VMware Cloud Foundation Specialist 5V0-31.22 Topic 1
Q1. An administrator is tasked with changing the password of the SDDC Manager super user account in a newly installed VCF environment. Which method must the administrator use to complete this task?
A. 1. SSH in to the SDDC Manager VM using the vcf user account.
2. Switch to the root user.
3. Enter the passwd vcf command.
4. Enter and retype the new password.
B. 1. Log in to SDDC manager UI as a user with the ADMIN role.
2. Go to Administration > Security > Password Management.
3. Select the SDDC Manager account from the component drop-down menu.
4. Click Rotate Now button.
C. 1. Log in to the SDDC manager UI as a user with the ADMIN role.
2. Go to Developer Center > API Explorer.
3. Expand APIs for managing users.
4. Update password for roof user.
D. 1. SSH in to the SDDC Manager VM using the vcf user account.
2. Switch to the root user.
3. Enter the passwd admin command.
4. Enter and retype the new password.
Hint answer: A
Q2. Which action(s) can a developer perform on Kubernetes storage classes that are mapped from the VM Storage Policies?
A. Access Only
B. Access and Modify
C. Access, Modify, and Delete
D. Access, Create, and Delete
Hint answer: A
Q3. A VMware Cloud Foundation administrator created a Tanzu Namespace in one of the workload domains. Which two functions related to permissions can be performed on the newly created Namespace? (Choose two.)
A. Add permissions to local vSphere with Tanzu users only.
B. Permissions can be set to either view or edit.
C. Add a custom role to create more granular permissions.
D. Add permissions only from the vSphere.local domain.
E. Add permissions to users from vCenter Single Sign-On identity sources.
Hint answer: C E
Q4. Which two tools can be used to create custom ESXi ISO images when preparing for the VMware Cloud Foundation bring-up process? (Choose two.)
A. vRealize Suite Lifecycle Manager
B. VMware Imaging Appliance
C. vSphere Lifecycle Manager
D. PowerCLI
E. SSH
Hint answer: C D
Q5. VCF design workshops have been conducted, and the architect collected the following customer requirements for the newly planned VCF infrastructure:
• The new VCF infrastructure is targeting two zones: DEV/UAT and DMZ.
• The infrastructure team requested that the number of management components be minimized as much as possible.
• Eight hosts should be ordered for the DEV/UAT environment.
• Four hosts should be ordered for the DMZ environment.
• The DEV/UAT workloads must comply with an erasure coding vSAN storage policy and have the ability to tolerate the failure of two hosts.
Which workload domain sizing will be required to achieve these requirements?
A. 12-hosts workload domain for both zones, having an 8-hosts DEV/UAT cluster, and a 4-hosts DMZ cluster
B. 8-hosts DEV/UAT workload domain, having an 8-hosts DEV/UAT cluster, and a 4-hosts DMZ workload domain, having a 4-hosts DMZ cluster
C. 8-hosts DEV/UAT workload domain, having a 4-hosts DEV cluster, and a 4-hosts UAT cluster, in addition to a 4-hosts DMZ workload domain, having a 4-hosts DMZ cluster
D. 12-hosts workload domain for both zones, having a 4-hosts DEV cluster, a 4-hosts UAT cluster, and a 4-hosts DMZ cluster
Hint answer: A
Q6. Which two configurations are validated during the VMware Cloud Foundation bring-up process? (Choose two.)
A. Network Configuration validation
B. Network Connectivity validation
C. Stretched Cluster validation
D. Cloud Builder Log Configuration validation
E. NSX Edge validation
Hint answer: A B
Q7. What is a valid procedure to replace an expired vSAN license in a VMware Cloud Foundation environment?
A. 1. Add a new vSAN license to the SDDC Manager and vCenter Server.
2. Reassign the vSAN license to the cluster in the vCenter Server.
3. Remove the expired vSAN license from the SDDC Manager and vCenter Server.
B. 1. Add a new vSAN license to the vCenter Server.
2. Connect to SDDC Manager via SSH, and then restart Lifecycle Management using systemctl restart lcm.
3. Verify in the vCenter Server whether a new vSAN license has been assigned to the cluster.
C. 1. Add a new vSAN license to the SDDC Manager.
2. Connect to SDDC Manager via SSH, and then restart Domain Manager using systemctl restart domainmanager.
3. Verify in the SDDC Manager whether a new vSAN license has been assigned to the cluster.
D. 1. Add a new vSAN license to the SDDC Manager.
2. Reassign the vSAN license to the cluster in the SDDC Manager.
3. Remove the expired vSAN license from the SDDC Manager.
Hint answer: A
Q8. A systems administrator needs to apply a custom ESXi image to a host using VMware Imaging Appliance (VIA). Which statement is correct when preparing a host for imaging?
A. VIA service does not support UEFI boot mode.
B. PXE Boot must be configured as the second boot option.
C. Onboard NICs should be enabled on the server.
D. VMware Cloud Builder appliance must be deployed in a tagged VLAN/Network.
Hint answer: A
Q9. Which component is upgraded when using the SDDC Manager management domain upgrade workflow in VMware Cloud Foundation?
A. Workload Domain vCenter Server
B. VMware Cloud Builder
C. VMware NSX-T Manager nodes
D. VMware vRealize Network Insight
Hint answer: C
Q10. Which type of IP subnets are required when enabling Workload Management in VMware Cloud Foundation?
A. Non-routable subnets for pod networking and Service IP addresses, routable subnets for ingress and egress
B. Routable subnets for pod networking, Service IP addresses, ingress and egress
C. Routable subnets for pod networking and Service IP addresses, non-routable subnets for ingress and egress
D. Non-routable subnets for pod networking, Service IP addresses, ingress and egress
Hint answer: A
Q11. Which two options are only available when using vSphere Lifecycle Manager Images? (Choose two.)
A. Upgrade VM Hardware Compatibility versions.
B. Check the hosts and clusters against the vSAN Hardware Compatibility List.
C. Upgrade and patch ESXi hosts.
D. Update the firmware of all ESXi hosts in a cluster.
E. Install and update third-party software on all ESXi hosts in a cluster.
Hint answer: D E
Q12. An administrator is tasked with deploying a new VI Workload Domain into an existing VMware Cloud Foundation environment. Which three initial shared storage types are supported? (Choose three.)
A. vVols
B. NFS v3
C. NFS v4.1
D. vSAN
E. SMB 3.0
F. VMFS on iSCSI
Hint answer: A B D
Q13. An administrator is tasked with enabling workload management for a VMware Cloud Foundation Management Workload Domain.
This set of requirements was collected during the design workshops:
Developers should be able to utilize vSphere Pods feature.
Embedded harbor registry feature should be supported.
Developers need to utilize persistent volumes across multiple provisioned vSphere Pods.
Which three actions will meet the requirements for this deployment? (Choose three.)
A. Configure NSX Advanced Load Balancer.
B. Enable vSphere HA and DRS in partially-automated mode.
C. Configure NSX-T Networking.
D. Enable vSphere HA and DRS in fully-automated mode.
E. Configure HA Proxy.
F. Enable vSAN File Services.
Hint answer: C D F
Q14. The architect of a multi-site VMware Cloud Foundation solution is tasked with ensuring that the prerequisites for vSAN data at rest encryption have been achieved. The existing design calls for use of the vSphere Native Key Provider. NSX-T is configured with Federation, and both sites benefit from a stretched T0 and T1 network topology. A new security policy requires the use of vSphere Virtual Machine encryption, in addition to the at-rest encryption already configured. During a failover test from Site-A to Site-B using Site Recovery Manager, the virtual machines were unable to power-on.
How does the design need to be changed to support the new requirement?
A. Ensure that a TPM 2.0 certified module is installed on all ESXi hosts at Site-B.
B. Use a third-party KMS solution at each site.
C. Use a third-party KMS solution that allows for key replication.
D. Ensure that the Site Recovery Manager service account has Cryptographer.ReadKeyServersInfo privileges.
Hint answer: D
Q15. A service provider has a number of VMware Cloud Foundation workload domains and would like to sell Tanzu Namespaces as a managed service. Which two functions will help the service provider with Tanzu resource management? (Choose two.)
A. Separate NSX-T instances
B. Resource Limits
C. Container Network Interfaces
D. Resource Pools
E. Object Limits
Hint answer: B E
Q16. What are the correct steps to grant the DevOps team permissions to a vSphere Namespace in a VMware Cloud Foundation (VCF) developer-ready workload domain while following the principle of least privilege access?
A. At the Permissions setting, add the DevOps group and assign the “Editor” permission
B. At the Global Permissions setting, add the DevOps group and assign the vSphere Kubernetes Manager role
C. At the Global Permissions setting, add the DevOps group and assign the SupervisorService Cluster Operator role
D. At the Permissions setting, add the DevOps group and assign the “Can edit” permission
Hint answer: D
Q17. An administrator is leveraging existing ESXi hosts to deploy a VMware Cloud Foundation (VCF) environment. What are two of the minimum requirements for this deployment? (Choose two.)
A. Each host needs to have at least two available NICs.
B. A minimum of three VCF ready-nodes are required.
C. Host’s CPU needs to be on the Hardware Compatibility List.
D. Hosts should have a configured Virtual Distributed Switch.
E. Each host needs to have at least one available NIC.
Hint answer: A C
Q18. Which two roles are played by a Spherelet in a Tanzu-enabled VCF workload domain? (Choose two.)
A. It starts and monitors vSphere pods running on the workload domain cluster.
B. It communicates with the vSphere with Tanzu embedded Harbor registry.
C. It runs as a VIB on all Supervisor Cluster ESXi hosts configured with the vSphere Networking Stack.
D. It enables an ESXi hypervisor to act as a Kubernetes master node.
E. It enables an ESXi hypervisor to act as a Kubernetes worker node.
Hint answer: A E
Q19. An administrator needs to upgrade the current VMware Cloud Foundation (VCF) environment from version 4.1 to 4.3, knowing that the environment does not have direct access to the internet. Which steps should be performed to download the online bundles?
A. 1. Setup a proxy server.
2. Define the credentials to access the proxy server.
3. Allow bidirectional traffic on the firewall.
B. 1. Setup a proxy server.
2. Configure the proxy in SDDC Manager.
3. Restart the LCM service.
C. 1. Setup a proxy server.
2. Define the credentials to access the proxy server.
3. Configure the proxy server in vSphere Lifecycle Manager (vLCM).
4. Restart vSphere Lifecycle Manager (vLCM).
D. 1. Setup a proxy server.
2. Define the credentials to access the proxy server.
3. Allow bidirectional traffic on the firewall.
4. Configure the proxy server in SDDC Manager.
Hint answer: B
Q20. A VMware Cloud Foundation administrator is required to enable Workload Management (vSphere with Tanzu) on an existing workload domain cluster, which is currently licensed with a vSphere Enterprise Plus license. Which action, if any, is required to complete this task?
A. Add a license for vSphere with Tanzu with sufficient CPU capacity to both the SDDC Manager and vCenter Server, and then assign the license to the cluster in vCenter Server.
B. Add a license for vSphere with Tanzu with sufficient CPU capacity to the SDDC Manager inventory, and then assign the license to the cluster in SDDC Manager.
C. No action is required since the vSphere Enterprise Plus license supports vSphere with Tanzu.
D. No action is required since SDDC Manager licenses include an entitlement for vSphere with Tanzu.
Hint answer: A
Q21. Which two requirements are needed to add new hosts to an existing VI workload in a VMware Cloud Foundation environment? (Choose two.)
A. The host uses only the VLAN network.
B. The host uses heterogenous hardware.
C. The host uses a minimum of four network ports.
D. The host uses the same storage type as the existing cluster hosts.
E. The host uses the same network pool.
Hint answer: D
Q22. Which two configuration steps must a VMware Cloud Foundation administrator apply to achieve north/south connectivity while setting up an edge VM node for a workload domain from the SDDC Manager user interface? (Choose two.)
A. ToR Switches VRFs
B. vSphere VDS Uplinks
C. NSX VDS Uplinks
D. OSPF Configuration
E. BGP Configuration
Hint answer: B C
Q23. An administrator must configure the user authentication for a new VMware Cloud Foundation (VCF) deployment. Where would the identity provider be configured to reach this goal?
A. vCenter Server
B. SDDC Manager
C. Workspace ONE Access
D. vRealize Suite Lifecycle Manager
Hint answer: A
Q24. What is the correct sequence of steps to add a new VI Workload Domain in a VMware Cloud Foundation environment?
A. 1. Configure DNS.
2. Create a network pool.
3. Commission hosts.
4. Add licenses to SDDC Manager.
5. Create the workload domain.
B. 1. Configure DNS.
2. Commission hosts.
3. Create a network pool.
4. Add licenses to SDDC Manager.
5. Create the workload domain.
C. 1. Create a network pool.
2. Commission hosts.
3. Add licenses to SDDC Manager.
4. Create the workload domain.
D. 1. Create a network pool.
2. Commission hosts.
3. Create the workload domain.
4. Add licenses to SDDC Manager.
Hint answer: A
Q25. An administrator is tasked with preparing hosts for the deployment of a new Workload Domain in a VMware Cloud Foundation environment. The ESXi hosts have HBA cards that require the installation of a separate and the most recent VMware Installation Bundles (VIBs). Which ESXi imaging method should the administrator use?
A. VMware Imaging Appliance
B. VMware vSphere Auto Deploy
C. Download and burn the base ESXi Installer ISO Image to a DVD
D. VMware vSphere Lifecycle Manager Image
Hint answer: A
Q26. During a VCF design workshop, the architect gathered the following customer requirements:
• There should be two environments: PROD and DEV.
• PROD and DEV workloads should communicate without traversing the physical network.
• The PROD workload domain should be separate from the DEV workload domain.
• The VCF infrastructure design should be flexible and scalable as much as possible.
How many total NSX manager cluster(s) will be deployed as part of the solution?
A. 1
B. 4
C. 2
D. 3
Hint answer: C
Q27. During the design phase for a greenfield VMware Cloud Foundation (VCF) deployment, the following design decision has been agreed upon:
• Developer Ready Infrastructure needs to be deployed
The Infrastructure Architect is working with the client to fill the Planning and Preparation Workbook. The Option for ‘Developer Ready Infrastructure using VMware Cloud Foundation’ has been set to ‘Deploy’. The ‘Developer Ready Infrastructure using VMware Cloud Foundation’ is displaying an error, and its Final Result is stating ‘Excluded’.
Which option should be enabled in the Planning and Preparation Workbook to address this issue?
A. Stretched Cluster for Management Domain
B. Clustered Workspace ONE Access
C. Identity and Access Management for VMware Cloud Foundation
D. Stretched Cluster for Workload Domain
Hint answer: C
Q28. A systems administrator is tasked to deploy VMware Cloud Foundation (VCF) and has already deployed the VMware Cloud Builder appliance. What is the next step the systems administrator should take?
A. Upload the Deployment Parameter Workbook.
B. Configure the Management Domain using custom certificates.
C. Deploy the Management Domain using VMware Cloud Builder.
D. Prepare and configure the ESXi hosts to be used in the deployment.
Hint answer: D
Q29. Which two configurations are part of the VMware Cloud Builder validation process? (Choose two.)
A. Passwords: Validates specified passwords. Checks for minimum length, invalid characters, and format
B. License key: Validates format, validity, and expiry for ESX, vSAN, vCenter Server, NSX, vRealize Suite, and Log Insight license keys
C. Network configuration: Validates CIDR to IP address validity, IP addresses in use, gateways, invalid or missing VLANs, invalid or missing MTU, and network spec availability for all components
D. Availability configuration: Validates the access to the configured backup locations
E. Certificates: Validates certificates for ESX, vCenter Server, and NSX
Hint answer: A C
Q30. VCF design workshops were conducted, and the architect collected the following customer requirements for the newly planned VCF infrastructure:
The new VCF infrastructure must target two zones: DEV/UAT and DMZ.
The security team would like to have full management and network isolation between these two zones.
12 hosts have been ordered for the solution.
DEV/UAT workloads must comply with an erasure coding vSAN storage policy with the ability to tolerate the failure of two hosts.
Which workload domain sizing will be required to achieve these requirements?
A. 12-hosts workload domain for both zones, having an 8-hosts DEV/UAT cluster, and a 4-hosts DMZ cluster
B. 8-hosts DEV/UAT workload domain, having a 4-hosts DEV cluster, and a 4-hosts UAT cluster, in addition to a 4-hosts DMZ workload domain, having a 4-hosts DMZ cluster
C. 8-hosts DEV/UAT workload domain, having an 8-hosts DEV/UAT cluster, and a 4-hosts DMZ workload domain, having a 4-hosts DMZ cluster
D. 12-hosts workload domain for both zones, having a 4-hosts DEV cluster, a 4-hosts UAT cluster, and a 4-hosts DMZ cluster
Hint answer: C
Q31. An administrator is tasked with deploying a VMware Cloud Foundation environment that consists of three VI Workload Domains. Each VI Workload Domain is comprised of two clusters, with 18 hosts in each cluster. Which option fulfills this requirement while minimizing the number of NSX-T Manager instances?
A. Deploy one medium-sized NSX-T Manager cluster per VI Workload Domain.
B. Deploy one medium-sized NSX-T Manager cluster for all VI Workload Domains.
C. Deploy one large-sized NSX-T Manager cluster per VI Workload Domain.
D. Deploy one large-sized NSX-T Manager cluster for all VI Workload Domains.
Hint answer: D
Q32. A systems administrator has recently added newly-commissioned hosts in the VI workload domain, and IP addresses are automatically configured to their associated network pool. The administrator reviews which storage options require only vMotion and NFS networks in the network pool. Which two storage options have this requirement? (Choose two.)
A. vSAN
B. vVols on NFS
C. vSAN and NFS
D. NFS
E. vVols on ISCSI
Hint answer: B D
Q33. A vSphere administrator is tasked with enabling Workload Management on a VMware Cloud Foundation Workload Domain. Which three components are configured as part of the Supervisor Cluster control plane after this task is completed? (Choose three.)
A. Kubernetes Grid Orchestrator
B. Kubernetes Mission Control
C. kubectl-vSphere
D. Spherelet
E. Tanzu Kubernetes Grid Service
F. Container Runtime Executive
Hint answer: D E F
Q34. During the design phase for a greenfield VMware Cloud Foundation (VCF) deployment, the following design decisions have been agreed upon:
Stretched Cluster needs to be deployed
Identity and Access Management for VMware Cloud Foundation needs to be deployed
The Infrastructure Architect is working with the client to fill the Planning and Preparation Workbook. The Option for Stretched Cluster has been set to ‘Include’. The ‘Identity and Access Management’ is displaying an error, and its Final Result is stating ‘Excluded’.
Which option should be enabled in the Planning and Preparation Workbook to address the issue?
A. Apply Signed Certificates
B. Consolidated Management Domain
C. Clustered Workspace One Access
D. NSX Routing for Management Domain
Hint answer: D
Q35. A VMware administrator, who works for the U.S defense department, has been asked to upgrade the VMware Cloud Foundation software in a secure location. Due to security concerns, the VCF environment does not have any internet access.
The administrator can connect a laptop to the SDDC manager network but is not allowed to carry any storage media into the facility. To complete this work, the administrator has been given access to a network port where the laptop can be connected for internet access.
Which steps can the administrator follow to download the latest VCF software bundles?
A. 1. Download the latest VCF software bundles on the laptop.
2. Copy the bundles to SDDC manager using file sharing.
B. 1. Download all required OVAs onto the laptop.
2. Copy them to a USB drive.
3. Attach the drive to the SDDC manager appliance.
C. 1. Copy the bundle transfer utility from SDDC manager onto the laptop.
2. Use the utility to download the latest software bundles for the upgrade.
3. Copy the bundles to SDDC manager using file sharing.
D. 1. Download the latest bundle transfer utility from myvmware.com.
2. Use the utility to download the latest software bundles for the upgrade.
3. Copy the bundles to SDDC manager using file sharing.
Hint answer: D
Q36. A VMware Cloud Foundation consultant has a requirement to enable task-based backups for the SDDC Manager. What are two steps that need to be pre-configured to achieve this goal? (Choose two.)
A. Register with a VADP image-level backup solution.
B. Create an Image-Based backup job.
C. Register VCSA with a backup proxy.
D. Create a File-Based backup job.
E. Register an external backup repository.
Hint answer: D E
Q37. A vSphere administrator is planning to deploy a new VMware Cloud Foundation environment and is tasked with identifying the necessary external services that will be required for a new stretched-cluster implementation. Which three services should be considered as dependencies in this situation? (Choose three.)
A. BGP
B. DNS
C. NTP
D. vSAN
E. DHCP
F. Syslog
Hint answer: A B C
Q38. Which statement accurately describes a Tanzu Spherelet?
A. A Spherelet runs as a VM on the supervisor cluster.
B. The Spherelet runs as an agent on the vCenter server of the Tanzu-enabled VCF workload domain.
C. A Spherelet upgrade does not have any impact on the PODs running on the supervisor cluster node.
D. The Spherelet communicates with the control plane’s API server.
Hint answer: D
Q39. An administrator is tasked with deploying an additional cluster within VI Workload Domain which has been created with vSAN as a principal storage. Which types of principal storage may the administrator configure during this process?
A. NFS v4.1, VMFS on FC, vSAN
B. vSAN, iSCSI, SMB 3.0
C. iSCSI, vVols, vSAN, NFS v4.1
D. vVols, vSAN, NFS v3, VMFS on FC
Hint answer: D
Q40. An architect needs to create a VMware Cloud Foundation (VCF) VI Workload Domain design with these requirements:
Design blueprint needs to be repeatable for additional regions
Multiple availability zones –
Seven nodes per availability zone to host the workloads
vSAN storage will be used
What is the maximum accepted latency supported by vSAN between the two availability zones?
A. 5 ms
B. 10 ms
C. 100 ms
D. 150 ms
Hint answer: A
