VMware Certified Professional Data Center Virtualization VCP-DCV (VCP-DCV) — Questions 451511

511 questions total · 7pages · All types, answers revealed

Page 6

Page 7 of 7

451
MCQeasy

An administrator needs to ensure that a service account used for vCenter Server backups has the minimum required privileges. The account should only be able to perform backup and restore operations. Which role should be assigned?

A.ReadOnly
B.Administrator
C.BackupOperator
D.NoAccess
AnswerC

This role is specifically designed for backup and restore operations with minimal privileges.

Why this answer

Option D is correct. The 'BackupOperator' role (or 'VR Backup Operator' in some contexts) provides the necessary permissions for backup/restore. Option A is incorrect because 'Administrator' has full access.

Option B is incorrect because 'ReadOnly' cannot perform backups. Option C is incorrect because 'NoAccess' denies all permissions.

452
Multi-Selecteasy

Which TWO features are valid components of vSphere Lifecycle Manager (vLCM) image-based management? (Choose two.)

Select 2 answers
A.Host profiles
B.vCenter Update Manager (VUM)
C.Baseline groups
D.Cluster images
E.Hardware Compatibility List (HCL)
AnswersD, E

Cluster images define the software and firmware for a group of hosts.

Why this answer

Options B and D are correct. Cluster images are the core of image-based management, and the Hardware Compatibility List (HCL) is used to validate firmware and drivers. Option A is incorrect because host profiles are separate.

Option C is incorrect because baseline groups are deprecated. Option E is incorrect because vCenter Update Manager is the older tool, but vLCM includes image management.

453
MCQmedium

A vSphere administrator notices that a VM running a critical database is experiencing high latency on its virtual disk. The VM uses a VMDK on a datastore shared by several other VMs. The datastore is backed by an all-flash array. Which action would best reduce latency without increasing storage capacity?

A.Increase the virtual disk shares for the VM
B.Move the VM to another datastore
C.Set a higher I/O limit on the VM
D.Enable Storage I/O Control (SIOC) on the datastore
AnswerD

SIOC uses latency thresholds to throttle I/O and reduce congestion, improving latency for critical VMs.

Why this answer

Storage I/O Control (SIOC) can enforce I/O shares and limits to prioritize latency-sensitive VMs. Increasing shares or limits may not reduce latency if the array is saturated. Moving to another datastore may not be feasible.

454
MCQmedium

A company has a vSphere cluster consisting of 8 ESXi hosts connected to a single Fibre Channel SAN array. They use VMFS6 datastores to store virtual machine files. The storage administrator has scheduled a firmware upgrade for the SAN array that requires a controller reboot. This will cause a temporary loss of connectivity to one LUN (datastore) for approximately 5 minutes. The datastore hosts 15 production VMs, including critical database servers. The cluster has sufficient spare capacity on other datastores, but the VMs are large (each about 200 GB). The vSphere administrator must ensure that these VMs remain available during the upgrade. The cluster has vSphere HA enabled with default settings. What should the administrator do to meet the requirement?

A.Use Storage vMotion to migrate all VMs on the affected datastores to a healthy datastore before the upgrade.
B.Configure a vSphere HA admission control policy to reserve resources in case of host failure.
C.Place all ESXi hosts into maintenance mode.
D.Enable Storage I/O Control on the affected datastore to manage I/O during the upgrade.
AnswerA

Storage vMotion allows live migration of VM files without downtime, keeping VMs available during the storage upgrade.

Why this answer

Using Storage vMotion to live-migrate VMs to a healthy datastore (B) ensures zero downtime during the upgrade. Option A puts hosts into maintenance mode, disrupting VMs. Option C does not protect against storage loss.

Option D is for host failure scenarios, not storage disruption.

455
MCQmedium

An organization is using vSphere Trust Authority (vTA) to secure ESXi hosts. A newly added ESXi host fails to attest with the Trust Authority. The administrator verifies that the host is connected to the vTA cluster and the trust relationship is configured. What is the most likely cause of the attestation failure?

A.The Trust Authority's network is isolated from the ESXi host's management network.
B.The ESXi host is not in the same cluster as the Trust Authority.
C.The ESXi host does not have a virtual Trusted Platform Module (vTPM) attached.
D.The TPM on the ESXi host is disabled or not properly initialized.
AnswerD

vTA attestation requires a functional TPM; if disabled, attestation fails.

Why this answer

Option D is correct. The host's TPM must be enabled and properly configured for vTA attestation. Option A is incorrect because the host can be in a different cluster as long as it's trusted.

Option B is incorrect because vTA uses TPM, not vTPM. Option C is incorrect because the trusted infrastructure hosts do not require special networking beyond connectivity.

456
Drag & Dropmedium

Order the steps to take a snapshot of a virtual machine.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Initiate snapshot, name it, choose memory and quiesce options, then confirm.

457
MCQmedium

A financial services firm maintains a multi-site vSphere environment with independent vCenter Server systems in New York and London, each managing approximately 200 virtual machines. The company requires a disaster recovery solution that can orchestrate failover of an entire site with automated IP address changes and integrated testing capabilities. They also need centralized management and the ability to attach the recovery site's vCenter to the same vCenter Single Sign-On domain as the protected site. The current vCenter versions are 7.0 Update 3. Which solution best meets these requirements while adhering to VMware best practices?

A.Implement a vSAN stretched cluster across both data centers and enable proactive HA policies.
B.Deploy vCenter Site Recovery (SRM) paired with vSphere Replication, and use Enhanced Linked Mode to connect the vCenter systems.
C.Configure vCloud Availability for vCloud Director to replicate VMs between sites.
D.Use vCenter High Availability (VCHA) to protect the vCenter Server and rely on vSphere HA for VMs.
AnswerB

SRM provides orchestrated failover, IP customization, and testing; Enhanced Linked Mode allows centralized management and a single SSO domain.

Why this answer

vCenter Site Recovery (part of VMware Site Recovery Manager) is the ideal solution for orchestrated failover with automated IP reconfiguration and testing. Linking vCenter systems via Enhanced Linked Mode provides centralized management and a common SSO domain. vSphere Replication alone lacks orchestration and testing. The other options either do not support all requirements (vCloud Availability for vCloud Director environments) or are not suitable for multi-site DR (vSAN stretched clusters require shared storage).

458
MCQmedium

A vSphere administrator is troubleshooting a VM that has been disconnected from its virtual disk. The VM's virtual disk file (vmdk) is still present on the datastore, but the VM cannot be powered on. Which step should the administrator take first to resolve the issue?

A.Create a new VM and attach the existing vmdk file.
B.Re-add the virtual disk from the datastore browser to the VM.
C.Use the vmkfstools command to re-register the virtual disk.
D.Perform a storage vMotion of the VM to another datastore.
AnswerC

vmkfstools -i can recreate the descriptor file from the flat vmdk.

Why this answer

Option C is correct because when a VM is disconnected from its virtual disk but the .vmdk file remains on the datastore, the issue is often a corrupt or missing disk descriptor file. The vmkfstools command with the -fix option can repair the descriptor file, re-establishing the connection between the VM and its virtual disk without requiring VM recreation or manual re-attachment.

Exam trap

The trap here is that candidates assume the disk must be manually re-attached via the GUI (Option B), but vSphere requires the descriptor file to be intact for the disk to be recognized, and vmkfstools is the proper tool to repair it without data loss.

How to eliminate wrong answers

Option A is wrong because creating a new VM and attaching the existing .vmdk file is unnecessary and time-consuming; it does not address the underlying descriptor corruption and may cause additional configuration mismatches. Option B is wrong because re-adding the virtual disk from the datastore browser assumes the disk is properly formatted and recognized, but if the descriptor file is corrupt, the datastore browser may not list the disk correctly or the re-add operation will fail. Option D is wrong because performing a Storage vMotion moves the VM to another datastore but does not repair the disconnected disk; the disk would remain disconnected after the migration, and the VM still cannot power on.

459
Multi-Selectmedium

Which THREE security hardening measures should be applied to an ESXi host? (Choose three.)

Select 3 answers
A.Increase memory resource allocation for management VMs
B.Enable lockdown mode
C.Enable SNMP v3
D.Apply a host profile for security settings
E.Disable ESXi Shell and SSH services
AnswersB, D, E

Restricts direct host access.

Why this answer

Options A, B, and D are correct. Enabling lockdown mode restricts direct access, disabling shell/SSH reduces attack surface, and a host profile ensures consistent security settings. Option C is wrong because SNMP is a management protocol that does not primarily provide security.

Option E is wrong because increasing memory workload does not improve security.

460
Multi-Selectmedium

A vSphere administrator wants to enable vLCM image-based management for an existing cluster that currently uses baseline-based remediation. Which TWO prerequisites must be met before the migration can proceed?

Select 2 answers
A.All hosts must have the same hardware compatibility (HCL).
B.All ESXi hosts must be running version 7.0 U2 or later.
C.The vCenter Server must be registered with VMware Cloud.
D.The cluster must have a single reference host that represents the desired state.
E.The cluster must have at least one host with vSphere Lifecycle Manager enabled.
AnswersB, D

vLCM image-based management is only available on ESXi 7.0 Update 2 and newer.

Why this answer

Option B is correct because vLCM image-based management requires ESXi hosts to be at version 7.0 U2 or later, as the image-based lifecycle management feature was introduced in vSphere 7.0 Update 2. Option D is correct because a single reference host must be selected to define the desired software image for the cluster, which vLCM then uses to ensure all hosts match that specification.

Exam trap

The trap here is that candidates often think all hosts must have identical hardware (Option A) or that vLCM must already be enabled on a host (Option E), but the actual prerequisites are purely about ESXi version and the existence of a reference host to define the desired state.

461
MCQhard

Refer to the exhibit. An administrator runs the vmkfstools command on a VMFS datastore. Which information can be derived from the output?

A.The datastore ID is the file system UUID.
B.The datastore is formatted with VMFS version 6.82.
C.The datastore supports ESXi 6.5 and later.
D.The datastore has 1 TB capacity.
AnswerA

Correct: The UUID is displayed.

Why this answer

The output shows the file system UUID directly.

462
MCQmedium

An administrator sees the above error in the vLCM remediation history. What is the most likely cause?

A.The desired image validation failed before remediation.
B.The host's acceptance level does not allow the VIB.
C.The host firmware is incompatible with the VIB.
D.The vCenter Server cannot reach the VMware depot.
AnswerD

The error shows a failed download from the depot URL.

Why this answer

The error shown in the vLCM remediation history indicates a failure to download the desired image components. vLCM relies on the vCenter Server to fetch VIBs and software depots from the VMware online depot (or a local depot). If the vCenter Server cannot reach the VMware depot due to network issues, proxy misconfiguration, or firewall blocks (e.g., port 443 to *.vmware.com), the remediation will fail with a download error, not a validation or acceptance-level error.

Exam trap

The trap here is that candidates often confuse a depot connectivity error with a VIB acceptance-level or validation error, because all can prevent remediation, but only the depot error manifests as a download failure in the remediation history.

How to eliminate wrong answers

Option A is wrong because a validation failure would produce a specific error message about image compliance or component mismatch, not a download failure. Option B is wrong because an acceptance-level mismatch would generate a host-level error during VIB installation, not a depot connectivity issue. Option C is wrong because firmware incompatibility is checked during hardware compatibility validation, not during depot download, and would produce a different error related to hardware support.

463
MCQeasy

An administrator wants to use vLCM to manage a cluster with 10 ESXi hosts. After enabling vLCM, what is the first step to ensure all hosts are running the same desired image?

A.Define a desired state image for the cluster.
B.Remediate the cluster immediately to apply the default image.
C.Place all hosts into maintenance mode.
D.Create a host upgrade baseline and attach it to the cluster.
AnswerA

vLCM uses a desired image to enforce compliance.

Why this answer

With vLCM, the first step after enabling it on a cluster is to define a desired state image. This image specifies the exact ESXi version, firmware, and driver versions that all hosts in the cluster must match. Without defining this image, vLCM has no target configuration to validate or enforce against the hosts.

Exam trap

The trap here is that candidates often confuse vLCM's image-based approach with the legacy baseline-based workflow from Update Manager, leading them to select option D, or they assume remediation can proceed without first defining a desired state image.

How to eliminate wrong answers

Option B is wrong because remediating the cluster immediately would apply a default image that does not exist; vLCM requires an explicit desired state image to be defined before any remediation can occur. Option C is wrong because placing hosts into maintenance mode is a prerequisite for remediation, not the first step after enabling vLCM; the image must be defined first. Option D is wrong because vLCM does not use host upgrade baselines; baselines are a legacy Update Manager concept, and vLCM uses images and image-based clusters instead.

464
Matchingmedium

Match each vSphere feature to its correct description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Distributes VM workloads across hosts based on resource usage

Provides continuous availability by maintaining a secondary VM

Migrates VM storage without downtime

Powers hosts on/off to save energy based on demand

Standardizes host configuration across a cluster

Why these pairings

Key vSphere features and their roles.

465
Multi-Selecteasy

Which two actions can be performed to restrict access to the ESXi host Direct Console User Interface (DCUI)? (Choose two.)

Select 2 answers
A.Disable the DCUI service
B.Enable lockdown mode
C.Add users to the DCUI exception list
D.Remove the root user from the local password store
E.Set DCUI access to 'Strict'
AnswersB, E

Lockdown mode disables direct DCUI access except for exception users, thus restricting access.

Why this answer

Lockdown mode (option B) disables direct DCUI access, and Strict mode (option D) further restricts access to only exception users. Option A is incorrect as enabling lockdown mode is already a restriction; option C is incorrect because exception users are allowed access; option E is incorrect as removing root may lock out all access but is not a standard method. The correct answers are B and D.

466
MCQeasy

A company uses vSphere 7.0 with two ESXi hosts in a cluster. All virtual machines (VMs) are stored on a VMFS6 datastore backed by a single LUN from a mid-range SAN. The LUN is presented to both hosts and both hosts have identical multipathing configuration. Recently, an administrator noticed that one host shows the datastore as "Inactive" while the other host can access it normally. The administrator verifies that both hosts have connectivity to the SAN, the LUN is visible to both hosts, and the storage array reports the LUN as online. The administrator wants to restore access to the datastore on the affected host without disrupting VMs running on the other host. Which action should the administrator take?

A.Perform a storage rescan on the affected host.
B.Reboot the affected ESXi host.
C.Change the multipathing policy on the affected host to Round Robin.
D.Unmount the datastore from the affected host and then remount it.
AnswerA

Rescanning refreshes the list of paths and resolves transient path issues.

Why this answer

The datastore showing as 'Inactive' on one host while remaining accessible on the other indicates a path failure or a transient storage connectivity issue at the host level, not a permanent problem with the LUN or array. Performing a storage rescan on the affected host forces the ESXi host to re-evaluate all storage paths and re-register the datastore, restoring access without impacting VMs on the other host. This is the safest and least disruptive action because it does not require a reboot, multipathing policy change, or unmounting the datastore.

Exam trap

The trap here is that candidates may assume an 'Inactive' datastore requires a disruptive action like a reboot or unmount, when in fact a simple storage rescan is the standard VMware-recommended first step to re-establish path connectivity without affecting running VMs.

How to eliminate wrong answers

Option B is wrong because rebooting the affected host would cause unnecessary downtime for any VMs running on that host and is not required to fix a simple path visibility issue; a rescan is sufficient. Option C is wrong because changing the multipathing policy to Round Robin addresses load balancing across multiple active paths, but the problem here is that the datastore is 'Inactive' (all paths are dead or not claimed), not that the current policy is suboptimal; changing the policy will not re-establish connectivity. Option D is wrong because unmounting and remounting the datastore is a more invasive operation that could disrupt VMs on the affected host if any are present, and it does not address the underlying path issue; a rescan is the correct first step to re-discover the LUN.

467
MCQmedium

Refer to the exhibit. An administrator runs esxtop and sees the above output for a virtual machine. What is the most likely cause of the performance issue?

A.The VM is running on a host with Hyper-Threading disabled.
B.The memory of the VM is overcommitted.
C.The host has too many other VMs competing for resources.
D.The VM has too many vCPUs for the available physical cores.
E.The VM has CPU affinity configured to a single core.
AnswerD

High %RDY indicates vCPU contention, and high %CSTP indicates co-scheduling overhead, both symptoms of vCPU overcommitment.

Why this answer

Option A is correct because high %RDY (45.2%) and %CSTP (30.1%) indicate that the VM's vCPUs are ready to run but waiting for scheduling, and there is significant co-scheduling overhead. This is typical when a VM has too many vCPUs relative to the physical cores available, causing CPU overcommitment. Options B, C, D, and E could contribute to performance issues, but the specific combination of high %RDY and %CSTP points to vCPU overcommitment.

468
MCQhard

A company runs a stateless ESXi cluster using Auto Deploy. They want to use vLCM to manage ESXi updates. Which approach must the administrator take to integrate vLCM with Auto Deploy?

A.Configure vLCM to update the Auto Deploy image directly.
B.Create a custom image with the desired software and firmware, then reference it in the Auto Deploy rule.
C.Attach a baseline group to the cluster and remediate.
D.Use host profiles to capture the desired state and apply via Auto Deploy.
AnswerB

This ensures consistent image-based management for stateless hosts.

Why this answer

Option D is correct because for stateless environments, you need to create an image that includes the required drivers and firmware, then use that image for Auto Deploy. Option A is wrong because host profiles are not relevant for image-based updates. Option B is wrong because vLCM does not directly update Auto Deploy images.

Option C is wrong because baseline groups are deprecated.

469
Multi-Selectmedium

Which TWO factors contribute to increased CPU ready time on a vSphere host?

Select 2 answers
A.Memory ballooning due to memory over-commitment.
B.Over-provisioning of vCPUs relative to physical cores.
C.Using CPU affinity to pin VMs to specific cores.
D.Enabling hyper-threading on hosts that already have high vCPU-to-core ratios.
E.High disk latency on the datastore.
AnswersB, D

Too many vCPUs cause contention and ready time.

Why this answer

Option B is correct because over-provisioning vCPUs relative to physical cores leads to contention for CPU resources. When the total number of vCPUs across all powered-on VMs exceeds the number of logical processors (including hyper-threads), the ESXi scheduler must time-share access, resulting in increased ready time as VMs wait for a physical core to become available.

Exam trap

The trap here is that candidates often confuse memory over-commitment (ballooning) with CPU over-commitment, or mistakenly think that CPU affinity always reduces ready time, when in fact it can increase ready time if not used carefully due to load imbalance and reduced scheduler flexibility.

470
Multi-Selecteasy

A vSphere administrator is scaling a cluster by adding new ESXi hosts and VMs. Which two actions help ensure that performance continues to meet requirements as the environment grows? (Choose two.)

Select 2 answers
A.Place all VMs on the host with the fastest processors.
B.Enable DRS with fully automated mode.
C.Use a vSphere Distributed Switch for network scalability.
D.Configure vSphere HA on the cluster.
E.Set CPU reservations on all VMs.
AnswersB, C

DRS automates initial placement and ongoing load balancing, optimizing performance as VMs are added.

Why this answer

Option C is correct because DRS with fully automated mode automatically balances VM workloads across hosts, preventing resource contention. Option E is correct because a vSphere Distributed Switch (VDS) provides standardized network configuration and allows for network I/O control, which is essential for scaling. Options A, B, and D are incorrect: CPU reservations can waste resources and limit efficiency; HA is for availability, not performance; placing all VMs on the fastest host creates a single point of contention and does not scale.

471
MCQmedium

A VM on a vSphere Distributed Switch is unable to receive traffic from external networks. The VM can send traffic out successfully. The VM port group has no security policies set (default). The physical switch port is configured as an access port on VLAN 100. The VM port group VLAN is set to 100. What is the most likely cause?

A.VLAN mismatch between VM port group and physical switch
B.The VM's NIC is in promiscuous mode
C.The VM is using a different default gateway than the VMkernel interface
D.The physical switch port is configured as an access port instead of a trunk
AnswerC

Asymmetric routing can cause one-way traffic.

Why this answer

Option C is correct because the VM can send traffic out successfully but cannot receive traffic from external networks, which indicates a routing issue rather than a switching or VLAN problem. The most likely cause is that the VM's default gateway is set to the VMkernel interface's IP address instead of the physical network's gateway, causing return traffic to be misrouted. This is a common misconfiguration where the VM's default gateway does not match the subnet's gateway, preventing inbound traffic from reaching the VM.

Exam trap

The trap here is that candidates often focus on VLAN configuration or switch port modes when the symptom is unidirectional traffic, but the real issue is a routing misconfiguration at the VM's default gateway, which is a common oversight in vSphere networking troubleshooting.

How to eliminate wrong answers

Option A is wrong because the VM port group VLAN is set to 100 and the physical switch port is configured as an access port on VLAN 100, which is a correct match; a VLAN mismatch would cause both inbound and outbound traffic to fail. Option B is wrong because promiscuous mode on the VM's NIC allows it to see all traffic on the VLAN, but it does not prevent the VM from receiving traffic destined to its own MAC address; it would not cause a unidirectional traffic issue. Option D is wrong because an access port on VLAN 100 is the correct configuration for a single VLAN; a trunk port would be needed only if multiple VLANs were required, and using an access port does not inherently block inbound traffic.

472
Matchingmedium

Match each vSphere object to its maximum supported size (vSphere 7).

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

62 TB

256

6 TB

64

1024

Why these pairings

Maximum limits in vSphere 7.

473
Multi-Selectmedium

Which TWO conditions must be met to successfully enable vSphere Network I/O Control (NIOC) on a vSphere Distributed Switch? (Choose two.)

Select 2 answers
A.All ESXi hosts in the cluster must be connected to the same vDS.
B.Each ESXi host must have a dedicated vDS.
C.The vDS must have at least one uplink.
D.The vSphere license must be Enterprise Plus.
E.The physical switches must support LACP.
AnswersA, D

NIOC is configured on the vDS.

Why this answer

Option A is correct because NIOC operates at the vDS level and requires all hosts participating in the NIOC configuration to be attached to the same distributed switch. This ensures consistent network resource allocation and traffic shaping policies across the cluster. Option D is correct because NIOC is a premium feature that requires an Enterprise Plus license, as it leverages advanced resource management capabilities not available in lower license tiers.

Exam trap

The trap here is that candidates often confuse NIOC's dependency on Enterprise Plus with other networking features like LACP or uplink requirements, leading them to select options C or E instead of recognizing the license and shared vDS prerequisites.

474
MCQmedium

A vSphere administrator is managing a cluster with vLCM and receives a notification that a new ESXi patch is available. The administrator updates the desired image to include the patch and attempts to remediate, but the remediation fails with 'Cannot retrieve software depots'. What could be the issue?

A.The software depot URL in the image is incorrect or unreachable.
B.The hosts cannot communicate with the vCenter Server.
C.The image validation failed due to missing dependencies.
D.The desired image was not saved after adding the patch.
AnswerA

vLCM uses depot URLs to fetch VIBs; if wrong, retrieval fails.

Why this answer

The error 'Cannot retrieve software depots' indicates that vLCM is unable to reach the software depot URL specified in the desired image. This typically occurs when the URL is incorrect, the depot server is down, or network/firewall rules block access to the depot. Since the administrator updated the image and remediation fails at the depot retrieval stage, the most direct cause is an unreachable or misconfigured depot URL.

Exam trap

The trap here is that candidates may confuse a depot retrieval failure with a host communication issue or image validation problem, but the specific error message directly points to the depot URL being inaccessible, not to host connectivity or dependency checks.

How to eliminate wrong answers

Option B is wrong because if hosts cannot communicate with vCenter Server, the remediation would likely fail with a different error, such as 'Host connection lost' or 'Cannot communicate with host', not a depot retrieval error. Option C is wrong because image validation failures due to missing dependencies produce errors like 'Missing dependency' or 'Conflicting packages', not 'Cannot retrieve software depots'. Option D is wrong because if the desired image was not saved, the patch would not be included in the image, but the remediation would either proceed without the patch or fail with a different error; the depot retrieval error is unrelated to saving the image.

475
Multi-Selecthard

Which THREE components are required to implement vSphere with Tanzu (Workload Management)? (Choose three.)

Select 3 answers
A.A separate vCenter Server for Tanzu management
B.A vSphere Distributed Switch (vDS)
C.NSX-T Data Center for networking
D.A vSphere cluster with vSphere DRS enabled
E.Shared storage accessible by all ESXi hosts in the cluster
AnswersB, D, E

vDS is required for Tanzu networking.

Why this answer

A vSphere Distributed Switch (vDS) is required for vSphere with Tanzu because it provides the centralized management and network segmentation needed for Kubernetes workloads. The vDS enables features like Network I/O Control and port groups that are essential for the NSX-T integration and the overlay networks used by Tanzu clusters. Without a vDS, the required network isolation and policy enforcement for pods and services cannot be achieved.

Exam trap

The trap here is that candidates often assume NSX-T is mandatory for vSphere with Tanzu, but the exam tests that a vDS is the minimum networking requirement, with NSX-T being an optional but recommended component for advanced networking features.

476
MCQhard

An organization has a vSphere 7.0 environment with three ESXi hosts (Host A, B, C) in a cluster. Each host has 256 GB of RAM and 2 sockets with 16 cores each. The cluster hosts 50 VMs with varying resource requirements. The administrator enabled vSphere DRS and set the migration threshold to 3 (conservative). Recently, the administrator noticed that Host A's memory usage averages 90%, while Host B and C average 50%. The administrator wants to balance the memory load without causing unnecessary vMotion migrations. The VMs on Host A are critical, and the administrator wants to avoid manually migrating them. The cluster has vSphere HA enabled with admission control set to reserve resources for one host failure. The administrator decides to adjust DRS settings. Which course of action should the administrator take to improve memory load balancing while minimizing migrations?

A.Decrease the DRS migration threshold to level 1 to minimize migrations.
B.Increase the DRS migration threshold to a more aggressive setting (e.g., level 4 or 5) to encourage more migrations for load balancing.
C.Create an affinity rule to keep VMs on Host A, as they are critical.
D.Disable DRS and manually migrate VMs from Host A to Host B and C during a maintenance window.
AnswerB

A more aggressive threshold will cause DRS to recommend more migrations to balance memory.

Why this answer

Option B is correct because increasing the DRS migration threshold to a more aggressive setting (e.g., level 4 or 5) will cause DRS to generate more frequent and stronger recommendations for vMotion migrations, actively balancing the memory load across the cluster. Since Host A's memory usage is at 90% and the other hosts are at 50%, a higher threshold will trigger migrations to relieve the imbalance without manual intervention, while still respecting the conservative starting point (level 3). This aligns with the administrator's goal of improving load balancing without manually migrating critical VMs.

Exam trap

The trap here is that candidates often confuse 'conservative' with 'better for stability' and choose to lower the threshold (Option A), not realizing that a higher threshold (more aggressive) is needed to actively correct an existing imbalance, while a lower threshold only reduces unnecessary migrations when the cluster is already balanced.

How to eliminate wrong answers

Option A is wrong because decreasing the DRS migration threshold to level 1 (most conservative) would make DRS even less likely to recommend migrations, worsening the memory imbalance rather than improving it. Option C is wrong because creating an affinity rule to keep VMs on Host A would explicitly prevent vMotion migrations away from the overloaded host, directly counteracting the goal of balancing memory load. Option D is wrong because disabling DRS and manually migrating VMs during a maintenance window contradicts the requirement to avoid manual migrations and would also disrupt critical VMs, whereas DRS can perform automated, non-disruptive vMotion migrations.

477
Multi-Selecteasy

Which TWO are correct statements about vSphere resource pools? (Select two.)

Select 2 answers
A.Resource pools can be nested.
B.Resource pools can be used to isolate performance for individual VMs.
C.Resource pools inherit settings from parent pools by default.
D.Resource pools are only available in clusters.
E.Resource pools can have shares, limits, and reservations.
AnswersA, E

Resource pools support hierarchical nesting.

Why this answer

Correct: A (resource pools can be nested) and B (they have shares, limits, reservations). Option C is false because resource pools can exist on standalone hosts as well. Option D is false because resource pools aggregate resources for multiple VMs, not isolate individual VMs.

Option E is false because child pools do not inherit settings by default; they can be configured independently.

478
MCQmedium

A vSphere administrator needs to provide network connectivity to a set of VMs that must be isolated from all other traffic on the physical network. The VMs are on the same ESXi host and require maximum throughput between them. Which vSphere networking solution should the administrator use?

A.Create a distributed switch with a private VLAN
B.Create a standard switch with a VLAN-backed port group
C.Create a standard switch with a VMkernel NIC for inter-VM communication
D.Create a standard switch with an internal-only port group (no uplinks)
AnswerD

Provides full isolation and maximum throughput since traffic never leaves the host.

Why this answer

Option D is correct because a standard switch with no uplinks creates an internal-only network that provides isolation and maximum throughput as traffic stays within the ESXi host memory. Option A requires uplinks and VLAN configuration, allowing potential traffic exposure. Option B requires physical switch support for private VLANs and still uses uplinks.

Option C incorrectly uses a VMkernel NIC, which is for management traffic, not VM data.

479
MCQhard

A vSphere administrator is deploying VMs on a vSAN cluster with 6 hosts. Each host has two disk groups, each with one cache SSD and four capacity SSDs. The administrator applies a storage policy using RAID 5 erasure coding with Number of failures to tolerate set to 1. After some time, the administrator notices that several VMs are showing compliance status as 'Non-compliant'. Investigating further, the administrator finds that on one host, the cache SSD of the first disk group has failed. The capacity SSDs in that disk group are still functional. The vSAN cluster still has sufficient overall capacity and the health service shows no other issues. What is the most likely reason for the VMs' non-compliance?

A.The failed cache device reduces the overall cache capacity, causing the policy to be violated.
B.The vSAN cluster has lost a fault domain due to the failed cache device.
C.The RAID 5 policy requires a minimum of 4 hosts with cache devices, and now only 5 are available.
D.The failed cache device makes the entire disk group unavailable, so components on that disk group are inaccessible.
AnswerD

A failed cache device causes the entire disk group to be non-operational, leading to loss of any VM components stored on it, which results in non-compliance with the storage policy.

Why this answer

A failed cache device renders the entire disk group non-operational; any VM components on that disk group become inaccessible, causing non-compliance. Option A is incorrect because cache capacity is not a compliance factor. Option B is incorrect because loss of a single cache device does not remove a fault domain.

Option C is incorrect because the number of hosts with cache devices is still sufficient.

480
MCQhard

A vSAN cluster uses a storage policy with FTT=2 (RAID-6). Each object is 256 GB. What is the minimum usable capacity required to store 10 such objects, accounting for overhead?

A.5.12 TB
B.2.56 TB
C.6.4 TB
D.10.24 TB
AnswerC

RAID-6 with overhead gives approximately 6.4 TB usable.

Why this answer

Option C is correct. FTT=2 RAID-6 requires 3 copies (data + 2 parity). For 256 GB objects, total raw capacity per object = 768 GB.

For 10 objects, raw = 7680 GB. With default overhead (~1.2x), usable is about 6.4 TB. Option A ignores overhead, B underestimates, D overestimates.

481
Multi-Selecthard

A vSphere cluster is experiencing high CPU ready time across multiple hosts during peak hours. The cluster consists of 8 hosts, each with 2 sockets and 8 cores per socket (hyperthreading enabled). DRS is set to a moderately aggressive migration threshold. The administrator needs to reduce CPU contention without disrupting workloads. Which three actions should the administrator consider? (Choose three.)

Select 3 answers
A.Upgrade the ESXi hosts to models with higher CPU clock speeds.
B.Reduce the number of VMs running on each host.
C.Ensure Hyper-Threading is enabled on all hosts.
D.Configure CPU affinity for VMs with high vCPU counts.
E.Increase the DRS migration threshold to the most aggressive setting.
AnswersA, B, C

Faster CPUs improve per-core performance, reducing the impact of contention.

Why this answer

Enabling hyperthreading increases logical CPUs and can reduce ready time. Reducing the number of VMs per host decreases overall demand. Upgrading to faster CPUs increases per-core capacity.

Setting CPU affinity on VMs is not recommended as it limits DRS balancing. Increasing the DRS migration threshold to the most aggressive may cause excessive migrations and does not address the root cause. Adding vCPUs to VMs would worsen contention.

482
Multi-Selecteasy

An administrator is analyzing performance data for a vSphere cluster and wants to identify VMs that are experiencing memory pressure. Which two metrics from esxtop or vCenter performance charts reliably indicate that a VM is actively reclaiming memory due to contention? (Choose two.)

Select 2 answers
A.Consumed memory
B.Active memory
C.Ballooned memory
D.Swapped memory
E.Overhead memory
AnswersC, D

Ballooned memory shows the amount of memory reclaimed via the balloon driver, a sign of memory pressure.

Why this answer

Memory ballooning and swapping are clear indicators of memory pressure. Ballooning occurs when the VMkernel reclaims memory from a VM via the balloon driver, and swapping occurs when the hypervisor is forced to swap pages to disk. Active memory is the currently used memory, not a sign of pressure.

Consumed memory includes overhead and target memory. Overhead memory is the hypervisor overhead, not a pressure metric.

483
MCQeasy

Refer to the exhibit. An ESXi 7.0 host is being configured for vSphere Trust Authority. The administrator runs the command shown and gets the output. What does this indicate?

A.The TPM 2.0 device is present but not accessible.
B.The command is incorrect; the correct command is 'esxcli system visorfs tpm list'.
C.The host does not have a TPM 2.0 chip, so vSphere Trust Authority cannot be used.
D.The host has a TPM 2.0 chip but it is not supported by ESXi.
AnswerC

Correct: TPM 2.0 is required.

Why this answer

The output clearly states that no TPM 2.0 device is present, which is required for vSphere Trust Authority.

484
Multi-Selecthard

Which TWO of the following are valid considerations when configuring a vSphere Distributed Switch with 10G uplinks and planning for a TCP/IP stack for vMotion? (Select exactly two.)

Select 2 answers
A.Configure the default TCP/IP stack to handle vMotion traffic with multiple gateways.
B.Enable vMotion to use a separate TCP/IP stack to avoid competing with management traffic.
C.Enable jumbo frames on the vMotion TCP/IP stack to improve performance.
D.Use the provisioned TCP/IP stack for vMotion to leverage storage traffic isolation.
E.Assign a dedicated VMkernel interface to the vMotion TCP/IP stack.
AnswersB, E

Isolating vMotion using a separate stack prevents it from affecting management traffic.

Why this answer

Options A and D are correct. A dedicated TCP/IP stack for vMotion isolates vMotion traffic and avoids contention. Using a separate VMkernel interface with a dedicated stack is standard.

Option B is incorrect because the storage TCP/IP stack is for NFS/iSCSI, not vMotion. Option C is incorrect because the default TCP/IP stack is a single stack; you need a dedicated stack for isolation. Option E is incorrect because jumbo frames are an MTU setting on the vDS, not a TCP/IP stack component.

485
MCQmedium

A managed service provider manages multiple vSphere environments for various customers. One customer's cluster consists of 6 ESXi hosts (3 pairs of identical hardware) and uses vSAN as shared storage. The cluster runs over 100 VMs with varying workloads. The administrator notices that a specific host (Host-C) is using significantly more storage capacity than its peers, even though it hosts a similar number of VMs. The administrator suspects the vSAN storage policies are not configured optimally. Upon investigation, the administrator finds that all VMs use the default vSAN policy with 'RAID-0 (Mirroring) - No failure tolerance' and 'Object space reservation' set to 100%. Which change would most evenly distribute storage consumption across all hosts?

A.Increase 'Object space reservation' to 200%? Explanation: Incorrect, reservation is for thick provisioning, not distribution.
B.Change the policy to 'RAID-5/6 (Erasure Coding)' to reduce capacity overhead
C.Enable deduplication and compression on the vSAN datastore
D.Set 'Number of failures to tolerate' to 1 (mirroring)
AnswerD

Mirroring creates a second replica on another host, distributing capacity more evenly.

Why this answer

Option C is correct because changing the failure tolerance to 1 (RAID-1 mirroring) creates two copies of each object, which are placed on different hosts, balancing capacity. Option A would increase capacity usage. Option B would reduce availability.

Option D would not change replication.

486
MCQmedium

A company experiences frequent host failures. The cluster has 5 hosts with 128 GB RAM each. The VMs have vCPU and memory reservations ranging from 1 GHz/512 MB to 4 GHz/8 GB. The administrator needs to ensure that if one host fails, the remaining hosts can accommodate all VMs. Which admission control policy is recommended?

A.Define slot sizes based on the largest VM.
B.Use cluster resource percentage - reserve 20% CPU and memory.
C.Disable admission control and rely on DRS.
D.Use cluster resource percentage - reserve 25% CPU and memory.
AnswerB

20% (1/5) ensures one host failure is tolerated efficiently.

Why this answer

Option D is correct because percentage-based admission control with 20% reserve (1/5 hosts) allows headroom for one host failure while being efficient with resources. Option A reserves 25%, which is overkill. Option B uses slot sizing, which is inefficient for mixed VM sizes.

Option C disables admission control, risking resource shortages.

487
Multi-Selecthard

Which THREE of the following are characteristics of vSAN stretched clusters?

Select 3 answers
A.Provides site-level fault tolerance
B.Requires two fault domains (one per site)
C.Requires a witness host in a third location
D.Supports RAID 5/6 erasure coding
E.Uses a dedicated vSAN cluster separate from the main datastores
AnswersA, B, C

Stretched clusters survive failure of an entire site.

Why this answer

Stretched clusters require a witness host in a third location, provide site-level fault tolerance, and require two fault domains (one per site). RAID 5/6 is supported but not unique to stretched clusters; it is still a single vSAN cluster.

488
Multi-Selecteasy

Which TWO actions are effective in reducing CPU ready time on a vSphere host that is heavily overcommitted on CPU? (Choose two.)

Select 2 answers
A.Add more hosts to the cluster.
B.Enable hyperthreading on the host CPUs.
C.Increase the number of vCPUs on VMs with high ready times.
D.Reduce the number of vCPUs on over-provisioned VMs.
E.Configure CPU affinity to pin vCPUs to specific pCPUs.
AnswersA, D

More hosts spread the load, increasing available pCPUs and reducing contention.

Why this answer

Reducing the number of vCPUs on over-provisioned VMs directly decreases scheduling contention. Adding more hosts to the cluster increases the pool of physical CPUs, reducing overcommitment. Increasing vCPUs worsens the issue.

Enabling hyperthreading does not reduce ready time if the host is already CPU-bound. Configuring CPU affinity restricts scheduling and can increase ready time.

489
Drag & Dropmedium

Arrange the steps to add an existing virtual machine to a vCenter Server inventory.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Initiate add host, specify host details, authenticate, select VMs, finish.

490
MCQmedium

A company has a vSphere environment with multiple clusters. The network team reports that a specific VLAN used for vMotion is intermittently dropping packets. What is the impact on vMotion operations?

A.vMotion will use the management network as fallback.
B.vMotion will fail with an error.
C.vMotion will work but at a reduced speed.
D.vMotion will automatically switch to another available network.
AnswerB

Correct: Packet loss causes vMotion failure.

Why this answer

If the dedicated vMotion network drops packets, vMotion will fail unless an alternate network is configured.

491
MCQmedium

A vSphere administrator is responsible for lifecycle management of a 5-node cluster running ESXi 7.0 U2. The cluster uses vLCM with image-based management and includes vSAN. The administrator needs to apply a security patch that is available as an offline bundle from VMware. The administrator imports the offline bundle into vLCM, creates a new image including the patch, and attempts to remediate the cluster. The remediation fails on one host with the error 'Host cannot enter maintenance mode: No compatible datastore available for vMotion.' All hosts are connected to the same vSAN datastore, and VM storage policies ensure compatibility. What is the most likely cause?

A.The vSAN datastore is not healthy; run vSAN health checks.
B.vCenter DRS is disabled on the cluster.
C.The vLCM remediation does not use the vSAN network for vMotion.
D.Some VMs on the host have a 'Should not migrate' DRS rule or are attached to devices that prevent vMotion.
AnswerD

Individual VM restrictions can prevent the host from entering maintenance mode.

Why this answer

Option C is correct - the host may have VMs that are pinned to the host or have constraints. Option A is incorrect - vSAN health should be fine. Option B is incorrect - DRS is not the issue.

Option D is incorrect - vLCM can use vSAN datastore.

492
MCQeasy

An administrator is planning to decommission a vSphere cluster that currently uses baseline-based lifecycle management. They want to adopt image-based management for a new cluster. Which action must be taken to ensure a clean migration?

A.Manually recreate the baselines as images in the new cluster.
B.Assign host profiles to the new cluster to enforce configuration.
C.Export the existing baseline group and import it into the new cluster.
D.Create a new cluster with image-based management.
AnswerD

Image-based management is the modern approach and should be used for new clusters.

Why this answer

Option B is correct because the deprecated baseline method should no longer be used; starting fresh with image-based management is recommended. Option A is wrong because carrying over baselines is unnecessary. Option C is wrong because manually recreating baselines is not recommended.

Option D is wrong because host profiles are unrelated.

493
Multi-Selectmedium

An administrator is planning to migrate from legacy baselines to vLCM for a cluster. Which TWO statements are true about vLCM?

Select 2 answers
A.vLCM allows individual host remediation for flexibility.
B.vLCM uses a desired state image to manage host configurations.
C.vLCM supports different images for different hosts in the same cluster.
D.vLCM can integrate with Hardware Support Manager for firmware updates.
E.vLCM uses baseline groups to apply updates.
AnswersB, D

vLCM enforces a desired state image across the cluster.

Why this answer

Option B is correct because vLCM uses a desired state image, which is a single, validated software specification that defines the exact ESXi version, firmware, and driver versions for all hosts in a cluster. This image-based approach ensures consistency and simplifies lifecycle management by eliminating the need for multiple baselines.

Exam trap

The trap here is that candidates confuse vLCM's cluster-wide image with the older baseline-based approach, mistakenly thinking vLCM supports per-host flexibility or baseline groups, when in fact it enforces a single desired state image for the entire cluster.

494
MCQmedium

A vSphere administrator is troubleshooting a VM that is experiencing excessive disk latency. The VM is on a datastore accessed via NFS over a 1GbE network. The host shows high network utilization. Which action should be taken to improve performance?

A.Enable Storage I/O Control on the datastore.
B.Convert the datastore from NFS to VMFS.
C.Increase the memory reservation for the VM.
D.Upgrade the network link to 10GbE or enable multiple NICs with teaming.
AnswerD

Higher bandwidth reduces latency and congestion.

Why this answer

The VM is experiencing excessive disk latency due to high network utilization on the 1GbE link. Since NFS storage traffic is entirely network-bound, upgrading to 10GbE or enabling multiple NICs with teaming increases the available bandwidth, reduces congestion, and directly addresses the root cause of the latency. This is the most effective action because the bottleneck is at the network layer, not the storage protocol or VM configuration.

Exam trap

The trap here is that candidates may assume Storage I/O Control (SIOC) can solve any storage latency issue, but SIOC only manages contention at the storage array level, not network bandwidth limitations, which is the actual bottleneck in this NFS scenario.

How to eliminate wrong answers

Option A is wrong because Storage I/O Control (SIOC) manages storage queue depth and I/O shares at the datastore level, but it does not increase network bandwidth or resolve a saturated 1GbE link; it is designed for VMFS datastores with multiple VMs contending for storage resources, not for NFS network congestion. Option B is wrong because converting from NFS to VMFS changes the storage protocol but does not increase network throughput; the 1GbE bottleneck remains, and VMFS over iSCSI or Fibre Channel would still suffer from the same network limitation. Option C is wrong because increasing the memory reservation for the VM does not affect network I/O or disk latency; memory reservations guarantee physical RAM but have no impact on storage path bandwidth or network utilization.

495
MCQhard

A company uses vSphere with Tanzu to run container workloads. The security team requires that all container traffic between namespaces be encrypted. What is the best approach to achieve this?

A.Use the NSX Container Plugin with IPsec to encrypt traffic.
B.Enable vSAN encryption to encrypt data at rest and assume it covers in-transit traffic.
C.Deploy NSX-T and enable the Network Encryption feature for East-West traffic.
D.Install a third-party CNI like Calico with IPsec enabled.
AnswerC

NSX-T provides encryption for container overlay traffic as part of its micro-segmentation capabilities.

Why this answer

Option A is correct. NSX-T provides micro-segmentation and encryption for container traffic. Option B is incorrect because vSAN encryption protects data at rest, not in transit.

Option C is incorrect because the NSX Container Plugin has been deprecated in favor of NSX-T. Option D is incorrect because Calico is not native and does not offer the same integration with vSphere with Tanzu.

496
MCQhard

Refer to the exhibit. The performance data shows MEMCTL at 5% and SWPOUT at 2%. What does this indicate about the host?

A.The host is over-committed on memory, causing ballooning and swapping.
B.The host is experiencing CPU contention.
C.The host has network congestion.
D.The host has high storage latency.
AnswerA

MEMCTL and SWPOUT indicate memory pressure.

Why this answer

MEMCTL at 5% indicates the ESXi host's memory balloon driver (vmmemctl) is actively reclaiming memory from virtual machines, while SWPOUT at 2% shows the host is swapping guest memory to disk. Together, these values confirm the host is over-committed on memory, forcing the hypervisor to use both ballooning and swapping to free up memory for VMs.

Exam trap

The trap here is that candidates may confuse memory over-commitment indicators (MEMCTL, SWPOUT) with CPU or storage performance metrics, leading them to select CPU contention or storage latency options instead of recognizing the specific memory reclamation counters.

How to eliminate wrong answers

Option B is wrong because CPU contention is measured by metrics like %RDY, %CSTP, or CPU ready time, not MEMCTL or SWPOUT. Option C is wrong because network congestion is indicated by dropped packets, high latency, or errors on virtual switches, not memory-related counters. Option D is wrong because high storage latency is shown by metrics such as KAVG, DAVG, or QAVG in esxtop, not by memory ballooning or swap rates.

497
MCQeasy

An administrator notices that after applying a baseline to hosts, some hosts fail to reboot properly. What is the most likely cause?

A.Network misconfiguration
B.Incorrect BIOS settings
C.Insufficient memory
D.Incompatible hardware
AnswerD

If the new ESXi version does not have drivers for certain hardware, the host may fail to boot.

Why this answer

Option A is correct because hardware incompatibility is a common cause of boot failures after updates. Other options are less likely to cause boot issues specifically.

498
MCQeasy

An administrator is troubleshooting a host compliance issue in a vLCM-managed cluster with an image based on ESXi 8.0. The exhibit shows the output of 'esxcli software vib list' on a non-compliant host. Which action is most likely to resolve the compliance issue?

A.Update the Mellanox VIBs to versions compatible with ESXi 8.0 in the cluster image.
B.Replace the host with one from the VMware Compatibility Guide.
C.Remove the nmlx5 VIBs from the host to force compliance.
D.Ignore the incompatibility because the VIB is VMwareCertified.
AnswerA

The VIBs are for ESXi 7.0, causing incompatibility with the ESXi 8.0 cluster image.

Why this answer

Option A is correct because the VIBs shown are for ESXi 7.0 (as seen in the version string '700.0.0.12345') and need to be updated to versions compatible with ESXi 8.0 to match the cluster image. Option B is wrong because the host is not VMware-specific, it's about the driver version. Option C is wrong because the driver is still supported but version mismatched.

Option D is wrong because you should not remove critical network drivers.

499
Multi-Selecthard

Which THREE vSphere features directly contribute to performance and scaling of virtualized workloads? (Select THREE.)

Select 3 answers
A.vSphere vMotion
B.Storage I/O Control (SIOC)
C.vSphere DRS
D.vSphere Fault Tolerance
E.vSphere HA
AnswersA, B, C

vMotion allows live migration for load balancing and maintenance, aiding scaling.

Why this answer

DRS balances load, SIOC manages storage I/O, and vMotion enables migration for scaling and maintenance. HA provides availability, FT provides fault tolerance, and Backup does not scale performance.

500
MCQeasy

Refer to the exhibit. An administrator runs the 'vmkfstools -P -v 10' command on a datastore. What is the total capacity of the datastore?

A.2.5 TB
B.2 TB
C.3 TB
D.1 TB
AnswerC

1,048,576 + 2,097,152 = 3,145,728 blocks × 1 MB = 3,145,728 MB ≈ 3 TB.

Why this answer

The datastore has two extents: one with 1,048,576 blocks and one with 2,097,152 blocks, both with 1 MB block size. Total blocks = 3,145,728. Since each block is 1 MB, total capacity is 3,145,728 MB, which is approximately 3.14 TB.

Option D is correct. Option A (1 TB) is the size of the smaller extent. Option B (2 TB) is the larger.

Option C (2.5 TB) is incorrect.

501
Matchingmedium

Match each VMware acronym to its full name.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Virtual Distributed Switch

Virtual Standard Switch

vSphere Installation Bundle

vSphere Storage APIs for Array Integration

vSphere APIs for Storage Awareness

Why these pairings

Common VMware acronyms and their expansions.

502
MCQhard

During a security audit, it is discovered that a vCenter Server instance is using the default self-signed certificate. The company policy requires all certificates to be signed by an internal enterprise CA. An administrator has imported the CA chain into the VMware Endpoint Certificate Store (VECS) and generated a Certificate Signing Request (CSR). After receiving the signed certificate from the CA, which additional step is required to complete the certificate replacement?

A.Replace the default certificate in the VECS store with the CA-signed certificate and then generate a new CSR.
B.Restart the vCenter Management Agent (vma) service.
C.Import the signed certificate into the appropriate VECS store and run the certificate-manager utility to update the services.
D.Run the certificate manager tool (certool) to generate a new self-signed certificate.
AnswerC

The certificate-manager utility applies the new certificate to all vCenter services.

Why this answer

Option D is correct. After importing the signed certificate into VECS, the administrator must update vCenter services to use the new certificate. Option A is incorrect because restarting the Management Agent is not the proper step.

Option B is incorrect because certool is used for creating self-signed certificates, not for importing signed ones. Option C is incorrect because it reverses the process.

503
MCQmedium

An administrator notices that after applying a vLCM image to a cluster, some hosts fail compliance with error: 'Host does not have required add-on'. What is the most likely cause?

A.The add-on is not present in the vLCM depot.
B.The vCenter license does not include vLCM.
C.The host is not in maintenance mode during the check.
D.The host does not have internet access to download the add-on.
AnswerA

If the add-on is missing from the depot, the host cannot obtain it and fails compliance.

Why this answer

Option A is correct because vLCM requires all add-ons to be available in the depot and included in the image. Option B is wrong because internet connectivity is not required for local depots; Option C is wrong because the host does not need to be in maintenance mode for compliance check; Option D is wrong because vLCM works regardless of vCenter license level as long as it is Enterprise Plus.

504
MCQmedium

Refer to the exhibit. What is the cause of the non-compliance?

A.The host has an outdated firmware version
B.The compliance scan failed
C.The host's hardware is not supported
D.The host is running an older ESXi version than desired
AnswerD

The desired version is 8.0.0, but the host has 7.0.0.

Why this answer

Option C is correct. The JSON shows that the desired ESXi version is 8.0.0 but the current version is 7.0.0, indicating an outdated ESXi version.

505
MCQhard

An administrator is configuring vSphere Native Key Provider (NKP) in a cluster. After enabling NKP, the administrator adds a VM and attempts to encrypt it, but receives an error that the key provider is not available. The cluster consists of three ESXi hosts. What is the most likely cause?

A.The VM is stored on NFS storage which is not supported with NKP
B.The vCenter Server is disconnected from the cluster
C.The ESXi hosts are on different network segments
D.Only one ESXi host in the cluster is available; the other two are offline
AnswerD

NKP requires quorum; with only one host, the key provider is unavailable.

Why this answer

Option A is correct because NKP requires a majority of hosts (at least 2) to be active and reachable to form a quorum. If one host is offline, the key provider may be unavailable if the remaining hosts cannot achieve quorum. Option B is wrong because NKP works with any storage type.

Option C is wrong because vCenter Server availability is not required for NKP after initial setup. Option D is wrong because the network is separate from key provider availability.

506
MCQhard

An administrator creates a DRS rule to separate two VMs (VM1 and VM2) using a 'Should' rule (separate VMs). After the rule is created, VM1 is manually vMotioned to a host that already runs VM2. What is the expected behavior?

A.VM1 remains on the host and a compliance violation is logged.
B.DRS automatically migrates VM1 to a compliant host.
C.The target host is placed into maintenance mode.
D.VM1 is powered off to prevent performance issues.
AnswerA

'Should' rules allow the violation and log it.

Why this answer

Option B is correct because 'Should' rules are not enforced; DRS logs a violation but does not automatically migrate VMs. Option A describes a 'Must' rule. Option C and D are incorrect as VMs are not powered off or hosts put into maintenance mode.

507
MCQeasy

An organization wants to secure management traffic between vCenter Server and ESXi hosts. The security policy mandates disabling all versions of TLS below 1.2. After the administrator configures vCenter to use only TLS 1.2, several ESXi hosts (all version 6.0) lose connectivity to vCenter. The hosts remain operational but show as disconnected in the vSphere Web Client. The administrator needs to restore management while maintaining the security requirement. Which action should the administrator take?

A.Upgrade the legacy ESXi hosts to version 6.5 or later.
B.Disable certificate verification on the vCenter Server.
C.Use SSH to connect vCenter to the ESXi hosts for management.
D.Re-enable TLS 1.0 on the vCenter Server as a temporary workaround.
AnswerA

Upgrading allows hosts to support TLS 1.2, meeting security requirements.

Why this answer

Option A is correct because ESXi 6.0 only supports TLS 1.0; to use TLS 1.2, hosts must be upgraded to ESXi 6.5 or later. Option B is wrong because enabling TLS 1.0 would violate the security policy. Option C is wrong because SSH is not for vCenter management.

Option D is wrong because disabling certificate verification weakens security.

508
Multi-Selecteasy

An administrator needs to create a distributed port group on a vSphere Distributed Switch (VDS). Which two configuration settings must be specified during creation? (Choose two.)

Select 2 answers
A.VLAN ID
B.Uplink teaming policy
C.Number of ports
D.Port group name
E.Traffic shaping policy
AnswersA, D

VLAN ID (can be 0 for no tagging) is required for VLAN configuration.

Why this answer

A VLAN ID must be specified to define the VLAN membership for the distributed port group, ensuring proper network segmentation and traffic isolation. The port group name is required as a unique identifier for administrative management and reference within the vSphere environment.

Exam trap

The trap here is that candidates often confuse optional post-creation settings like uplink teaming or traffic shaping with mandatory creation parameters, leading them to select those instead of the required VLAN ID and port group name.

509
MCQmedium

An administrator observes that a VM with 16 vCPUs on a 2-socket host (8 cores per socket, HT disabled) is experiencing poor performance. The VM's NUMA topology shows 2 vNUMA nodes, but performance is worse than expected. What is the most likely reason?

A.The VM is configured with a single virtual socket with 16 cores, causing a single vNUMA node that spans both physical NUMA nodes
B.The VM's memory is reserved but not backed by physical pages
C.The virtual hardware version is too old
D.The host has insufficient RAM
AnswerA

A single vNUMA node across physical NUMA nodes forces cross-node memory access, increasing latency.

Why this answer

Option A is correct. If the VM is configured with a single virtual socket (16 cores), vSphere creates one vNUMA node that spans both physical NUMA nodes, causing cross-node memory access. Option B is wrong; insufficient RAM would cause ballooning or swapping.

Option C is wrong; memory reservation ensures pages are backed. Option D is wrong; old virtual hardware may limit features but not directly cause this.

510
MCQhard

A financial services company has a vSAN cluster composed of 4 hosts, each with 8 disk groups (1 SSD cache and 6 HDD capacity per group). The cluster runs a mix of VMs, including a critical trading application VM that requires low latency. The administrator notices that the trading VM experiences intermittent performance degradation during market hours. vSAN performance monitoring shows high I/O latency for the VM's objects. The storage policy for this VM is set to RAID-1 (Mirroring) with Primary Failures to Tolerate (PFTT)=1 and Object Space Reservation=100%. The cluster has a disk capacity of 80% used. The administrator also observes that the vSAN cluster is configured with a single fault domain. Which action should the administrator take to improve the trading VM's performance?

A.Reduce the number of disk groups per host to 2, using larger SSDs for cache, to reduce cache contention.
B.Add two more hosts to the cluster and redistribute the disk groups.
C.Change the storage policy to PFTT=2 and Failure Tolerance Method=RAID-5/6 to reduce the number of replicas.
D.Enable deduplication and compression on the vSAN datastore to reduce capacity usage and I/O.
AnswerA

Correct: With 8 disk groups per host, there are many SSDs competing; reducing groups alleviates cache contention and improves latency.

Why this answer

Creating multiple fault domains allows vSAN to place replicas across different failure domains, improving availability and potentially reducing contention. However, the performance issue is likely due to resource contention. The best action is to reduce the number of disk groups per host to lower the number of devices competing for cache.

Option A is incorrect because increasing PFTT to 2 would require more resources and increase overhead, worsening performance. Option C is incorrect because adding more hosts without reducing disk groups may not help if the bottleneck is cache contention. Option D is incorrect because deduplication and compression add CPU overhead and may increase latency, not reduce it.

511
MCQhard

A company is deploying a high-performance database workload on vSphere. The storage array supports NVMe over RDMA (NVMe-oF) and iSCSI. The workload requires extremely low latency and high IOPS. The network is dedicated 25 Gbps Ethernet with RoCE v2 support. Which storage protocol should be recommended, and why?

A.NFS, because it supports advanced features like Storage DRS
B.NVMe over RDMA, because it provides direct memory access and lower CPU overhead
C.Fibre Channel, because it is the fastest protocol available
D.iSCSI, because it is simpler to configure and does not require RDMA support
AnswerB

NVMe-oF with RDMA reduces latency and CPU utilization.

Why this answer

NVMe over RDMA leverages RDMA for lower latency and higher throughput compared to iSCSI over TCP. Option A is correct. Option B (iSCSI) has higher latency due to TCP overhead.

Option C (FC) requires additional hardware. Option D (NFS) is file-level and adds more overhead.

Page 6

Page 7 of 7

All pages