VMware 3V0-24.25 시험

Question No : 1

168.10.50 is the Virtual IP (VIP) of the cluster's Load Balancer Service.
What are the likely causes of this failure? (Choose 2.)

• A.The CNI plugin (Antrea/Calico) on the new node failed to start.
• B.The Network Policies in the namespace are blocking inbound traffic to the API server from the new worker nodes' IP range.
• C.The Kubernetes version of the new nodes is incompatible with the Control Plane.
• D.The new worker nodes were deployed into a different vSphere Zone that has no routing path to the Load Balancer VIP network.
• E.The Load Balancer Service (HAProxy/Avi) is down or misconfigured, preventing traffic to the VIP from reaching the Control Plane nodes.

답을 확인하기

정답:

Question No : 2

Silver : HDD/Hybrid, Low Cost, RAID-5.
How is this mapped in vSphere with Tanzu?

• A.The administrator configures "Gold" and "Silver" datastores and uses hostPath.
• B.The administrator creates two vSphere Storage Policies in vCenter (Gold-Policy, Silver-Policy) defining the respective vSAN/Tag rules. These policies are then assigned to the tenant Namespaces . The system automatically generates StorageClass objects named gold-policy and silver-policy in those namespaces.
• C.Storage Classes are pre-defined by VMware and cannot be customized.
• D.The administrator creates StorageClass YAMLs manually in every cluster.

답을 확인하기

정답:

Question No : 3

A VI Administrator needs to configure a new vSphere Namespace called dev-team-a to ensure it uses a specific storage profile for persistent volumes.
Review the following configuration view:
Namespace: dev-team-a
Status: Active
Description: Development Team A Environment
[Resource Limits]
CPU: Unlimited
Memory: Unlimited
Storage: [Add Storage Policy...]
Which action must the administrator take to allow Kubernetes workloads in this namespace to provision persistent volumes using the gold-storage policy?

• A.Create a new Storage Class in Kubernetes referencing gold-storage and apply it to the namespace via kubectl.
• B.Edit the Namespace in the vSphere Client and add the gold-storage policy to the "Storage Policies" card.
• C.Tag the datastores associated with gold-storage with the tag namespace:dev-team-a.
• D.Configure the gold-storage policy on the Supervisor Cluster object directly.

답을 확인하기

정답:

Question No : 4

A Platform Engineer needs to provision a new VKS cluster using the vcf-cli tool (or kubectl with the VKS plugin). The requirement is to deploy a cluster named dev-cluster-1 into the namespace dev-ns, utilizing a specific Virtual Machine Class guaranteed-large for all nodes to ensure performance.
Which of the following represents a valid configuration approach for defining the node pools in the YAML manifest? (Select all that apply.)

• A.Define a topology section in the YAML where vmClass is set to guaranteed-large for both controlPlane and workers.
• B.Use the command kubectl create cluster dev-cluster-1 --class guaranteed-large directly (imperative).
• C.Map the guaranteed-large class to the dev-ns namespace in the vSphere Client before applying the YAML, otherwise the admission controller will reject the request.
• D.Specify the vmClass explicitly in the TanzuKubernetesCluster spec to ensure the Supervisor schedules VMs with the correct CPU and Memory reservations backed by the guaranteed-large definition in vCenter.
• E.Leave the vmClass field empty to allow the Supervisor to automatically select the largest available class.

답을 확인하기

정답:

Question No : 5

Tanzu Mission Control > Identity
Where must the analyst configure the upstream OIDC Identity Provider trust relationship so that it applies to the Supervisor Cluster and its Namespaces?

• A.Interface 3
• B.Interface 1
• C.Interface 4
• D.Interface 2

답을 확인하기

정답:

Question No : 6

In the context of vSphere with Tanzu, what is a Supervisor Service (formerly known as a vSphere Pod Service or Embedded Service)?

• A.It is a certified Kubernetes operator or application (such as Harbor or Velero) that runs directly on the Supervisor Cluster to provide shared infrastructure services to tenant namespaces.
• B.It is a hardware-accelerated function provided by a DPU (Data Processing Unit) to offload NSX routing.
• C.It is a dedicated Tanzu Kubernetes Grid cluster provisioned for the sole purpose of running the vCenter Server Appliance.
• D.It is a standard Virtual Machine deployed by a user that runs a legacy application.

답을 확인하기

정답:

Question No : 7

The "Legacy-Ops" team needs to provision Windows Server 2019 VMs using Kubernetes commands.
Review the following Namespace configuration draft:
Namespace: Mixed-Workloads
Allowed Content Libraries:
- TKG-Lib (Subscribed)
- VM-Images-Lib (Local)
VM Classes:
- best-effort-small
- guaranteed-large
Which combination of actions and components enables all three requirements within this single namespace? (Select all that apply.)

• A.For the "Web-Front-End" team: The administrator must assign a TKG-compatible Content Library. The developers will use kind: TanzuKubernetesCluster (or Cluster) in their YAM
• B.vSphere Pods and TKG Clusters cannot coexist in the same Namespace; separate namespaces are required.
• C.For the "Data-Science" team: They must use kind: VirtualMachine but specify a container image in the spec.
• D.For the "Legacy-Ops" team: The VM Service must be enabled, and the Windows 2019 OVA must be present in the associated Content Library. Developers will use kind: VirtualMachine.
• E.For the "Data-Science" team: The networking stack for the Supervisor must be configured with NSX to support vSphere Pods (kind: Pod).

답을 확인하기

정답:

Question No : 8

There is a limited number of GPU-capable hosts in the vSphere cluster.
Which design considerations are critical for the correct functioning of the Cluster Autoscaler in this scenario? (Choose 2.)

• A.The Cluster Autoscaler must be configured to ignore GPU resource requests because vSphere handles GPU assignment via DR
• B.The vSphere Namespace must have a resource quota that allows for the maximum potential CPU/Memory/GPU usage of the scaled-out cluster (e.g., sufficient for 12+ nodes).
• C.The TanzuKubernetesCluster YAML must define a separate worker node pool specifically using a GPU-enabled VM Class (e.g., gpu-large).
• D.The min-size for the GPU node pool should be set to 0 (Zero) to allow scaling from zero, assuming the VKS version supports scale-from-zero behavior.
• E.The workload Pods must use podAntiAffinity to ensure they are scheduled on the Control Plane nodes.

답을 확인하기

정답:

Question No : 9

A Platform Engineer is configuring Kubernetes Admin Credentials for a break-glass scenario. The requirement is to enable the built-in admin user for a specific TKG cluster prod-cluster, bypassing vCenter SSO in case of an SSO outage.
Which sequence of commands/actions correctly retrieves this kubeconfig? (Choose 2.)

• A.Run kubectl get secret prod-cluster-kubeconfig -n -o jsonpath='{.data.value}' | base64 -d > admin.kubeconfig.
• B.Use the kubectl vsphere login command with the --tanzu-kubernetes-cluster-name and --kubeconfig flags, referencing the SSO administrator credentials.
• C.The system does not generate a static admin kubeconfig for TKG clusters; all access must be via SS
• D.Inspect the TanzuKubernetesCluster resource status fields for the adminKubeconfig data.
• E.SSH into the Supervisor Control Plane VM and copy /etc/kubernetes/admin.conf to the local machine.

답을 확인하기

정답:

Question No : 10

A VKS Administrator needs to scale out a production Tanzu Kubernetes Grid (TKG) cluster named prod-cluster-01 to handle increased load. The goal is to increase the number of worker nodes from 3 to 5.
Review the following YAML snippet of the cluster definition:
apiVersion: run.tanzu.vmware.com/v1alpha3
kind: TanzuKubernetesCluster
metadata:
name: prod-cluster-01
namespace: production
spec:
topology:
controlPlane:
replicas:
3
vmClass:
guaranteed-medium
storageClass: gold-policy
workers:
replicas:
3
vmClass:
best-effort-large
storageClass: silver-policy
Which specific modification to the YAML file or kubectl command will achieve the scaling requirement?

• A.Delete the cluster and recreate it with the new worker count.
• B.Run the command kubectl scale --replicas=5 tanzukubernetescluster/prod-cluster-01.
• C.Edit the YAML to set spec.topology.controlPlane.replicas: 5 and apply the change.
• D.Edit the YAML to set spec.topology.workers.replicas: 5 and apply the change using kubectl apply -f cluster.yaml.

답을 확인하기

정답:

Question No : 11

A Platform Engineer is troubleshooting an issue where an Ingress resource created for the finance-app is not receiving an external IP address. The Contour Ingress Controller is installed and running.
Review the Ingress manifest and status:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: finance-ingress
namespace: finance
annotations:
kubernetes.io/ingress.class: "contour"
spec:
rules:
- host: finance.corp.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: finance-service
port:
number: 80
Status:
LoadBalancer: {} (Empty)
The engineer checks the Envoy service status (kubectl get svc -n tanzu-system-ingress envoy) and sees:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S)
envoy LoadBalancer 10.96.134.45 <pending> 80:31368/TCP, 443:32252/TCP
What is the root cause of the Ingress malfunction? (Choose 2.)

• A.The Ingress resource is missing the annotation ingress.kubernetes.io/force-ip-allocation: true.
• B.The Envoy Service itself (the data plane) has failed to acquire an External IP (VIP) from the underlying infrastructure Load Balancer (NSX/Avi/HAProxy), which propagates the pending state to the Ingress resources.
• C.The finance-service does not exist or is unhealthy.
• D.The Ingress Class name should be nginx instead of contour.
• E.The Supervisor Cluster has run out of available Floating IPs in the Load Balancer IP Pool assigned to the namespace/cluster.

답을 확인하기

정답:

Question No : 12

All TKG clusters in the environment must automatically trust this registry.
Review the deployment strategy:
- Step 1: Upload the Harbor Service Definition to vCenter.
- Step 2: Create a vSphere Namespace shared-services.
- Step 3: Enable the Harbor service on shared-services.
Which additional configuration steps are necessary to satisfy the security requirements? (Select all that apply.)

• A.No certificate configuration is needed; vCenter's VMCA will automatically sign the Harbor certificate, which is trusted by default.
• B.Ensure the TkgServiceConfiguration (or global Supervisor Trust settings) includes the corp-ca.pem in the trust.additionalTrustedCAs list. This ensures all future TKG clusters provisioned by this Supervisor will have the CA injected into their nodes and can pull images from the Harbor registry without x509 errors.
• C.The TKG clusters must be manually patched with the CA certificate after deployment using SS
• D.The Harbor service cannot use custom certificates; it only supports self-signed.
• E.During the Harbor Service installation wizard, upload the server.crt (signed by Corp CA) and server.key in the "Certificate" section.

답을 확인하기

정답:

Question No : 13

Avi Load Balancer
Which specific configuration combination facilitates the deployment of vSphere Pods (native pods)?

• A.Network Stack: VDS | Load Balancer: HAProxy
• B.Network Stack: NSX | Load Balancer: Avi Load Balancer
• C.Network Stack: NSX | Load Balancer: NSX Load Balancer
• D.Network Stack: VDS | Load Balancer: Avi Load Balancer

답을 확인하기

정답:

Question No : 14

A Cloud Architect is designing a disaster recovery plan for a mission-critical Zonal Supervisor deployment. The scenario involves a catastrophic failure of the Supervisor Cluster itself (e.g., corruption of the etcd database across all zones) during a failed upgrade, requiring a full restore.
Environment:
・ VKS workloads are backed up using Velero .
・ The Supervisor configuration (Namespaces, Policies) is backed up using the vCenter File-Based Backup .
What is the correct sequence of steps to restore service? (Select all that apply.)

• A.Since the Supervisor state (etcd) is corrupted, the administrator must restore the Supervisor Cluster using the specific "Restore Supervisor" workflow (often involving the restore-supervisor.sh script or UI equivalent if available in the specific VCF version) which utilizes the backup data to reconstruct the Control Plane VMs.
• B.After the Supervisor is restored, use Velero to restore the TKG workloads (TanzuKubernetesClusters) into the restored Namespaces.
• C.It is unnecessary to restore the Supervisor; simply redeploying a new Supervisor and pointing Velero to the object store will automatically recover the cluster infrastructure.
• D.Restore the vCenter Server from its file-based backup to recover the Supervisor's management context.
• E.Manually recreate all vSphere Namespaces and re-assign permissions before restoring workloads.

답을 확인하기

정답:

Question No : 15

A VKS Administrator needs to configure a TKG cluster to support taking snapshots of persistent volumes backed by vSAN.
Review the following VolumeSnapshotClass manifest being prepared:
apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshotClass
metadata:
name: csi-vsphere-snapclass
driver: csi.vsphere.vmware.com
deletionPolicy: Delete
Which additional step is required to ensure this class is usable by developers in the default namespace?

• A.A RoleBinding must be created to grant the default ServiceAccount use access to this class.
• B.The vSphere CSI driver must be manually installed via Helm.
• C.No additional steps are required; VolumeSnapshotClass is a cluster-scoped resource, making it available to all namespaces once applied.
• D.The class must be assigned to the vSphere Namespace in the vSphere Client.

답을 확인하기

정답: