor
B.vCenter Server 7.0 or later
C.All hosts in the cluster must be identical hardware
D.Hosts must be in a fully automated DRS cluster
E.vLCM must be enabled for the cluster
AnswersA, E

An HSM is required to provide firmware catalogs and apply updates via vLCM.

Why this answer

Options B and D are correct. To manage firmware via vLCM, you need a hardware support manager (HSM) for the vendor, and vLCM must be enabled for the cluster. vCenter version 7.0+ is a prerequisite but not a condition specific to firmware management.

281
MCQhard

An administrator has a vSphere 7 cluster with vMotion enabled. They need to perform a vMotion of a VM from host1 to host2 while preserving the VM's memory state. The VM has a PCIe passthrough device assigned (NVMe controller). What should the administrator do before initiating the vMotion?

A.Use shared storage for the VM
B.Remove the PCIe passthrough device from the VM
C.Enable Enhanced vMotion Compatibility (EVC) on the cluster
D.Upgrade to vSphere 8
AnswerB

VMs with passthrough devices cannot be vMotioned; the device must be removed first.

Why this answer

vMotion does not support VMs with PCIe passthrough devices because the device is tied to the physical host. The device must be removed or the VM must be powered off.

282
MCQmedium

A vSphere administrator is troubleshooting a permissions issue. A user named 'backup_admin' is a member of the AD group 'Backup Operators'. The group has been assigned a custom role at the datacenter level with the following privileges: Virtual machine > Provisioning > Create snapshot, Virtual machine > State > Create, Revert, Remove snapshot. The user can see all VMs in the 'Production' folder but cannot see VMs in the 'Development' folder, even though both folders are under the same datacenter. The administrator confirms that no other permissions exist for this user or group, and propagation is enabled. What is the most likely reason the user cannot see the Development VMs?

A.The user's permissions are inherited from a different group that denies access.
B.The user's group lacks the 'System > View' privilege on the Development folder.
C.The user's role does not include the 'Folder > Create' privilege.
D.The user's group has been assigned 'No Access' on the Development folder.
AnswerB

The user cannot see objects if they don't have the View privilege on the parent folder.

Why this answer

Option C is correct. To see objects in vCenter, a user must have the 'System > View' privilege on the object. Even if the user has permissions on the VMs, they cannot see them if they lack the 'View' privilege on the parent folder.

Option A is wrong because 'Folder > Create' is not required to see existing folders. Option B is wrong because 'System > View' is a privilege, but the user likely lacks it on the Development folder. Option D is wrong because if there were 'No Access' exactly, the user wouldn't see any objects; but they see Production, so the Development folder likely has an explicit permission that doesn't include View.

283
MCQhard

An administrator is troubleshooting a performance issue where a VM is not receiving the expected CPU resources. The VM is a member of a resource pool with a CPU Shares value of 2000. The host has two other resource pools: one with 1000 shares and another with 500 shares. All resource pools are competing for CPU. The VM's reservation is set to 2 GHz, and the host has 8 GHz available. What is the minimum CPU allocation the VM is guaranteed?

A.4 GHz (based on share ratio)
B.2 GHz
C.8 GHz (all host CPU)
D.0 GHz (no guarantee without reservation)
AnswerB

The reservation guarantees 2 GHz regardless of other resource pool shares.

Why this answer

The VM's reservation of 2 GHz guarantees that the host will reserve at least that amount of CPU capacity for the VM, regardless of contention or share values. Shares only affect the distribution of excess resources beyond reservations, not the guaranteed minimum. Since the host has 8 GHz available, the reservation is fully satisfiable, so the VM is guaranteed 2 GHz.

Exam trap

The trap here is that candidates often confuse shares with reservations, assuming that a higher share value guarantees more CPU, when in fact only a reservation provides a hard guarantee, and shares only affect the distribution of unused capacity.

How to eliminate wrong answers

Option A is wrong because it incorrectly applies the share ratio (2000:1000:500 = 4:2:1) to the total host CPU, but shares only determine proportional allocation of unreserved resources, not guaranteed minimums. Option C is wrong because a reservation of 2 GHz does not guarantee all 8 GHz of host CPU; the VM is limited to its reservation unless additional resources are available and shares allow it. Option D is wrong because a reservation explicitly provides a guaranteed minimum allocation; without a reservation, the VM would have no guarantee, but here a reservation is set.

284
MCQmedium

An administrator is adding an ESXi host to vCenter Server and is prompted to verify the host's certificate thumbprint. The administrator compares it to the output above and it matches. However, the add operation fails with a certificate verification error. What else could be the issue?

A.The vCenter Server's certificate is invalid
B.The certificate has expired
C.The certificate is not signed by a trusted Certificate Authority
D.The certificate common name does not match the hostname
AnswerD

If the certificate's CN does not match the host's FQDN, vCenter will reject the certificate during verification.

Why this answer

Option C is correct because if the certificate common name (CN) does not match the ESXi host's fully qualified domain name (FQDN) or IP address, vCenter Server will reject the certificate even if the thumbprint is correct. Option A is unlikely as the thumbprint would change if expired; option B is not directly related because self-signed certificates are accepted with thumbprint verification; option D is incorrect because the error is about the host certificate, not vCenter's.

285
MCQhard

A vSAN cluster uses a storage policy with Primary Failures to Tolerate (PFTT) = 1 and Failure Tolerance Method = RAID-1 (Mirroring). What is the minimum number of hosts required to support this policy if each host contributes one disk group?

A.4
B.3
C.6
D.2
AnswerB

Correct: vSAN requires 3 hosts for RAID-1 with PFTT=1 (2 data copies + 1 witness).

Why this answer

For RAID-1 mirroring with PFTT=1, vSAN requires at least 3 hosts to provide two copies of data and one witness component. Option B is incorrect because 2 hosts can only support RAID-1 if using stretched cluster or special configuration, but standard requires 3. Option C is incorrect because 4 is more than needed.

Option D is incorrect because 6 is too many.

286
MCQhard

An organization runs a multi-site vSphere environment with vCenter Server in linked mode across two data centers. The vCenter instances are version 7.0 U3. They plan to upgrade both vCenter Servers to 8.0 U2 and the ESXi hosts to 8.0. The administrator upgrades the first vCenter Server to 8.0 U2 successfully. Then, when attempting to upgrade the second vCenter Server, the upgrade wizard warns that the linked mode compatibility check has failed. The vCenter servers are in enhanced linked mode (ELM). What should the administrator do to resolve this issue?

A.Temporarily remove the second vCenter from the linked mode group and perform the upgrade, then reconnect.
B.Downgrade the first vCenter Server back to 7.0 U3 and then upgrade both together.
C.Use the vSphere Update Manager on the second vCenter to upgrade its own components.
D.Restart the vCenter Server services on both vCenter instances and retry the upgrade.
AnswerA

ELM requires same version; removing allows upgrade, then reconnecting after both are on same version.

Why this answer

Option B is correct - when in ELM, all vCenter servers must be at the same version; the first was upgraded, so the second cannot be upgraded until both are at same major version? Actually, upgrade must be simultaneous or PSC? In vSphere 7, PSC is converged, but ELM requires same version. The correct approach is to upgrade both together or temporarily break ELM. But option B suggests using a separate vCenter Single Sign-On domain.

This is a known workaround. Option A is incorrect - rebooting won't help. Option C is incorrect - upgrading the second via VUM is not for vCenter.

Option D is incorrect - downgrading the first is not recommended.

287
MCQeasy

An administrator needs to ensure that virtual machines can be migrated between ESXi hosts using vMotion. The virtual machines are connected to a standard vSwitch port group named 'Production'. What must be consistent across all hosts?

A.Port group name 'Production'
B.MTU size
C.Number of uplinks
D.Load balancing policy
AnswerA

Port group name must match for vMotion.

Why this answer

Option A is correct because vMotion requires the same port group name on source and target host. Option B is incorrect because MTU may differ if not using jumbo frames. Option C is incorrect because number of uplinks can vary.

Option D is incorrect because load balancing policy does not affect vMotion compatibility.

288
MCQeasy

During a vLCM remediation, one host fails with error 'Could not complete the operation due to a network error'. What is the first troubleshooting step?

A.Reset the vLCM image.
B.Check network connectivity between vCenter and the host.
C.Restart the vLCM service.
D.Reboot the host.
AnswerB

Network errors indicate connectivity issues; checking ping/traceroute is logical first step.

Why this answer

Option B is correct because network connectivity between vCenter and the host is essential for remediation. Option A restarts service but masks the issue; Option C reboots the host unnecessarily; Option D resets image but doesn't address the root cause.

289
MCQmedium

An administrator is configuring a distributed switch and needs to ensure that all virtual machine traffic on a specific VLAN is isolated. The administrator creates a port group with VLAN ID 100. However, a security scanner reports that packets from this VLAN are appearing on other VLANs. Which security policy setting on the distributed switch should the administrator verify?

A.MAC address changes
B.Forged transmits
C.VLAN trunking
D.Promiscuous mode
AnswerC

VLAN trunking ensures proper tagging.

Why this answer

The VLAN trunking policy on a distributed switch controls whether a port group can pass multiple VLAN IDs (trunk mode) or is restricted to a single VLAN (access mode). When VLAN trunking is enabled, the port group may forward traffic from VLAN 100 onto other VLANs if the virtual switch is configured to allow it, breaking isolation. The administrator should verify that VLAN trunking is disabled (set to 'Reject') to ensure strict VLAN isolation.

Exam trap

The trap here is that candidates confuse VLAN trunking (which controls multi-VLAN forwarding) with promiscuous mode (which controls traffic visibility), leading them to incorrectly select promiscuous mode as the cause of VLAN leakage.

How to eliminate wrong answers

Option A is wrong because MAC address changes policy controls whether a virtual machine can change its MAC address, which is unrelated to VLAN traffic leaking between VLANs. Option B is wrong because forged transmits policy prevents a VM from sending frames with a source MAC address different from its own, which does not affect VLAN isolation. Option D is wrong because promiscuous mode allows a VM to see all traffic on the port group, but it does not cause traffic from one VLAN to appear on another VLAN.

290
MCQmedium

An administrator manages a vSphere 7.0 U2 cluster with 20 hosts. The cluster uses vLCM image-based management and vSphere DRS. The administrator applies a new image with ESXi 7.0 U3 and additional driver VIBs. During remediation, one host fails to reboot after the upgrade. The host is now unresponsive via vCenter, but can be pinged. The administrator connects to the host's DCUI and sees a purple screen with a PSOD error referencing 'Unsupported VIB' and 'vmkcswap'. What is the most likely cause?

A.The vmkcswap VIB included in the image is not compatible with ESXi 7.0 U3.
B.The image did not include the necessary vmkcswap VIB.
C.The host has a hardware fault causing the PSOD.
D.The host's network configuration is incorrect for the new version.
AnswerA

VIBs must be validated for the target ESXi version; otherwise, they cause failures.

Why this answer

Option C is correct - the vmkcswap driver VIB is not compatible with ESXi 7.0 U3. Option A is incorrect - network issue would not cause PSOD. Option B is incorrect - VIB inclusion in image does not guarantee compatibility; the image must be validated.

Option D is incorrect - memory issue is unlikely.

291
Multi-Selecthard

Which TWO storage performance best practices should be followed when scaling a vSphere environment using shared storage? (Choose two.)

Select 2 answers
A.Use Raw Device Mapping in physical compatibility mode for virtual machines.
B.Enable Storage I/O Control (SIOC) on datastores to manage I/O latency.
C.Configure multiple storage paths with round-robin load balancing policy.
D.Deploy vSphere Flash Read Cache to reduce read latency.
E.Use VMFS-3 for large datastores to reduce seek time.
AnswersB, C

SIOC automatically manages storage queues to maintain latency thresholds.

Why this answer

Using multiple paths with round-robin load balancing improves throughput and redundancy. Storage I/O Control (SIOC) manages latency and prevents a single VM from monopolizing storage. VMFS-3 is outdated and should be avoided.

RDM in physical compatibility mode is rarely recommended. vSphere Flash Read Cache is deprecated.

292
MCQeasy

An administrator is configuring multipathing for a Fibre Channel storage array. The administrator wants to maximize throughput by using all available paths. Which path selection policy should be chosen?

A.Fixed (VMW_PSP_FIXED)
B.Most Recently Used (VMW_PSP_MRU)
C.Vendor-specific (VMW_PSP_FIXED_AP)
D.Round Robin (VMW_PSP_RR)
AnswerD

Correct: Round Robin spreads I/O across all active paths, maximizing throughput.

Why this answer

Round Robin policy distributes I/O across all active paths, maximizing throughput. Option B is incorrect because Fixed uses a single preferred path. Option C is incorrect because Most Recently Used (MRU) uses one path until failure.

Option D is incorrect because VMW_PSP_FIXED is essentially Fixed.

293
MCQeasy

A resource pool has the following configuration: CPU shares = 4000, reservation = 2 GHz, limit = 4 GHz. The parent cluster has 10 GHz total CPU capacity. Another resource pool contains VMs with higher shares. If both resource pools contend for CPU, which statement is TRUE?

A.The pool is guaranteed 4 GHz when contention occurs.
B.The reservation is ignored because a limit is set.
C.The pool will always receive exactly 4 GHz due to its shares.
D.The pool will receive at least 2 GHz and at most 4 GHz.
AnswerD

The reservation guarantees 2 GHz, and the limit caps at 4 GHz.

Why this answer

Shares determine relative priority when there is contention. With a limit of 4 GHz, the pool will not exceed that even if there are enough shares. The reservation ensures at least 2 GHz.

The pool with higher shares will get more than its proportion only if the pool with lower shares does not need its full entitlement.

294
Multi-Selecteasy

An administrator is managing a vSphere cluster with vSphere Lifecycle Manager baselines. Which THREE are valid baseline types? (Choose three.)

Select 3 answers
A.Patch baseline
B.Firmware baseline
C.Upgrade baseline
D.Critical Hosts baseline
E.Extension baseline
AnswersA, C, E

Used for patches and updates.

Why this answer

Options A, B, and C are correct. Patch, Extension, and Upgrade baselines are the three types. D is wrong because firmware baselines are not a separate type; firmware updates are included as patches.

E is wrong because there is no 'Critical Hosts' baseline type.

295
MCQmedium

A security administrator notices that a virtual machine (VM) running a legacy application is experiencing network connectivity issues after enabling Network I/O Control (NIOC) on the distributed switch. The VM is in a high-priority traffic class for management traffic. What is the most likely cause of the issue?

A.NIOC is blocking the VM's MAC address due to a security policy.
B.The VM is assigned to the management traffic class, but its traffic should be in a different class, causing bandwidth throttling.
C.The VM is using jumbo frames, which are not supported with NIOC.
D.The virtual switch has promiscuous mode enabled, which conflicts with NIOC.
AnswerB

NIOC classes limit bandwidth; wrong class assignment can restrict traffic.

Why this answer

Option B is correct. NIOC traffic classes limit bandwidth per class; if the VM is in the wrong class (management instead of the correct class for its traffic), it may be throttled. Option A is incorrect because NIOC does not require jumbo frames.

Option C is incorrect because NIOC does not affect MAC learning. Option D is incorrect because NIOC does not block promiscuous mode; that's a security policy.

296
MCQmedium

A company runs a critical SQL Server VM on vSphere 7.0. The VM has a single 300 GB virtual disk on a VMFS6 datastore backed by a SAN with 8 Gbps Fibre Channel. The VM is configured with 16 vCPUs and 64 GB RAM. Recently, users have reported slow query performance. The administrator checks the datastore performance and sees average latency of 15 ms with peaks of 50 ms during business hours. The storage array has multiple paths to the ESXi host, and the current path policy is Fixed with a single active path. The administrator wants to improve storage performance with minimal cost. Which action should the administrator take first?

A.Change the path selection policy to Round Robin on the ESXi host.
B.Add a vSphere Flash Read Cache to the VM.
C.Upgrade the Fibre Channel infrastructure to 16 Gbps.
D.Convert the virtual disk to thin provisioning to reduce I/O.
AnswerA

Utilizes multiple paths, reducing latency.

Why this answer

The current Fixed path policy with a single active path underutilizes the available storage bandwidth, causing high latency during peak I/O. Changing to Round Robin (RR) distributes I/O across all available paths, reducing queue depth on any single path and lowering latency without any hardware cost. This is the most immediate and cost-effective fix for the observed performance issue.

Exam trap

The trap here is that candidates may assume hardware upgrades (like faster Fibre Channel) are the only solution to high latency, overlooking the fact that a misconfigured path policy can cause a single path to become a bottleneck even when multiple paths exist.

How to eliminate wrong answers

Option B is wrong because vSphere Flash Read Cache is deprecated in vSphere 7.0 and only accelerates read operations, not writes; the SQL Server workload likely involves significant write I/O, and adding it would not address the path-level bottleneck. Option C is wrong because upgrading the Fibre Channel infrastructure to 16 Gbps is a costly hardware change that does not fix the root cause—the single active path policy—and may not reduce latency if the bottleneck is path saturation rather than link speed. Option D is wrong because converting to thin provisioning does not improve I/O performance; it can actually increase latency due to on-demand allocation overhead and does not affect the path selection or queue depth issue.

297
MCQmedium

An administrator needs to capture traffic from a specific virtual machine for troubleshooting. Which vSphere networking feature should be used?

A.Port mirroring on the VDS.
B.LLDP on the VDS.
C.NetFlow on the VDS.
D.Traffic shaping on the VDS.
AnswerA

Port mirroring duplicates traffic for capture.

Why this answer

Option B is correct because port mirroring (also called SPAN) on a VDS copies traffic from a source port to a destination port for analysis. Option A is incorrect because NetFlow provides flow statistics, not packet captures. Option C is incorrect because traffic shaping controls bandwidth.

Option D is incorrect because LLDP is for discovering network neighbors.

298
Matchingmedium

Match each vSphere security feature to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Virtual Trusted Platform Module for VM encryption

Restricts direct root access to ESXi

Single sign-on authentication for vSphere

Replaces default certificates with custom ones

Encrypts vMotion traffic between hosts

Why these pairings

Security features in vSphere.

299
Multi-Selectmedium

You manage a vSphere 7 environment with 20 hosts, each with 2 x 10-core CPUs and 512 GB RAM. The environment runs 300 VMs, including a critical ERP application that uses 8 vCPUs and 64 GB RAM. Recently, the ERP VM has been experiencing periodic performance degradation, especially during month-end processing. The host running the ERP VM shows CPU ready time averaging 8%, with spikes to 20% during the processing. The host has 10 other VMs, each with 2-4 vCPUs. The cluster has DRS enabled with default settings. You suspect CPU contention. Which two actions should you take to mitigate the issue? (Choose two.)

Select 2 answers
A.Migrate the ERP VM to a host with fewer VMs to reduce CPU over-provisioning.
B.Enable DPM and set the cluster to aggressive power management.
C.Increase the CPU shares for the ERP VM to prioritize its scheduling.
D.Increase the number of vCPUs on the ERP VM to 12 to distribute load.
E.Increase the memory allocation of the ERP VM to reduce ballooning.
AnswersA, C

Less contention on the target host reduces ready time.

Why this answer

Option A is correct because migrating the ERP VM to a host with fewer VMs reduces the CPU over-provisioning ratio, directly lowering CPU ready time. With 8% average and 20% spikes, the host's physical CPU cores are oversubscribed; moving the VM to a less contended host alleviates the scheduling pressure without changing VM configuration.

Exam trap

The trap here is that candidates often confuse CPU ready time with memory pressure and choose to increase memory or vCPUs, but adding vCPUs actually increases co-scheduling overhead and worsens contention.

300
Multi-Selecthard

An administrator is troubleshooting a failed vLCM remediation. Which two methods can be used to collect diagnostic information? (Choose TWO)

Select 2 answers
A.Review the vCenter Server alert logs.
B.Run vcli diagnostics on the vCenter Server.
C.Check the vLCM log file at /var/log/vmware/vlcm/vlcm.log on the vCenter Server.
D.Use the vLCM API to query task history.
E.Use esxcli system syslog config to check host logs.
AnswersC, D

vLCM logs contain detailed error information.

Why this answer

Options A and D are correct. A is correct because vLCM logs are located on the vCenter Server. D is correct because the vLCM API provides task history.

B is incorrect because esxcli syslog is for host logs, not vLCM. C is incorrect because 'vcli' is not a real command. E is incorrect because vCenter alerts may not capture vLCM-specific details.

Page 3

Page 4 of 7

Page 5

All pages