VMware vSphere 8.x Advanced Design 3V0-21.23 Exam Practice Test

Page: 1 / 14
Total 92 questions

Want more questions? Get Premium Access.
()

Question 1

An architect is designing the virtual networking components of a vSphere-based solution that will provide an environment for the development of a new latency sensitive stock trading application.

The following information was identified within the initial meeting with the customer:

The customer has vCenter Standard and vSphere Standard licenses left over from a previous project.

The customer's CFO has approved budget for additional purchases, if required.

The following requirements were also identified during the meeting:

The solution must support 500 development workloads concurrently running in the secondary site.

The solution must support the ability to complete all vSphere Operational Management centrally.

The solution must ensure business-critical applications are not impacted by vSphere system-level operations.

Given the requirements, the architect has decided on a single 20-node cluster for development.

Which three additional design decisions should the architect make to meet these requirements? (Choose three.)

AThe solution will configure Traffic Shaping policies to restrict network bandwidth on ingress and egress.

BThe solution will deploy VMware vSphere Enterprise Plus on all hosts within the cluster.

CThe solution will deploy VMware vSphere Standard on all hosts within the cluster.

DThe solution will deploy a single VMware Standard Switch that will be configured identically on each host.

EThe solution will deploy a single vSphere Distributed Switch with each host connected to it.

FThe solution will configure Network I/O control to ensure that system-level bandwidth does not impact workload network traffic.

Answer : B, E, F

The solution will deploy VMware vSphere Enterprise Plus on all hosts within the cluster.

VMware vSphere Enterprise Plus offers advanced networking and storage features that will support the required high availability, performance, and management capabilities. Features such as Distributed Switches and Network I/O Control (NIOC) are critical to meeting the business-critical application and performance requirements for the latency-sensitive stock trading application.

The solution will deploy a single vSphere Distributed Switch with each host connected to it.

A vSphere Distributed Switch (VDS) is ideal for managing network configurations centrally across multiple hosts, which meets the requirement for centralized vSphere operational management. It also ensures consistent network configurations and simplifies network management at scale.

The solution will configure Network I/O control to ensure that system-level bandwidth does not impact workload network traffic.

Network I/O Control (NIOC) is essential for prioritizing network traffic, ensuring that latency-sensitive workloads are not impacted by other system-level or less critical traffic. This is crucial for the performance requirements of the stock trading application.

Question 2

Following a review of security requirements, an architect has confirmed the following requirements:

Which three requirements would be classified as technical (formerly non-functional) requirements? (Choose three.)

AA clustered firewall solution must be placed at the perimeter of the hosting platform, and all ingress and egress network traffic will route via this device.

BA distributed firewall solution must secure traffic for all virtualized workloads.

CThe hosting platforms security information and event management (SIEM) system must be scalable to 20,000 events per second.

DThe hosting platforms storage must be configured with data-at-rest encryption.

EThe hosting platform limits access to authorized users.

FAll virtualized workload, hypervisor, firewall and any management component system events must be monitored by security administrators.

Answer : A, C, D

A clustered firewall solution must be placed at the perimeter of the hosting platform, and all ingress and egress network traffic will route via this device:

This is a technical requirement because it specifies how network traffic is to be managed through a specific infrastructure element (the firewall). It outlines how the security device is implemented in the network architecture.

The hosting platform's security information and event management (SIEM) system must be scalable to 20,000 events per second:

This is a technical requirement because it deals with the scalability and performance of the SIEM system. It specifies how the system must handle a large volume of data, which is a technical characteristic of the infrastructure.

The hosting platform's storage must be configured with data-at-rest encryption:

This is also a technical requirement because it defines how the data should be stored securely, which is an implementation detail. It specifies that encryption needs to be applied to stored data, a feature related to storage infrastructure.

Question 3

An architect is reviewing the security and compliance requirements for a new application that will be hosted on a vSphere 8 environment.

The following information has been noted about the new application:

The application stores and processes confidential data

The supporting virtual infrastructure is shared with other departments

No other application stores or processes confidential data

The application virtual machines must be able to run on any ESXi host in the cluster

The storage layer is a iSCSI attached SAN

Data at Rest Encryption is in place for each presented LUN validated to FIPS 140-2

No budget is available for additional infrastructure components or software

Application data must not be accessible outside of the application's virtual machines

The architect has been tasked with providing a secure virtual machine design to host the application.

Which three design elements must the architect include to meet the requirements? (Choose three.)

AVirtual Machine Encryption

BThe vSphere Native Key Provider

CA new encrypted iSCSI LUN

DExternal Key Management Service (KMS) provider

EA new local VMFS volume

FVMware vSAN

Answer : A, B, D

Virtual Machine Encryption

To ensure that the application's confidential data is protected, Virtual Machine Encryption should be applied. This will ensure that even if someone gains access to the storage layer or the underlying infrastructure, the data in the virtual machine is encrypted and cannot be accessed outside of the VM, as required by the security and compliance requirements.

The vSphere Native Key Provider

The vSphere Native Key Provider can be used to manage encryption keys within the vSphere environment. Since no budget is available for additional infrastructure components or software, leveraging vSphere's native capabilities for key management ensures that encryption is securely handled without introducing external dependencies. This also aligns with the requirement to not introduce additional infrastructure.

External Key Management Service (KMS) provider

While the vSphere Native Key Provider can manage keys within the environment, if there is a requirement for a more secure or compliant key management solution, an External Key Management Service (KMS) may be used. The KMS provider allows for centralized management of encryption keys, ensuring that the keys are securely stored and controlled according to compliance standards (e.g., FIPS 140-2). Although the Native Key Provider may suffice, this option ensures that key management adheres to stricter compliance needs, especially for confidential data.

Question 4

Which four factors should an architect consider when calculating the number of hosts required for a new multi-site vSphere-based solution that utilizes external storage? (Choose four.)

AThe workload profile (CPU and memory) of each workload

BThe amount of resources required for virtual machine (VM) swap and VM snapshots

CThe number of existinq workloads that will be decommissioned prior to the completion of project

DThe number of existinq workloads that will be miqrated onto the new solution

EThe number of network connections per physical host server

FThe future physical location of any workloads

GThe hardware specification of the underlying infrastructure

Answer : A, B, D, G

The workload profile (CPU and memory) of each workload

Understanding the CPU and memory requirements for each workload is crucial for determining the capacity needed on each host. This helps ensure that each host has sufficient resources to run the virtual machines (VMs) efficiently.

The amount of resources required for virtual machine (VM) swap and VM snapshots

VM swap files and snapshots require additional storage and compute resources. It's important to account for these resource requirements to avoid overloading the hosts or running into resource bottlenecks.

The number of existing workloads that will be migrated onto the new solution

Knowing how many workloads will be migrated allows the architect to estimate the total resource demand and determine the number of hosts required to support the migrated workloads effectively.

The hardware specification of the underlying infrastructure

The hardware specifications of the hosts, including the CPU, memory, storage, and network interfaces, play a significant role in determining how many hosts are needed to support the workloads. More powerful hardware may reduce the number of hosts required, while less capable hardware might increase the number needed.

Question 5

An architect will be updating an existing vSphere data center design.

The following information has been provided:

The new design must carry over existing VLANs for workloads.

The networking for storage must not share the data path with workload traffic.

The new design must be able to add additional VLANS.

The new design must reduce management overhead.

The new replacement servers have two 100GB network cards.

Which design will meet the requirements for existing workload networks and allow scaling of additional networks?

AOne vSphere standard switch (VSS) configuration
Workload and storage traffic on separate uplinks

BOne vSphere standard switch (VSS) configuration
Workload and storage traffic on separate uplinks

CTwo vSphere distributed switches (VDS)
Each VDS uses one uplink as active and the other uplink as passive
Existing and new workload traffic on one VDS and storage traffic on the other VDS

DOne vSphere distributed switch (VDS) configuration
The VDS uses aggregated uplinks
Workload and storage traffic on the aggregated uplinks

Answer : D

The customer's requirements include the following:

Carry over existing VLANs for workloads: This can be easily achieved with a vSphere distributed switch (VDS), as it supports the configuration of VLANs and ensures that they can be applied to multiple ESXi hosts across the data center.

Networking for storage must not share the data path with workload traffic: By using aggregated uplinks in the VDS configuration, the architect can easily separate workload traffic and storage traffic by using different uplinks or VLANs. Aggregated uplinks ensure that there is sufficient bandwidth for both workloads and storage, while keeping them logically separated in terms of traffic management.

Add additional VLANs: A VDS supports the dynamic addition of VLANs. New VLANs can be added and managed centrally, reducing the complexity and management overhead when scaling the network.

Reduce management overhead: The use of a single VDS significantly reduces management complexity compared to managing multiple vSphere standard switches (VSS). With VDS, network configuration and management are centralized and simplified across all ESXi hosts.

Given that the new replacement servers have two 100 GB network cards, the aggregated uplinks in a VDS configuration will provide the required network capacity while ensuring that traffic is properly segmented and scalable.

Question 6

An architect is updating the design for a vSphere environment.

During a workshop focused on security, the following has been identified:

It has been determined that any configuration of ESXi hosts can only be completed via VMware vCenter

The Direct Console User Interface (DCUI) service must be disabled on ESXi hosts

The SSH service must be disabled on ESXi hosts

Based on the information from the workshop, which element does the architect need to include in the design?

AStrict Lockdown Mode

BNormal Lockdown Mode

CNormal Lockdown Mode with a defined Exception User list

DStrict Lockdown Mode with a defined Exception User list

Answer : A

Strict Lockdown Mode is the correct choice because it restricts all access to the ESXi host directly, ensuring that configuration can only be performed through VMware vCenter. This is in line with the requirement that configuration can only be done via vCenter.

Strict Lockdown Mode disables the Direct Console User Interface (DCUI) and SSH services, which aligns with the customer's requirement to have these services disabled for security purposes.

Question 7

A company has the requirement to ensure that business-critical applications have the necessary network bandwidth to function optimally and maintain a consistent quality of service (QoS).

Which statement would be included in the conceptual design to support this requirement?

AA distributed switch will be created and Network I/O Control will be enabled.

BThe network infrastructure must ensure secure communications and efficiently use available bandwidth.

CNetwork resource pool named 'bca-pool-02' is given a reservation quota of 5Gbit/sec.

DThe distributed switch will use a minimum of 25Gbps Ethernet.

Answer : A

This statement supports the requirement for ensuring that business-critical applications have the necessary network bandwidth and maintain consistent quality of service (QoS). By creating a distributed switch and enabling Network I/O Control, you can prioritize network traffic and ensure that the necessary bandwidth is allocated to critical applications, improving their performance and quality of service.