V6-FC Flashcards
Question NO: 1
An administrator wants to provide users restricted access. The users should only be able to perform the following tasks: Create and consolidate virtual machine snapshots Add/Remove virtual disks Snapshot Management Which default role in vCenter Server would meet the administrator's requirements for the users? A. Virtual machine user B. Virtual machine power user C. Virtual Datacenter administrator D. VMware Consolidated Backup user
Answer:
B
Explanation:
Virtual Machine Power User is a sample role that grants a useraccess rights only to virtual
machines; can alter the virtual hardware or create snapshots of the VM.
Reference:http://blog.pluralsight.com/vmware-access-control-101-roles-and-permissions
Question NO: 2
Which two roles can be modified? (Choose two.) A. Administrator Vmware 2V0-621D Exam Pass Any Exam. Any Time. - www.actualtests.com 2 B. Network Administrator C. Datastore Consumer D. Read-Only
Answer:
B,C
Explanation:
It is a common knowledge that you cannot modify Administrator role and grant whatever privileges
you like. Same is the case with read-only. This role is created solely for ready only purposes. So
you are left with two viable options ? Network administrator and Datastore consumer both of which
can be modified to add or delete privileges according to your specifications.
Question NO: 3
An administrator with global administrator privileges creates a custom role but fails to assign any privileges to it. Which two privileges would the custom role have? (Choose two.) A. System.View B. System.Anonymous C. System.User D. System.ReadOnly
Answer:
A,B
Explanation:
When you add a custom role and do not assign any privileges to it, the role is created as a Read
Only role with three system-defined privileges: System.Anonymous, System.View, and
System.Read.
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 3
Reference:https://pubs.vmware.com/vsphere-
51/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-93B962A7-93FA-4E96-
B68F-AE66D3D6C663.html
Question NO: 4
An administrator wishes to give a user the ability to manage snapshots for virtual machines.
Which privilege does the administrator need to assign to the user?
A.
Datastore.Allocate Space
B.
Virtual machine.Configuration.create snapshot
C.
Virtual machine.Configuration.manage snapshot
D.
Datastore.Browse Datastore
Answer:
A
Explanation:
Datastore.Allocate space allows allocating space on a datastore for avirtual machine, snapshot,
clone, or virtual disk.
Reference:https://pubs.vmware.com/vsphere-
51/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-B2426ACC-D73F-4732-
8BBC-DE9B1B2263D9.html
Question NO: 5
An object has inherited permissions from two parent objects.
What is true about the permissions on the object?
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 4
A.
The common permissions between the two are applied and the rest are discarded.
B.
The permissions are combined from both parent objects.
C.
No permissions are applied from the parent objects.
D.
The permission is randomly selected from either of the two parent objects.
Answer:
B
Explanation:
Most inventory objects inherit permissions from a single parent object in the hierarchy. For
example, a datastore inherits permissions from either its parent datastore folder or parent
datacenter. Virtual machines inherit permissions from both the parent virtual machine folder and
the parent host, cluster, or resource pool simultaneously. To restrict a user?s privileges on a virtual
machine, you must set permissions on both the parent folder and the parent host, cluster, or
resource pool for thatvirtual machine.
Reference:http://pubs.vmware.com/vsphere-4-esxvcenter/
index.jsp?topic=/com.vmware.vsphere.dcadmin.doc_41/vsp_dc_admin_guide/managing_
users_groups_roles_and_permissions/c_hierarchical_inheritance_of_permissions.html
Question NO: 6
What is the highest object level from which a virtual machine can inherit privileges? A. Host Folder B. Data Center C. Data Center Folder D. VM Folder
Answer:
C
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 5
Explanation:
Reference:http://www.vmware.com/pdf/vi3_vc_roles.pdf
Question NO: 7
Which three Authorization types are valid in vSphere? (Choose three.) A. Group Membership in vsphere.local Vmware 2V0-621D Exam Pass Any Exam. Any Time. - www.actualtests.com 6 B. Global C. Forest D. vCenter Server E. Group Membership in system-domain
Answer:
A,B,D
Explanation:
Sphere 6.0 and later allows privileged users to give other users permissions to perform tasks in
the following ways. These approaches are, for the most part, mutually exclusive; however, you can
assign use global permissions to authorizecertain users for all solution, and localvCenter
Serverpermissions to authorize other users for individualvCenter Serversystems.
vCenter ServerPermissions
The permission model forvCenter Serversystems relies on assigning permissions to objects in
theobject hierarchy of thatvCenter Server. Each permission gives one user or group a set of
privileges, that is, a role for a selected object. For example, you can select anESXihost and assign
a role to a group of users to give those users the corresponding privileges on that host.
Global Permissions
Global permissions are applied to a global root object that spans solutions. For example, if
bothvCenter Serverand vCenter Orchestrator are installed, you can give permissions to all objects
in both object hierarchies using global permissions.
Global permissions are replicated across the vsphere.local domain. Global permissions to not
provide authorization for services managed through vsphere.local groups. SeeGlobal Permissions.
Group Membership in vsphere.local Groups
The user administrator@vsphere.local can perform tasks that are associated withservices
included with thePlatform Services Controller. In addition, members of a vsphere.local group can
perform the corresponding task. For example, you can perform license management if you are a
member of the LicenseService.Administrators group. SeeGroups in the vsphere.local Domain.
Reference:http://pubs.vmware.com/vsphere-
60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-74F53189-EF41-4AC1-
A78E-D25621855800.html
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 7
Question NO: 8
Which three components should an administrator select when configuring vSphere permissions? (Choose three.) A. Inventory Object B. Role C. User/Group D. Privilege E. Password
Answer:
A,B,C
Explanation:
InvSphere, permission consists of a user or group and an assigned role for an inventory object,
such as a virtual machine or ESX/ESXi host. Permissions grant users the right to perform the
activities specified by the role on the object to which the role is assigned.
Reference:http://pubs.vmware.com/vsphere-4-esxvcenter/
index.jsp?topic=/com.vmware.vsphere.dcadmin.doc_41/vsp_dc_admin_guide/managing_
users_groups_roles_and_permissions/c_permissions.html
Question NO: 9
In which two vsphere.local groups should an administrator avoid adding members? (Choose two.) A. SolutionUsers B. Administrators Vmware 2V0-621D Exam Pass Any Exam. Any Time. - www.actualtests.com 8 C. DCAdmins D. ExternalPDUsers
Answer:
A,B
Explanation:
The vsphere.local domain includes several predefined groups. Assign users to one of those
groups to be able to perform the corresponding actions.
For all objects in the vCenter Server hierarchy, permissions are assigned by pairing a user and a
role with the object. For example, you can select a resource pool and give a group of users read
privileges to that resource pool by givingthem the corresponding role.
For some services that are not managed by vCenter Server directly, privileges are determined by
membership to one of the vCenter Single Sign-On groups. For example, a user who is a member
of the Administrator group can managevCenter Single Sign-On. A user who is a member of the
CAAdmins group can manage the VMware Certificate Authority, and a user who is in the
LicenseService.Administrators group can manage licenses.
Reference:https://pubs.vmware.com/vsphere-
60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-87DA2F34-DCC9-4DAB-
8900-1BA35837D07E.html
Question NO: 10
An administrator has configured three vCenter Servers and vRealize Orchestrator within a
Platform Services Controller domain, and needs to grant a user privileges that span all
environments.
Which statement best describes how the administrator would accomplish this?
A.
Assign a Global Permission to the user.
B.
Assign a vCenter Permission to the user.
C.
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 9
Assign vsphere.local membership to the user.
D.
Assign an ESXi Permission to the user.
Answer:
A
Explanation:
Global permissions are applied to aglobal root object that spans solutions, for example, both
vCenter Server and vCenter Orchestrator. Use global permissions to give a user or group
privileges for all objects in all object hierarchies.
Reference:http://pubs.vmware.com/vsphere-
60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-C7702E31-1623-4189-
89CB-E1136AA27972.html
Question NO: 11
Which two methods are recommended for managing the VMware Directory Service? (Choose two.) A. Utilize the vmdir command. B. Manage through the vSphere Web Client. C. Manage using the VMware Directory Service. D. Utilize the dc rep command.
Answer:
A,B
Explanation:
To manage VMware directory service, you can use vmdir command and vsphere web client.
VMware directory service is always managed using vmdir command which is specifically used for
directory services.
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 10
Question NO: 12
What are two sample roles that are provided with vCenter Server by default? (Choose two.) A. Virtual machine User B. Network Administrator C. Content Library Administrator D. Storage Administrator
Answer:
A,B
Explanation:
Reference:https://books.google.com.pk/books?id=35TE4cSycNAC&pg=PA97&lpg=PA97&dq=sam
ple+roles+that+are+provided+with+vCenter+Server+by+default&source=bl&ots=ggd5VKGky5&sig
=-lc0JubytkvddWsrG_
zHgEDTQY&hl=en&sa=X&ved=0CDcQ6AEwBWoVChMIlZH2x8WExgIVxDoUCh2N1
AC2#v=onepage&q=sample%20roles%20that%20are%20provided%20with%20vCenter%20Serve
r%20by%20default&f=false
Question NO: 13
An administrator would like to use the VMware Certificate Authority (VMCA) as an Intermediate
Certificate Authority (CA). The first two steps performed are:
Replace the Root Certificate
Replace Machine Certificates (Intermediate CA)
Which two steps would need to be performed next? (Choose two.)
A.
Replace Solution User Certificates (Intermediate CA)
B.
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 11
Replace the VMware Directory Service Certificate (Intermediate CA)
C.
Replace the VMware Directory Service Certificate
D.
Replace Solution User Certificates
Answer:
A,C
Explanation:
You can replace the VMCA root certificate with a third-party CA-signed certificate that includes
VMCAin the certificate chain. Going forward, all certificates that VMCA generates include the full
chain. You can replace existing certificates with newly generated certificates. This approach
combines the security of third-party CA-signed certificate with theconvenience of automated
certificate management.
Reference:http://pubs.vmware.com/vsphere-
60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-5FE583A2-3737-4B62-
A905-5BB38D479AE0.html
Question NO: 14
Which three options are available for ESXi Certificate Replacement? (Choose three.) A. VMware Certificate Authority mode B. Custom CertificateAuthority mode C. Thumbprint mode D. Hybrid Deployment E. VMware Certificate Endpoint Authority Mode
Answer:
A,B,C
Explanation:
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 12
You can perform different types of certificate replacement depending on company policy and
requirements for the system thatyou are configuring. You can perform each replacement with the
vSphere Certificate Manager utility or manually by using the CLIs included with your installation.
VMCA is included in each Platform Services Controller and in each embedded deployment. VMCA
provisions each node, each vCenter Server solution user, and each ESXi host with a certificate
that is signed by VMCA as the certificate authority. vCenter Server solution users are groups of
vCenter Server services. See vSphere Security for a list of solution users.
You can replace the default certificates. For vCenter Server components, you can use a set of
command-line tools included in your installation. You have several options.
Reference:http://pubs.vmware.com/vsphere-
60/index.jsp?topic=%2Fcom.vmware.vsphere.install.doc%2FGUID-4469A6D3-048A-471C-9CB4-
518A15EA2AC0.html
Question NO: 15
Lockdown Mode has been enabled on an ESXi 6.x host and users are restricted from logging into
the Direct Console User Interface (DCUI).
Which two statements are true given this configuration? (Choose two.)
A.
A user granted administrative privileges in the Exception Userlist can login.
B.
A user defined in the DCUI.Access without administrative privileges can login.
C.
A user defined in the ESXi Admins domain group can login.
D.
A user set to the vCenter Administrator role can login.
Answer:
A,B
Explanation:
Reference:https://pubs.vmware.com/vsphere-
60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-F8F105F7-CF93-46DF-
9319-F8991839D265.html
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 13
Question NO: 16
Strict Lockdown Mode has been enabled on an ESXi host.
Which action should an administrator perform to allow ESXi Shell or SSH access for users with
administrator privileges?
A.
Grant the users the administrator role and enable the service.
B.
Add the users to Exception Users and enable the service.
C.
No action can be taken, Strict Lockdown Mode prevents direct access.
D.
Add the users to vsphere.local and enable the service.
Answer:
B
Explanation:
Reference:https://pubs.vmware.com/vsphere-
60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-F8F105F7-CF93-46DF-
9319-F8991839D265.html
Question NO: 17
An administrator wants to configure an ESXi 6.x host to use Active Directory (AD) to manage
users and groups. The AD domain group ESX Admins is planned for administrative access to the
host.
Which two conditions should be considered when planning this configuration? (Choose two.)
A.
If administrative access for ESX Admins is not required, this setting can be altered.
B.
The users in ESX Admins are not restricted by Lockdown Mode.
C.
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 14
An ESXi host provisioned withAuto Deploy cannot store AD credentials.
D.
The users in ESX Admins are granted administrative privileges in vCenter Server.
Answer:
A,C
Explanation:
Question NO: 18
Which password meets ESXi 6.x host password requirements? A. 8kMVnn2x B. zNgtnJBA2 C. Nvgt34kn44 D.b74wr
Answer:
A
Explanation:
A valid password requires a mix of upper and lower case letters, digits, and other characters. You
can use a 7-character long password with characters from at leastthree of these four classes, or a
6-character long password containing characters from all the classes. A password that begins with
an upper case letter and ends with a numerical digit does not count towards the number of
character classes used. It is recommended that the password does not contain the username.
A passphrase requires at least 3 words, can be 8 to 40 characters long, and must contain enough
different characters.
Reference:http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=display
KC&externalId=1012033
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 15
Question NO: 19
An administrator would like to use a passphrase for their ESXi 6.x hosts which has these
characteristics:
Minimum of 21 characters
Minimum of2 words
Which advanced options must be set to allow this passphrase configuration to be used?
A.
retry=3 min=disabled, disabled, 7, 21, 7 passphrase=2
B.
retry=3 min=disabled, disabled, 21, 7, 7 passphrase=2
C.
retry=3 min=disabled, disabled, 2, 21, 7
D.
retry=3 min=disabled, disabled, 21, 21, 2
Answer:
B
Explanation:
To force a specific password complexity and disable all others, replace the number with the word
with disabled. For example, to force passwords containing characters from all four-character
classes:
password requisite/lib/security/$ISA/pam_passwdqc.so retry=3 min=
disabled,disabled,disabled,disabled,7
Reference:http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=display
KC&externalId=1012033
Question NO: 20
Which Advanced Setting should be created for the vCenter Server to change the expiration policy of the vpxuser password? A. VimPasswordExpirationInDays Vmware 2V0-621D Exam Pass Any Exam. Any Time. - www.actualtests.com 16 B. VimExpirationPasswordDays C. VimPassExpirationInDays D. VimPasswordRefreshDays
Answer:
A
Explanation:
vCenter Server creates the vpxuser account on each ESX/ESXi host that it manages. The
password for each vpxuser accountis auto-generated when an ESX/ESXi host is added. The
password is updated by default every 30 days.
To modify default password settings:
Reference:http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=display
KC&externalId=1016736
Question NO: 21
An administrator has been instructed to secure existing virtual machines in vCenter Server.
Which two actions should the administrator take to secure these virtual machines? (Choose two.)
A.
Disable native remote management services
B.
Restrict Remote Console access
C.
Use Independent Non-Persistent virtual disks
D.
Prevent use of Independent Non-Persistent virtual disks
Answer:
B,D
Explanation:
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 17
Reference:http://www.vmware.com/files/pdf/techpaper/VMW-TWP-vSPHR-SECRTY-HRDNGUSLET-
101-WEB-1.pdf(page 11, see the tables)
Question NO: 22
An administrator has recently audited the environment and found numerous virtual machines with sensitive data written to the configuration files. To prevent this in the future, which advanced parameter should be applied to the virtual machines? A. isolation.tools.setinfo.disable = true B. isolation.tools.setinfo.enable = true C. isolation.tools.setinfo.disable = false D. isolation.tools.setinfo.enable = false
Answer:
A
Explanation:
It is configured on a per-VM basis. You can increase the guest operating system variablememory
limit if large amounts of custom information are being stored in the configuration file. You can also
prevent guests from writing any name-value pairs to the configuration file. To do so, use the
following setting, and set it to ?true?:
Question NO: 23
Which two statements are correct regarding vSphere certificates? (Choose two.)
A.
ESXi host upgrades do not preserve the SSL certificate and reissue one from the VMware
Certificate Authority (VMCA).
B.
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 18
ESXi host upgrades preserve the existing SSL certificate.
C.
ESXi hosts have assigned SSL certificates from the VMware Certificate Authority (VMCA) during
install.
D.
ESXi hosts have self-signed SSL certificates by default.
Answer:
B,C
Explanation:
Of course, ESXi host upgrades preserve existing SSLcertificate and it also have assigned SSL
certificates from VMCA during the installation process.
Question NO: 24
Which three options are available for replacing vCenter Server Security Certificates? (Choose
three.)
A.
Replace with Certificates signedby the VMware Certificate Authority.
B.
Make VMware Certificate Authority an Intermediate Certificate Authority.
C.
Do not use VMware Certificate Authority, provision your own Certificates.
D.
Use SSL Thumbprint mode.
E.
Replace all VMware Certificate Authority issued Certificates with self-signed Certificates.
Answer:
A,B,C
Explanation:
There are three options for replace vCenter server security certificates. You can replace it with
certificates signed by VMware certificate authority; you can make theVMCA an intermediate
certificate authority. Likewise, you can provision your own certificates.
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 19
Question NO: 25
When attempting to log in with the vSphere Web Client, users have reported the error:
Incorrect Username/Password
The administrator has configured the Platform Services Controller Identity Source as:
Type. Active Directory as an LDAP Server
Domain: vmware.com
Alias: VMWARE
Default Domain: Yes
Which two statements would explain why users cannot login to the vSphere Web Client? (Choose
two.)
A.
Users are typing the password incorrectly.
B.
Users are in a forest that has 1-way trust.
C.
Users are in a forest that has 2-way trust.
D.
Users are logging into vCenter Server with incorrect permissions.
Answer:
A,B
Explanation:
The possible explanation for this error might be that the users are typing password incorrectly or
they are in a forest with has only 1-way trust. You need 2-way trust to get the credentials
accepted.
Question NO: 26
Vmware 2V0-621D Exam Pass Any Exam. Any Time. - www.actualtests.com 20 Which group in the vsphere.local domain will have administrator privileges for the VMware Certificate Authority (VMCA)? A. SolutionUsers B. CAAdmins C. DCAAdmins D. SystemConfiguration.Administrators
Answer:
B
Explanation:
Members of the CAAdmins group have administrator privileges for VMCA. Adding members to
these groups is not usually recommended.
Reference:https://pubs.vmware.com/vsphere-
60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-87DA2F34-DCC9-4DAB-
8900-1BA35837D07E.html
Question NO: 27
Which Platform Service Controller Password Policy determines the number of days a password can exist before the user must change it? A. MaximumLifetime B. Password Age C. Maximum Days D. Password Lifetime Vmware 2V0-621D Exam Pass Any Exam. Any Time. - www.actualtests.com 21
Answer:
A
Explanation:
You can configure the following parameters for password policy:
Reference:http://www.vladan.fr/vcp6-dcv-objective-1-3-enable-sso-and-active-directoryintegration/
Question NO: 28
An administrator is configuring the clock tolerance for the Single Sign-On token configuration policy and wants to define the time skew tolerance between a client and the domain controller clock. Which time measurement is used for the value? A. Milliseconds B. Seconds C. Minutes D. Hours
Answer:
A
Explanation:
The time skew tolerance between a client and the domain controller clock is measured in
milliseconds.
Question NO: 29
Which VMware Single Sign-On component issues Security Assertion Markup Language (SAML) Vmware 2V0-621D Exam Pass Any Exam. Any Time. - www.actualtests.com 22 tokens? A. VMware Security Token Service B. Administration Server C. VMware Directory Service D. Identity Management Service
Answer:
A
Explanation:
The security token service issues Security Assertion Markup Language (SAML) tokens. These
security tokens pass information about a system user between anidentity provider and a web
service. This service enables a user who has logged on through vCenter Single Sign-On to use
multiple web-service delivered applications without authenticating to each one.
Reference:https://pubs.vmware.com/vsphere-
51/index.jsp?topic=%2Fcom.vmware.vsphere.upgrade.doc%2FGUID-90C1E3DC-4397-4BF0-
808E-DF3802E56BC6.html
Which two are valid Identity Sources when configuring vCenter Single Sign-On? (Choose two.)
A. Radius
B. NIS
C. OpenLDAP
D. LocalOS
!Answer:
C, D
Explanation:
Active Directory (Integrated Windows Authentication)
Use this option for native Active Directory implementations. The machine on which the vCenter
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 23
Single Sign-Onservice is running must be in an Active Directory domain if you want to use this
option.
See Active Directory Identity Source Settings.
Active Directory as an LDAP Server
This optionis available for backward compatibility. It requires that you specify the domain controller
and other information. See Active Directory LDAP Server and OpenLDAP Server Identity Source
Settings.
OpenLDAP
Use this option for an OpenLDAP identity source. See Active Directory LDAP Server and
OpenLDAP Server Identity Source Settings.
LocalOS
Use this option to add the local operating system as an identity source. You are prompted only for
the name of the local operating system. If you select this option, allusers on the specified machine
are visible to vCenter Single Sign-On, even if those users are not part of another domain.
Reference:http://pubs.vmware.com/vsphere-
60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-B23B1360-8838-4FF2-B074-
71643C4CB040.html
Question NO: 30
An administrator needs to create an Integrated Windows Authentication (IWA) Identity Source on a
newly deployed vCenter Server Appliance (VCSA).
Which two actions will accomplish this? (Choose two.)
A.
Use a Service Principal Name (SPN) to configure the Identity Source.
B.
Use a Domain administrator to configure theIdentity Source.
C.
Join the VCSA to Active Directory and configure the Identity Source with a Machine Account.
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 24
D.
Create a computer account in Active Directory for the VCSA and configure the Identity Source.
Answer:
A,C
Explanation:
Using a machine account when configuring an Active Directory identity source for vCenter Server
requires that the Windows system be joined to the domain. If the system is not joined to the
domain, SSO cannot leverage the machine account to create the identity source and perform its
function as the secure token service user.
To resolve this issue in VCVA 5.5, use only the Use SPN option.
Reference:http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=display
KC&externalId=2058919
Question NO: 31
An administrator is creating a new Content Library. It will subscribe to another remote Content
Library without authentication enabled.
What information from the published library will they need in order to complete the subscription?
A.
Subscription URL
B.
A security password from the publishing Content Library
C.
Publisher’s Items.json file
D.
Username from the publishing Content Library
Answer:
A
Explanation:
Subscription URL from the published library is needed to complete the subscription.
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 25
Question NO: 32
An administrator is assigning a user the Content Library administrator role. The user will only be
creating the library for a single vCenter Server.
What is the lowest level of the permission heirarchy that this role can be granted to the user and
still allow them to create a Content Library?
A.
Global
B.
Datacenter Folder
C.
Virtual Center
D.
Datacenter
Answer:
A
Explanation:
To let a user manage a content library and its items, an Administrator can assign the Content
Library Administrator role to that user as a global permission. The Content Library Administrator
role is a sample role in the vSphere Web Client.
Users who are Administrators can also manage libraries and their contents. If a user is an
Administrator at a vCenter Server level, they have sufficient privileges to manage the libraries that
belong to this vCenter Server instance, but cannot see the libraries unless they have a Read-Only
role as a global permission.
Reference:http://pubs.vmware.com/vsphere-
60/index.jsp?topic=%2Fcom.vmware.vsphere.vm_admin.doc%2FGUID-18F4B892-D685-4473-
AC25-3195D68DFD90.html
Question NO: 33
Which three connection types are supported between a remote site and vCloud Air? (Choose three.) Vmware 2V0-621D Exam Pass Any Exam. Any Time. - www.actualtests.com 26 A. Secure Internet Connectivity B. Private Connect C. Direct Connect D. Internet Connectivity E. Secure VPN
Answer:
A,C,E
Explanation:
The connection types supported between a remote site and vcloud Air is secure VPN, direct
connect and Secure Internet Connectivity.
Question NO: 34
Refer to the Exhibit. Vmware 2V0-621D Exam Pass Any Exam. Any Time. - www.actualtests.com 27 An administrator is adding an Active Directory over LDAP Identity Source for vCenter Single Sign- On, as indicated in the Exhibit. What is the correct value to configure for the Domain alias? A. The domain's NetBIOS name. B. The fully qualified domain name. C. vsphere.local D. A user defined label.
Answer:
A
Explanation:
The domain alias is usually NetBIOS name, for example, acme.lab.
Reference:https://www.virten.net/2015/02/how-to-add-ad-authentication-in-vcenter-6-0-platformservice-
controller/
Question NO: 35
An administrator decides to change the root password for an ESXi 6.x host to comply with the
company’s security policies.
What are two ways that this can be accomplished? (Choose two.)
A.
Use the Direct Console User Interface to change the password.
B.
Use the passwd command in the ESXi Shell.
C.
Use the password command in the ESXi Shell.
D.
Use the vSphere client to update local users.
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 28
Answer:
A,B
Explanation:
To prevent unauthorized access to the vCenter Server Appliance Direct Console User Interface,
you can change the password of the root user.
The default root password for the vCenter Server Appliance is the password you enter during
deployment of the virtual appliance.
Reference:http://pubs.vmware.com/vsphere-
60/index.jsp?topic=%2Fcom.vmware.vsphere.vcsa.doc%2FGUID-48BAF973-4FD3-4FF3-B1B6-
5F7286C9B59A.html
Question NO: 36
An administrator connects to an ESXi 6.x host console in order to shutdown the host. Which option in the Direct Console User Interface would perform this task? A. Press the F12 key B. Press the F2 key C. Press Alt + F1 simultaneously D. Press Alt + F2 simultaneously
Answer:
A
Explanation:
Reference:http://pubs.vmware.com/vsphere-4-esxi-embeddedvcenter/
index.jsp?topic=/com.vmware.vsphere.setupembedded.doc_40/install/setting_up_esxi_4.0
/c_direct_console_user_interface.html
Question NO: 37
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 29
An administrator is able to manage an ESXi 6.x host connected to vCenter Server using the
vSphere Web Client but is unable to connect to the host directly.
Which action should the administrator take to correct this behavior?
A.
Restart management agents on the ESXi host.
B.
Disable Lockdown Mode on the ESXi host through vCenter Server.
C.
Disable the ESXi firewall with the command esxcli network firewall unload.
D.
Reboot the ESXi host.
Answer:
B
Explanation:
Disable lockdown mode through the DCUI and then enable it through the vCenter Server instead.
The vCenter Server does not keep track of lockdown mode state changes thatinitiated outside of
the vCenter Server itself.
Reference:http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=display
KC&externalId=2040768
Question NO: 38
An administrator needs two vCenter Servers to be visible within a single vSphere Web Client
session.
Which two vCenter Server and Platform Services Controller (PSC) configurations would
accomplish this? (Choose two.)
A.
Install a single PSC with two vCenter Servers registered to it.
B.
Install two PSCs in the same Single Sign-On domain with one vCenter Server registered to each
PSC.
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 30
C.
Install a single PSC with two vCenter Servers registered to it and configureLinked Mode.
D.
Install two PSCs in the same Single Sign-On domain with one vCenter Server registered to each
PSC and configure Linked Mode.
Answer:
A,B
Explanation:
To have two vcenter servers visible within a single vSphere web client session, you have to install
a single PSC with both vCenter servers registered. You also need to install two PSCs in the same
SSO domain with one vCenter Server registered to each PSC.
Question NO: 39
An administrator wants to clone a virtual machine using the vSphere Client.
Which explains why the Clone option is missing?
A.
The vSphere Client is directly connected to the ESXi host.
B.
The virtual machine is configured with a thin-provisioned virtual disk.
C.
The virtual machine is configured with outdated VirtualHardware.
D.
Cloning can only be performed with vRealize Orchestrator.
Answer:
A
Explanation:
The Clone option is missing because vSphere client is directly connected to the ESXi host. To
enable the option, you have to connect it through vcenter server because cloning is a vCenter
Server feature. You need install vCenter server on one of the Windows Server and connect
vCenter Server via vSphere client and create cluster, add host after that you will see cloning and
template option and much more
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 31
An administrator creates a custom ESXi firewall rule using an XML file, however the rules do not
appear in the vSphere Web Client.
Which action should the administrator take to correct the problem?
A. Load the new rules using esxcli networkfirewall reload.
B. Load the new rules using esxcli network firewall refresh.
C. Verify the entries in the XML file and then reboot the ESXi host.
D. Remove the ESXi host from the inventory and add it back.
!Answer:
B
Refresh the firewall configuration by reading the rule set files if the firewall module is loaded.
Reference:https://pubs.vmware.com/vsphere-
60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-7A8BEFC8-BF86-49B5-
AE2D-E400AAD81BA3.html
Topic 2, Configure and Administer Advanced vSphere Networking
Question NO: 40
A common root user account has been configured for a group of ESXi 6.x hosts.
Which two steps should be taken to mitigate security risks associated with this configuration?
(Choose two.)
A.
Remove the root user account from the ESXi host.
B.
Set a complex password for the root account and limit its use.
C.
UseESXi Active Directory capabilities to assign users the administrator role.
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 32
D.
Use Lockdown mode to restrict root account access.
Answer:
B,C
Explanation:
To address the security risks, yo need to set a complex password for the root account and
makesure only authorized personnel use it. The second step is to use ESXi active directory to
assign the administrator role to users.
Question NO: 41
Which two advanced features should be disabled for virtual machines that are only hosted on a vSphere system? (Choose two.) A. isolation.tools.unity.push.update.disable B. isolation.tools.ghi.launchmenu.change C. isolation.tools.bbs.disable D. isolation.tools.hgfsServerSet.enable
Answer:
A,B
Explanation:
Because VMware virtual machines run in many VMware products in addition to vSphere, some
virtual machine parameters do not apply in a vSphere environment. Although these features do
not appear in vSphere user interfaces, disabling them reduces the number of vectors through
which a guest operating system couldaccess a host. Use the following .vmx setting to disable
these features:
isolation.tools.unity.push.update.disable = TRUE isolation.tools.ghi.l?unch?enu.change = TRUE
isolation.tools.ghi.a?tolo?on.disable = TRUE isolation.tools.hgfsS?rver?et.disable= TRUE
isolation.tools.memSc?edFa?eSampleStats.disable = TRUE isolation.tools.getCr?ds.d?sable =
TRUE
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 33
Reference:https://pubs.vmware.com/vsphere-
51/index.jsp?topic=%2Fcom.vmware.vmtools.install.doc%2FGUID-685722FA-9009-439C-9142-
18A9E7C592EA.html
Question NO: 42
To reduce the attack vectors for a virtual machine, which two settings should an administrator set to false? (Choose two.) A. ideX:Y.present B. serial.present C. ideX:Y.enabled D. serial.enabled
Answer:
A,B
Explanation:
Reference:http://jackiechen.org/2012/10/05/vsphere-5-0-security-hardening-recommended-vmsettings-
configure-script/
Question NO: 43
Which two groups of settings should be reviewed when attempting to increase the security of virtual machines (VMs)? (Choose two.) A. Disable hardware devices B. Disable unexposed features C. Disable Vmtools devices Vmware 2V0-621D Exam Pass Any Exam. Any Time. - www.actualtests.com 34 D. Disable VM Template features
Answer:
A,B
Explanation:
Make sure you review hardware devices and disable the unnecessary ones. Also disable
unexposed features before increasing virtual machines security.
Question NO: 44
Refer to the Exhibit.
An administrator is changing the settings on a vSphere Distributed Switch (vDS). During this
process, the ESXi Management IP address is set to an address which can no longer communicate
with the vCenter Server.
What is the most likely outcome of this action?
A.
The host will disconnect from the vCenter Server and remain disconnected.
B.
The host will automatically detect the communication issue and revert the change.
C.
The host will stay connected with the change, but show an alert.
D.
The host will disconnect and migrate the vDS portgroup to a standard switch.
Answer:
B
Explanation:
ESXi is a flexible environment that automatically detects communication issues and revert
thechanges made in mistake.
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 35
Question NO: 45
Which secondary Private VLAN (PVLAN) type can communicate and send packets to an Isolated PVLAN? A. Community B. Isolated C. Promiscuous D. Primary
Answer:
C
Explanation:
A node attached to a port in apromiscuous secondary PVLAN may send and receive packets to
any node in any others secondary VLAN associated to the same primary. Routers are typically
attached to promiscuous ports.
Reference:https://communities.vmware.com/thread/483486
Question NO: 46
Which three traffic types can be configured for dedicated Vmkernel adapters? (Choose three.) A. Discovery traffic B. vMotion traffic C. vSphere Replication NFC traffic D. Provisioning traffic Vmware 2V0-621D Exam Pass Any Exam. Any Time. - www.actualtests.com 36 E. vSphere Custom traffic
Answer:
B,C,D
Explanation:
Question NO: 47
What are two limitations of Link Aggregation Control Protocol (LACP) on a vSphere Distributed
Switch? (Choose two.)
A.
IP Hash load balancing is not a supported Teaming Policy.
B.
Software iSCSImultipathing is not compatible.
C.
Link Status Network failover detection must be disabled.
D.
It does not support configuration through Host Profiles.
Answer:
B,D
Explanation:
Question NO: 48
Which two features are deprecated in Network I/O Control 3 (NIOC3)? (Choose two.) A. Class Of Service (COS) Tagging B. Bandwidth Allocation C. User-defined network resource pools D. Admission control Vmware 2V0-621D Exam Pass Any Exam. Any Time. - www.actualtests.com 37
Answer:
A,C
Explanation:
Class of Service tagging and user-defined resource pools are deprecated in NIOC3.
Question NO: 49
An administrator runs the command esxcli storage core device list and sees the following output:
mpx.vmhba1:C0:T0:L0 Display Name: RAID 5 (mpx.vmhba1:C0:T0:L0) Has Settable Display
Name: false SizE. 40960 Device Type: Direct-Access Multipath Plugin: NMP Devfs Path:
/vmfs/devices/disks/mpx.vmhba1:C0:T0:L0 Status: off Is Local: true
What can be determined by this output?
A.
The device is a being used for vFlash Read Cache.
B.
The device is in a Permanent Device Loss (PDL) state.
C.
The device is alocal Solid State Device (SSD).
D.
The device is in an All Paths Down (APD) state.
Answer:
B
Explanation:
Reference:http://vmwaremine.com/2014/07/07/manage-psa-claimrules-satp-rulesesxcli/#
sthash.i6Esax8x.dpbs
Question NO: 50
An administrator notices that there is an all paths down (APD) event occurring for the software
FcoE storage.
What is a likely cause?
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 38
A.
Spanning Tree Protocol is enabled on thenetwork ports.
B.
Spanning Tree Protocol is disabled on the network ports.
C.
Spanning Tree Protocol is enabled on the storage processors.
D.
Spanning Tree Protocol is disabled on the storage processors.
Answer:
A
Explanation:
Prevent all paths down event on FcoE storage by disabling STP on network ports.
Question NO: 51
Which two statements are true regarding iSCSI adapters? (Choose two.)
A.
Software iSCSI adapters require vmkernel networking.
B.
Independent Hardware iSCSI adapters offload processingfrom the ESXi host.
C.
Dependent Hardware iSCSI adapters do not require vmkernel networking.
D.
Independent Hardware iSCSI adapters require vmkernel networking.
Answer:
A,B
Explanation:
An independent hardware iSCSI adapter is a specialized third-partyadapter capable of accessing
iSCSI storage over TCP/IP. This iSCSI adapter handles all iSCSI and network processing and
management for your ESXi system.
Software and dependent hardware iSCSI adapters depend on VMkernel networking. If you use the
softwareor dependent hardware iSCSI adapters, you must configure connections for the traffic
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 39
between the iSCSI component and the physical network adapters.
Reference:http://pubs.vmware.com/vsphere-
51/index.jsp#com.vmware.vsphere.storage.doc/GUID-9BC0BA74-EAE4-4816-BD49-
E5214920AB4B.html
Question NO: 52
Which command shows the Physical Uplink status for a vmnic? A. esxcli network ip get B. esxcli network nic list C. esxcli network vmnic list D. esxcli network ifconfig get
Answer:
B
Explanation:
Reference:http://blogs.vmware.com/vsphere/2013/01/network-troubleshooting-using-esxcli-5-
1.html
Question NO: 53
An administrator creates a Private VLAN with a Primary VLAN ID of 2. The administrator then
creates three Private VLANs as follows:
Marketing
PVLAN ID. 4
PVLAN Type. Isolated
Accounting
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 40
PVLAN ID. 5
PVLAN Type. Community
Secretary
PVLAN ID. 17
PVLAN Type. Isolated
Users in the Accounting PVLAN are reporting problems communicating with servers in the
Marketing PVLAN.
Which two actions could the administrator take to resolve this problem? (Choose two.)
A.
Change the PVLAN type for the Accounting network to Promiscuous.
B.
Change the PVLAN ID for the Accounting network to 2.
C.
Change the PVLAN type for Marketing network to Promiscuous.
D.
Change the PVLAN ID for Accounting network to 4.
Answer:
A,B
Explanation:
Change the PVLAN type for the accounting network to Promiscuous and the PVLAN ID to 2. This
way, the servers in Marketing PVLAN will communicate effectively.
Topic 3, Configure and Administer Advanced vSphere Storage
Question NO: 54
What are two use cases for Fibre Channel Zoning in a vSphere environment? (Choose two.)
A.
Increases the number of targets presented to an ESXi host.
B.
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 41
Controls and isolates paths in a fabric.
C.
Controls and isolates paths to an NFS share.
D.
Can be used to separate different environments.
Answer:
B,D
Explanation:
Zoning provides access control in the SAN topology. Zoning defines which HBAs can connect to
which targets. When you configure a SAN by using zoning, the devices outside azone are not
visible to the devices inside the zone.
Reference:https://pubs.vmware.com/vsphere-
55/index.jsp?topic=%2Fcom.vmware.vsphere.storage.doc%2FGUID-E7818A5D-6BD7-4F51-
B4BA-EFBF2D3A8357.html
Question NO: 55
Which two considerations should an administrator keep in mind when booting from Software Fiber
Channel over Ethernet (FCoE)? (Choose two.)
A.
Software FCoE boot configuration can be changed from within ESXi.
B.
Software FCoE boot firmware cannot export information in FBFT format.
C.
Multipathing is not supported at pre-boot.
D.
Boot LUN cannot be shared with other hosts even on shared storage.
Answer:
C,D
Explanation:
When you boot the ESXi host from SAN using software FCoE, certain requirements and
considerations apply.
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 42
Reference:https://pubs.vmware.com/vsphere-
55/index.jsp?topic=%2Fcom.vmware.vsphere.storage.doc%2FGUID-8E57EDC9-F122-4A81-
8B80-FE19FFE832B1.html
Question NO: 56
An administrator is configuring virtual machines to use Worldwide Port Names (WWPNs) to
access the storage.
Which two conditions are required? (Choose two.)
A.
The switches in the fabric must be N-Port ID Virtualization aware.
B.
The virtual machines must be using passthrough Raw Disk Mapping (RDMp).
C.
The virtual machines must be using Virtual Machine Disk (VMDK).
D.
The switches in the fabric must be Storage I/O Control aware.
Answer:
A,B
Explanation:
To configure virtual machines to use WWPNs, you have to set N-Port ID virtualization aware
setting on the switches in the fabric and you should also make sure that the virtual machines must
be using passthrough raw disk mapping.
Question NO: 57
Which two statements are true regarding VMFS3 volumes in ESXi 6.x? (Choose two.)
A.
Creation of VMFS3 volumes isunsupported.
B.
Upgrading VMFS3 volumes to VMFS5 is supported.
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 43
C.
Existing VMFS3 volumes are unsupported.
D.
Upgrading VMFS3 volumes to VMFS5 is unsupported.
Answer:
A,B
Explanation:
While a VMFS-3, which is upgraded to VMFS-5, provides you with most ofthe capabilities as a
newly created VMFS-5, there are some differences. Both upgraded and newly created VMFS-5
support single-extent volumes up to 64TB and both support VMDK sizes of ~2TB, no matter what
the VMFS file-block size is. However additional differences, although minor, should be considered
when making a decision whether to upgrade to VMFS-5 or create new VMFS-5 volumes.
Reference:http://www.vmware.com/files/pdf/techpaper/VMFS-5_Upgrade_Considerations.pdf
Question NO: 58
Which three statements are correct regarding Fibre Channel over Ethernet (FCOE)? (Choose
three.)
A.
The network switch must have Priority-based Flow Control (PFC) set to AUTO.
B.
The network switch must have Priority-based Flow Control (PFC) set to ON.
C.
Each port on the FCoE card must reside on the same vSwitch.
D.
Each port on the FCoE card must reside on a separate vSwitch.
E.
The ESXi host will require a reboot after moving an FCoE card to a different vSwitch.
Answer:
A,D,E
Explanation:
Reference:https://pubs.vmware.com/vsphere-
55/index.jsp?topic=%2Fcom.vmware.vsphere.storage.doc%2FGUID-6B49866F-7005-4099-84AC-
4FB2A1A91F64.html
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 44
Question NO: 59
Which two statements are true regarding Virtual SAN Fault Domains? (Choose two.)
A.
They enable VirtualSAN to tolerate the failure of an entire physical rack.
B.
Virtual SAN ensures that no two replicas are provisioned on the same domain.
C.
Virtual SAN ensures that all replicas are provisioned on the same domain.
D.
They require VMware High Availability (HA) to ensure component distribution across domains.
Answer:
A,B
Explanation:
A fault domain consists of one or more Virtual SAN hosts grouped together according to their
physical location in the data center. When configured, fault domains enable VirtualSAN to tolerate
failures of entire physical rack as well as failures of a singlehost, capacity device, network link or a
network switch dedicated to fault domains. Fault domains cannot be configured for stretched or
metro clusters.
Reference:http://pubs.vmware.com/vsphere-
60/index.jsp?topic=%2Fcom.vmware.vsphere.virtualsan.doc%2FGUID-8491C4B0-6F94-4023-
8C7A-FD7B40D0368D.html
Question NO: 60
An administrator created a six node Virtual SAN cluster, created a fault domain, and moved three
of the six nodes into that domain.
A node that is a member of the fault domain fails.
What is the expected result?
A.
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 45
The remaining two fault domain members are treated as failed.
B.
The remaining two fault domain members stay protected by the domain.
C.
One of the non-member nodes will be automatically added to the fault domain.
D.
VMware High Availability will restart virtual machines on remaining nodes in the domain.
Answer:
A
Explanation:
When the member of the fault domain fails, the remaining two fault domain members are treated
as failed too.
Question NO: 61
Where is a Virtual SAN Fault Domain configured?
A.
VMware Virtual SAN Cluster configuration
B.
VMware High Availability Cluster configuration
C.
Distributed Resource Scheduler configuration
D.
Datacenter Advanced Settings configuration
Answer:
A
Explanation:
If your Virtual SAN cluster spans acrossmultiple racks or blade server chassis in a data center and
you want to make sure that your hosts are protected against rack or chassis failure, you can
create fault domains and add one or more hosts to it.
A fault domain consists of one or more Virtual SAN hosts grouped together according to their
physical location in the data center. When configured, fault domains enable Virtual SAN to tolerate
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 46
failures of entire physical rack as well as failures of a single host, capacity device, network link or a
network switch dedicated to fault domains. Fault domains cannot be configured for stretched or
metro clusters.
The number of failures your cluster can tolerate depends on the number of failures a virtual
machine is provisioned to tolerate. For example, when avirtual machine is configured with Number
of failures to tolerate=1 and using multiple fault domains, Virtual SAN can tolerate a single failure
of any kind and of any component in a fault domain, including the failure of an entire rack.
When you configurefault domains on a rack and provision a new virtual machine, Virtual SAN
ensures that protection objects, such as replicas and witnesses are placed on different fault
domains. If, for example, a virtual machine’s storage policy is Number of failures to tolerate=n,
Virtual SAN requires a minimum of 2*n+1 fault domains in the cluster. When virtual machines are
provisioned in a cluster with fault domains using this policy, the copies of the associated virtual
machine objects are stored across separate racks.
Reference:http://pubs.vmware.com/vsphere-
60/index.jsp?topic=%2Fcom.vmware.vsphere.virtualsan.doc%2FGUID-8491C4B0-6F94-4023-
8C7A-FD7B40D0368D.html
Question NO: 62
Which statement is true for the Path Selection Plug-In VMW_PSP_MRU?
A.
VMW_PSP_MRU is default for a majority of active-active and active-passive arrays.
B.
VMW_PSP_MRU will remain on the selected path even if the state were to change.
C.
VMW_PSP_MRU is recommended for Virtual SAN.
D.
VMW_PSP_MRU will have no preferred path setting for the Plug-In.
Answer:
D
Explanation:
The host selects the path that it used most recently. When the path becomes unavailable, the host
selects an alternative path. The host does not revert back to the original path when that path
becomes available again. There is no preferredpath setting with the MRU policy. MRU is the
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 47
default policy for active-passive storage devices.
Reference:http://pubs.vmware.com/vsphere-
60/index.jsp?topic=%2Fcom.vmware.vcli.examples.doc%2Fcli_manage_storage.6.7.html
Question NO: 63
Which two tasks does the Pluggable Storage Architecture (PSA) perform? (Choose two.)
A.
Handles I/O queueing to the logical devices.
B.
Handles physical path discovery, but is not involved in the removal.
C.
Handles physical path discovery and removal.
D.
Handles I/O queueing to FC storage HBAs.
Answer:
A,C
Explanation:
When coordinating the VMware NMP and any installed third-party MPPs, the PSA performs the
following tasks:
ce:http://pubs.vmware.com/vsphere-
51/index.jsp?topic=%2Fcom.vmware.vsphere.storage.doc%2FGUID-C1C4A725-8BE4-4875-
919E-693812961366.html
Question NO: 64
Which two statements are true regarding Storage Multipathing Plug-Ins? (Choose two.)
A.
The default Path Selection Policy is VMW_PSP_MRU for iSCSI or FC devices.
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 48
B.
The default Path Selection Policy isVMW_PSP_FIXED for iSCSI or FC devices.
C.
VMW_PSP_MRU is typically selected for ALUA arrays by default.
D.
VMW_PSP_FIXED is typically selected for ALUA arrays by default.
Answer:
B,C
Explanation:
Reference:https://pubs.vmware.com/vsphere-
51/index.jsp?topic=%2Fcom.vmware.vcli.examples.doc%2Fcli_manage_storage.6.5.html
Question NO: 65
What is the command to list multipathing modules on an ESXi 6.x host?
A.
esxcli storage core list plugin –plugin-class=MP
B.
esxcli storage core list plugin –class-plugin=MP
C.
esxcli storage core plugin list –plugin-class=MP
D.
esxcli storage core plugin list –class-plugin=MP
Answer:
C
Explanation:
Reference:http://darrylcauldwell.com/advanced-vsphere-5-x-storage-masking-multipathingfiltering/
Question NO: 66
Which two solutions require Physical Mode Raw Device Mapping (RDM)? (Choose two.)
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 49
A.
Direct access to the storage array device
B.
Virtual Machine Snapshots
C.
Hardware Acceleration
D.
Guest Clustering across ESXi hosts
Answer:
A,D
Explanation:
Normally, Direct access to storage array device and guestclustering across ESXi hosts required
the use of Physical Mode raw device mapping.
Question NO: 67
A device’s vStorage API for Array Integration (VAAI) support status command line output shows:
naa.500253825002a865 VAAI Plugin Name: ATS Status: unsupported Clone Status: unsupported
Zero Status: supported Delete Status: unsupported
What is the corresponding VAAI support status in the vSphere Web Client?
A.
Unknown
B.
Supported
C.
Not supported
D.
Unsupported
Answer:
A
Explanation:
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 50
The VAAI support status will be unknown.
Reference:https://pubs.vmware.com/vsphere-
55/index.jsp?topic=%2Fcom.vmware.vsphere.storage.doc%2FGUID-0520FD37-D7AD-4FBA-
9A2E-E5F8211FCBBB.html
Question NO: 68
Refer to the Exhibit.
What will be the result of selecting the highlighted device?
A.
Datastore will grow up to 200.01GB using the remaining free space on the device.
B.
Datastore will add 200.01GB by adding the device as a second extent.
C.
The device size can be expanded to be larger than 200.01 GB in size.
D.
The device is not suitable for this operation.
Answer:
A
Explanation:
The datastore will use up 200.01 GBof free space on the device.
Question NO: 69
An administrator observes that virtual machine storage activity on an ESXi 6.x host is negatively
affecting virtual machine storage activity on another host that is accessing the same VMFS
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 51
Datastore.
Which action would mitigate the issue?
A.
Enable Storage IO Control.
B.
Configure Storage DRS.
C.
Enable the Dynamic Queue Depth Throttling option.
D.
Configure the Disk.SchedNumReqOutstanding parameter.
Answer:
A
Explanation:
SIOC is extremely powerful, it canincrease your consolidation ratios on the storage side, allowing
more VM’s per datastore. Which leads to lower storage costs and less administrative overhead.
So how does it work? At a basic level SIOC is monitoring the end to end latency of a
datastore.When there is congestion (the latency is higher than the configured value) SIOC
reduces the latency by throttling back VM’s who are using excessive I/O. Now you might say, I
need that VM to have all of those I/O’s, which in many cases is true, you simply need to give the
VMDK(s) of that VM a higher share value. SIOC will use the share values assigned to the VM’s
VMDK’s to prioritize access to the datastore.
Just simply turning SIOC on will guarantee each VMDK has equal access to the datastore, shares
finetune that giving you the ability to give VMDK’s more or less priority during times of contention.
Reference:http://blogs.vmware.com/vsphere/2014/05/enabling-monitoring-storage-io-control.html
Question NO: 70
An administrator is having a problem configuring Storage I/O Control on a Datastore.
Which two conditions could explain the issue? (Choose two.)
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 52
A.
A host is running ESXi 4.0.
B.
An ESXi host doesnot have appropriate licensing.
C.
The vCenter Server version is 5.0.
D.
The vCenter Server license is Standard.
Answer:
A,B
Explanation:
Reference:http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=display
KC&externalId=2021530
Question NO: 71
Which three are requirements for configuring Storage I/O Control (SIOC)? (Choose three.)
A.
The datastore must consist of only oneextent.
B.
The datastore is managed by a single vCenter Server.
C.
Auto-tiered storage must be compatable with SIOC.
D.
Auto-tiered storage must be SSD or SATA.
E.
The datastore must be VMFS.
Answer:
A,B,C
Explanation:
Storage I/O Control (SIOC) is used to control the I/O usage of a virtual machine and to gradually
enforce the predefined I/O share levels. SIOC is supported on Fibre Channel and iSCSI connected
storage in ESX/ESXi 4.1 and 5.0. With ESXi 5.0 support for NFS with SIOC was also added.
Datastores with multiple extents or Raw Device Mapping (RDM) are currently not supported.
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 53
Reference:http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=display
KC&externalId=1022091
Question NO: 72
Refer to the Exhibit.
An administrator wishes to provide Load Balanced I/O for the device shown in the Exhibit.
To meet this requirement, which setting should be changed?
A.
Storage Array Type Policy = VMW_NMP_RR
B.
Path Selection Policy = Round Robin (VMware)
C.
Storage Array Type Policy = VMW_SATP_RR
D.
Path Selection Policy = MRU (VMware)
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 54
Answer:
B
Explanation:
In round robin (VMware) the host uses an automatic pathselection algorithm rotating through all
available paths. This implements load balancing across all the available physical paths.
Load balancing is the process of spreading server I/O requests across all available host paths.
The goal is to optimize performance in terms of throughput (I/O per second, megabytes per
second, or response times).
Reference:https://pubs.vmware.com/vsphere-4-esxvcenter/
index.jsp?topic=/com.vmware.vsphere.config_fc.doc_40/esx_san_config/managing_san_s
ystems/c_setting_a_path_selection_policy.html
Question NO: 73
Refer to the Exhibit.
An administrator is configuring a storage device as shown in the Exhibit.
What is the expected effect on the stated device after running the command?
A.
I/O will rotate on all storage targets regardless of port group state.
B.
I/O will rotate on all storagetargets that are Active Optimized state only.
C.
I/O will rotate on all storage targets that are Active Unoptimized state only.
D.
I/O will rotate on all storage targets that are on Available Nodes only.
Answer:
B
Explanation:
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 55
Question NO: 74
Refer to the Exhibit.
A vSphere 6.x environment is configured with VMware Virtual Volumes (VVOLs). An administrator
accesses the cluster Actions menu, as shown in the Exhibit.
Which option is used to create a VVOL on an existing VVOL container?
A.
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 56
Storage
B.
Deploy OVF Template
C.
New vApp
D.
Settings
Answer:
A
Explanation:
A storage container is the storage that is available physically on your storage array. Now I say
physically but this could also be virtually presented storage even on anESXi host but somewhere
somehow it will be back-ended on some physical medium, be it HDD, SSD or hey, maybe even a
super fast memory disk. Basically it?s a chunk of physical storage somewhere. Capacity Pools are
logical partitions carved out of these to provide a chunk of storage to your VM Admins. Capacity
pools may also span multiple storage arrays even across sites. Now you could have a single
capacity pool within your storage container or multiple depending on your requirements if you
need some sort of logical separation for say separate tenants or separate VM admins needing
their own separate chunk of storage but just simply think of it as a chunk of storage presented to
your VM admins.
Reference:http://www.wooditwork.com/2012/10/29/vmware-vvolumes-the-game-changing-futurefor-
storage-is-demoed/
Question NO: 75
Refer to the Exhibit.
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 57
What will be created upon completion of the steps in this wizard?
A.
100GB VMFS5 datastore with free space available for expansion
B.
100GB VMFS5 datastore with free space available for a second datastore
C.
100GB VMFS3 datastore
D.
200.01 GB VMFS5 datastore
Answer:
A
Explanation:
As you can see in the exhibit, the 100GB VMFS5datastore is created with free space available for
expansion.
Question NO: 76
Refer to the Exhibit.
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 58
An administrator is attempting to enable Enhanced vMotion Compatibility (EVC), but receives the
error shown in the Exhibit.
Which condition would explain the error?
A.
The ESXi hosts are not licensed for EVC.
B.
The administrator does not have privileges to enable EVC.
C.
The ESXi host CPU has the Intel No-Execute feature disabled.
D.
The administrator has turned on Intel Virtualization Technology.
Answer:
C
Explanation:
EVC requires all hosts to have the CPU features enabled for Virtualization and No Execute
Reference:http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=display
KC&externalId=2008403
Question NO: 77
Refer to the Exhibit.
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 59
The list of devices attached to vmhba1 will be the basis for configuring a VMware Virtual SAN
using Manual Mode.
Based on the exhibit, which two combinations of devices should be used to create Disk Group(s)?
(Choose two.)
A.
One Disk Group with one Flash Drive and three HDDs
B.
Two Disk Groups with one Flash Drive and two HDDs each
C.
One Disk Group with one Flash Drive and four HDDs
D.
Two Disk Groups with two Flash Drives and four HDDs each
Answer:
A,B
Explanation:
To create the disk group, you have to build a disk group with a flash drive and three HDDs or you
can build two groups with one flash drive andtwo HDDs each.
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 60
Question NO: 78
Refer to the Exhibit.
An administrator is using the esxtop command to troubleshoot storage performance issues on a
virtual machine. The esxtop capture is shown in the Exhibit.
Based on the exhibit, which two statements are true? (Choose two.)
A.
The iSCSI device is experiencing high latency.
B.
The ESXi kernel is experiencing high latency.
C.
The Guest OS is experiencing high latency and response time.
D.
The NFS device is experiencing high latency.
Answer:
A,C
Explanation:
The iSCSI device is having high latency. You can see the response time peaking with high latency
for Guest OS.
Question NO: 79
An administrator needs to recover disk space on a previously-used thin provisioned virtual disk.
The volumes where the administrator needs to recover the disk blocks are on VAAI-compliant
storage arrays.
Which two actions should the administrator take accomplish this task? (Choose two.)
A.
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 61
Perform a Storage vMotion to another volume in order to force free space recoveryto occur. This
recreates the volume in a new location and recovers all unused space.
B.
Use VMware Converter to migrate the virtual machine to a new datastore. This will recreate the
volumes and recover all unused space.
C.
Issue the vmkfstools -vmfs unmap command within the VMFS volume directory on the ESXi host
console.
D.
Execute the esxcli storage vmfs unmap command.
Answer:
B,D
Explanation:
Reference:http://www.boche.net/blog/index.php/2013/09/13/vsphere-5-5-unmap-deep-dive/
Question NO: 80
Refer to the Exhibit.
An administrator recently created a Virtual SAN but no Storage Policies were defined. A few virtual
machines were deployed to this cluster. The administrator analyzes the default Virtual SAN policy
as shown in the Exhibit.
Based on the exhibit, which two statements are true? (Choose two.)
A.
Losing one cluster node will not affect data availability.
B.
Losing one Hard Disk in a cluster node will not affect data availability.
C.
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 62
Creating a virtual machine Swap file will fail if it violates default storage policy.
D.
Creating a virtual machine will succeed even if it violates default storage policy.
Answer:
A,B
Explanation:
The Virtual SAN policy shows that the tolerate level is on so losing a cluster node will not affect
data availability. Same is the case with hard disk in cluster node. Losing it will not affect data
availability.
Question NO: 81
Refer to the Exhibit. A Storage Policy for a Virtual SAN is set to the default policy, as shown in the Exhibit. Which change would reduce the storage consumption by one third? A. Number of failures to tolerate = 1 B. Number of disk stripes per object = 2 C. Number of failures totolerate = 3 Vmware 2V0-621D Exam Pass Any Exam. Any Time. - www.actualtests.com 63 D. Number of disk stripes per object = 1
Answer:
A
Explanation:
Number of failures to tolerate defines the number of host, disk, or network failures a virtual
machine object can tolerate. For n failures tolerated, n+1 copies of the virtual machine object are
created and 2n+1 hosts with storage are required.
Default value is 1. Maximum value is 3.
Reference:http://pubs.vmware.com/vsphere-
55/index.jsp?topic=%2Fcom.vmware.vsphere.storage.doc%2FGUID-C8E919D0-9D80-4AE1-
826B-D180632775F3.html
Question NO: 82
Refer to the Exhibit.
An administrator would like to add Challenge Handshake Authentication Protocol (CHAP) to an
iSCSI adapter. The administrator accesses the Storage Adapters menu as shown in the Exhibit.
In which tab can the task be accomplished?
A.
Properties
B.
Advanced Options
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 64
C.
Targets
D.
Devices
Answer:
A
Explanation:
Reference:http://www.vmwarebits.com/content/install-and-configure-openfiler-esxi-shared-storagenfs-
and-iscsi
Topic 4, Upgrade a vSphere Deployment
Question NO: 83
An administrator is writing a kickstart script to upgrade an ESXi 6.x host. In which three locations can the script reside? (Choose three.) A. NFS B. USB C. HTTP D. TFTP E. PXE
Answer:
A,B,C
Explanation:
The installation script ( ks.cfg) can reside in any of these locations:
Reference:http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=display
KC&externalId=2004582
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 65
Question NO: 84
Which file determines the location of the installation script during a scripted upgrade? A. boot.cfg B. ks.cfg C. script.cfg D. upgrade.cfg
Answer:
A
Explanation:
You can Modify the boot.cfg file to specify the location of the installation or upgrade script using
the kernelopt option.
Question NO: 85
What three supported methods can be used to upgrade a host from ESXi 5.x to ESXi 6.x? (Choose three.) A. vSphere Update Manager B. vihostupdate C. esxcli D. vSphere Auto Deploy E. esxupdate Vmware 2V0-621D Exam Pass Any Exam. Any Time. - www.actualtests.com 66
Answer:
A,C,D
Explanation:
Reference:https://pubs.vmware.com/vsphere-
60/index.jsp?topic=%2Fcom.vmware.vsphere.upgrade.doc%2FGUID-FE668788-1F32-4CB2-
845C-5547DD59EB48.html
Question NO: 86
Which two supported tools can be used to upgrade virtual machine hardware? (Choose two.) A. vSphere Web Client B. vSphere Update Manager C. vmware-vmupgrade.exe D. esxcli vm hardware upgrade
Answer:
A,B
Explanation:
Vmware offers the following tools for upgrading virtual machines:
vSphere Client
Requires you to perform the virtual machine upgrade one step at a time, but does not require
vSphere Update Manager.
vSphere Update Manager
Automates the process ofupgrading and patching virtual machines, thereby ensuring that the steps
occur in the correct order. You can use Update Manager to directly upgrade virtual machine
hardware, Vmware Tools, and virtual appliances. You can also patch and update third-party
software running on the virtual machines and virtual appliances.
Reference:https://pubs.vmware.com/vsphere-
50/index.jsp?topic=%2Fcom.vmware.vsphere.upgrade.doc_50%2FGUID-EE77B0A9-F8FF-4785-
BEAD-B6F04EE04492.html
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 67
Question NO: 87
What are three recommended prerequisites before upgrading virtual machine hardware? (Choose
three.)
A.
Create a backup orsnapshot of the virtual machine.
B.
Upgrade VMware Tools to the latest version.
C.
Verify that the virtual machine is stored on VMFS3, VMFS5, or NFS datastores.
D.
Detach all CD-ROM/ISO images from the virtual machines.
E.
Set the Advanced Parameter virtualHW.version = 11
Answer:
A,B,C
Explanation:
Reference:https://pubs.vmware.com/vsphere-
50/index.jsp?topic=%2Fcom.vmware.vsphere.upgrade.doc_50%2FGUID-A45CBEE5-C4D2-484EA699-
A5A577244DE0.html
Question NO: 88
An administrator wants to upgrade to vCenter Server 6.x.
The vCenter Server:
Is hosted on a virtual machine server running Microsoft Windows Server 2008 R2, with 8 vCPUs
and 16GB RAM.
Will have an embedded Platform Services Controller.
Hosts a Large Environment with 1,000 ESXi hosts and 10,000 Virtual Machines.
Why does the vCenter Server not meet the minimum requirements?
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 68
A.
Windows Server 2008 R2 is not a supported Operating System for vCenter Server.
B.
The virtual machine has insufficient resources for the environment size.
C.
The environment is too large to be managed by a single vCenter Server.
D.
The Platform Services Controller must be changed to an External deployment.
Answer:
B
Explanation:
The environment is very big with 1000 ESXi host and 10,000 virtual machines. Therefore, it is not
enough and the vCenter server cannot meet these requirements.
Question NO: 89
An administrator has upgraded a Distributed vCenter Server environment from 5.5 to 6.0.
What is the next step that should be taken?
A.
vCenter Inventory Service must be manually stopped and removed.
B.
vCenter Inventory Service mustbe changed from manual to automatic.
C.
vCenter Inventory Service must be manually stopped and restarted.
D.
vCenter Inventory Service must be changed from automatic to manual.
Answer:
A
Explanation:
Reference:http://pubs.vmware.com/vsphere-
60/index.jsp?topic=%2Fcom.vmware.vsphere.upgrade.doc%2FGUID-4BFB12D8-9FCA-4AB1-
A44F-2986966F0AD5.html
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 69
Question NO: 90
When upgrading vCenter Server, an administrator notices that the upgrade fails at the vCenter
Single Sign-On installation.
What must be done to allow the upgrade to complete?
A.
Verify that the VMware Directory service can stop by manually restarting it.
B.
Verifythat the vCenter Single Sign-On service can stop by manually restarting it.
C.
Uninstall vCenter Single Sign-On service.
D.
Uninstall the VMware Directory service.
Answer:
A
Explanation:
To verify that the Vmware Directory Service is in a stable state and can stop, manually restart it.
The Vmware Directory service must stopped for the vCenter Server upgrade software to uninstall
vCenter Single Sign-On during the upgrade process.
Question NO: 91
During a vCenter Server upgrade, an ESXi 6.x host in a High Availability (HA) cluster fails.
Which statement is true?
A.
HA will fail the virtual machines over to an available host during the vCenter Server upgrade
process.
B.
HA is unavailable during the vCenter Server upgrade process.
C.
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 70
HA will fail the virtual machines over to an available host after the vCenter Server upgrade
completes.
D.
HA will successfully vMotion the virtual machines during the host failure.
Answer:
A
Explanation:
High availability is designed to fail over the virtual machines to another available host during the
upgrade process.
Question NO: 92
An administrator is upgrading a vCenter Server Appliance and wants to ensure that all the prerequisites are met. What action must be taken before upgrading the vCenter Server Appliance? A. Install the Client Integration Plug-in. B. Install the database client. C. Install the ODBC connector. D. Install the Update Manager Plug-in.
Answer:
A
Explanation:
You must install the Client Integration Plug-in before you deploy or upgrade the vCenter Server
Appliance.
Reference:https://pubs.vmware.com/vsphere-
60/index.jsp?topic=%2Fcom.vmware.vsphere.upgrade.doc%2FGUID-CA16F78B-7890-4357-
9760-AF8648806FE7.html
Vmware 2V0-621D Exam
Pass Any Exam. Any Time. - www.actualtests.com 71
Question NO: 93
An administrator is upgrading vCenter Server and sees this error:
The DB User entered does not have the required permissions needed to install and configure
vCenter Server with the selected DB. Please correct the following error(s): %s
Which two statements explain this error? (Choose two.)
A.
The database is set to an unsupported compatibility mode.
B.
The permissions for the database are incorrect.
C.
The permissions for vCenter Server are incorrect.
D.
The database server service has stopped.
Answer:
A,B
Explanation:
Reference:http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=display
KC&externalId=2006904
Question NO: 94
Which two vCenter Server services are migrated automatically as part of an upgrade from a Distributed vCenter Server running 5.x? (Choose two.) A. vCenter Single Sign-on Service B. vSphere Web Client C. vSphere Inventory Service Vmware 2V0-621D Exam Pass Any Exam. Any Time. - www.actualtests.com 72 D. Storage Policy Based Management
Answer:
B,C
Explanation:
vSphere web client and vSphere inventory services are migrated automatically during the
Distributed vcenter server 5.x upgrade.
Question NO: 95
What command line utility can be used to upgrade an ESXi host? A. esxcli B. esxupdate C. vihostupdate D. esxcfg
Answer:
A
Explanation:
You can use the esxcli software profile update or esxcli software profile install command to
upgrade or update an ESXi host.
Reference:https://pubs.vmware.com/vsphere-
51/index.jsp?topic=%2Fcom.vmware.vsphere.upgrade.doc%2FGUID-E51C5DB6-F28E-42E8-
ACA4-0EBDD11DF55D.html
Question NO: 96
Which log file would you examine to identify an issue which occurred during the pre-upgrade Vmware 2V0-621D Exam Pass Any Exam. Any Time. - www.actualtests.com 73 phase of a vCenter Server upgrade process? A. vcdb_req.out B. vcdb_export.out C. vcdb_import.out D. vcdb_inplace.out
Answer:
A
Explanation:
The vcdb_req.err file tracks any errors thatwere identified during the pre-upgrade phase.
Reference:http://pubs.vmware.com/vsphere-
60/index.jsp?topic=%2Fcom.vmware.vsphere.upgrade.doc%2FGUID-5EAC8B84-0A95-41ECAAF4-
6CBBB3A5152A.html
Topic 5, Administer and Manage vSphere Resources
