CCNA Vsphere Networking Questions

75 of 76 questions · Page 1/2 · Vsphere Networking topic · Answers revealed

1
Multi-Selecthard

An administrator is configuring a distributed switch with LACP. Which two statements are true regarding LACP support on vSphere distributed switches? (Choose two.)

Select 2 answers
A.LACP supports both active and passive modes.
B.LACP automatically distributes traffic based on IP hash.
C.LACP can be configured on standard vSwitches.
D.LACP requires a Link Aggregation Group (LAG) to be created on the distributed switch.
E.LACP is only supported for virtual machine traffic, not for management or vMotion.
AnswersA, D

DVS supports both LACP modes.

Why this answer

Options B and C are correct. LACP requires a LAG to be created on the DVS (B) and supports both active and passive modes (C). Option A is false (standard vSwitches do not support LACP).

Option D is false (LACP can be used for all traffic types). Option E is false (load balancing is determined by the LAG policy, not automatically IP hash).

2
MCQmedium

An organization uses a VDS with 4 hosts. They want to use Network I/O Control (NIOC) to prioritize vMotion traffic over management traffic. After configuring NIOC, the administrator notices that vMotion performance is not improved. What could be the cause?

A.The vMotion VMkernel adapter is not assigned to the correct network resource pool
B.The physical uplinks are oversubscribed
C.The vMotion traffic is not marked with the appropriate CoS tag
D.NIOC is not enabled on the VDS
AnswerA

Without assigning the adapter to the vMotion resource pool, NIOC cannot prioritize vMotion traffic.

Why this answer

Option B is correct because NIOC requires that each traffic type be assigned to a network resource pool; if the vMotion VMkernel adapter is not assigned to the vMotion resource pool, NIOC does not apply. Option A (NIOC not enabled) would prevent any NIOC functionality, but the administrator configured NIOC, so it is likely enabled. Option C (oversubscribed uplinks) could affect performance but does not explain why NIOC prioritization is ineffective.

Option D (CoS marking) is unrelated to NIOC shares.

3
MCQhard

An administrator is troubleshooting SSH connectivity to an ESXi host from a management workstation at 10.10.10.2. The SSH session is established, but the administrator cannot ping the host's IP 10.10.10.1. Based on the exhibit, what is the most likely cause?

A.The default gateway is not set correctly.
B.ICMP traffic is blocked by the ESXi firewall.
C.The SSH service is not running on the host.
D.The management workstation is on a different VLAN.
AnswerB

ESXi firewall blocks ping by default.

Why this answer

The administrator can establish an SSH session, which proves that the ESXi host's SSH service is running and that TCP port 22 is reachable from the management workstation. However, the inability to ping the host's IP address (10.10.10.1) indicates that ICMP echo requests are being blocked. By default, the ESXi firewall blocks ICMP traffic, so the most likely cause is that ICMP is filtered by the host firewall.

Exam trap

The trap here is that candidates assume SSH connectivity implies full network reachability, but the ESXi firewall selectively permits services, so a successful SSH session does not guarantee that ICMP or other protocols are allowed.

How to eliminate wrong answers

Option A is wrong because the default gateway is not required for ping to succeed within the same subnet; the workstation (10.10.10.2) and the host (10.10.10.1) are on the same network segment, so no gateway is involved. Option C is wrong because the SSH session is established, which directly proves the SSH service is running and listening on TCP port 22. Option D is wrong because if the workstation were on a different VLAN, the SSH session would not be able to establish at all, as layer-3 routing would be required and the host's IP would be unreachable.

4
Multi-Selecteasy

An administrator is configuring a vSphere Standard Switch. Which two settings are essential for basic network connectivity of virtual machines?

Select 2 answers
A.Port group name
B.MTU
C.Network adapter type (e.g., E1000)
D.Security policy
E.VLAN ID
AnswersA, E

A unique name is required for the port group.

Why this answer

Options A and B are correct because a port group must have a name and a VLAN ID (even if 0) to be created. Option C is incorrect because MTU can default. Option D is incorrect because the network adapter type is chosen by the VM.

Option E is incorrect because the MAC address is assigned automatically.

5
MCQhard

A large financial organization has a vSphere cluster with 10 ESXi hosts (8.x) connected to a pair of Nexus 9000 switches via two 10G LACP link aggregation groups (LAGs) per host. Each host has a vSphere Distributed Switch (vDS 7.0.3) with two LAGs (LAG1: vmnic0, vmnic1; LAG2: vmnic2, vmnic3). The vDS has three port groups: Production (VLAN 100-200), DMZ (VLAN 300), and Storage (VLAN 400). The port groups use LACP with load balancing 'Route based on IP hash'. Recently, the network team changed the physical switch port channels from mode 'active' to 'passive' on the downstream ports connected to host #3, without informing the virtualization team. Within hours, VMs on host #3 experience intermittent connectivity; some can communicate but others cannot, and vMotion between host #3 and other hosts fails with a network unreachable error. iSCSI storage traffic from host #3 is also unstable. The administrator verifies that the vDS LACP configuration on host #3 still expects 'active' mode. Which of the following actions is the most effective to restore full functionality while maintaining LACP?

A.Change the LACP mode on host #3's vDS from 'active' to 'passive' for both LAGs.
B.Disable LACP on host #3's vDS and use static EtherChannel instead.
C.Replace the vDS with multiple standard switches and use active/standby failover.
D.Remove and recreate the LAGs on host #3's vDS after verifying the physical switch's LACP configuration.
AnswerD

Recreating the LAGs on the vDS, after verifying the physical switch's LACP settings, ensures LAG IDs and modes are synchronized, restoring LACP functionality.

Why this answer

Option B is correct because the mismatch in LACP mode (vDS expects active, physical switch is passive) causes LACP to fail or form incorrectly. Changing the vDS LACP mode on host #3 to 'passive' would allow it to negotiate with the physical switch (passive+passive will not form LACP; but if switch is passive, vDS must be active or both active? Actually, LACP requires at least one end active. If switch is passive and vDS is passive, LACP will not establish.

The physical switch is now passive, so vDS must be active to initiate negotiation. Wait: The issue is the switch changed to passive. With vDS active, active+passive works.

But the stem says 'the vDS LACP configuration on host #3 still expects active mode' – that should work with switch passive? Actually, active+passive does work because active sends frames, passive responds. So why is it failing? Possibly the physical switch changed to passive, but the vDS still has active, but active+passive should work. Let me reconsider: The error might be due to misconfiguration of LAG IDs.

The correct action is to re-sync the LAG. Option A (recreate LAG) is drastic. Option C (disable LACP) is not maintaining LACP.

Option D (use separate standard switches) is unnecessarily complex. Maybe the best is to update the vDS to match the physical switch's LACP mode? Actually, active+passive works. Perhaps the physical switch change also affected the LAG port-channel configuration.

The most direct fix is to ensure both ends are consistent. The vDS expects active, but the switch might have changed to passive and also changed the LAG hash or something. The question wants the most effective action to restore functionality while maintaining LACP.

Option B: Reconfigure the vDS LACP on host #3 to match the physical switch's mode (passive). But if both are passive, no LACP. Option A: Recreate the LAGs on the vDS after verifying physical switch configuration.

That might be better. Actually, the correct answer is likely A because the issue might be more than just mode mismatch; the LAG IDs might not match. The most reliable step is to recreate the LAGs on the vDS after confirming physical switch config.

I'll go with A. However, I need to ensure consistency. Let me think: The vDS LACP modes are active/passive.

If the physical switch is now passive, the vDS should be active for LACP to form. But the stem says the vDS expects active, which should work. So why is it failing? Possibly because the physical switch is not sending LACPDUs (passive listens but doesn't initiate).

If the vDS is active, it sends LACPDUs, and the passive switch responds. That should work. So maybe the problem is that the physical switch also changed the LAG port-channel ID or the member ports.

Therefore, simply changing the vDS mode to passive would cause both ends to be passive, no LACP formation. That would make things worse. So the best action is to verify and reconcile the physical switch configuration (maybe change it back to active) but the admin cannot change physical switch? The question asks what the virtualization admin should do.

Option A: Recreate the LAGs after verifying the physical switch configuration. That includes ensuring LACP modes match and IDs match. That is most effective.

Option B is incorrect because changing vDS to passive on host #3 could break LACP if switch is also passive. Option C would remove LACP but not maintain it. Option D is a major change.

So I'll set A as correct.

6
MCQmedium

An administrator is configuring a distributed switch for a cluster of ESXi hosts. The requirements are: VLAN 100 for production, VLAN 200 for management, and a separate VLAN 300 for vMotion. The management network should be isolated from production traffic. What is the best practice for configuring these networks on the distributed switch?

A.Create three separate distributed port groups, each with the appropriate VLAN ID, and assign each VM kernel adapter or VM to the correct port group.
B.Create one distributed port group with VLAN 100, and use VLAN tagging on the VMs for management and vMotion.
C.Use standard switches for management and vMotion to avoid complexity.
D.Create one distributed port group with VLAN trunk (4095) and use port-based VLAN filtering on the VMs.
E.Create two port groups: one for production (VLAN 100) and one for management+vMotion (VLAN 200) because vMotion can share VLAN with management.
AnswerA

This provides isolation and follows best practices.

Why this answer

Option B is correct because best practice is to create separate port groups for each traffic type with specific VLAN IDs. Option A is wrong because VLAN tagging on VMs is not intended for management/vMotion kernel adapters. Option C is wrong because VLAN trunk (4095) is for guest-level tagging.

Option D is wrong because vMotion should have its own VLAN. Option E is wrong because distributed switch can handle all.

7
MCQmedium

An administrator is troubleshooting an issue where a VM on a vSphere Distributed Switch cannot receive traffic from outside its subnet. The VM can send traffic out and receive replies from hosts on the same subnet. The default gateway is configured correctly. What is the most likely cause?

A.The VXLAN Tunnel Endpoint (VTEP) IP is not reachable from the remote subnet.
B.The ESXi host's default gateway is misconfigured.
C.The router does not have a route back to the VM's subnet.
D.The port group VLAN ID is different from the physical switch trunk allowed VLAN.
AnswerC

If the upstream router lacks a return route, packets destined to the VM are dropped, causing asymmetric routing where outbound succeeds but inbound fails.

Why this answer

Option B is correct because if the route is missing on the physical router back to the VM's subnet, the router drops return traffic. This is a common routing misconfiguration. Option A is incorrect because the default gateway is the VM's gateway; the ESXi host's management gateway is unrelated.

Option C is incorrect because the VTEP IP is for VXLAN, not regular routing. Option D is incorrect because a port group VLAN mismatch would cause issues with same-subnet communication as well.

8
MCQhard

A company runs a three-tier application on vSphere 7.0. The web tier uses VLAN 100, app tier VLAN 200, and database tier VLAN 300. Each tier is on a separate port group on a vSphere distributed switch. The environment uses Network I/O Control (NIOC) with shares set to: Web (50), App (30), Database (20). The physical uplinks are two 10 GbE NICs in a team. Recently, the database team reports slow performance during peak hours. The network team checks the physical switches and finds no congestion. The ESXi host shows the two uplinks are heavily utilized with many dropped packets on the database port group. The administrator suspects that the database traffic is being starved by other traffic. Which action should the administrator take to resolve the issue? A. Increase the number of physical uplinks to four 10 GbE NICs. B. Change the NIOC shares to Web (10), App (30), Database (60). C. Create a separate vSphere standard switch for the database tier. D. Enable SR-IOV on the physical NICs and assign virtual functions to database VMs.

A.Create a separate vSphere standard switch for the database tier.
B.Enable SR-IOV on the physical NICs and assign virtual functions to database VMs.
C.Increase the number of physical uplinks to four 10 GbE NICs.
D.Change the NIOC shares to Web (10), App (30), Database (60).
AnswerD

Increases database shares, giving it higher priority.

Why this answer

Option D is correct because the database traffic is being starved due to low NIOC shares relative to the web and app tiers. By increasing the database shares to 60 and reducing web to 10, the database port group will receive a higher proportion of the available bandwidth during congestion, alleviating the dropped packets and slow performance. NIOC shares are relative and only take effect when there is contention, so adjusting them directly addresses the starvation without requiring additional hardware.

Exam trap

The trap here is that candidates often assume adding more physical uplinks or isolating traffic on a separate switch will solve performance issues, but they overlook that NIOC shares directly control bandwidth allocation during congestion, and adjusting them is the most efficient and cost-effective solution.

How to eliminate wrong answers

Option A is wrong because increasing the number of physical uplinks to four 10 GbE NICs does not address the root cause of traffic starvation; it only adds more bandwidth, which may not help if the existing bandwidth is not being fairly allocated due to NIOC share settings. Option B is wrong because enabling SR-IOV on the physical NICs and assigning virtual functions to database VMs bypasses the vSphere network stack, but it does not resolve the contention on the shared uplinks; it could introduce complexity and is not a direct fix for NIOC share misconfiguration. Option C is wrong because creating a separate vSphere standard switch for the database tier would isolate the traffic but would still share the same physical uplinks unless dedicated uplinks are assigned, which is not mentioned; it also does not leverage NIOC's traffic shaping capabilities and may lead to underutilization of resources.

9
MCQhard

A vSphere environment uses a vSphere Distributed Switch (vDS) with 10G uplinks and Network I/O Control (NIOC) enabled. Administrators report that during peak traffic, NFS storage traffic is experiencing high latency, while other traffic types remain unaffected. The vDS has default NIOC shares and limits. Which action should be taken to prioritize NFS traffic without completely starving other traffic?

A.Set a low bandwidth limit for the NFS traffic class.
B.Increase the shares for the NFS traffic class.
C.Set a high bandwidth reservation for the NFS traffic class.
D.Disable Network I/O Control on the vDS.
AnswerB

Increasing shares gives NFS higher relative weight during contention, ensuring it gets more bandwidth without hard limits, thus reducing latency while allowing other traffic to still use remaining bandwidth.

Why this answer

Option D is correct because increasing the shares for the NFS system traffic class gives it a higher proportion of bandwidth during contention, without imposing a hard limit. Option A is incorrect because setting a high limit for NFS could starve other traffic if NFS uses all bandwidth. Option B is incorrect because setting a low limit for NFS would cap NFS traffic, worsening performance.

Option C is incorrect because disabling NIOC removes all prioritization, making all traffic equal and not solving the issue.

10
MCQhard

A vSphere administrator is configuring Network I/O Control (NIOC) on a vSphere Distributed Switch to prioritize vMotion traffic during maintenance windows. The environment has three system traffic classes: Management, NFS, and vMotion. The administrator wants to ensure that when the network is congested, vMotion gets at least 50% of the available bandwidth, while Management and NFS each get at least 25%. Which NIOC configuration achieves this?

A.Set a limit of 500 Mbps for Management and NFS, and no limit for vMotion.
B.Set the vMotion traffic class shares to 50, Management shares to 25, and NFS shares to 25.
C.Set a reservation of 500 Mbps for vMotion, 250 Mbps for Management, and 250 Mbps for NFS.
D.Do nothing; NIOC is not needed because all traffic types are equally important.
AnswerB

Shares define relative priority; with these values, vMotion gets 50/100 = 50% during congestion, fulfilling the requirement.

Why this answer

Option A is correct because shares allocate bandwidth proportionally during contention. Setting shares to 50/25/25 gives vMotion 50% of the bandwidth when all are busy. Option B is incorrect because reservations guarantee minimum bandwidth but do not guarantee proportional allocation; plus, the question asks for 'at least' percentages during congestion, which shares handle.

Option C is incorrect because limits cap bandwidth and would prevent vMotion from using more than 500 Mbps, not guaranteeing 50% of available bandwidth. Option D is incorrect because disabling NIOC removes prioritization, making all traffic equal.

11
MCQhard

Refer to the exhibit. The ESXi host has three VMkernel interfaces. A vMotion operation fails with a routing error. Which is the most likely cause?

A.The vMotion VMkernel interface uses DHCP.
B.The vMotion VMkernel interface is on vmk1, but the default gateway points to vmk0.
C.The vMotion VMkernel interface is on vmk0, but the gateway is incorrect.
D.The vMotion VMkernel interface is on vmk2, but no route exists for the vMotion destination network.
AnswerD

If the destination is not on the same subnet as vmk2, a route is needed but missing.

12
MCQhard

Refer to the exhibit. An administrator notices that two uplinks are down on the VDS. Which step should be taken first to restore redundancy?

A.Check the physical switch ports and cables for uplink2 and uplink3.
B.Increase the MTU to 9000 to improve performance.
C.Disable LACP on the VDS to allow single-uplink operation.
D.Remove the down uplinks from the VDS.
AnswerA

Physical connectivity issues are the most common cause of down uplinks.

13
MCQeasy

Based on the Healthcheck output for a distributed port (DVS Port 1) on dvs0, what can be concluded?

A.The uplinks vmnic0 and vmnic1 are operating at 10 Gbps.
B.The physical switch is correctly configured for VLAN 100 and MTU 1500 on the uplinks connected to this host.
C.The load balancing policy is set to 'Route based on IP hash'.
D.The port is experiencing high packet loss due to misconfiguration.
AnswerB

The VLAN Status and MTU Status are both OK, indicating end-to-end connectivity matches.

Why this answer

Option A is correct because the Healthcheck shows VLAN ID 100 and MTU 1500 with 'OK' status, indicating the physical network is properly configured for those values. Option B is incorrect because the Healthcheck does not evaluate speed/duplex. Option C is incorrect because the teaming policy is shown as 'Route based on originating virtual port', which is a valid policy.

Option D is incorrect because the Healthcheck does not measure performance; it only checks configuration consistency.

14
MCQmedium

A vSphere administrator is troubleshooting connectivity issues for a virtual machine that is unable to communicate with other VMs on the same VLAN. The VM is connected to a distributed port group on a vSphere Distributed Switch (vDS). The administrator verifies that the VM's IP configuration is correct and that the port group is configured with the correct VLAN ID. However, the VM can only communicate with other VMs on the same ESXi host. What is the most likely cause?

A.The vDS is not configured with a VLAN trunking policy.
B.The VM's network adapter is configured with the wrong MAC address.
C.The distributed port group has forging transmits set to reject.
D.The physical switch ports connecting the ESXi hosts are not configured as trunk ports for the VLAN.
AnswerD

If physical switch ports are not trunking the VLAN, frames tagged with that VLAN will be dropped, preventing cross-host communication while intra-host communication (no physical switch) works.

Why this answer

Option C is correct because if VMs on the same VLAN cannot communicate across hosts, the physical switch ports connecting ESXi hosts are likely not configured as trunk ports for that VLAN. This prevents VLAN-tagged frames from passing between hosts. Option A is incorrect because VLAN trunking policy on the vDS is not required for basic VLAN communication; the port group VLAN ID handles tagging.

Option B is incorrect because the MAC address is automatically assigned and would not cause host-only communication. Option D is incorrect because the 'forging transmits' security policy controls MAC address changes, not basic connectivity.

15
MCQeasy

An administrator needs to provide redundancy for VM traffic across multiple physical NICs on a vSphere Standard Switch. Which NIC teaming policy should be used to ensure fault tolerance without load balancing?

A.Route based on IP hash
B.Route based on originating virtual port
C.Use explicit failover order (Active/Standby)
D.Route based on source MAC hash
AnswerC

This provides fault tolerance without load balancing.

Why this answer

Option C is correct because the 'Use explicit failover order (Active/Standby)' policy designates one or more NICs as active and the rest as standby, providing pure fault tolerance without any load balancing. When the active NIC fails, traffic automatically fails over to the standby NIC, ensuring redundancy without distributing traffic across multiple uplinks.

Exam trap

The trap here is that candidates often confuse 'fault tolerance without load balancing' with load-balancing policies like IP hash or source MAC hash, mistakenly thinking any teaming policy provides redundancy, but only the explicit failover order ensures a single active path with no traffic distribution.

How to eliminate wrong answers

Option A is wrong because 'Route based on IP hash' uses a hash of source and destination IP addresses to distribute traffic across multiple active NICs, which provides load balancing but not pure fault tolerance without load balancing. Option B is wrong because 'Route based on originating virtual port' distributes traffic based on the virtual switch port ID, which also load-balances across active NICs and does not guarantee a single active path for fault tolerance. Option D is wrong because 'Route based on source MAC hash' uses the source MAC address to distribute traffic across multiple active NICs, again providing load balancing rather than the required fault tolerance without load balancing.

16
MCQhard

A company deploys a VDS with multiple uplinks and uses Route based on originating virtual port for load balancing. The network team reports that traffic from VMs on the same host is not balanced across uplinks. The administrator verifies that the physical switch ports are all in the same port-channel. What could be the cause?

A.The uplinks are configured in active/standby mode
B.The load balancing algorithm is not supported by the physical switch
C.The number of VMs is less than the number of uplinks
D.The teaming policy uses an explicit failover order
AnswerA

In active/standby mode, only one uplink is active, so no load balancing occurs.

Why this answer

Option D is correct because if the uplinks are configured as active/standby, only one uplink is active at a time, so no load balancing occurs regardless of the algorithm. Option A (algorithm not supported) is irrelevant as this is a vSphere algorithm. Option B (few VMs) might reduce distribution but not eliminate it entirely.

Option C (explicit failover order) still allows multiple active uplinks if configured with multiple active paths.

17
MCQhard

An ESXi host has two VMkernel interfaces as shown in the exhibit. The iSCSI targets are on the same subnet as vmk1 and support jumbo frames. The administrator reports that iSCSI sessions are experiencing high error rates and poor performance. What is most likely the cause?

A.The management network (vmk0) is also using the vDS, causing traffic interference.
B.The iSCSI VMkernel port should not be bound to a vDS.
C.The iSCSI network (vmk1) is on a different subnet than the iSCSI targets.
D.The vDS port group for iSCSI does not have jumbo frames enabled (MTU 9000).
AnswerD

If the vDS port group MTU is 1500, packets up to 9000 will be fragmented, causing errors. The VMkernel interface has MTU 9000, so the port group must match.

Why this answer

Option C is correct because vmk1 is on a vDS (dvs1) and the exhibit shows MTU 9000, which is appropriate for jumbo frames. However, if the physical network is not configured for jumbo frames or the vDS port group MTU is not set to 9000, fragmentation may occur. The exhibit does not show vDS MTU, but the mismatch is a common cause of errors.

Option A is incorrect because management traffic on vmk0 is separate and irrelevant. Option B is incorrect because different subnets are fine. Option D is incorrect because the iSCSI vmkernel port is dedicated.

18
MCQeasy

An administrator sees this health check output. What should be done to verify VLAN 100 connectivity?

A.Create a VMkernel adapter on VLAN 100 and ping a gateway.
B.Enable VLAN pruning on the physical switch.
C.Configure a port group for VLAN 100 and connect a VM.
D.Restart the management agents.
AnswerA

A VMkernel adapter provides a layer 3 test on that VLAN.

Why this answer

Option A is correct because to test VLAN 100, a VMkernel adapter with that VLAN should be created and used to ping a gateway. Option B is for pruning, not testing. Option C would test VM traffic, but VMkernel adapter is more direct for verification.

Option D is not necessary.

19
MCQhard

A vSphere administrator is deploying a vSphere Distributed Switch (vDS) version 7.0. The environment has ESXi hosts with hardware version 7.0. The administrator needs to ensure that the vDS supports Network I/O Control version 3 (NIOCv3). What must be true for NIOCv3 to function correctly?

A.All hosts must be running ESXi 7.0 or later.
B.The vDS must be configured with Route based on IP hash teaming.
C.All hosts must have the vDS in Link Aggregation Control Protocol (LACP) mode.
D.The vDS must have a Network Resource Pool configured.
AnswerA

NIOCv3 requires ESXi 7.0 or later.

Why this answer

NIOCv3 is a feature introduced with vSphere 7.0 that provides granular bandwidth allocation and reservation for network traffic. For NIOCv3 to function correctly, all ESXi hosts attached to the vDS must be running ESXi 7.0 or later because the feature relies on kernel-level enhancements and the vSphere Network Resource Management (vNRM) agent that are only present in that version. Hosts on earlier versions lack the necessary drivers and scheduling capabilities, causing NIOCv3 to be unavailable or non-functional.

Exam trap

The trap here is that candidates often assume upgrading the vDS version alone is sufficient to enable NIOCv3, overlooking the critical requirement that every host in the cluster must also be running ESXi 7.0 or later for the feature to function.

How to eliminate wrong answers

Option B is wrong because Route based on IP hash teaming is a load-balancing policy, not a prerequisite for NIOCv3; NIOCv3 works independently of the teaming algorithm and does not require IP hash. Option C is wrong because LACP mode is a link aggregation configuration that is unrelated to NIOCv3; NIOCv3 can function with or without LACP, and forcing LACP is not a requirement. Option D is wrong because a Network Resource Pool is a construct used to allocate bandwidth to specific traffic types within NIOC, but it is not a prerequisite for NIOCv3 to function; NIOCv3 can operate with default resource pools or custom ones, but the feature itself must first be enabled on a vDS that meets the host version requirement.

20
MCQmedium

An administrator has configured a vSphere Distributed Switch (VDS) with Network I/O Control. They need to guarantee bandwidth for a specific set of virtual machines. Which method should be used?

A.Create a port group with a custom network resource pool.
B.Enable SR-IOV on the physical NICs.
C.Set the virtual machine's network adapter to use a specific VLAN.
D.Configure Traffic Shaping on the distributed switch.
AnswerA

Network Resource Pools allow bandwidth reservation and guarantee.

Why this answer

Option C is correct because Network Resource Pools allow bandwidth reservation. Option A is incorrect because traffic shaping only limits bandwidth, not guarantees. Option B is incorrect because SR-IOV provides direct passthrough, not bandwidth control.

Option D is incorrect because VLAN priority does not guarantee bandwidth.

21
MCQeasy

A vSphere administrator needs to provide redundancy for VM traffic on a vSphere Standard Switch by using multiple physical uplinks. Which teaming configuration should be used to ensure that if one uplink fails, traffic automatically fails over to another?

A.Set load balancing to 'Route based on IP hash' and make both uplinks active.
B.Enable 'Use explicit failover order' and configure 'Network failures' detection.
C.Set load balancing to 'Explicit failover order' and set one uplink as active.
D.Set load balancing to 'Route based on originating virtual port' and make one uplink active and one standby.
AnswerD

This provides clear active/standby failover; if the active uplink fails, standby takes over.

Why this answer

Option A is correct because 'Route based on originating virtual port' with active/standby failover ensures one uplink is active and the other is standby, with automatic failover. Option B is incorrect because load balancing distributes traffic but doesn't inherently imply failover; however, active/active can also fail over, but the question asks for failover specifically. Option C is incorrect because 'Explicit failover order' is a method, not a load balancing policy.

Option D is incorrect because uplink failure detection is a setting, not a policy.

22
Multi-Selectmedium

Which three types of traffic can be assigned to a separate VMkernel adapter on an ESXi host?

Select 3 answers
A.Management traffic
B.vMotion
C.vSAN
D.Virtual machine network traffic
E.Fault Tolerance logging
AnswersA, B, C

Management (host) traffic uses a VMkernel adapter and can be isolated.

Why this answer

The correct answers are A, C, and D. vMotion (A), management (C), and vSAN (D) are all types of traffic that use VMkernel adapters and can be assigned to separate adapters for performance or security. Fault Tolerance logging (B) also uses VMkernel but is not as commonly separated; however, the question asks for exactly three, and B is a distractor. Virtual machine network traffic (E) uses port groups, not VMkernel adapters.

23
Multi-Selecteasy

An administrator is configuring a vSphere distributed switch. Which TWO are valid uplink teaming policies? (Choose two.)

Select 2 answers
A.Explicit failover order
B.Route based on MAC hash
C.Route based on round robin
D.Route based on physical NIC load
E.Route based on IP hash
AnswersD, E

Valid load balancing policy.

Why this answer

Route based on physical NIC load (option D) is a valid uplink teaming policy in vSphere distributed switches. This policy uses the load metric from the physical NICs to distribute traffic, where the switch selects the uplink with the least current load for outbound traffic, as determined by the vSphere Distributed Switch's load balancing algorithm.

Exam trap

The trap here is that candidates often confuse the valid teaming policies on distributed switches (which include 'Route based on physical NIC load' and 'Route based on IP hash') with those on standard switches (which include 'Route based on MAC hash' and 'Route based on round robin'), leading them to select the wrong options.

24
MCQhard

An administrator is configuring LACP on a VDS with two uplinks. Which configuration must match between the VDS and the physical switch?

A.LACP mode (active/passive).
B.LACP rate (slow/fast).
C.LACP port key.
D.All of the above.
AnswerD

Port key, mode, and rate must all match.

Why this answer

Option D is correct because for a successful LACP negotiation, the port key, mode (active/passive), and rate (slow/fast) must be consistent on both ends. Option A alone is insufficient. Option B alone is insufficient.

Option C alone is insufficient.

25
MCQhard

A vSphere administrator is designing a network for a cluster of ESXi hosts. Each host has four 10GbE uplinks. The cluster will host mission-critical VMs that require maximum throughput and redundancy. The administrator plans to use Network I/O Control (NIOC) and a vSphere Distributed Switch (vDS). Which configuration best ensures consistent network performance for all VMs?

A.Configure a single vDS with all four uplinks, enable NIOC, and set shares and reservations for each traffic type.
B.Configure a single vDS with all four uplinks and enable NetFlow for monitoring.
C.Create two separate vDS, each with two uplinks, and separate VM traffic from VMkernel traffic.
D.Configure a single vDS with all four uplinks and use Route based on IP hash teaming.
AnswerA

NIOC provides minimum bandwidth guarantees and fair sharing.

Why this answer

Option A is correct because NIOC enables per-traffic-type resource management using shares, reservations, and limits, ensuring that mission-critical VMs receive consistent network throughput even under contention. Combining all four uplinks into a single vDS maximizes aggregate bandwidth and provides redundancy through teaming policies, while NIOC prioritizes traffic flows to prevent VMkernel or management traffic from starving VM traffic.

Exam trap

The trap here is that candidates often confuse load-balancing algorithms (like IP hash) with QoS mechanisms, assuming that distributing traffic across uplinks alone guarantees performance, when in fact NIOC's per-traffic-type resource controls are required to enforce consistent throughput for all VMs.

How to eliminate wrong answers

Option B is wrong because NetFlow is a monitoring and traffic analysis tool, not a QoS or performance guarantee mechanism; it does not allocate bandwidth or enforce fairness among traffic types. Option C is wrong because splitting uplinks across two separate vDS reduces the total available bandwidth per vDS and prevents NIOC from managing all traffic centrally, leading to potential underutilization and inconsistent performance. Option D is wrong because Route based on IP hash provides load balancing but does not offer per-traffic-type resource controls like shares and reservations, so it cannot guarantee consistent performance for all VMs under contention.

26
Multi-Selectmedium

An administrator is troubleshooting network connectivity for a virtual machine connected to a vSphere Distributed Switch. Which three components must be properly configured for the VM to communicate with the external network?

Select 3 answers
A.VM's IP address
B.Physical NIC uplink
C.Distributed switch uplink port group
D.VM's network adapter driver
E.Physical switch port configuration
AnswersB, C, E

The physical NIC must be connected and functional.

Why this answer

Options B, C, and E are correct. The physical NIC uplink provides connectivity from the host, the distributed switch uplink port group connects the DVS to the physical NIC, and the physical switch port must be configured to allow traffic. Option A is incorrect because the VM's IP address is an OS setting, not a vSphere networking component.

Option D is incorrect because the VM's network adapter driver is a software component, not a configuration element.

27
Multi-Selectmedium

Which three factors influence the behavior of Network I/O Control (NIOC) when allocating bandwidth to different traffic types? (Choose three.)

Select 3 answers
A.The total physical bandwidth
B.Reservation per traffic type
C.Shares per traffic type
D.Limit per traffic type
E.The number of physical uplinks
AnswersB, C, D

Reservation guarantees a minimum bandwidth.

Why this answer

Options A, B, and C are correct. NIOC uses shares, reservation, and limit to allocate bandwidth. The number of physical uplinks (D) and total physical bandwidth (E) are not configurable per traffic type, though they affect overall capacity.

28
MCQmedium

A VM on a vSphere Distributed Switch is experiencing intermittent connectivity drops. The administrator checks the vDS health check and sees no errors. The physical switch logs show no issues. The VM is on a port group with VLAN 200. The administrator runs a ping from the VM to the gateway and notices packet loss. What should the administrator investigate next?

A.Verify the VMkernel port configuration
B.Check the VM's firewall settings
C.Check DNS resolution for the gateway
D.Review the NIC teaming failover order and ensure active uplinks are up.
AnswerD

Intermittent drops can be caused by failover events.

Why this answer

Option D is correct because intermittent connectivity drops on a VM connected to a vDS, despite no errors on the vDS health check or physical switch logs, often point to a NIC teaming misconfiguration. If the active uplinks are not properly set or one uplink is down, the VM traffic may fail over to a standby or unused uplink, causing packet loss. Verifying the teaming failover order and ensuring all active uplinks are operational directly addresses this common cause of intermittent drops.

Exam trap

The trap here is that candidates often assume intermittent connectivity must be a VM firewall or DNS issue, overlooking the NIC teaming failover order as a primary cause of packet loss on a vDS when physical and vDS health checks show no errors.

How to eliminate wrong answers

Option A is wrong because VMkernel port configuration is used for management traffic, vMotion, or storage, not for VM data traffic on a port group; investigating it would not resolve VM connectivity drops. Option B is wrong because the VM's firewall settings (e.g., Windows Firewall) would typically block all traffic or allow it consistently, not cause intermittent packet loss to a gateway; the issue is at the network layer, not the host firewall. Option C is wrong because DNS resolution is used for name-to-IP mapping, not for direct IP connectivity; the administrator is pinging the gateway IP, so DNS is irrelevant to packet loss.

29
Multi-Selecteasy

Which two actions must the administrator take to ensure network connectivity for VMs on a new distributed switch?

Select 2 answers
A.Configure a VMkernel interface on the distributed switch
B.Add the ESXi hosts to the distributed switch
C.Set the MTU to 9000
D.Create a port group and assign a VLAN
E.Enable Network I/O Control
AnswersB, D

Without adding the hosts, the distributed switch cannot be used by VMs on those hosts.

Why this answer

The correct answers are A and B. Adding the ESXi hosts to the distributed switch (A) is necessary for them to use the switch. Creating a port group and assigning a VLAN ID (B) provides the network layer connectivity.

Option C (setting MTU to 9000) is optional and not required for basic connectivity. Option D (configuring a VMkernel interface) is for host management, not VM connectivity. Option E (enabling NIOC) is optional for QoS.

30
MCQhard

After upgrading the physical switches, the LAG (Link Aggregation Group) on a VDS does not come up. The VDS LAG configuration shows LACP active mode. The physical switch ports are configured with LACP active mode as well. What is the most likely cause?

A.The physical switch uses a different LACP system priority
B.The physical switch ports are not in a port-channel
C.The ESXi hosts have different LAG IDs
D.The VDS LAG hashing algorithm is set to IP hash
AnswerB

LACP requires the physical switch ports to be configured as part of a port-channel group; otherwise, they are treated as individual links and LACP will not form.

Why this answer

Option A is correct because even if LACP modes match, the physical switch ports must be grouped into a port-channel or etherchannel before LACP can establish. Option B (hashing algorithm) does not prevent LACP from forming. Option C (different LAG IDs) would be incorrect if the LAG is configured identically on all hosts.

Option D (system priority) might influence which side is responsible for deciding aggregation, but does not prevent the LAG from coming up if otherwise correct.

31
MCQeasy

A VM cannot connect to the network after being migrated to a different host in the cluster. The VM's network adapter is connected to a standard switch port group that exists on the source host but not on the destination host. What is the most likely cause?

A.The standard switch is not configured on the destination host.
B.The VM's MAC address is not allowed on the destination port group.
C.The VLAN ID on the port group does not match.
D.The ESXi host's firewall is blocking the VM's traffic.
AnswerA

Standard switches are local to each host; the port group must be created on the destination host.

Why this answer

Option B is correct because standard switches are host-specific; the port group must exist on the destination host. Option A is not about existence. Option C is irrelevant.

Option D is unrelated.

32
MCQhard

An administrator configures a Private VLAN on a distributed switch with primary VLAN 100 and secondary VLANs 101 (isolated) and 102 (community). A VM on isolated secondary VLAN 101 needs to communicate with a VM on community secondary VLAN 102. What additional configuration is required?

A.Enable promiscuous mode on the port group for VLAN 101.
B.Configure a proxy router on the physical network.
C.They cannot communicate because isolated PVLANs prohibit any communication to other secondary VLANs.
D.Deploy a VM on the primary VLAN 100 with routing capabilities to forward traffic between the secondary VLANs.
AnswerD

A promiscuous port (primary VLAN) can communicate with both isolated and community, enabling routing.

Why this answer

Option C is correct because isolated PVLANs can only communicate with promiscuous ports (on the primary VLAN). A VM on the primary VLAN can act as a gateway. Option A is not enough; promiscuous mode on the secondary port group would break isolation.

Option B might be possible but not standard. Option D is incorrect because they can communicate through a promiscuous port.

33
MCQeasy

An administrator is reviewing the network configuration of a standard switch. The exhibit shows the current settings for a port group. Which change would improve load distribution for VM traffic?

A.Change the VLAN ID to 100.
B.Enable failover on the port group.
C.Change the load balancing policy to Route based on IP hash.
D.Set one NIC as active and the other as standby.
AnswerC

IP hash provides better distribution.

Why this answer

Option C is correct because Route based on IP hash uses a hash of source and destination IP addresses to determine which uplink to use for each traffic flow, ensuring that all packets in a given flow use the same uplink while distributing different flows across multiple uplinks. This improves load distribution for VM traffic compared to the default Route based on the originating virtual port, which only considers the vNIC port ID and can lead to uneven distribution when multiple VMs share the same port group.

Exam trap

The trap here is that candidates often confuse 'failover' with 'load balancing' and assume enabling failover (Option B) will distribute traffic, but failover only provides redundancy, not active load sharing, while Route based on IP hash (Option C) is the correct method for distributing VM traffic across multiple uplinks.

How to eliminate wrong answers

Option A is wrong because changing the VLAN ID to 100 would alter the VLAN tagging for the port group, which does not affect load balancing or distribution of VM traffic across uplinks. Option B is wrong because failover is already implicitly enabled on a standard switch with multiple uplinks; enabling failover is not a configurable toggle and does not improve load distribution—it only ensures redundancy. Option D is wrong because setting one NIC as active and the other as standby would disable load balancing entirely, forcing all traffic through the active NIC and leaving the standby NIC unused until a failure occurs, which reduces rather than improves load distribution.

34
MCQhard

An organization is using Network I/O Control (NIOC) on a distributed switch to manage bandwidth for different traffic types. The current configuration assigns 50 shares to management traffic, 50 shares to vMotion traffic, and 100 shares to NFS storage traffic. During peak hours, management traffic is suffering from high latency. The administrator must prioritize management traffic over all others while still ensuring minimum bandwidth for storage. Which action would best address the issue?

A.Increase the shares for management traffic to 200 and reduce vMotion to 25.
B.Set a reservation of 1 Gbps for management traffic and keep shares as they are.
C.Reduce NFS shares to 50 and increase management shares to 100.
D.Enable the 'Limit' setting on management traffic to cap it.
E.Create a network resource pool for management traffic with a guaranteed share value.
AnswerB

Reservation provides a guaranteed minimum bandwidth for management traffic.

Why this answer

Option B is correct because setting a reservation for management traffic guarantees a minimum bandwidth, ensuring it is not starved. Option A increases shares but does not guarantee minimum bandwidth. Option C is wrong because limit would cap traffic, making it worse.

Option D still lacks guarantee. Option E is not a feature of NIOC.

35
MCQmedium

An administrator configures a VDS with two uplinks and sets the load balancing policy to 'Route based on IP hash'. What additional configuration is required on the physical switches to ensure proper traffic distribution?

A.Use individual ports with no aggregation.
B.Set port security to allow multiple MAC addresses.
C.Enable Link Aggregation Control Protocol (LACP).
D.Configure a static EtherChannel.
AnswerD

Static EtherChannel is required for IP hash load balancing.

Why this answer

Option B is correct because IP hash load balancing requires a static EtherChannel on the physical switches to aggregate the two links. Option A is incorrect because LACP is a different protocol. Option C is incorrect because individual ports would cause misconfiguration.

Option D is incorrect because port security is not related.

36
MCQhard

Refer to the exhibit. An administrator notices that the ESXi host is listening on both IPv4 and IPv6 for HTTPS. However, IPv6 traffic is not being forwarded to the host. Which configuration change is most likely needed?

A.Configure a default gateway for the IPv6 stack on the host.
B.Disable IPv6 and use only IPv4.
C.Remove the IPv4 HTTPS listener to force IPv6.
D.Enable IPv6 on the vSphere Distributed Switch.
AnswerA

Without an IPv6 default gateway, traffic cannot be routed to the host.

37
MCQmedium

A VM experiences high packet loss during peak hours. The VM is connected to a distributed switch port group with a traffic shaping policy: average bandwidth 100 Mbps, peak bandwidth 200 Mbps, burst size 50 KB. What is the most likely cause?

A.The peak bandwidth limit is being exceeded.
B.The burst size is too small, causing packets to be dropped when burst traffic exceeds the average.
C.The traffic shaping policy is disabled.
D.The physical uplink speed is less than 200 Mbps.
AnswerB

With 50 KB burst, sustained bursts above average cause drops.

Why this answer

Option B is correct because a small burst size causes packets to be dropped when short bursts exceed the average. Option A is less likely since peak is 200 Mbps. Option C would not cause packet loss if disabled.

Option D is unlikely if the uplink is faster.

38
MCQeasy

An administrator needs to configure a vSphere Standard Switch (vSS) for a small environment. Which component must be created first before adding a virtual machine to the network?

A.Create a standard switch.
B.Configure a VMkernel interface.
C.Create a virtual machine port group.
D.Add a physical uplink to the host.
AnswerA

A standard switch is the foundational component; it must be created before any port groups can be added.

Why this answer

Option A is correct because a standard switch must exist to create port groups. Without the switch, port groups cannot be created. Option B is incorrect because the uplink is part of the switch creation.

Option C is incorrect because a VM port group is created after the switch. Option D is incorrect because the VMkernel interface is for management/storage, not for regular VM connectivity.

39
Multi-Selectmedium

Which THREE of the following are prerequisites for configuring LACP on a vSphere Distributed Switch? (Select exactly three.)

Select 3 answers
A.The vSphere Distributed Switch must be configured with enhanced LACP support.
B.Each uplink must be in a separate VLAN to avoid loops.
C.The physical switch ports must be configured as LACP active or passive.
D.The uplinks must be connected to different physical switches for redundancy.
E.The physical network switch must support LACP (IEEE 802.3ad).
AnswersA, C, E

The vDS version must support LACP; enhanced LACP is available in vSphere 6.0+.

Why this answer

Options A, C, and D are correct. LACP requires compatible physical switches, the vDS must be in enhanced LACP mode, and the physical switch ports must be configured as LACP trunks. Option B is incorrect because the uplinks must be connected to the same physical switch to form a LAG; using different switches requires Multi-chassis LACP.

Option E is incorrect because LACP does not require separate VLANs; it aggregates links regardless of VLAN config.

40
MCQhard

An administrator has configured jumbo frames on a VDS and all physical switches. Virtual machines on different hosts can ping each other but cannot transfer files larger than 1500 bytes. What is the most likely cause?

A.The physical NICs are not configured for jumbo frames.
B.The TCP/IP offload engine is causing fragmentation.
C.The VMkernel adapters are not configured with MTU 9000.
D.The virtual machine's operating system MTU is set to 1500.
AnswerD

The OS MTU must be 9000 for jumbo frames to work.

Why this answer

Option B is correct because the virtual machine's operating system MTU must be set to 9000 to use jumbo frames; otherwise, the OS will fragment packets. Option A is incorrect because VMkernel adapters do not affect VM data traffic. Option C is incorrect because physical NICs are already configured.

Option D is incorrect because TCP offload would not cause this.

41
MCQmedium

A vSphere administrator is troubleshooting connectivity issues for a virtual machine on a standard switch. The VM is configured with VLAN 100, but cannot ping the default gateway. The VMkernel port on the host is on VLAN 200. The physical switch port connected to the host is configured as a trunk port allowing VLANs 100 and 200. Which action should the administrator take to resolve the issue?

A.Enable promiscuous mode on the VM port group.
B.Change the physical switch port to access mode on VLAN 100.
C.Ensure the VM port group is set to VLAN 100.
D.Set the VM port group VLAN to 4095.
AnswerC

The VM port group must match the VM's VLAN.

Why this answer

The VM is configured with VLAN 100, and the physical switch trunk port already allows VLAN 100 and 200. The VMkernel port on VLAN 200 is working, so the issue is that the VM port group must be explicitly set to VLAN 100 to tag egress frames with VLAN 100 and to accept only VLAN 100-tagged frames on ingress. Option C ensures the standard switch port group applies the correct VLAN ID, matching the physical switch trunk configuration.

Exam trap

The trap here is that candidates often confuse the VM port group VLAN setting with the VMkernel port VLAN, or think that a trunk port on the physical switch automatically passes all VLANs to the VM without requiring the port group to be set to a specific VLAN ID.

How to eliminate wrong answers

Option A is wrong because enabling promiscuous mode on the VM port group allows the VM to see all traffic on the switch, but it does not affect VLAN tagging or connectivity to the default gateway; it is a security setting unrelated to VLAN mismatch. Option B is wrong because changing the physical switch port to access mode on VLAN 100 would strip VLAN tags and break the VMkernel port's connectivity on VLAN 200, which is required for management and other functions; the trunk port is correctly configured. Option D is wrong because setting the VM port group VLAN to 4095 enables VLAN trunking to the VM (allowing the VM to handle its own VLAN tags), but the VM is not configured to tag frames internally; this would cause the VM to send untagged frames that the physical switch would drop or misclassify.

42
MCQhard

During a period of high network contention, management traffic is starved while NFS traffic gets the most bandwidth. Which configuration change would best address the issue?

A.Increase management shares to 100.
B.Increase the NFS limit to 1000 Mbps.
C.Set a reservation for management traffic.
D.Enable traffic shaping on the management port group.
E.Remove the reservation from vMotion.
AnswerC

Reservation guarantees minimum bandwidth for management.

Why this answer

Option B is correct because setting a reservation for management traffic guarantees a minimum bandwidth. Option A increases shares but does not guarantee. Option C configures shaping on the port group, not NIOC.

Option D increases the NFS limit, which does not help management. Option E removes vMotion reservation, which may free bandwidth but does not guarantee management.

43
Multi-Selecthard

Which THREE are valid methods to isolate and secure management traffic on a vSphere Distributed Switch? (Choose three.)

Select 3 answers
A.Enable Route based on IP hash on the management port group.
B.Assign a specific VLAN ID to the management port group.
C.Use Private VLANs on the management port group.
D.Configure the ESXi firewall to restrict management access.
E.Create a dedicated VMkernel port group for management.
AnswersB, D, E

VLANs provide isolation.

Why this answer

Assigning a specific VLAN ID to the management port group isolates management traffic at Layer 2 by tagging frames with a unique VLAN identifier. This prevents unauthorized access from other VLANs and ensures that management traffic is logically separated from other network traffic on the same vSphere Distributed Switch.

Exam trap

The trap here is that candidates often confuse load-balancing policies (like Route based on IP hash) with security features, or they overcomplicate isolation by choosing Private VLANs instead of the simpler and more reliable VLAN assignment.

44
MCQeasy

An administrator needs to ensure that virtual machines can be migrated between ESXi hosts using vMotion. The virtual machines are connected to a standard vSwitch port group named 'Production'. What must be consistent across all hosts?

A.Port group name 'Production'
B.MTU size
C.Number of uplinks
AnswerA

Port group name must match for vMotion.

Why this answer

Option A is correct because vMotion requires the same port group name on source and target host. Option B is incorrect because MTU may differ if not using jumbo frames. Option C is incorrect because number of uplinks can vary.

Option D is incorrect because load balancing policy does not affect vMotion compatibility.

45
MCQmedium

An administrator needs to capture traffic from a specific virtual machine for troubleshooting. Which vSphere networking feature should be used?

A.Port mirroring on the VDS.
B.LLDP on the VDS.
C.NetFlow on the VDS.
D.Traffic shaping on the VDS.
AnswerA

Port mirroring duplicates traffic for capture.

Why this answer

Option B is correct because port mirroring (also called SPAN) on a VDS copies traffic from a source port to a destination port for analysis. Option A is incorrect because NetFlow provides flow statistics, not packet captures. Option C is incorrect because traffic shaping controls bandwidth.

Option D is incorrect because LLDP is for discovering network neighbors.

46
MCQhard

A vSphere administrator notices that VMs on a specific ESXi host lose connectivity intermittently. The VMs are on a distributed switch port group. The administrator finds that the Uplink 1 on that host is down. What should the administrator do first?

A.Increase the number of uplinks in the teaming policy
B.Check the physical switch port configuration for the failed uplink
C.Set the load balancing policy to Route based on source MAC
D.Configure a different failover order
AnswerB

The physical switch port might be misconfigured, disabled, or have a faulty cable; this is the most direct troubleshooting step.

Why this answer

Option C is correct because the first step is to verify the physical switch port configuration for the failed uplink, as it may be misconfigured, disabled, or have a faulty cable. Option A would be premature without knowing the root cause. Option B might help if failover is needed but does not address the root cause.

Option D adjusts load balancing but does not fix the down uplink.

47
MCQhard

A company runs a vSphere 7 cluster with 4 ESXi hosts, each connected to a single vSphere Distributed Switch (VDS) with two 10GbE uplinks. The environment hosts 100 production VMs and uses vSphere Replication for disaster recovery to a remote site. Network I/O Control (NIOC) is enabled on the VDS with the following shares: vSphere Replication (System Traffic) = 100, Virtual Machine Traffic = 50. During the scheduled replication window (every 2 hours), users report significant VM performance degradation. The administrator observes that during replication, the VMkernel interfaces handling replication consume 95% of the available uplink bandwidth. The goal is to guarantee at least 6 Gbps of bandwidth for VM traffic on each host while still allowing replication to occur. Which action should the administrator take?

A.Create a network resource pool for VM traffic on the VDS and assign a reservation of 6 Gbps.
B.Increase the shares for Virtual Machine traffic to 200.
C.Increase the number of uplinks to four per host.
D.Set a hard limit of 4 Gbps on vSphere Replication traffic.
AnswerA

Reservations guarantee bandwidth for VM traffic, ensuring performance during replication.

Why this answer

Creating a network resource pool for VM traffic and assigning a reservation of 6 Gbps guarantees that VM traffic gets at least that amount of bandwidth, regardless of replication demands. This is the proper use of NIOC resource pools. Option B (increasing shares) only affects priority, not guarantees.

Option C (limiting replication) could help but does not guarantee VM bandwidth and may still allow replication to burst if the limit is not set appropriately. Option D (adding uplinks) is expensive and may not directly address the guarantee requirement.

48
MCQmedium

A vSphere administrator notices that after adding a new ESXi host to a vSphere Distributed Switch (vDS), some VMs on existing hosts lose network connectivity intermittently. What is the most likely cause?

A.The vDS MTU setting does not match the physical network MTU.
B.The new host's physical uplink is faulty, causing broadcast storms.
C.The vDS is configured with LACP, and the new host's links are not properly bundled.
D.The vDS Network I/O Control settings are not evenly distributed.
AnswerA

If the vDS uses jumbo frames (MTU 9000) but the physical switch or new host has MTU 1500, large packets may be fragmented or dropped, causing intermittent connectivity.

Why this answer

Option D is correct because if the Maximum Transmission Unit (MTU) is inconsistent across the vDS and physical network, it can cause packet drops and intermittent connectivity. Option A is incorrect because a physical uplink failure affecting all VMs is unlikely to occur only after adding a new host. Option B is incorrect because LACP issues would cause complete failure or reduced throughput, not intermittent connectivity on existing hosts.

Option C is incorrect because Network I/O Control is about bandwidth allocation, not connectivity loss.

49
MCQmedium

Refer to the exhibit. A virtual machine on the VM Network is experiencing intermittent connectivity. The administrator notices that vmnic0 is saturated. Which action would improve performance without causing a single point of failure?

A.Change the active uplinks for VM Network to vmnic1 only.
B.Increase the MTU on vSwitch0 to 9000.
C.Configure load-based teaming on vSwitch0 for the VM Network portgroup.
D.Move the VM Network to vSwitch1.
AnswerC

Load-based teaming would distribute traffic across both uplinks, reducing saturation.

50
MCQmedium

The administrator configured this LAG on a distributed switch and corresponding LACP settings on the physical switch. But the LAG is not coming up. What is a likely issue?

A.The load balancing policy should be IP hash.
B.The LAG name is not used by the physical switch.
C.The LAG mode is passive, but the physical switch is also configured as passive.
D.The uplinks should be in active/active mode.
AnswerC

LACP requires one side to be active for negotiation.

Why this answer

Option A is correct because if the LAG mode is passive and the physical switch is also configured as passive, LACP negotiation fails. Option B is not the issue as the load balancing policy is valid. Option C is irrelevant.

Option D is not required.

51
MCQeasy

An administrator has created a standard vSwitch port group with VLAN ID 100. Virtual machines in this port group can communicate with each other but not with devices on the physical network. What is a possible cause?

A.The vSwitch has only one uplink.
B.The virtual machines have duplicate MAC addresses.
C.The physical switch port is not configured to pass VLAN 100.
D.The virtual machines are using different subnets.
AnswerC

The physical switch must allow VLAN 100 on the port.

Why this answer

Option B is correct because the physical switch port must be configured to pass VLAN 100, either as a trunk or access port. Option A is incorrect because duplicate MAC addresses would affect local communication too. Option C is incorrect because subnet mismatch would also affect local communication.

Option D is incorrect because one uplink is sufficient.

52
MCQeasy

A company has a single ESXi host with a standard switch. The administrator creates a new port group for a DMZ network and assigns a VM to it. The VM cannot ping the default gateway. The physical switch port is configured as a trunk with VLAN 100 allowed. The port group VLAN ID is set to 100. The physical NIC is connected to the switch port and shows link up. What should the administrator do to resolve the issue?

A.Enable VLAN tagging on the physical switch port
B.Change the VLAN ID to 0
C.Verify the VM's IP configuration
D.Add a second physical NIC to the standard switch
AnswerC

If the gateway IP, subnet mask, or default gateway is misconfigured, the VM cannot ping the gateway despite correct VLAN settings.

Why this answer

Option C is correct because the physical and virtual networking configurations appear correct (VLAN 100 on both sides, link up), so the issue is likely an IP misconfiguration on the VM itself. Option A (change VLAN to 0) would break connectivity. Option B (enable VLAN tagging) is unnecessary as the port group already tags VLAN 100.

Option D (add second NIC) does not address the connectivity problem.

53
MCQeasy

A network administrator needs to isolate traffic between VMs in the same VLAN on a distributed switch. Which feature should be used?

A.Network I/O Control
B.Private VLAN
C.VLAN trunking
D.Traffic shaping
E.Port binding
AnswerB

PVLANs isolate ports within the same primary VLAN.

Why this answer

Option B is correct because Private VLANs allow isolation within a VLAN. Option A is for trunking. Option C is for bandwidth allocation.

Option D is for rate limiting. Option E is for port binding.

54
MCQmedium

Refer to the exhibit. An administrator cannot resolve the hostname of a DNS server using the ESXi host. What is the most likely cause?

A.The search domain is incorrectly set to localdomain.
B.The DNS servers are unreachable.
C.The DNS servers are not configured correctly for the domain.
D.The ESXi host is not configured to use DNS.
AnswerC

The hostname resolution failed, indicating the DNS server cannot resolve the name.

55
MCQeasy

A network administrator notices that all traffic from two VMs connected to the same standard switch port group is going through the same physical uplink, causing congestion. The teaming policy is set to Route based on originating virtual port. What change should the administrator make to distribute traffic more evenly?

A.Change teaming policy to Route based on IP hash.
B.Increase the number of uplinks to 4.
C.Enable LACP on the standard switch.
D.Change the load balancing policy to Explicit failover order.
AnswerA

Correctly distributes traffic based on IP pairs.

Why this answer

Option A is correct because IP hash uses source and destination IP to distribute traffic, providing better load distribution. Option B is wrong because LACP is not supported on standard vSwitches. Option C is wrong because adding uplinks without changing policy still ties port to same uplink.

Option D does not distribute traffic.

56
MCQhard

An administrator has enabled jumbo frames (MTU 9000) on a vSphere Distributed Switch. Virtual machines on different hosts cannot communicate, but VMs on the same host can. The physical switches support jumbo frames. What is the most likely cause?

A.The physical switch QoS is misconfigured.
B.The VMkernel adapters are still using default MTU.
C.The distributed switch port group MTU is set to 1500.
D.The physical NICs are not configured with MTU 9000.
AnswerD

Physical NICs must have MTU 9000 to pass jumbo frames between hosts.

Why this answer

Option B is correct because the physical NICs must also be configured with MTU 9000 to pass jumbo frames between hosts. Option A is incorrect because VMkernel adapters are used for management traffic, not VM data. Option C is incorrect because the port group MTU is already set on the DVS.

Option D is incorrect because QoS is unrelated.

57
Drag & Dropmedium

Order the steps to perform a vMotion migration of a powered-on virtual machine.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Prerequisites check, initiate migration, select type, choose destination, and confirm.

58
Multi-Selecteasy

Which two conditions must be met for a VMkernel adapter to be used for vMotion on a distributed switch? (Choose two.)

Select 2 answers
A.The VMkernel adapter must be in the same subnet as the destination host.
B.The VMkernel adapter must be enabled for vMotion.
C.The physical uplinks must be in active/standby mode.
D.The port group must have VLAN ID 0.
E.The port group must be configured with a static IP address.
AnswersA, B

vMotion requires IP connectivity between hosts on the same subnet.

Why this answer

Options B and D are correct. The VMkernel adapter must be in the same subnet as the destination host (B) and must be enabled for vMotion (D). VLAN ID can be any, static IP is not required, and uplink teaming mode is irrelevant.

59
MCQmedium

A virtual machine connected to the 'VM Network' port group is unable to obtain an IP address from the DHCP server located on the same subnet (192.168.1.0/24). The DHCP server is connected to the physical switch which is configured as an access port for VLAN 100. What is the most likely cause of the issue?

A.The physical uplink vmnic0 is not configured as a trunk on the physical switch.
B.The port group should use a different VLAN ID.
C.The standard switch has MTU of 1500 but DHCP uses 1500.
D.The DHCP server is on a different VLAN.
E.The VMkernel port vmk0 has an IP address in the same subnet but is not required for DHCP.
AnswerA

The port group tags frames with VLAN 100, so the physical switch port must be a trunk to accept tagged frames.

Why this answer

The DHCP server is connected to a physical switch port configured as an access port for VLAN 100, meaning it expects untagged traffic on VLAN 100. However, the virtual machine is connected to the 'VM Network' port group, which by default is untagged (VLAN ID 0). For the VM's DHCP request to reach the server, the physical uplink (vmnic0) must be configured as a trunk port on the physical switch to carry the VLAN 100 traffic; otherwise, the switch will drop or misdirect the frames, preventing DHCP from working.

Exam trap

The trap here is that candidates assume the DHCP server's access port configuration automatically matches the VM's network, overlooking the requirement for the physical uplink to be a trunk to carry the VLAN-tagged or untagged traffic correctly.

How to eliminate wrong answers

Option B is wrong because the port group should use VLAN ID 100 to match the access port's VLAN, not a different ID. Option C is wrong because MTU 1500 is standard for Ethernet and DHCP; mismatched MTU would cause fragmentation issues, not DHCP failure. Option D is wrong because the DHCP server is on the same subnet (192.168.1.0/24) and connected to an access port for VLAN 100, so it is on the same VLAN as the VM's intended network.

Option E is wrong because the VMkernel port vmk0 is used for vSphere management traffic, not for VM DHCP; its IP address is irrelevant to VM network connectivity.

60
MCQhard

An ESXi host has two physical uplinks (vmnic0, vmnic1) connected to a distributed switch. The administrator wants to use LACP to aggregate these uplinks to a physical switch stack. Which prerequisite must be met for LACP to work with a distributed switch?

A.The physical switch must be configured with a static LAG.
B.The distributed switch version must be 5.5 or later.
C.The uplinks must be in an active/standby configuration.
D.The distributed switch must be configured with a LAG and the physical switch with matching LACP settings.
E.The LACP group must have a unique MAC address.
AnswerD

A LAG must be created on the DVS, and the physical switch must be configured with compatible LACP parameters.

Why this answer

Option E is correct because DVS requires a LAG to be configured on the switch and matching settings on the physical switch. Option A is not strictly true (LACP supported from vSphere 5.1). Option B is wrong because LACP requires active/active.

Option C is possible but not a prerequisite. Option D is not a requirement.

61
MCQhard

A company operates a three-node vSphere cluster for a critical application. Each ESXi host has two 10GbE physical NICs (vmnic0 and vmnic1) connected to two separate physical switches (Switch A and Switch B) for redundancy. The cluster uses a vSphere Distributed Switch (vDS) with two uplinks per host: uplink1 (vmnic0) connected to Switch A, and uplink2 (vmnic1) connected to Switch B. The teaming policy is set to 'Route based on originating virtual port' with both uplinks active. The physical switches are configured in a multi-chassis link aggregation group (MLAG) that bundles the ports from both switches into a single LAG interface. The LAG is configured with mode 'active' (802.3ad). Recently, the cluster experienced a network outage when one of the physical switch uplinks failed. The VMs on the affected host lost connectivity for several seconds before recovering. The administrator wants to prevent such outages in the future. Which action should the administrator take?

A.Disable LACP on the physical switches and configure the vDS with 'Route based on originating virtual port' only.
B.Add a third physical NIC to each host and configure it as a standby uplink.
C.Change the vDS teaming policy to 'Use explicit failover order' with vmnic0 active and vmnic1 standby.
D.Configure the vDS with LACP support and set the teaming policy to 'Route based on IP hash'.
AnswerD

This aligns the vDS with the physical LAG.

Why this answer

Option D is correct because the current configuration uses a static LAG (MLAG) on the physical switches with 802.3ad active mode, but the vDS is not configured for LACP. This mismatch causes the vDS to send frames based on originating virtual port, which does not coordinate with the physical LAG's hashing algorithm. When a physical uplink fails, the MLAG may not properly redistribute traffic because the vDS is unaware of the LAG state, leading to connectivity loss.

Configuring the vDS with LACP support and setting the teaming policy to 'Route based on IP hash' aligns the virtual and physical LAG configurations, ensuring proper load balancing and failover behavior.

Exam trap

The trap here is that candidates assume 'Route based on originating virtual port' with two active uplinks provides adequate failover, but they overlook the critical requirement for LACP coordination when the physical switches are configured with an active-mode LAG (802.3ad), leading to a mismatch that causes delayed failover.

How to eliminate wrong answers

Option A is wrong because disabling LACP on the physical switches and keeping 'Route based on originating virtual port' would break the existing MLAG configuration, potentially causing loops or inconsistent forwarding, and does not address the root cause of the outage. Option B is wrong because adding a third NIC as a standby uplink does not resolve the mismatch between the vDS teaming policy and the physical LAG; the outage occurred due to improper failover coordination, not a lack of physical redundancy. Option C is wrong because changing to 'Use explicit failover order' with one active and one standby would eliminate the active-active load balancing and still not coordinate with the physical LAG's hashing, so a single uplink failure could still cause traffic disruption if the vDS does not properly detect the LAG state.

62
MCQeasy

A virtual machine is configured with two vNICs connected to different standard port groups (VLAN 10 and VLAN 20). The administrator wants to use both vNICs for load balancing and failover within the VM OS. Which condition must be met on the vSwitch side?

A.Enable MAC address changes on both port groups.
B.Configure teaming on the standard switch by bridging the two port groups.
C.Configure NIC teaming within the guest operating system.
D.Set load balancing to 'Route based on IP hash' on both port groups.
AnswerC

Since the vNICs are on separate port groups, the VM OS must handle load balancing and failover via software teaming (e.g., bond).

Why this answer

Option C is correct because the VM OS must have NIC teaming configured to use both interfaces. The vSwitch port groups are separate, so they don't team at the virtual switch level. Option A is incorrect because teaming at vSwitch is per port group, not across port groups.

Option B is incorrect because MAC address changes are not needed. Option D is incorrect because route based on IP hash is for a single port group.

63
Matchingmedium

Match each vSphere edition/license tier to its key feature.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Basic virtualization with vMotion and HA

Full features including DRS, DPM, and Host Profiles

Includes performance monitoring and capacity management

Adds AppDefense for security

Licensing for small ROBO deployments

Why these pairings

vSphere licensing tiers and capabilities.

64
MCQeasy

An administrator is creating a new vSphere Standard Switch on an ESXi host. The host has two physical NICs: vmnic0 and vmnic1. The administrator wants to use vmnic0 for VM traffic and vmnic1 for management traffic. How should the administrator configure the switch?

A.Create one standard switch with vmnic0 only and use VLANs for separation.
B.Create one standard switch with both vmnics and separate port groups for VM and VMkernel.
C.Create two standard switches: one with vmnic0 and a VM port group, and another with vmnic1 and a VMkernel port group.
D.Create a vSphere Distributed Switch with both vmnics.
AnswerC

Separation of traffic types.

Why this answer

Option C is correct because the requirement is to use separate physical NICs for different traffic types (VM traffic on vmnic0 and management traffic on vmnic1). In vSphere, a standard switch is a per-host virtual switch that connects virtual machines and VMkernel interfaces to physical NICs. To isolate traffic at the physical NIC level, you must create two distinct standard switches: one with vmnic0 and a VM port group for VM traffic, and another with vmnic1 and a VMkernel port group for management traffic.

This ensures that management traffic never traverses vmnic0 and VM traffic never traverses vmnic1, providing physical separation and avoiding contention.

Exam trap

The trap here is that candidates often assume a single standard switch with multiple uplinks and separate port groups is sufficient for traffic separation, but they overlook that physical NIC assignment is per-switch, not per-port-group, so both traffic types could still share the same NICs via teaming or failover unless explicit NIC binding is configured.

How to eliminate wrong answers

Option A is wrong because creating a single standard switch with only vmnic0 and using VLANs for separation does not physically separate management traffic onto vmnic1; management traffic would still be forced through vmnic0, violating the requirement. Option B is wrong because creating one standard switch with both vmnics and separate port groups for VM and VMkernel traffic would allow both traffic types to use either NIC (via teaming or failover), failing to enforce the dedicated NIC assignment. Option D is wrong because a vSphere Distributed Switch (VDS) requires vCenter Server and is not created directly on an ESXi host; it also does not inherently force specific traffic types to dedicated physical NICs without explicit configuration, and the question specifies a standard switch.

65
MCQmedium

An administrator configures a distributed switch with a single uplink on each host and a port group with VLAN 10. After connecting a VM to the port group, the VM cannot communicate with other VMs on the same VLAN but on different hosts. What is a likely cause?

A.The physical switch port is set to access mode with VLAN 10.
B.The distributed switch has no teaming configured.
C.The physical switch port connected to the uplink is set to trunk mode and is tagging the VLAN.
D.The VLAN ID is not set correctly on the VM's virtual network adapter.
AnswerA

Access mode expects untagged traffic, but vSphere tags frames, causing communication failure.

Why this answer

Option C is correct because if the physical switch port is access mode with VLAN 10, it expects untagged traffic, but vSphere will tag frames with VLAN 10, causing a mismatch. Option A is wrong because VLAN tagging is on the port group, not the VM adapter. Option B would work if trunking.

Option D is irrelevant.

66
Drag & Dropmedium

Order the steps to enable vSphere HA on a cluster.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Select cluster, access HA settings, enable, configure options, confirm.

67
MCQeasy

An administrator needs to separate vMotion traffic from management traffic. Which should be created?

A.A new physical NIC.
B.A new VMkernel adapter on a different subnet.
C.A new VLAN on the existing port group.
D.A new standard switch port group.
AnswerB

A separate VMkernel adapter on a different network isolates vMotion traffic.

Why this answer

Option B is correct because creating a separate VMkernel adapter on a different subnet for vMotion is a best practice to isolate traffic. Option A is incorrect because a new standard switch port group alone does not separate traffic without a different IP network. Option C is incorrect because using the same VLAN but different IP subnet still shares the same broadcast domain.

Option D is incorrect because a new physical NIC is often not necessary; a VLAN can suffice.

68
Multi-Selecthard

An administrator needs to implement Network I/O Control (NIOC) on a vSphere Distributed Switch to guarantee bandwidth for vSphere Replication traffic. Which two actions are required?

Select 2 answers
A.Enable NIOC on the distributed switch.
B.Create a network resource pool for vSphere Replication.
C.Set the replication VMkernel adapter's traffic shaping to guaranteed.
D.Configure the replication network on a separate VLAN.
E.Assign the vSphere Replication VMkernel adapter to the resource pool.
AnswersA, B

NIOC must be enabled globally on the DVS.

Why this answer

Options A and B are correct. First, NIOC must be enabled on the DVS. Then a network resource pool must be created for vSphere Replication traffic.

Option C is incorrect because assigning the VMkernel adapter to the resource pool is a subsequent step, not one of the two required actions (it is required but the question asks for two). Option D is incorrect because traffic shaping is not used with NIOC. Option E is incorrect because a separate VLAN is not required for NIOC.

69
Multi-Selectmedium

Which TWO of the following are functions of a vSphere Distributed Switch that are not available in a vSphere Standard Switch? (Select exactly two.)

Select 2 answers
A.Port mirroring (Distributed Port Mirroring).
B.NIC teaming with explicit failover order.
C.Network I/O Control (NIOC).
D.Traffic shaping policies.
E.VLAN tagging and trunking.
AnswersA, C

Distributed switches support advanced port mirroring; standard switches only have basic mirroring via third-party solutions.

Why this answer

Options B and C are correct. Network I/O Control (NIOC) is only available on vDS. Port mirroring (using Distributed Port Mirroring) is a vDS-only feature.

Option A is incorrect because VLAN tagging is available on both switch types. Option D is incorrect because NIC teaming is available on standard switches as well. Option E is incorrect because traffic shaping is available on standard switches (per port group).

70
MCQmedium

An organization has deployed a vSphere Distributed Switch (vDS) across multiple ESXi hosts. The security team requires that no virtual machine can change its MAC address to impersonate another device. Which security policy setting on the distributed port group should be configured to fulfill this requirement?

A.Set 'Forged transmits' to 'Reject'.
B.Set 'MAC address changes' to 'Reject'.
C.Set 'Promiscuous mode' to 'Reject'.
D.Enable traffic shaping and set a low average bandwidth.
AnswerA

When forged transmits is rejected, the vSwitch drops frames that do not originate from the VM's actual MAC address, thus preventing MAC spoofing.

Why this answer

Option B is correct because the 'Forged transmits' policy, when set to 'Reject', drops any outbound frames with a source MAC address different from the one assigned to the virtual NIC. This prevents MAC impersonation. Option A is incorrect because 'Promiscuous mode' allows the VM to see all traffic on the port, which is a security risk and unrelated to MAC impersonation.

Option C is incorrect because 'MAC address changes' controls whether the VM can change its effective MAC address, but the question is about outward impersonation. Option D is incorrect because traffic shaping limits bandwidth, not MAC security.

71
Matchingmedium

Match each vSphere feature to its correct description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Distributes VM workloads across hosts based on resource usage

Provides continuous availability by maintaining a secondary VM

Migrates VM storage without downtime

Powers hosts on/off to save energy based on demand

Standardizes host configuration across a cluster

Why these pairings

Key vSphere features and their roles.

72
MCQmedium

A VM on a vSphere Distributed Switch is unable to receive traffic from external networks. The VM can send traffic out successfully. The VM port group has no security policies set (default). The physical switch port is configured as an access port on VLAN 100. The VM port group VLAN is set to 100. What is the most likely cause?

A.VLAN mismatch between VM port group and physical switch
B.The VM's NIC is in promiscuous mode
C.The VM is using a different default gateway than the VMkernel interface
D.The physical switch port is configured as an access port instead of a trunk
AnswerC

Asymmetric routing can cause one-way traffic.

Why this answer

Option C is correct because the VM can send traffic out successfully but cannot receive traffic from external networks, which indicates a routing issue rather than a switching or VLAN problem. The most likely cause is that the VM's default gateway is set to the VMkernel interface's IP address instead of the physical network's gateway, causing return traffic to be misrouted. This is a common misconfiguration where the VM's default gateway does not match the subnet's gateway, preventing inbound traffic from reaching the VM.

Exam trap

The trap here is that candidates often focus on VLAN configuration or switch port modes when the symptom is unidirectional traffic, but the real issue is a routing misconfiguration at the VM's default gateway, which is a common oversight in vSphere networking troubleshooting.

How to eliminate wrong answers

Option A is wrong because the VM port group VLAN is set to 100 and the physical switch port is configured as an access port on VLAN 100, which is a correct match; a VLAN mismatch would cause both inbound and outbound traffic to fail. Option B is wrong because promiscuous mode on the VM's NIC allows it to see all traffic on the VLAN, but it does not prevent the VM from receiving traffic destined to its own MAC address; it would not cause a unidirectional traffic issue. Option D is wrong because an access port on VLAN 100 is the correct configuration for a single VLAN; a trunk port would be needed only if multiple VLANs were required, and using an access port does not inherently block inbound traffic.

73
Multi-Selectmedium

Which TWO conditions must be met to successfully enable vSphere Network I/O Control (NIOC) on a vSphere Distributed Switch? (Choose two.)

Select 2 answers
A.All ESXi hosts in the cluster must be connected to the same vDS.
B.Each ESXi host must have a dedicated vDS.
C.The vDS must have at least one uplink.
D.The vSphere license must be Enterprise Plus.
E.The physical switches must support LACP.
AnswersA, D

NIOC is configured on the vDS.

Why this answer

Option A is correct because NIOC operates at the vDS level and requires all hosts participating in the NIOC configuration to be attached to the same distributed switch. This ensures consistent network resource allocation and traffic shaping policies across the cluster. Option D is correct because NIOC is a premium feature that requires an Enterprise Plus license, as it leverages advanced resource management capabilities not available in lower license tiers.

Exam trap

The trap here is that candidates often confuse NIOC's dependency on Enterprise Plus with other networking features like LACP or uplink requirements, leading them to select options C or E instead of recognizing the license and shared vDS prerequisites.

74
MCQmedium

A vSphere administrator needs to provide network connectivity to a set of VMs that must be isolated from all other traffic on the physical network. The VMs are on the same ESXi host and require maximum throughput between them. Which vSphere networking solution should the administrator use?

A.Create a distributed switch with a private VLAN
B.Create a standard switch with a VLAN-backed port group
C.Create a standard switch with a VMkernel NIC for inter-VM communication
D.Create a standard switch with an internal-only port group (no uplinks)
AnswerD

Provides full isolation and maximum throughput since traffic never leaves the host.

Why this answer

Option D is correct because a standard switch with no uplinks creates an internal-only network that provides isolation and maximum throughput as traffic stays within the ESXi host memory. Option A requires uplinks and VLAN configuration, allowing potential traffic exposure. Option B requires physical switch support for private VLANs and still uses uplinks.

Option C incorrectly uses a VMkernel NIC, which is for management traffic, not VM data.

75
Multi-Selecthard

Which TWO of the following are valid considerations when configuring a vSphere Distributed Switch with 10G uplinks and planning for a TCP/IP stack for vMotion? (Select exactly two.)

Select 2 answers
A.Configure the default TCP/IP stack to handle vMotion traffic with multiple gateways.
B.Enable vMotion to use a separate TCP/IP stack to avoid competing with management traffic.
C.Enable jumbo frames on the vMotion TCP/IP stack to improve performance.
D.Use the provisioned TCP/IP stack for vMotion to leverage storage traffic isolation.
E.Assign a dedicated VMkernel interface to the vMotion TCP/IP stack.
AnswersB, E

Isolating vMotion using a separate stack prevents it from affecting management traffic.

Why this answer

Options A and D are correct. A dedicated TCP/IP stack for vMotion isolates vMotion traffic and avoids contention. Using a separate VMkernel interface with a dedicated stack is standard.

Option B is incorrect because the storage TCP/IP stack is for NFS/iSCSI, not vMotion. Option C is incorrect because the default TCP/IP stack is a single stack; you need a dedicated stack for isolation. Option E is incorrect because jumbo frames are an MTU setting on the vDS, not a TCP/IP stack component.

Page 1 of 2 · 76 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Vsphere Networking questions.