VMware Certified Professional 6 – Data Center Virtualization Delta Beta Exam

QUESTION NO: 1

An administrator wants to provide users restricted access. The users should only be able to perform the following tasks:

  • Create and consolidate virtual machine snapshots

  • Add/Remove virtual disks

  • Snapshot Management

Which default role in vCenter Server would meet the administrator's requirements for the users?

A. Virtual machine user

B. Virtual machine power user

C. Virtual Datacenter administrator

D. VMware Consolidated Backup user

Answer: B

Explanation:

Virtual Machine Power User is a sample role that grants a user access rights only to virtual machines; can alter the virtual hardware or create snapshots of the VM.

Reference: http://blog.pluralsight.com/vmware-access-control-101-roles-and-permissions

QUESTION NO: 2

Which two roles can be modified? (Choose two.)

A. Administrator

B. Network Administrator

C. Datastore Consumer

D. Read-Only

Answer: B, C

Explanation:

It is a common knowledge that you cannot modify Administrator role and grant whatever privileges you like. Same is the case with read-only. This role is created solely for ready only purposes. So you are left with two viable options – Network administrator and Datastore consumer both of which can be modified to add or delete privileges according to your specifications.

QUESTION NO: 3

An administrator with global administrator privileges creates a custom role but fails to assign any privileges to it.

Which two privileges would the custom role have? (Choose two.)

A. System.View

B. System.Anonymous

C. System.User

D. System.ReadOnly

Answer: A, B

Explanation:

When you add a custom role and do not assign any privileges to it, the role is created as a Read Only role with three system-defined privileges: System.Anonymous, System.View, and System.Read.

Reference: https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-93B962A7-93FA-4E96-B68F-AE66D3D6C663.html

QUESTION NO: 4

An administrator wishes to give a user the ability to manage snapshots for virtual machines.

Which privilege does the administrator need to assign to the user?

A. Datastore.Allocate Space

B. Virtual machine.Configuration.create snapshot

C. Virtual machine.Configuration.manage snapshot

D. Datastore.Browse Datastore

Answer: A

Explanation:

Datastore.Allocate space allows allocating space on a datastore for a virtual machine, snapshot, clone, or virtual disk.

Reference: https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-B2426ACC-D73F-4732-8BBC-DE9B1B2263D9.html

QUESTION NO: 5

An object has inherited permissions from two parent objects.

What is true about the permissions on the object?

A. The common permissions between the two are applied and the rest are discarded.

B. The permissions are combined from both parent objects.

C. No permissions are applied from the parent objects.

D. The permission is randomly selected from either of the two parent objects.

Answer: B

Explanation:

Most inventory objects inherit permissions from a single parent object in the hierarchy. For example, a datastore inherits permissions from either its parent datastore folder or parent datacenter. Virtual machines inherit permissions from both the parent virtual machine folder and the parent host, cluster, or resource pool simultaneously. To restrict a user’s privileges on a virtual machine, you must set permissions on both the parent folder and the parent host, cluster, or resource pool for that virtual machine.

Reference: http://pubs.vmware.com/vsphere-4-esx-vcenter/index.jsp?topic=/com.vmware.vsphere.dcadmin.doc_41/vsp_dc_admin_guide/managing_users_groups_roles_and_permissions/c_hierarchical_inheritance_of_permissions.html

QUESTION NO: 6

What is the highest object level from which a virtual machine can inherit privileges?

A. Host Folder

B. Data Center

C. Data Center Folder

D. VM Folder

Answer: C

Explanation:

Rahail HDD:Users:iMac:Desktop:Screen Shot 2015-06-09 at 3.20.28 PM.png

Reference: http://www.vmware.com/pdf/vi3_vc_roles.pdf

QUESTION NO: 7

Which three Authorization types are valid in vSphere? (Choose three.)

A. Group Membership in vsphere.local

B. Global

C. Forest

D. vCenter Server

E. Group Membership in system-domain

Answer: A, B, D

Explanation:

Sphere 6.0 and later allows privileged users to give other users permissions to perform tasks in the following ways. These approaches are, for the most part, mutually exclusive; however, you can assign use global permissions to authorize certain users for all solution, and local   vCenter Server   permissions to authorize other users for individual   vCenter Server   systems.

vCenter ServerPermissions

The permission model for   vCenter Server   systems relies on assigning permissions to objects in the object hierarchy of thatvCenter Server. Each permission gives one user or group a set of privileges, that is, a role for a selected object. For example, you can select an   ESXi   host and assign a role to a group of users to give those users the corresponding privileges on that host.

Global Permissions

Global permissions are applied to a global root object that spans solutions. For example, if both   vCenter Server   and vCenter Orchestrator are installed, you can give permissions to all objects in both object hierarchies using global permissions.

Global permissions are replicated across the vsphere.local domain. Global permissions to not provide authorization for services managed through vsphere.local groups. See   Global Permissions .

Group Membership in vsphere.local Groups

The user administrator@vsphere.local can perform tasks that are associated with services included with the   Platform Services Controller. In addition, members of a vsphere.local group can perform the corresponding task. For example, you can perform license management if you are a member of the LicenseService.Administrators group. See   Groups in the vsphere.local Domain .

Reference: http://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-74F53189-EF41-4AC1-A78E-D25621855800.html

QUESTION NO: 8

Which three components should an administrator select when configuring vSphere permissions? (Choose three.)

A. Inventory Object

B. Role

C. User/Group

D. Privilege

E. Password

Answer: A, B, C

Explanation:

In vSphere, permission consists of a user or group and an assigned role for an inventory object, such as a virtual machine or ESX/ESXi host. Permissions grant users the right to perform the activities specified by the role on the object to which the role is assigned.

Reference: http://pubs.vmware.com/vsphere-4-esx-vcenter/index.jsp?topic=/com.vmware.vsphere.dcadmin.doc_41/vsp_dc_admin_guide/managing_users_groups_roles_and_permissions/c_permissions.html

QUESTION NO: 9

In which two vsphere.local groups should an administrator avoid adding members? (Choose two.)

A. SolutionUsers

B. Administrators

C. DCAdmins

D. ExternalPDUsers

Answer: A, B

Explanation:

The vsphere.local domain includes several predefined groups. Assign users to one of those groups to be able to perform the corresponding actions.

For all objects in the vCenter Server hierarchy, permissions are assigned by pairing a user and a role with the object. For example, you can select a resource pool and give a group of users read privileges to that resource pool by giving them the corresponding role.

For some services that are not managed by vCenter Server directly, privileges are determined by membership to one of the vCenter Single Sign-On groups. For example, a user who is a member of the Administrator group can manage vCenter Single Sign-On. A user who is a member of the CAAdmins group can manage the VMware Certificate Authority, and a user who is in the LicenseService.Administrators group can manage licenses.

Reference: https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-87DA2F34-DCC9-4DAB-8900-1BA35837D07E.html

QUESTION NO: 10

An administrator has configured three vCenter Servers and vRealize Orchestrator within a Platform Services Controller domain, and needs to grant a user privileges that span all environments.

Which statement best describes how the administrator would accomplish this?

A. Assign a Global Permission to the user.

B. Assign a vCenter Permission to the user.

C. Assign vsphere.local membership to the user.

D. Assign an ESXi Permission to the user.

Answer: A

Explanation:

Global permissions are applied to a global root object that spans solutions, for example, both vCenter Server and vCenter Orchestrator. Use global permissions to give a user or group privileges for all objects in all object hierarchies.

Reference: http://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-C7702E31-1623-4189-89CB-E1136AA27972.html

QUESTION NO: 11

Which two methods are recommended for managing the VMware Directory Service? (Choose two.)

A. Utilize the vmdir command.

B. Manage through the vSphere Web Client.

C. Manage using the VMware Directory Service.

D. Utilize the dc rep command.

Answer: A, B

Explanation:

To manage VMware directory service, you can use vmdir command and vsphere web client. VMware directory service is always managed using vmdir command which is specifically used for directory services.

QUESTION NO: 12

What are two sample roles that are provided with vCenter Server by default? (Choose two.)

A. Virtual machine User

B. Network Administrator

C. Content Library Administrator

D. Storage Administrator

Answer: A, B

Reference: https://books.google.com.pk/books?id=35TE4cSycNAC&pg=PA97&lpg=PA97&dq=sample+roles+that+are+provided+with+vCenter+Server+by+default&source=bl&ots=ggd5VKGky5&sig=-lc0Juby-tkvddWsrG_zHgEDTQY&hl=en&sa=X&ved=0CDcQ6AEwBWoVChMIlZH2x8WExgIVxDoUCh2N1AC2#v=onepage&q=sample%20roles%20that%20are%20provided%20with%20vCenter%20Server%20by%20default&f=false

QUESTION NO: 14

An administrator would like to use the VMware Certificate Authority (VMCA) as an Intermediate Certificate Authority (CA). The first two steps performed are:

  • Replace the Root Certificate

  • Replace Machine Certificates (Intermediate CA)

Which two steps would need to be performed next? (Choose two.)

A. Replace Solution User Certificates (Intermediate CA)

B. Replace the VMware Directory Service Certificate (Intermediate CA)

C. Replace the VMware Directory Service Certificate

D. Replace Solution User Certificates

Answer: A, C

Explanation:

You can replace the VMCA root certificate with a third-party CA-signed certificate that includes VMCA in the certificate chain. Going forward, all certificates that VMCA generates include the full chain. You can replace existing certificates with newly generated certificates. This approach combines the security of third-party CA-signed certificate with the convenience of automated certificate management.

Reference: http://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-5FE583A2-3737-4B62-A905-5BB38D479AE0.html

QUESTION NO: 15

Which three options are available for ESXi Certificate Replacement? (Choose three.)

A. VMware Certificate Authority mode

B. Custom Certificate Authority mode

C. Thumbprint mode

D. Hybrid Deployment

E. VMware Certificate Endpoint Authority Mode

Answer: A, B, C

Explanation:

You can perform different types of certificate replacement depending on company policy and requirements for the system that you are configuring. You can perform each replacement with the vSphere Certificate Manager utility or manually by using the CLIs included with your installation.

VMCA is included in each Platform Services Controller and in each embedded deployment. VMCA provisions each node, each vCenter Server solution user, and each ESXi host with a certificate that is signed by VMCA as the certificate authority. vCenter Server solution users are groups of vCenter Server services. See vSphere Security for a list of solution users.

You can replace the default certificates. For vCenter Server components, you can use a set of command-line tools included in your installation. You have several options.

Reference: http://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.install.doc%2FGUID-4469A6D3-048A-471C-9CB4-518A15EA2AC0.html

QUESTION NO: 16

Lockdown Mode has been enabled on an ESXi 6.x host and users are restricted from logging into the Direct Console User Interface (DCUI).

Which two statements are true given this configuration? (Choose two.)

A. A user granted administrative privileges in the Exception User list can login.

B. A user defined in the DCUI.Access without administrative privileges can login.

C. A user defined in the ESXi Admins domain group can login.

D. A user set to the vCenter Administrator role can login.

Answer: A, B

Reference: https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-F8F105F7-CF93-46DF-9319-F8991839D265.html

QUESTION NO: 17

Strict Lockdown Mode has been enabled on an ESXi host.

Which action should an administrator perform to allow ESXi Shell or SSH access for users with administrator privileges?

A. Grant the users the administrator role and enable the service.

B. Add the users to Exception Users and enable the service.

C. No action can be taken, Strict Lockdown Mode prevents direct access.

D. Add the users to vsphere.local and enable the service.

Answer: B

Reference: https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-F8F105F7-CF93-46DF-9319-F8991839D265.html

QUESTION NO: 18

An administrator wants to configure an ESXi 6.x host to use Active Directory (AD) to manage users and groups. The AD domain group ESX Admins is planned for administrative access to the host.

Which two conditions should be considered when planning this configuration? (Choose two.)

A. If administrative access for ESX Admins is not required, this setting can be altered.

B. The users in ESX Admins are not restricted by Lockdown Mode.

C. An ESXi host provisioned with Auto Deploy cannot store AD credentials.

D. The users in ESX Admins are granted administrative privileges in vCenter Server.

Answer: A, C

Explanation:

The setting can be altered if administrative access for ESX admins is not required. The second rule is that the ESX admins users should not be restricted by Lockdown mode.

QUESTION NO: 19

Which password meets ESXi 6.x host password requirements?

A. 8kMVnn2x!

B. zNgtnJBA2

C. Nvgt34kn44

D. !b74wr

Answer: A

Explanation:

A valid password requires a mix of upper and lower case letters, digits, and other characters. You can use a 7-character long password with characters from at least three of these four classes, or a 6-character long password containing characters from all the classes. A password that begins with an upper case letter and ends with a numerical digit does not count towards the number of character classes used. It is recommended that the password does not contain the username.

A passphrase requires at least 3 words, can be 8 to 40 characters long, and must contain enough different characters.

Reference: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1012033

QUESTION NO: 20

An administrator would like to use a passphrase for their ESXi 6.x hosts which has these characteristics:

  • Minimum of 21 characters

  • Minimum of 2 words

Which advanced options must be set to allow this passphrase configuration to be used?

A. retry=3 min=disabled, disabled, 7, 21, 7 passphrase=2

B. retry=3 min=disabled, disabled, 21, 7, 7 passphrase=2

C. retry=3 min=disabled, disabled, 2, 21, 7

D. retry=3 min=disabled, disabled, 21, 21, 2

Answer: B

Explanation:

To force a specific password complexity and disable all others, replace the number with the word with disabled. For example, to force passwords containing characters from all four-character classes:

password requisite  /lib/security/$ISA/pam_passwdqc.so retry=3 min= disabled,disabled,disabled,disabled,7

Reference: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1012033

QUESTION NO: 21

Which Advanced Setting should be created for the vCenter Server to change the expiration policy of the vpxuser password?

A. VimPasswordExpirationInDays

B. VimExpirationPasswordDays

C. VimPassExpirationInDays

D. VimPasswordRefreshDays

Answer: A

Explanation:

vCenter Server creates the vpxuser account on each ESX/ESXi host that it manages. The password for each vpxuser account is auto-generated when an ESX/ESXi host is added. The password is updated by default every 30 days.

 

To modify default password settings:

  • Connect vSphere Client to vCenter Server.

  • Click  Administration  >  vCenter Server Settings  >  Advanced Settings .

  • Scroll to the parameter  VirtualCenter.VimPasswordExpirationInDays and change the value from the default.

Reference: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1016736

QUESTION NO: 22

An administrator has been instructed to secure existing virtual machines in vCenter Server.

Which two actions should the administrator take to secure these virtual machines? (Choose two.)

A. Disable native remote management services

B. Restrict Remote Console access

C. Use Independent Non-Persistent virtual disks

D. Prevent use of Independent Non-Persistent virtual disks

Answer: B, D

Reference: http://www.vmware.com/files/pdf/techpaper/VMW-TWP-vSPHR-SECRTY-HRDNG-USLET-101-WEB-1.pdf (page 11, see the tables)

QUESTION NO: 23

An administrator has recently audited the environment and found numerous virtual machines with sensitive data written to the configuration files.

To prevent this in the future, which advanced parameter should be applied to the virtual machines?

A. isolation.tools.setinfo.disable = true

B. isolation.tools.setinfo.enable = true

C. isolation.tools.setinfo.disable = false

D. isolation.tools.setinfo.enable = false

Answer: A

Explanation: It is configured on a per-VM basis. You can increase the guest operating system variable memory limit if large amounts of custom information are being stored in the configuration file. You can also prevent guests from writing any name-value pairs to the configuration file. To do so, use the following setting, and set it to ‘true’:

QUESTION NO: 24

Which two statements are correct regarding vSphere certificates? (Choose two.)

A. ESXi host upgrades do not preserve the SSL certificate and reissue one from the VMware Certificate Authority (VMCA).

B. ESXi host upgrades preserve the existing SSL certificate.

C. ESXi hosts have assigned SSL certificates from the VMware Certificate Authority (VMCA) during install.

D. ESXi hosts have self-signed SSL certificates by default.

Answer: B, C

Explanation:

Of course, ESXi host upgrades preserve existing SSL certificate and it also have assigned SSL certificates from VMCA during the installation process.

QUESTION NO: 25

Which three options are available for replacing vCenter Server Security Certificates? (Choose three.)

A. Replace with Certificates signed by the VMware Certificate Authority.

B. Make VMware Certificate Authority an Intermediate Certificate Authority.

C. Do not use VMware Certificate Authority, provision your own Certificates.

D. Use SSL Thumbprint mode.

E. Replace all VMware Certificate Authority issued Certificates with self-signed Certificates.

Answer: A, B, C

Explanation:

There are three options for replace vCenter server security certificates. You can replace it with certificates signed by VMware certificate authority; you can make the VMCA an intermediate certificate authority. Likewise, you can provision your own certificates.

QUESTION NO: 26

When attempting to log in with the vSphere Web Client, users have reported the error:

Incorrect Username/Password

The administrator has configured the Platform Services Controller Identity Source as:

  • Type. Active Directory as an LDAP Server

  • Domain: vmware.com

  • Alias: VMWARE

  • Default Domain: Yes

Which two statements would explain why users cannot login to the vSphere Web Client? (Choose two.)

A. Users are typing the password incorrectly.

B. Users are in a forest that has 1-way trust.

C. Users are in a forest that has 2-way trust.

D. Users are logging into vCenter Server with incorrect permissions.

Answer: A, B

Explanation:

The possible explanation for this error might be that the users are typing password incorrectly or they are in a forest with has only 1-way trust. You need 2-way trust to get the credentials accepted.

QUESTION NO: 27

Which group in the vsphere.local domain will have administrator privileges for the VMware Certificate Authority (VMCA)?

A. SolutionUsers

B. CAAdmins

C. DCAAdmins

D. SystemConfiguration.Administrators

Answer: B

Explanation:

Members of the CAAdmins group have administrator privileges for VMCA. Adding members to these groups is not usually recommended.

Reference: https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-87DA2F34-DCC9-4DAB-8900-1BA35837D07E.html

QUESTION NO: 28

Which Platform Service Controller Password Policy determines the number of days a password can exist before the user must change it?

A. Maximum Lifetime

B. Password Age

C. Maximum Days

D. Password Lifetime

Answer: A

Explanation:

You can configure the following parameters for password policy:

  • Description – Password policy description. Required.

  • Maximum lifetime – Maximum number of days that a password can exist before it has to be changed.

  • Restrict re-use – Number of the user’s previous passwords that cannot be set again.

  • Maximum length – Maximum number of characters that are allowed in the password.

  • Minimum length – Minimum number of characters required in the password.

  • Character requirements – Minimum number of different character types required in the password.

  • Identical adjacent characters – Maximum number of identical adjacent characters allowed in the password.

Reference: http://www.vladan.fr/vcp6-dcv-objective-1-3-enable-sso-and-active-directory-integration/

QUESTION NO: 29

An administrator is configuring the clock tolerance for the Single Sign-On token configuration policy and wants to define the time skew tolerance between a client and the domain controller clock.

Which time measurement is used for the value?

A. Milliseconds

B. Seconds

C. Minutes

D. Hours

Answer: A

Explanation:

The time skew tolerance between a client and the domain controller clock is measured in milliseconds.

QUESTION NO: 30

Which VMware Single Sign-On component issues Security Assertion Markup Language (SAML) tokens?

A. VMware Security Token Service

B. Administration Server

C. VMware Directory Service

D. Identity Management Service

Answer: A

Explanation:

The security token service issues Security Assertion Markup Language (SAML) tokens. These security tokens pass information about a system user between an identity provider and a web service. This service enables a user who has logged on through vCenter Single Sign-On to use multiple web-service delivered applications without authenticating to each one.

Reference: https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.upgrade.doc%2FGUID-90C1E3DC-4397-4BF0-808E-DF3802E56BC6.html

QUESTION NO: 31

Which two are valid Identity Sources when configuring vCenter Single Sign-On? (Choose two.)

A. Radius

B. NIS

C. OpenLDAP

D. LocalOS

Answer: C, D

Explanation:

Active Directory (Integrated Windows Authentication)

Use this option for native Active Directory implementations. The machine on which the vCenter Single Sign-Onservice is running must be in an Active Directory domain if you want to use this option.

See Active Directory Identity Source Settings.

Active Directory as an LDAP Server

This option is available for backward compatibility. It requires that you specify the domain controller and other information. See Active Directory LDAP Server and OpenLDAP Server Identity Source Settings.

OpenLDAP

Use this option for an OpenLDAP identity source. See Active Directory LDAP Server and OpenLDAP Server Identity Source Settings.

LocalOS

Use this option to add the local operating system as an identity source. You are prompted only for the name of the local operating system. If you select this option, all users on the specified machine are visible to vCenter Single Sign-On, even if those users are not part of another domain.

Reference: http://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-B23B1360-8838-4FF2-B074-71643C4CB040.html

QUESTION NO: 32

An administrator needs to create an Integrated Windows Authentication (IWA) Identity Source on a newly deployed vCenter Server Appliance (VCSA).

Which two actions will accomplish this? (Choose two.)

A. Use a Service Principal Name (SPN) to configure the Identity Source.

B. Use a Domain administrator to configure the Identity Source.

C. Join the VCSA to Active Directory and configure the Identity Source with a Machine Account.

D. Create a computer account in Active Directory for the VCSA and configure the Identity Source.

Answer: A, C

Explanation:

Using a machine account when configuring an Active Directory identity source for vCenter Server requires that the Windows system be joined to the domain. If the system is not joined to the domain, SSO cannot leverage the machine account to create the identity source and perform its function as the secure token service user.

To resolve this issue in VCVA 5.5, use only the Use SPN option.

Reference: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2058919

QUESTION NO: 33

An administrator is creating a new Content Library. It will subscribe to another remote Content Library without authentication enabled.

What information from the published library will they need in order to complete the subscription?

A. Subscription URL

B. A security password from the publishing Content Library

C. Publisher's Items.json file

D. Username from the publishing Content Library

Answer: A

Explanation:

Subscription URL from the published library is needed to complete the subscription.

QUESTION NO: 34

An administrator is assigning a user the Content Library administrator role. The user will only be creating the library for a single vCenter Server.

What is the lowest level of the permission heirarchy that this role can be granted to the user and still allow them to create a Content Library?

A. Global

B. Datacenter Folder

C. Virtual Center

D. Datacenter

Answer: A

Explanation:

To let a user manage a content library and its items, an Administrator can assign the Content Library Administrator role to that user as a global permission. The Content Library Administrator role is a sample role in the vSphere Web Client.

Users who are Administrators can also manage libraries and their contents. If a user is an Administrator at a vCenter Server level, they have sufficient privileges to manage the libraries that belong to this vCenter Server instance, but cannot see the libraries unless they have a Read-Only role as a global permission.

Reference: http://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.vm_admin.doc%2FGUID-18F4B892-D685-4473-AC25-3195D68DFD90.html

QUESTION NO: 35

Which three connection types are supported between a remote site and vCloud Air? (Choose three.)

A. Secure Internet Connectivity

B. Private Connect

C. Direct Connect

D. Internet Connectivity

E. Secure VPN

Answer: A, C, E

Explanation:

The connection types supported between a remote site and vcloud Air is secure VPN, direct connect and Secure Internet Connectivity.

QUESTION NO: 36

Refer to the Exhibit.

C:\Pasban Work\Cert Paper Exams\VMware\2V0-621\crack\2434_Image30_VCP_DCV.jpg

An administrator is adding an Active Directory over LDAP Identity Source for vCenter Single Sign-On, as indicated in the Exhibit.

What is the correct value to configure for the Domain alias?

A. The domain's NetBIOS name.

B. The fully qualified domain name.

C. vsphere.local

D. A user defined label.

Answer: A

Explanation:

The domain alias is usually NetBIOS name, for example, acme.lab.

Reference: https://www.virten.net/2015/02/how-to-add-ad-authentication-in-vcenter-6-0-platform-service-controller/

QUESTION NO: 37

An administrator decides to change the root password for an ESXi 6.x host to comply with the company's security policies.

What are two ways that this can be accomplished? (Choose two.)

A. Use the Direct Console User Interface to change the password.

B. Use the passwd command in the ESXi Shell.

C. Use the password command in the ESXi Shell.

D. Use the vSphere client to update local users.

Answer: A, B

Explanation:

To prevent unauthorized access to the vCenter Server Appliance Direct Console User Interface, you can change the password of the root user.

The default root password for the vCenter Server Appliance is the password you enter during deployment of the virtual appliance.

Reference: http://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.vcsa.doc%2FGUID-48BAF973-4FD3-4FF3-B1B6-5F7286C9B59A.html

QUESTION NO: 38

An administrator connects to an ESXi 6.x host console in order to shutdown the host.

Which option in the Direct Console User Interface would perform this task?

A. Press the F12 key

B. Press the F2 key

C. Press Alt + F1 simultaneously

D. Press Alt + F2 simultaneously

Answer: A

Reference: http://pubs.vmware.com/vsphere-4-esxi-embedded-vcenter/index.jsp?topic=/com.vmware.vsphere.setupembedded.doc_40/install/setting_up_esxi_4.0/c_direct_console_user_interface.html

QUESTION NO: 39

An administrator is able to manage an ESXi 6.x host connected to vCenter Server using the vSphere Web Client but is unable to connect to the host directly.

Which action should the administrator take to correct this behavior?

A. Restart management agents on the ESXi host.

B. Disable Lockdown Mode on the ESXi host through vCenter Server.

C. Disable the ESXi firewall with the command esxcli network firewall unload.

D. Reboot the ESXi host.

Answer: B

Explanation:

Disable lockdown mode through the DCUI and then enable it through the vCenter Server instead. The vCenter Server does not keep track of lockdown mode state changes that initiated outside of the vCenter Server itself.

Reference: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2040768

QUESTION NO: 40

An administrator needs two vCenter Servers to be visible within a single vSphere Web Client session.

Which two vCenter Server and Platform Services Controller (PSC) configurations would accomplish this? (Choose two.)

A. Install a single PSC with two vCenter Servers registered to it.

B. Install two PSCs in the same Single Sign-On domain with one vCenter Server registered to each PSC.

C. Install a single PSC with two vCenter Servers registered to it and configure Linked Mode.

D. Install two PSCs in the same Single Sign-On domain with one vCenter Server registered to each PSC and configure Linked Mode.

Answer: A, B

Explanation:

To have two vcenter servers visible within a single vSphere web client session, you have to install a single PSC with both vCenter servers registered. You also need to install two PSCs in the same SSO domain with one vCenter Server registered to each PSC.

QUESTION NO: 41

An administrator wants to clone a virtual machine using the vSphere Client.

Which explains why the Clone option is missing?

A. The vSphere Client is directly connected to the ESXi host.

B. The virtual machine is configured with a thin-provisioned virtual disk.

C. The virtual machine is configured with outdated Virtual Hardware.

D. Cloning can only be performed with vRealize Orchestrator.

Answer: A

Explanation:

The Clone option is missing because vSphere client is directly connected to the ESXi host. To enable the option, you have to connect it through vcenter server because cloning is a vCenter Server feature. You need install vCenter server on one of the Windows Server and connect vCenter Server via vSphere client and create cluster, add host after that you will see cloning and template option and much more

QUESTION NO: 42

An administrator creates a custom ESXi firewall rule using an XML file, however the rules do not appear in the vSphere Web Client.

Which action should the administrator take to correct the problem?

A. Load the new rules using esxcli network firewall reload.

B. Load the new rules using esxcli network firewall refresh.

C. Verify the entries in the XML file and then reboot the ESXi host.

D. Remove the ESXi host from the inventory and add it back.

Answer: B

Explanation:

Refresh the firewall configuration by reading the rule set files if the firewall module is loaded.

Reference: https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-7A8BEFC8-BF86-49B5-AE2D-E400AAD81BA3.html

Topic 2, Configure and Administer Advanced vSphere Networking

QUESTION NO: 1

A common root user account has been configured for a group of ESXi 6.x hosts.

Which two steps should be taken to mitigate security risks associated with this configuration? (Choose two.)

A. Remove the root user account from the ESXi host.

B. Set a complex password for the root account and limit its use.

C. Use ESXi Active Directory capabilities to assign users the administrator role.

D. Use Lockdown mode to restrict root account access.

Answer: B, C

Explanation:

To address the security risks, yo need to set a complex password for the root account and make sure only authorized personnel use it. The second step is to use ESXi active directory to assign the administrator role to users.

QUESTION NO: 2

Which two advanced features should be disabled for virtual machines that are only hosted on a vSphere system? (Choose two.)

A. isolation.tools.unity.push.update.disable

B. isolation.tools.ghi.launchmenu.change

C. isolation.tools.bbs.disable

D. isolation.tools.hgfsServerSet.enable

Answer: A, B

Explanation:

Because VMware virtual machines run in many VMware products in addition to vSphere, some virtual machine parameters do not apply in a vSphere environment. Although these features do not appear in vSphere user interfaces, disabling them reduces the number of vectors through which a guest operating system could access a host. Use the following .vmx setting to disable these features:

isolation.tools.unity.push.update.disable = "TRUE" isolation.tools.ghi.l“unch”enu.change = "TRUE" isolation.tools.ghi.a“tolo”on.disable = "TRUE" isolation.tools.hgfsS“rver”et.disable = "TRUE" isolation.tools.memSc“edFa”eSampleStats.disable = "TRUE" isolation.tools.getCr“ds.d”sable = "TRUE"

Reference: https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vmtools.install.doc%2FGUID-685722FA-9009-439C-9142-18A9E7C592EA.html

QUESTION NO: 3

To reduce the attack vectors for a virtual machine, which two settings should an administrator set to false? (Choose two.)

A. ideX:Y.present

B. serial.present

C. ideX:Y.enabled

D. serial.enabled

Answer: A, B

Reference: http://jackiechen.org/2012/10/05/vsphere-5-0-security-hardening-recommended-vm-settings-configure-script/

QUESTION NO: 4

Which two groups of settings should be reviewed when attempting to increase the security of virtual machines (VMs)? (Choose two.)

A. Disable hardware devices

B. Disable unexposed features

C. Disable Vmtools devices

D. Disable VM Template features

Answer: A, B

Explanation:

Make sure you review hardware devices and disable the unnecessary ones. Also disable unexposed features before increasing virtual machines security.

QUESTION NO: 5

Refer to the Exhibit.

C:\Pasban Work\Cert Paper Exams\VMware\2V0-621\crack\2487_Image16_VCP_DCV.jpg

An administrator is changing the settings on a vSphere Distributed Switch (vDS). During this process, the ESXi Management IP address is set to an address which can no longer communicate with the vCenter Server.

What is the most likely outcome of this action?

A. The host will disconnect from the vCenter Server and remain disconnected.

B. The host will automatically detect the communication issue and revert the change.

C. The host will stay connected with the change, but show an alert.

D. The host will disconnect and migrate the vDS portgroup to a standard switch.

Answer: B

ESXi is a flexible environment that automatically detect communication issues and revert the changes made in mistake.

QUESTION NO: 6

Which secondary Private VLAN (PVLAN) type can communicate and send packets to an Isolated PVLAN?

A. Community

B. Isolated

C. Promiscuous

D. Primary

Answer: C

Explanation:

A node attached to a port in a promiscuous secondary PVLAN may send and receive packets to any node in any others secondary VLAN associated to the same primary. Routers are typically attached to promiscuous ports.

Reference: https://communities.vmware.com/thread/483486

QUESTION NO: 7

Which three traffic types can be configured for dedicated Vmkernel adapters? (Choose three.)

A. Discovery traffic

B. vMotion traffic

C. vSphere Replication NFC traffic

D. Provisioning traffic

E. vSphere Custom traffic

Answer: B, C, D

QUESTION NO: 8

What are two limitations of Link Aggregation Control Protocol (LACP) on a vSphere Distributed Switch? (Choose two.)

A. IP Hash load balancing is not a supported Teaming Policy.

B. Software iSCSI multipathing is not compatible.

C. Link Status Network failover detection must be disabled.

D. It does not support configuration through Host Profiles.

Answer: B, D

QUESTION NO: 9

Which two features are deprecated in Network I/O Control 3 (NIOC3)? (Choose two.)

A. Class Of Service (COS) Tagging

B. Bandwidth Allocation

C. User-defined network resource pools

D. Admission control

Answer: A, C

Explanation:

Class of Service tagging and user-defined resource pools are deprecated in NIOC3.

QUESTION NO: 10

An administrator runs the command esxcli storage core device list and sees the following output:

mpx.vmhba1:C0:T0:L0 Display Name: RAID 5 (mpx.vmhba1:C0:T0:L0) Has Settable Display Name: false SizE. 40960 Device Type: Direct-Access Multipath Plugin: NMP Devfs Path: /vmfs/devices/disks/mpx.vmhba1:C0:T0:L0 Status: off Is Local: true

What can be determined by this output?

A. The device is a being used for vFlash Read Cache.

B. The device is in a Permanent Device Loss (PDL) state.

C. The device is a local Solid State Device (SSD).

D. The device is in an All Paths Down (APD) state.

Answer: B

Reference: http://vmwaremine.com/2014/07/07/manage-psa-claimrules-satp-rules-esxcli/#sthash.i6Esax8x.dpbs

QUESTION NO: 11

An administrator notices that there is an all paths down (APD) event occurring for the software FcoE storage.

What is a likely cause?

A. Spanning Tree Protocol is enabled on the network ports.

B. Spanning Tree Protocol is disabled on the network ports.

C. Spanning Tree Protocol is enabled on the storage processors.

D. Spanning Tree Protocol is disabled on the storage processors.

Answer: A

Explanation:

Prevent all paths down event on FcoE storage by disabling STP on network ports.

QUESTION NO: 12

Which two statements are true regarding iSCSI adapters? (Choose two.)

A. Software iSCSI adapters require vmkernel networking.

B. Independent Hardware iSCSI adapters offload processing from the ESXi host.

C. Dependent Hardware iSCSI adapters do not require vmkernel networking.

D. Independent Hardware iSCSI adapters require vmkernel networking.

Answer: A, B

Explanation:

An independent hardware iSCSI adapter is a specialized third-party adapter capable of accessing iSCSI storage over TCP/IP. This iSCSI adapter handles all iSCSI and network processing and management for your ESXi system.

Software and dependent hardware iSCSI adapters depend on VMkernel networking. If you use the software or dependent hardware iSCSI adapters, you must configure connections for the traffic between the iSCSI component and the physical network adapters.

Reference: http://pubs.vmware.com/vsphere-51/index.jsp#com.vmware.vsphere.storage.doc/GUID-9BC0BA74-EAE4-4816-BD49-E5214920AB4B.html

QUESTION NO: 13

Which command shows the Physical Uplink status for a vmnic?

A. esxcli network ip get

B. esxcli network nic list

C. esxcli network vmnic list

D. esxcli network ifconfig get

Answer: B

Reference: http://blogs.vmware.com/vsphere/2013/01/network-troubleshooting-using-esxcli-5-1.html

QUESTION NO: 14

An administrator creates a Private VLAN with a Primary VLAN ID of 2. The administrator than creates three Private VLANs as follows:

  • Marketing

  • PVLAN ID. 4

  • PVLAN Type. Isolated

  • Accounting

  • PVLAN ID. 5

  • PVLAN Type. Community

  • Secretary

  • PVLAN ID. 17

  • PVLAN Type. Isolated

Users in the Accounting PVLAN are reporting problems communicating with servers in the Marketing PVLAN.

Which two actions could the administrator take to resolve this problem? (Choose two.)

A. Change the PVLAN type for the Accounting network to Promiscuous.

B. Change the PVLAN ID for the Accounting network to 2.

C. Change the PVLAN type for Marketing network to Promiscuous.

D. Change the PVLAN ID for Accounting network to 4.

Answer: A, B

Explanation:

Change the PVLAN type for the accounting network to Promiscuous and the PVLAN ID to 2. This way, the servers in Marketing PVLAN will communicate effectively.

Topic 3, Configure and Administer Advanced vSphere Storage

QUESTION NO: 1

What are two use cases for Fibre Channel Zoning in a vSphere environment? (Choose two.)

A. Increases the number of targets presented to an ESXi host.

B. Controls and isolates paths in a fabric.

C. Controls and isolates paths to an NFS share.

D. Can be used to separate different environments.

Answer: B, D

Explanation:

Zoning provides access control in the SAN topology. Zoning defines which HBAs can connect to which targets. When you configure a SAN by using zoning, the devices outside a zone are not visible to the devices inside the zone.

Reference: https://pubs.vmware.com/vsphere-55/index.jsp?topic=%2Fcom.vmware.vsphere.storage.doc%2FGUID-E7818A5D-6BD7-4F51-B4BA-EFBF2D3A8357.html

QUESTION NO: 2

Which two considerations should an administrator keep in mind when booting from Software Fiber Channel over Ethernet (FCoE)? (Choose two.)

A. Software FCoE boot configuration can be changed from within ESXi.

B. Software FCoE boot firmware cannot export information in FBFT format.

C. Multipathing is not supported at pre-boot.

D. Boot LUN cannot be shared with other hosts even on shared storage.

Answer: C, D

Explanation:

When you boot the ESXi host from SAN using software FCoE, certain requirements and considerations apply.

  • You cannot change software FCoE boot configuration from within ESXi.

  • Coredump is not supported on any software FCoE LUNs, including the boot LUN.

  • Multipathing is not supported at pre-boot.

  • Boot LUN cannot be shared with other hosts even on shared storage.

Reference: https://pubs.vmware.com/vsphere-55/index.jsp?topic=%2Fcom.vmware.vsphere.storage.doc%2FGUID-8E57EDC9-F122-4A81-8B80-FE19FFE832B1.html

QUESTION NO: 3

An administrator is configuring virtual machines to use Worldwide Port Names (WWPNs) to access the storage.

Which two conditions are required? (Choose two.)

A. The switches in the fabric must be N-Port ID Virtualization aware.

B. The virtual machines must be using passthrough Raw Disk Mapping (RDMp).

C. The virtual machines must be using Virtual Machine Disk (VMDK).

D. The switches in the fabric must be Storage I/O Control aware.

Answer: A, B

Explanation:

To configure virtual machines to use WWPNs, you have to set N-Port ID virtualization aware setting on the switches in the fabric and you should also make sure that the virtual machines must be using passthrough raw disk mapping.

QUESTION NO: 4

Which two statements are true regarding VMFS3 volumes in ESXi 6.x? (Choose two.)

A. Creation of VMFS3 volumes is unsupported.

B. Upgrading VMFS3 volumes to VMFS5 is supported.

C. Existing VMFS3 volumes are unsupported.

D. Upgrading VMFS3 volumes to VMFS5 is unsupported.

Answer: A, B

Explanation:

While a VMFS-3, which is upgraded to VMFS-5, provides you with most of the capabilities as a newly created VMFS-5, there are some differences. Both upgraded and newly created VMFS-5 support single-extent volumes up to 64TB and both support VMDK sizes of ~2TB, no matter what the VMFS file-block size is. However additional differences, although minor, should be considered when making a decision whether to upgrade to VMFS-5 or create new VMFS-5 volumes.

Reference: http://www.vmware.com/files/pdf/techpaper/VMFS-5_Upgrade_Considerations.pdf

QUESTION NO: 5

Which three statements are correct regarding Fibre Channel over Ethernet (FCOE)? (Choose three.)

A. The network switch must have Priority-based Flow Control (PFC) set to AUTO.

B. The network switch must have Priority-based Flow Control (PFC) set to ON.

C. Each port on the FCoE card must reside on the same vSwitch.

D. Each port on the FCoE card must reside on a separate vSwitch.

E. The ESXi host will require a reboot after moving an FCoE card to a different vSwitch.

Answer: A, D, E

Reference: https://pubs.vmware.com/vsphere-55/index.jsp?topic=%2Fcom.vmware.vsphere.storage.doc%2FGUID-6B49866F-7005-4099-84AC-4FB2A1A91F64.html

QUESTION NO: 6

Which two statements are true regarding Virtual SAN Fault Domains? (Choose two.)

A. They enable Virtual SAN to tolerate the failure of an entire physical rack.

B. Virtual SAN ensures that no two replicas are provisioned on the same domain.

C. Virtual SAN ensures that all replicas are provisioned on the same domain.

D. They require VMware High Availability (HA) to ensure component distribution across domains.

Answer: A, B

Explanation:

A fault domain consists of one or more Virtual SAN hosts grouped together according to their physical location in the data center. When configured, fault domains enable Virtual SAN to tolerate failures of entire physical rack as well as failures of a single host, capacity device, network link or a network switch dedicated to fault domains. Fault domains cannot be configured for stretched or metro clusters.

Reference: http://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.virtualsan.doc%2FGUID-8491C4B0-6F94-4023-8C7A-FD7B40D0368D.html

QUESTION NO: 7

An administrator created a six node Virtual SAN cluster, created a fault domain, and moved three of the six nodes into that domain.

A node that is a member of the fault domain fails.

What is the expected result?

A. The remaining two fault domain members are treated as failed.

B. The remaining two fault domain members stay protected by the domain.

C. One of the non-member nodes will be automatically added to the fault domain.

D. VMware High Availability will restart virtual machines on remaining nodes in the domain.

Answer: A

Explanation:

When the member of the fault domain fails, the remaining two fault domain members are treated as failed too.

QUESTION NO: 8

Where is a Virtual SAN Fault Domain configured?

A. VMware Virtual SAN Cluster configuration

B. VMware High Availability Cluster configuration

C. Distributed Resource Scheduler configuration

D. Datacenter Advanced Settings configuration

Answer: A

Explanation:

If your Virtual SAN cluster spans across multiple racks or blade server chassis in a data center and you want to make sure that your hosts are protected against rack or chassis failure, you can create fault domains and add one or more hosts to it.

A fault domain consists of one or more Virtual SAN hosts grouped together according to their physical location in the data center. When configured, fault domains enable Virtual SAN to tolerate failures of entire physical rack as well as failures of a single host, capacity device, network link or a network switch dedicated to fault domains. Fault domains cannot be configured for stretched or metro clusters.

The number of failures your cluster can tolerate depends on the number of failures a virtual machine is provisioned to tolerate. For example, when a virtual machine is configured with Number of failures to tolerate=1 and using multiple fault domains, Virtual SAN can tolerate a single failure of any kind and of any component in a fault domain, including the failure of an entire rack.

When you configure fault domains on a rack and provision a new virtual machine, Virtual SAN ensures that protection objects, such as replicas and witnesses are placed on different fault domains. If, for example, a virtual machine's storage policy is Number of failures to tolerate=n, Virtual SAN requires a minimum of 2*n+1 fault domains in the cluster. When virtual machines are provisioned in a cluster with fault domains using this policy, the copies of the associated virtual machine objects are stored across separate racks.

Reference: http://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.virtualsan.doc%2FGUID-8491C4B0-6F94-4023-8C7A-FD7B40D0368D.html

QUESTION NO: 9

Which statement is true for the Path Selection Plug-In VMW_PSP_MRU?

A. VMW_PSP_MRU is default for a majority of active-active and active-passive arrays.

B. VMW_PSP_MRU will remain on the selected path even if the state were to change.

C. VMW_PSP_MRU is recommended for Virtual SAN.

D. VMW_PSP_MRU will have no preferred path setting for the Plug-In.

Answer: D

Explanation:

The host selects the path that it used most recently. When the path becomes unavailable, the host selects an alternative path. The host does not revert back to the original path when that path becomes available again. There is no preferred path setting with the MRU policy. MRU is the default policy for active-passive storage devices.

Reference: http://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vcli.examples.doc%2Fcli_manage_storage.6.7.html

QUESTION NO: 10

Which two tasks does the Pluggable Storage Architecture (PSA) perform? (Choose two.)

A. Handles I/O queueing to the logical devices.

B. Handles physical path discovery, but is not involved in the removal.

C. Handles physical path discovery and removal.

D. Handles I/O queueing to FC storage HBAs.

Answer: A, C

Explanation:

When coordinating the VMware NMP and any installed third-party MPPs, the PSA performs the following tasks:

  • Loads and unloads multipathing plug-ins.

  • Hides virtual machine specifics from a particular plug-in.

  • Routes I/O requests for a specific logical device to the MPP managing that device.

  • Handles I/O queueing to the logical devices.

  • Implements logical device bandwidth sharing between virtual machines.

  • Handles I/O queueing to the physical storage HBAs.

  • Handles physical path discovery and removal.

  • Provides logical device and physical path I/O statistics.

Reference: http://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.storage.doc%2FGUID-C1C4A725-8BE4-4875-919E-693812961366.html

QUESTION NO: 11

Which two statements are true regarding Storage Multipathing Plug-Ins? (Choose two.)

A. The default Path Selection Policy is VMW_PSP_MRU for iSCSI or FC devices.

B. The default Path Selection Policy is VMW_PSP_FIXED for iSCSI or FC devices.

C. VMW_PSP_MRU is typically selected for ALUA arrays by default.

D. VMW_PSP_FIXED is typically selected for ALUA arrays by default.

Answer: B, C

Reference: https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vcli.examples.doc%2Fcli_manage_storage.6.5.html

QUESTION NO: 12

What is the command to list multipathing modules on an ESXi 6.x host?

A. esxcli storage core list plugin --plugin-class=MP

B. esxcli storage core list plugin --class-plugin=MP

C. esxcli storage core plugin list --plugin-class=MP

D. esxcli storage core plugin list --class-plugin=MP

Answer: C

Reference: http://darrylcauldwell.com/advanced-vsphere-5-x-storage-masking-multipathing-filtering/

QUESTION NO: 13

Which two solutions require Physical Mode Raw Device Mapping (RDM)? (Choose two.)

A. Direct access to the storage array device

B. Virtual Machine Snapshots

C. Hardware Acceleration

D. Guest Clustering across ESXi hosts

Answer: A, D

Explanation:

Normally, Direct access to storage array device and guest clustering across ESXi hosts required the use of Physical Mode raw device mapping.

QUESTION NO: 14

A device's vStorage API for Array Integration (VAAI) support status command line output shows:

naa.500253825002a865 VAAI Plugin Name: ATS Status: unsupported Clone Status: unsupported Zero Status: supported Delete Status: unsupported

What is the corresponding VAAI support status in the vSphere Web Client?

A. Unknown

B. Supported

C. Not supported

D. Unsupported

Answer: A

Explanation:

The VAAI support status will be unknown.

Reference: https://pubs.vmware.com/vsphere-55/index.jsp?topic=%2Fcom.vmware.vsphere.storage.doc%2FGUID-0520FD37-D7AD-4FBA-9A2E-E5F8211FCBBB.html

QUESTION NO: 15

Refer to the Exhibit.

C:\Pasban Work\Cert Paper Exams\VMware\2V0-621\crack\341_Image13_VCP_DCV.jpg

What will be the result of selecting the highlighted device?

A. Datastore will grow up to 200.01GB using the remaining free space on the device.

B. Datastore will add 200.01GB by adding the device as a second extent.

C. The device size can be expanded to be larger than 200.01 GB in size.

D. The device is not suitable for this operation.

Answer: A

Explanation:

The datastore will use up 200.01 GBof free space on the device.

QUESTION NO: 16

An administrator observes that virtual machine storage activity on an ESXi 6.x host is negatively affecting virtual machine storage activity on another host that is accessing the same VMFS Datastore.

Which action would mitigate the issue?

A. Enable Storage IO Control.

B. Configure Storage DRS.

C. Enable the Dynamic Queue Depth Throttling option.

D. Configure the Disk.SchedNumReqOutstanding parameter.

Answer: A

Explanation:

SIOC is extremely powerful, it can increase your consolidation ratios on the storage side, allowing more VM's per datastore. Which leads to lower storage costs and less administrative overhead.

So how does it work? At a basic level SIOC is monitoring the end to end latency of a datastore. When there is congestion (the latency is higher then the configured value) SIOC reduces the latency by throttling back VM's who are using excessive I/O. Now you might say, I need that VM to have all of those I/O's, which in many cases is true, you simply need to give the VMDK(s) of that VM a higher share value. SIOC will use the share values assigned to the VM's VMDK's to prioritize access to the datastore.

Just simply turning SIOC on will guarantee each VMDK has equal access to the datastore, shares fine tune that giving you the ability to give VMDK's more or less priority during times of contention.

Reference: http://blogs.vmware.com/vsphere/2014/05/enabling-monitoring-storage-io-control.html

QUESTION NO: 17

An administrator is having a problem configuring Storage I/O Control on a Datastore.

Which two conditions could explain the issue? (Choose two.)

A. A host is running ESXi 4.0.

B. An ESXi host does not have appropriate licensing.

C. The vCenter Server version is 5.0.

D. The vCenter Server License is Standard.

Answer: A, B

Reference: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2021530

QUESTION NO: 18

Which three are requirements for configuring Storage I/O Control (SIOC)? (Choose three.)

A. The datastore must consist of only one extent.

B. The datastore is managed by a single vCenter Server.

C. Auto-tiered storage must be compatable with SIOC.

D. Auto-tiered storage must be SSD or SATA.

E. The datastore must be VMFS.

Answer: A, B, C

Explanation:

Storage I/O Control (SIOC) is used to control the I/O usage of a virtual machine and to gradually enforce the predefined I/O share levels. SIOC is supported on Fibre Channel and iSCSI connected storage in ESX/ESXi 4.1 and 5.0. With ESXi 5.0 support for NFS with SIOC was also added. Datastores with multiple extents or Raw Device Mapping (RDM) are currently not supported.

Reference: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1022091

QUESTION NO: 19

Refer to the Exhibit.

C:\Pasban Work\Cert Paper Exams\VMware\2V0-621\crack\3829_Image33_VCP_DCV.jpg

An administrator wishes to provide Load Balanced I/O for the device shown in the Exhibit.

To meet this requirement, which setting should be changed?

A. Storage Array Type Policy = VMW_NMP_RR

B. Path Selection Policy = Round Robin (VMware)

C. Storage Array Type Policy = VMW_SATP_RR

D. Path Selection Policy = MRU (VMware)

Answer: B

Explanation:

In round robin (VMware) the host uses an automatic path selection algorithm rotating through all available paths. This implements load balancing across all the available physical paths.

Load balancing is the process of spreading server I/O requests across all available host paths. The goal is to optimize performance in terms of throughput (I/O per second, megabytes per second, or response times).

Reference: https://pubs.vmware.com/vsphere-4-esx-vcenter/index.jsp?topic=/com.vmware.vsphere.config_fc.doc_40/esx_san_config/managing_san_systems/c_setting_a_path_selection_policy.html

QUESTION NO: 20

Refer to the Exhibit.

C:\Pasban Work\Cert Paper Exams\VMware\2V0-621\crack\3882_Image34_VCP_DCV.jpg

An administrator is configuring a storage device as shown in the Exhibit.

What is the expected effect on the stated device after running the command?

A. I/O will rotate on all storage targets regardless of port group state.

B. I/O will rotate on all storage targets that are Active Optimized state only.

C. I/O will rotate on all storage targets that are Active Unoptimized state only.

D. I/O will rotate on all storage targets that are on Available Nodes only.

Answer: B

Explanation:

When the command is run, I/O will rotate on all storage targets regardless of port group state.

QUESTION NO: 21

Refer to the Exhibit.

C:\Pasban Work\Cert Paper Exams\VMware\2V0-621\crack\5320_Image28_VCP_DCV.jpg

A vSphere 6.x environment is configured with VMware Virtual Volumes (VVOLs). An administrator accesses the cluster Actions menu, as shown in the Exhibit.

Which option is used to create a VVOL on an existing VVOL container?

A. Storage

B. Deploy OVF Template

C. New vApp

D. Settings

Answer: A

Explanation:

A storage container is the storage that is available physically on your storage array. Now I say physically but this could also be virtually presented storage even on an ESXi host but somewhere somehow it will be back-ended on some physical medium, be it HDD, SSD or hey, maybe even a super fast memory disk. Basically its a chunk of physical storage somewhere. Capacity Pools are logical partitions carved out of these to provide a chunk of storage to your VM Admins. Capacity pools may also span multiple storage arrays even across sites. Now you could have a single capacity pool within your storage container or multiple depending on your requirements if you need some sort of logical separation for say separate tenants or separate VM admins needing their own separate chunk of storage but just simply think of it as a chunk of storage presented to your VM admins.

Reference: http://www.wooditwork.com/2012/10/29/vmware-vvolumes-the-game-changing-future-for-storage-is-demoed/

QUESTION NO: 22

Refer to the Exhibit.

C:\Pasban Work\Cert Paper Exams\VMware\2V0-621\crack\5373_Image9_VCP_DCV.jpg

What will be created upon completion of the steps in this wizard?

A. 100GB VMFS5 datastore with free space available for expansion

B. 100GB VMFS5 datastore with free space available for a second datastore

C. 100GB VMFS3 datastore

D. 200.01 GB VMFS5 datastore

Answer: A

Explanation:

As you can see in the exhibit, the 100GB VMFS5 datastore is created with free space available for expansion.

QUESTION NO: 23

Refer to the Exhibit.

C:\Pasban Work\Cert Paper Exams\VMware\2V0-621\crack\5426_Image35_VCP_DCV.jpg

An administrator is attempting to enable Enhanced vMotion Compatibility (EVC), but receives the error shown in the Exhibit.

Which condition would explain the error?

A. The ESXi hosts are not licensed for EVC.

B. The administrator does not have privileges to enable EVC.

C. The ESXi host CPU has the Intel No-Execute feature disabled.

D. The administrator has turned on Intel Virtualization Technology.

Answer: C

Explanation:

EVC requires all hosts to have the CPU features enabled for Virtualization and No Execute

Reference: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2008403

QUESTION NO: 24

Refer to the Exhibit.

C:\Pasban Work\Cert Paper Exams\VMware\2V0-621\crack\5479_Image1_VCP_DCV.jpg

Refer to the Exhibit. The list of devices attached to vmhba1 will be the basis for configuring a VMware Virtual SAN using Manual Mode.

Based on the exhibit, which two combinations of devices should be used to create Disk Group(s)? (Choose two.)

A. One Disk Group with one Flash Drive and three HDDs

B. Two Disk Groups with one Flash Drive and two HDDs each

C. One Disk Group with one Flash Drive and four HDDs

D. Two Disk Groups with two Flash Drives and four HDDs each

Answer: A, B

Explanation:

To create the disk group, you have to build a disk group with a flash drive and three HDDs or you can build two groups with one flash drive and two HDDs each.

QUESTION NO: 25

Refer to the Exhibit.

C:\Pasban Work\Cert Paper Exams\VMware\2V0-621\crack\335_Image27_VCP_DCV.jpg

An administrator is using the esxtop command to troubleshoot storage performance issues on a virtual machine. The esxtop capture is shown in the Exhibit.

Based on the exhibit, which two statements are true? (Choose two.)

A. The iSCSI device is experiencing high latency.

B. The ESXi kernel is experiencing high latency.

C. The Guest OS is experiencing high latency and response time.

D. The NFS device is experiencing high latency.

Answer: A, C

Explanation:

The iSCSI device is having high latency. You can see the response time peaking with high latency for Guest OS.

QUESTION NO: 26

An administrator needs to recover disk space on a previously-used thin provisioned virtual disk. The volumes where the administrator needs to recover the disk blocks are on VAAI-compliant storage arrays.

Which two actions should the administrator take accomplish this task? (Choose two.)

A. Perform a Storage vMotion to another volume in order to force free space recovery to occur. This recreates the volume in a new location and recovers all unused space.

B. Use VMware Converter to migrate the virtual machine to a new datastore. This will recreate the volumes and recover all unused space.

C. Issue the vmkfstools -vmfs unmap command within the VMFS volume directory on the ESXi host console.

D. Execute the esxcli storage vmfs unmap command.

Answer: B, D

Reference: http://www.boche.net/blog/index.php/2013/09/13/vsphere-5-5-unmap-deep-dive/

QUESTION NO: 27

Refer to the Exhibit.

C:\Pasban Work\Cert Paper Exams\VMware\2V0-621\crack\10234_Image20_VCP_DCV.jpg

An administrator recently created a Virtual SAN but no Storage Policies were defined. A few virtual machines were deployed to this cluster. The administrator analyzes the default Virtual SAN policy as shown in the Exhibit.

Based on the exhibit, which two statements are true? (Choose two.)

A. Losing one cluster node will not affect data availability.

B. Losing one Hard Disk in a cluster node will not affect data availability.

C. Creating a virtual machine Swap file will fail if it violates default storage policy.

D. Creating a virtual machine will succeed even if it violates default storage policy.

Answer: A, B

Explanation:

The Virtual SAN policy shows that the tolerate level is on so losing a cluster node will not affect data availability. Same is the case with hard disk in cluster node. Losing it will not affect data availability.

QUESTION NO: 28

Refer to the Exhibit.

C:\Pasban Work\Cert Paper Exams\VMware\2V0-621\crack\10287_Image31_VCP_DCV.jpg

A Storage Policy for a Virtual SAN is set to the default policy, as shown in the Exhibit.

Which change would reduce the storage consumption by one third?

A. Number of failures to tolerate = 1

B. Number of disk stripes per object = 2

C. Number of failures to tolerate = 3

D. Number of disk stripes per object = 1

Answer: A

Explanation:

Number of failures to tolerate defines the number of host, disk, or network failures a virtual machine object can tolerate. For n failures tolerated, n+1 copies of the virtual machine object are created and 2n+1 hosts with storage are required.

Default value is 1. Maximum value is 3.

Reference: http://pubs.vmware.com/vsphere-55/index.jsp?topic=%2Fcom.vmware.vsphere.storage.doc%2FGUID-C8E919D0-9D80-4AE1-826B-D180632775F3.html

QUESTION NO: 29

Refer to the Exhibit.

C:\Pasban Work\Cert Paper Exams\VMware\2V0-621\crack\10617_Image36_VCP_DCV.jpg

An administrator would like to add Challenge Handshake Authentication Protocol (CHAP) to an iSCSI adapter. The administrator accesses the Storage Adapters menu as shown in the Exhibit.

In which tab can the task be accomplished?

A. Properties

B. Advanced Options

C. Targets

D. Devices

Answer: A

Reference: http://www.vmwarebits.com/content/install-and-configure-openfiler-esxi-shared-storage-nfs-and-iscsi

Topic 4, Upgrade a vSphere Deployment

QUESTION NO: 1

An administrator is writing a kickstart script to upgrade an ESXi 6.x host.

In which three locations can the script reside? (Choose three.)

A. NFS

B. USB

C. HTTP

D. TFTP

E. PXE

Answer: A, B, C

Explanation:

The installation script ( ks.cfg) can reside in any of these locations:

  • FTP

  • HTTP/HTTPS

  • NFS Share

  • USB flash drive

  • CD/DVD device

Reference: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2004582

QUESTION NO: 2

Which file determines the location of the installation script during a scripted upgrade?

A. boot.cfg

B. ks.cfg

C. script.cfg

D. upgrade.cfg

Answer: A

Explanation:

You can Modify the boot.cfg file to specify the location of the installation or upgrade script using the kernelopt option.

QUESTION NO: 3

What three supported methods can be used to upgrade a host from ESXi 5.x to ESXi 6.x? (Choose three.)

A. vSphere Update Manager

B. vihostupdate

C. esxcli

D. vSphere Auto Deploy

E. esxupdate

Answer: A, C, D

Reference: https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.upgrade.doc%2FGUID-FE668788-1F32-4CB2-845C-5547DD59EB48.html

QUESTION NO: 4

Which two supported tools can be used to upgrade virtual machine hardware? (Choose two.)

A. vSphere Web Client

B. vSphere Update Manager

C. vmware-vmupgrade.exe

D. esxcli vm hardware upgrade

Answer: A, B

Explanation:

Vmware offers the following tools for upgrading virtual machines:

vSphere Client

Requires you to perform the virtual machine upgrade one step at a time, but does not require vSphere Update Manager.

vSphere Update Manager

Automates the process of upgrading and patching virtual machines, thereby ensuring that the steps occur in the correct order. You can use Update Manager to directly upgrade virtual machine hardware, Vmware Tools, and virtual appliances. You can also patch and update third-party software running on the virtual machines and virtual appliances.

Reference: https://pubs.vmware.com/vsphere-50/index.jsp?topic=%2Fcom.vmware.vsphere.upgrade.doc_50%2FGUID-EE77B0A9-F8FF-4785-BEAD-B6F04EE04492.html

QUESTION NO: 5

What are three recommended prerequisites before upgrading virtual machine hardware? (Choose three.)

A. Create a backup or snapshot of the virtual machine.

B. Upgrade VMware Tools to the latest version.

C. Verify that the virtual machine is stored on VMFS3, VMFS5, or NFS datastores.

D. Detach all CD-ROM/ISO images from the virtual machines.

E. Set the Advanced Parameter virtualHW.version = 11

Answer: A, B, C

Reference: https://pubs.vmware.com/vsphere-50/index.jsp?topic=%2Fcom.vmware.vsphere.upgrade.doc_50%2FGUID-A45CBEE5-C4D2-484E-A699-A5A577244DE0.html

QUESTION NO: 6

An administrator wants to upgrade to vCenter Server 6.x.

The vCenter Server:

  • Is hosted on a virtual machine server running Microsoft Windows Server 2008 R2, with 8 vCPUs and 16GB RAM.

  • Will have an embedded Platform Services Controller.

  • Hosts a Large Environment with 1,000 ESXi hosts and 10,000 Virtual Machines.

Why does the vCenter Server not meet the minimum requirements?

A. Windows Server 2008 R2 is not a supported Operating System for vCenter Server.

B. The virtual machine has insufficient resources for the environment size.

C. The environment is too large to be managed by a single vCenter Server.

D. The Platform Services Controller must be changed to an External deployment.

Answer: B

Explanation:

The environment is very big with 1000 ESXi host and 10,000 virtual machines. Therefore, it is not enough and the vCenter server cannot meet these requirements.

QUESTION NO: 7

An administrator has upgraded a Distributed vCenter Server environment from 5.5 to 6.0.

What is the next step that should be taken?

A. vCenter Inventory Service must be manually stopped and removed.

B. vCenter Inventory Service must be changed from manual to automatic.

C. vCenter Inventory Service must be manually stopped and restarted.

D. vCenter Inventory Service must be changed from automatic to manual.

Answer: A

Reference: http://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.upgrade.doc%2FGUID-4BFB12D8-9FCA-4AB1-A44F-2986966F0AD5.html

QUESTION NO: 8

When upgrading vCenter Server, an administrator notices that the upgrade fails at the vCenter Single Sign-On installation.

What must be done to allow the upgrade to complete?

A. Verify that the Vmware Directory service can stop by manually restarting it.

B. Verify that the vCenter Single Sign-On service can stop by manually restarting it.

C. Uninstall vCenter Single Sign-On service.

D. Uninstall the Vmware Directory service.

Answer: A

Explanation:

To verify that the Vmware Directory Service is in a stable state and can stop, manually restart it. The Vmware Directory service must stopped for the vCenter Server upgrade software to uninstall vCenter Single Sign-On during the upgrade process.

QUESTION NO: 9

During a vCenter Server upgrade, an ESXi 6.x host in a High Availability (HA) cluster fails.

Which statement is true?

A. HA will fail the virtual machines over to an available host during the vCenter Server upgrade process.

B. HA is unavailable during the vCenter Server upgrade process.

C. HA will fail the virtual machines over to an available host after the vCenter Server upgrade completes.

D. HA will successfully vMotion the virtual machines during the host failure.

Answer: A

Explanation:

High availability is designed to fail over the virtual machines to another available host during the upgrade process.

QUESTION NO: 10

An administrator is upgrading a vCenter Server Appliance and wants to ensure that all the prerequisites are met.

What action must be taken before upgrading the vCenter Server Appliance?

A. Install the Client Integration Plug-in.

B. Install the database client.

C. Install the ODBC connector.

D. Install the Update Manager Plug-in.

Answer: A

Explanation:

You must install the Client Integration Plug-in before you deploy or upgrade the vCenter Server Appliance.

Reference: https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.upgrade.doc%2FGUID-CA16F78B-7890-4357-9760-AF8648806FE7.html

QUESTION NO: 11

An administrator is upgrading vCenter Server and sees this error:

The DB User entered does not have the required permissions needed to install and configure vCenter Server with the selected DB. Please correct the following error(s): %s

Which two statements explain this error? (Choose two.)

A. The database is set to an unsupported compatibility mode.

B. The permissions for the database are incorrect.

C. The permissions for vCenter Server are incorrect.

D. The database server service has stopped.

Answer: A, B

Reference: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2006904

QUESTION NO: 12

Which two vCenter Server services are migrated automatically as part of an upgrade from a Distributed vCenter Server running 5.x? (Choose two.)

A. vCenter Single Sign-on Service

B. vSphere Web Client

C. vSphere Inventory Service

D. Storage Policy Based Management

Answer: B, C

Explanation:

vSphere web client and vSphere inventory services are migrated automatically during the Distributed vcenter server 5.x upgrade.

QUESTION NO: 13

What command line utility can be used to upgrade an ESXi host?

A. esxcli

B. esxupdate

C. vihostupdate

D. esxcfg

Answer: A

Explanation:

You can use the esxcli software profile update or esxcli software profile install command to upgrade or update an ESXi host.

Reference: https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.upgrade.doc%2FGUID-E51C5DB6-F28E-42E8-ACA4-0EBDD11DF55D.html

QUESTION NO: 14

Which log file would you examine to identify an issue which occurred during the pre-upgrade phase of a vCenter Server upgrade process?

A. vcdb_req.out

B. vcdb_export.out

C. vcdb_import.out

D. vcdb_inplace.out

Answer: A

Explanation:

The vcdb_req.err file tracks any errors that were identified during the pre-upgrade phase.

Reference: http://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.upgrade.doc%2FGUID-5EAC8B84-0A95-41EC-AAF4-6CBBB3A5152A.html

Topic 5, Administer and Manage vSphere Resources

QUESTION NO: 1

What is the minimum Virtual Hardware version required for vFlash Read Cache?

A. Version 8

B. Version 9

C. Version 10

D. Version 11

Answer: C

Explanation:

Version 10 is the minimum version needed for vFlash Read cache.

Reference: https://virtualizationreview.com/articles/2014/01/16/flash-read-cache.aspx

QUESTION NO: 2

Refer to the Exhibit.

C:\Pasban Work\Cert Paper Exams\VMware\2V0-621\crack\10114_Image26_VCP_DCV.jpg

An administrator reviews the Health of a virtual machine, as shown in the Exhibit.

Based on the exhibit, which three metrics can be used to determine the virtual machine’s Workload characteristics? (Choose three.)

A. CPU

B. Memory

C. Network IO

D. Threads

E. vNUMA Stats

Answer: A, B, C

Explanation:

The three most important metrics that are needed to be observed to ensure virtual machine health are CPU, memory and Network I/O because they are directly related to how the virtual machine will perform during peak load hours.

QUESTION NO: 3

Refer to the Exhibit.

C:\Pasban Work\Cert Paper Exams\VMware\2V0-621\crack\10340_Image4_VCP_DCV.jpg

Which tab shows the Hardware Acceleration support status?

A. Devices

B. Properties

C. Paths

D. Advanced Options

Answer: A

QUESTION NO: 4

Which minor badge items make up the Efficiency badge score for an ESXi host in vCenter Operations Manager?

A. Workload, Anomalies, Faults

B. Workload, Stress, Density

C. Time Remaining, Capacity Remaining

D. Reclaimable Waste, Density

Answer: D

Explanation:

The third major badge that vC Ops reports is  Efficiency . We all moved to virtualization in hopes of achieving greater efficiencies but there are varying degrees of efficiency so vC Ops is here to help ensure that you maximize the efficiency of your virtual infrastructure. The efficiency badge score is a weighted combination of Reclaimable Waste and Density.

Reference: http://blogs.vmware.com/management/2014/04/david-davis-on-vcenter-operations-post-8-understanding-vcenter-operations-badges.html

Topic 6, Backup and Recover a vSphere Deployment

QUESTION NO: 1

An administrator subscribes to the vCloud Air Disaster Recovery service.

Which replicated objects can be directly monitored and managed?

A. Virtual machine Snapshots

B. vApps

C. Virtual machines

D. ESXi Hosts

Answer: C

Explanation:

You use vSphere Replication at your source site to configure your environment and replicate virtual machines to vCloud Air. You can use vSphere Replication, the vCloud Air portal, or the vCloud Air plug-in to monitor and manage the replicated virtual machines in the cloud.

Reference: http://pubs.vmware.com/vchsplugin-15/topic/com.vmware.ICbase/PDF/vca_plugin_using.pdf

QUESTION NO: 2

Which three statements are true when restoring a Resource Pool Tree? (Choose three.)

A. Distributed Resource Scheduler must be set to manual.

B. Restoring a snapshot can only be done on the same cluster from which it was taken.

C. No other resource pools can be present in the cluster.

D. Restoring a resource pool tree must be done in the vSphere Web Client.

E. Enabling Enhanced vMotion Compatibility on the cluster is required.

Answer: B, C, D

Reference: https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.resmgmt.doc%2FGUID-43B3A1EF-B7FF-421C-96FA-33FA230688BB.html

QUESTION NO: 3

An administrator has created a resource pool named Marketing HTTP with a Memory Limit of 24 GB and a CPU Limit of 10,000 MHz.

The Marketing HTTP resource pool contains three virtual machines:

  • Mktg-SQL has a memory reservation of 16 GB.

  • Mktg-App has a memory reservation of 6 GB.

  • Mktg-Web has a memory reservation of 4 GB.

What would happen if all three virtual machines are powered on?

A. All three virtual machines can power on, but will have memory contention.

B. All three virtual machines can power on without memory contention.

C. Only two of the three virtual machines can power on.

D. Only one of the virtual machines can power on.

Answer: C

Explanation:

Since the limit of 24 GB and CPU limit of 10,000 MH is enforced, only two of the virtual machines can power on simultaneously.

Site Search:

Close

Close
Download Free Demo of VCE
Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.


Simply submit your e-mail address below to get started with our interactive software demo of your free trial.


Enter Your Email Address

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.