VCP-DCV · topic practice

vSphere Security practice questions

Practise VMware Certified Professional Data Center Virtualization VCP-DCV vSphere Security practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: vSphere Security

What the exam tests

What to know about vSphere Security

vSphere Security questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common vSphere Security exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

vSphere Security questions

20 questions · select your answer, then reveal the explanation

Question 1mediummultiple choice
Read the full vSphere Security explanation →

An administrator is troubleshooting a situation where a virtual machine cannot be powered on. The error message indicates insufficient permissions. The VM is in a folder named 'Production' and the administrator has been assigned a custom role with 'Virtual machine > Power On' permission at the folder level. However, the VM is also in a resource pool. What additional permission is most likely missing?

A security audit reveals that an ESXi host has been compromised due to an attacker gaining root access via the DCUI. The host is configured with a default DCUI password. Which security best practice should have been implemented to prevent this?

A vSphere administrator needs to ensure that all HTTPS traffic to ESXi hosts is encrypted using TLS 1.2. Where should the administrator configure the minimum TLS version?

Question 4mediummultiple choice
Open the full VLAN trunking answer →

An administrator is configuring a distributed switch and needs to ensure that all virtual machine traffic on a specific VLAN is isolated. The administrator creates a port group with VLAN ID 100. However, a security scanner reports that packets from this VLAN are appearing on other VLANs. Which security policy setting on the distributed switch should the administrator verify?

A vSphere environment uses Active Directory for authentication. The administrator notices that users from a specific AD group cannot log in to the vCenter Server, although other AD users can. The group is added to vCenter Server with the correct permissions. What is the most likely cause?

Which TWO actions are recommended to secure the vCenter Server Appliance (VCSA)?

Which THREE security features are available in vSphere Trust Authority (vTA)?

Question 8hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation runs a vSphere environment with 100 ESXi hosts managed by a single vCenter Server. The security team mandates that all virtual machine disks (VMDKs) must be encrypted at rest. The administrator enables vSphere Virtual Machine Encryption and creates a Key Management Server (KMS) cluster. After encrypting a test VM, the VM powers on successfully, but the administrator notices that the VM's configuration files (VMX, NVRAM) are not encrypted. The security policy requires that all VM files, including configuration files, be encrypted. The administrator checks the VM storage policy and sees that the policy is set to 'VM Encryption Policy' with 'Disk Encryption' enabled. What should the administrator do to ensure the entire VM is encrypted?

Question 9mediummultiple choice
Read the full vSphere Security explanation →

A vSphere administrator needs to ensure that all virtual machine disks are encrypted at rest. The environment uses a KMS cluster with multiple KMIP-compliant servers. The administrator has already configured a storage policy with encryption enabled. However, newly created VMs on a particular datastore still show unencrypted disks. What is the most likely cause?

A security audit reveals that a vCenter Server has weak TLS configuration. The administrator needs to enforce strong ciphers and disable SSLv3. Which two steps should the administrator take? (Choose two.)

An administrator is troubleshooting a failed attempt to add an ESXi host to a vCenter Server domain. The error message states: 'The host's certificate has been tampered with or is invalid.' What is the most likely cause?

A company has a vSphere environment with 20 ESXi hosts and 500 VMs. The security team mandates that all administrative access to vCenter Server must be through a single, highly restricted account with multi-factor authentication (MFA). The account must be used for both the vSphere Client and API integrations. Which step should the administrator take?

A large financial institution runs a vSphere 7.0 environment with 100 ESXi hosts and 2,000 VMs. The security team has identified that several VMs are vulnerable to a critical side-channel attack that requires disabling hyperthreading on the ESXi hosts. The administrator needs to implement a solution that minimizes performance impact while ensuring compliance. The environment uses DRS clusters with varying workloads: some VMs are CPU-intensive (financial modeling) and others are memory-bound (database servers). The administrator cannot afford to take hosts offline for maintenance during business hours. The change must be implemented within 48 hours. Which course of action should the administrator take?

Question 14mediummultiple choice
Read the full vSphere Security explanation →

A company is implementing vSphere 7.0 and wants to encrypt all vMotion traffic between ESXi hosts in a cluster. The cluster is not using any other encryption features. What is the minimum requirement to enable vMotion encryption?

Which TWO actions are required to enable encrypted vSphere vMotion for all virtual machines in a cluster?

Refer to the exhibit. An administrator runs the vmkfstools command on an ESXi host and views the output. Which conclusion can be drawn from the output?

Exhibit

Refer to the exhibit.
```
vmkfstools -P /vmfs/volumes/datastore1/vm/vm.vmx
```

Output:
```
File system label: datastore1
File system type: VMFS-6
Volume capacity: 1024000 MB
Volume free: 512000 MB
Disk capacity: 1024000 MB
Disk free: 512000 MB
Block size: 1 MB
```

Order the steps to take a snapshot of a virtual machine.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Match each vSphere networking component to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Logical grouping of ports with common configuration

Network interface for vSphere services like vMotion

Physical NIC connected to a virtual switch

Segments network traffic at Layer 2

Combining multiple uplinks for load balancing or failover

A company wants to integrate vCenter Server with an external identity source to allow users to authenticate using their corporate credentials. The administrator must ensure that authentication traffic is encrypted. Which solution should the administrator implement?

Question 20mediummultiple choice
Read the full vSphere Security explanation →

An administrator is troubleshooting a failed VM encryption operation. The key provider status shows as 'Not Responding' in the vSphere Web Client. The administrator has verified network connectivity between the ESXi hosts and the key provider. What is the most likely cause of the failure?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused vSphere Security sessions

Start a vSphere Security only practice session

Every question in these sessions is drawn from the vSphere Security domain — nothing else.

Related practice questions

Related VCP-DCV topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the VCP-DCV exam test about vSphere Security?
vSphere Security questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just vSphere Security questions in a focused session?
Yes — the session launcher on this page draws every question from the vSphere Security domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other VCP-DCV topics?
Use the topic links above to move to related areas, or go back to the VCP-DCV question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the VCP-DCV exam covers. They are not copied from any real exam or dump site.