3V0-21.25 시험 - VMware실제시험문제와 답 - 316문항

Question No : 1

Import into VCF Automation Trust Store.
After importing the new Root CA, what additional step is often required to ensure that *existing* integrations (like running vRO workflows or Cloud Accounts) immediately recognize and use the new trust anchor?

A.The "Provisioning Service" and "Orchestrator Service" (pods) may need to be restarted (or the appliance services rebooted) to reload the Java Keystores.
B.No additional steps are required; the Trust Store update is hot-reloaded instantly for all services.
C.Each Cloud Account must be deleted and re-created.
D.The Root CA must also be added to the Blueprint YAM

정답:

Question No : 2

A Cloud Administrator is troubleshooting an issue where a specific vSphere cluster is not appearing as an available compute resource when creating a Cloud Zone within a Region. The Cloud Account is valid and connected. The administrator reviews the Data Collection logs.
# Log Snippet: Data Collection
DataCollectionStatus: SUCCESS
Account: vCenter-01
Region: Region-A
DiscoveredResources:
- Cluster: Cluster-01
(Status: Connected, Tags: [])
- Cluster: Cluster-02
(Status: Connected, Tags: [])
FilteredResources:
- Cluster: Cluster-03
(Reason: 'Not added to Region configuration')
Based on the information provided, what is the cause of the missing cluster in the Cloud Zone creation wizard?

A.Cluster-03 was not manually selected or included in the Region's resource filter settings.
B.Cluster-03 is missing a capability tag required by the Cloud Zone.
C.The Cloud Account credentials for vCenter-01 have expired.
D.The Data Collection failed for the entire account.

정답:

Question No : 3

A Platform Architect is comparing the scalability of the Supervisor Cluster networking.
# Requirement
- Support for 500 concurrent vSphere Namespaces.
- Each Namespace requires a dedicated routing instance.
Does the NSX-T architecture support this scale, and what component scales to meet it?

A.No, because vCenter Server cannot manage 500 resource pools.
B.Yes, but only if using "Shared" routing mode where all namespaces use one Tier-1.
C.Yes. The architecture deploys light-weight Tier-1 Gateways for each namespace. Tier-1s are logical constructs distributed across the Edge Cluster and Hypervisors, allowing for high scalability compared to physical routers.
D.No. The limit is 50 namespaces because each requires a dedicated physical interface on the Edge Node.

정답:

Question No : 4

A Cloud Administrator needs to configure a Private Transit Gateway to support a multi-tier application where the tiers are deployed as separate isolated networks. The administrator must ensure that the gateway has sufficient IP address space to assign subnets to these connected networks.
Which specific resource must the administrator create and assign to the Private Transit Gateway?

A.A "Public IP Range" from the external network profile.
B.A vSphere "Port Group" with DHCP enabled.
C.A static list of DNS servers.
D.An Internal IP Block (CIDR) specifically designated for the gateway's routing domain.

정답:

Question No : 5

Day 2: Users must be able to "Snapshot" the database.
# Available vRO Workflows
- DB_Prov_v1 (Inputs: DBName, Size. Outputs: db_id)
- DB_Decom_v1 (Inputs: db_id)
- DB_Snap_v1 (Inputs: db_id)
Which combination of configuration steps is required to fully implement this solution? (Select all that apply.)

A.Create a Resource Action named "Snapshot Database", bind it to Physical.Database, and map it to DB_Snap_v1.
B.Configure the "Read" lifecycle action to polling DB_Snap_v1 to update status.
C.Add a dependsOn constraint in the blueprint pointing to the vRO endpoint.
D.Map the "Destroy" lifecycle action of Physical.Database to DB_Decom_v1.
E.Define a Custom Resource named Physical.Database and map the "Create" lifecycle action to DB_Prov_v1.

정답:

Question No : 6

A Cloud Administrator wants to limit the amount of IP space a specific project can consume from the shared Private Transit Gateway IP Block.
# IP Block: Shared-PTG-Block (10.0.0.0/16)
# Project: Dev-Project
Which configuration should the administrator apply?

A.Edit the Blueprint to use static IP assignment instead of dynamic.
B.Use a Service Broker policy to deny all deployments.
C.Configure an IP Quota (or Network Limit) specifically for the "Dev-Project" within the IP Block's management settings (or Project's network limits).
D.Create a separate /24 IP Block for every deployment.

정답:

Question No : 7

A Cloud Administrator is designing a hybrid cloud architecture where VCF Automation (SaaS or On-Prem) manages endpoints located in a remote, firewall-restricted data center.
Which standard architectural component is deployed in the remote site to establish a secure, outbound-only connection to the control plane, eliminating the need for inbound firewall ports?

A.NAT Gateway
B.VPN Concentrator
C.Jump Box
D.Cloud Proxy (or Data Collector)

정답:

Question No : 8

An Automation Developer needs to install a new third-party IPAM plug-in (provided as a .dar file) into the embedded VCF Operations Orchestrator instance.
Which interface/tool is the standard method for uploading and installing this plug-in file?

A.VCF Automation Service Broker (Catalog).
B.Cloud Assembly Design Canvas.
C.vRO Control Center (configurator).
D.vCenter Server Appliance Management Interface (VAMI).

정답:

Question No : 9

An Organization Administrator needs to implement a Naming Convention for the "Research" project. All machines must follow the pattern RES-[OS]-[###].
# Example Names
- RES-LIN-001
- RES-WIN-002
Where is this custom naming template configured?

A.In the Flavor Mapping, adding a suffix.
B.In the Blueprint YAML, using the name property.
C.In the Image Mapping, adding a prefix.
D.In the Project settings, under the "Custom Naming" tab.

정답:

Question No : 10

An Automation Developer has updated an Action validateUser in the module com.corp.security. This action is used by 50 different workflows. The developer modified the script to check a new AD group.
What steps are required to ensure all 50 workflows use the updated logic?

A.Re-compile the com.corp.security module.
B.No steps are required; since the workflows reference the Action by module/name, they will automatically execute the current version of the code the next time they run.
C.Restart the vRO server service.
D.Open each of the 50 workflows and click "Reload" on the scriptable task calling the action.

정답:

Question No : 11

A Platform Architect is explaining the "SNAT" (Source Network Address Translation) behavior in vSphere with Tanzu (NSX).
# Observation
A Pod (IP: 10.244.1.5) accesses a corporate SQL server (IP: 192.168.100.50).
The SQL server admin sees the connection coming from IP 10.10.10.5, not the Pod IP.
Which component is responsible for this IP translation, and where does the IP 10.10.10.5 come from?

A.Component: Tier-0 Gateway. Source: Ingress CID
B.Component: Spherelet. Source: ESXi Management I
C.Component: Tier-1 Gateway. Source: Egress CIDR assigned to the Namespace.
D.Component: DNS Server. Source: PTR Record.

정답:

Question No : 12

An Automation Developer needs to add a standalone VCF Operations Orchestrator (vRO) integration to the "Finance" Organization to execute Day 2 actions. The vRO server is located in a secure zone.
# Network Config
- vRO IP: 192.168.100.50
- VCF Automation SaaS
- Cloud Proxy: Deployed in the same secure zone as vRO.
Which configuration setting is critical to ensure the SaaS-based VCF Automation can communicate with the on-premise vRO?

A.Configure the vRO server to initiate the connection to VCF Automation.
B.Use HTTP instead of HTTPS for the integration UR
C.Open port 443 inbound from the internet to the vRO server.
D.Select the correct Cloud Proxy (Data Collector) during the Integration configuration.

정답:

Question No : 13

Which of the following describes the primary benefit of configuring a Git Integration within a VCF All Apps Organization?

A.It is used to back up the entire VCF Automation appliance configuration to a remote file server.
B.It provides a centralized user database for authentication, replacing Active Directory.
C.It enables version control for Cloud Templates (Blueprints) and ABX Actions by synchronizing them with an external source code management system (e.g., GitHub, GitLab).
D.It allows the platform to automatically patch the underlying OS of deployed virtual machines using repositories.

정답:

Question No : 14

A Security Operator needs to configure an Identity Provider to sync only a specific subset of users to minimize license usage and clutter. The goal is to sync only users who are members of the AD Group VCF-Automation-Users.
# Identity Provider Config
Directory Type: Active Directory over LDAP
Bind User: Configured
Base DN: DC=corp,DC=local
Which specific setting should the operator modify to achieve this filtered synchronization?

A.In the "User Attributes" mapping, remove all attributes except "DistinguishedName".
B.Configure a Service Broker policy to deny login to anyone not in the group.
C.In the "Groups" tab, select only the VCF-Automation-Users group to sync, and ensure "Sync group members" is enabled (or specify the Group DN in the user filter).
D.In the "Network Ranges" section, restrict login to the subnet of the VCF-Automation-Users workstations.

정답:

Question No : 15

Which of the following is a mandatory prerequisite before a Cloud Administrator can successfully delete a Tenant Organization from the Provider Management portal in VCF Automation?

A.The organization must be renamed to "Archived_[OriginalName]".
B.All users must be removed from the organization's Identity Provider directory manually.
C.All Projects within the organization must be deleted, and any associated infrastructure (Cloud Zones) released or removed from the organization's scope.
D.The organization must be in "Maintenance Mode" for at least 24 hours.

정답:

VMware 3V0-21.25 시험