VCAP-DCV Design 2021 3V0-21.21リアル試験問題と無料最新回答2023年10月15日
3V0-21.21究極な学習ガイド
VMware 3V0-21.21認定試験では、VSphere 7.x設計方法論、高可用性と断層トレランス戦略、ストレージ設計と実装、ネットワーク設計と実装、セキュリティ設計と実装など、幅広いトピックを対象としています。候補者は、試験に合格し、認定を取得するために、これらのトピックを強く理解している必要があります。
質問 # 52
During a requirements gathering workshop, the customer provides the following requirement:
A new vSphere platform must be designed securely and all interfaces must be protected against potential snooping.
How should this non-functional security requirement be documented?
- A. Encrypted channels must be used for all communications.
- B. Communications must be through Private VLANs (PVLAN).
- C. Interfaces must be audited.
- D. Unauthorized access to interfaces must be reported within 15 minutes.
正解:B
解説:
For example:
"Your ESXi host uses several networks. Use appropriate security measures for each network, and isolate traffic for specific applications and functions. For example, ensure that VMware vSphere vMotion traffic does not travel over networks where virtual machines are located. Isolation prevents snooping. Having separate networks is also recommended for performance reasons."
https://docs.vmware.com/en/VMware-vSphere/7.0/vsphere-esxi-vcenter-server-70-security-guide.pdf
質問 # 53
During a requirements gathering workshop to design a physical to virtual migration, the customer provides the following information:
There is no physical firewall in the data center with no anticipated plans for a future network refresh.
Leveraging the virtual infrastructure to mitigate the lack of network security must be addressed in the design.
All physical servers to be migrated exist on the same VLAN.
Which recommendation should the architect make to address the customer requirement with regard to virtual networking?
- A. Disable traffic filtering and marking Use tag actions
- B. Split the virtual machines into several VLANs
Use tag actions - C. Create port groups with different names and same VLAN IDs
Enable traffic shaping for ingress and egress traffic - D. Enable traffic filtering and marking
Use allow or drop actions
正解:D
解説:
In a vSphere distributed switch, by using the traffic filtering and marking policy, you can protect the virtual network from unwanted traffic and security attacks or apply a QoS tag to a certain type of traffic. The traffic filtering and marking policy represents an ordered set of network traffic rules for security and for QoS tagging of the data flow through the ports of a distributed switch. In general, a rule consists of a qualifier for traffic, and of an action for restricting or prioritizing the matching traffic. Ref: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.networking.doc/GUID-67CA4C18-4F18-4E23-A5C7-BC33112D4433.html
質問 # 54
An architect is designing a new backup solution for a vSphere platform that has been recently upgraded to vSphere 7.
The architect wants the backup solution to perform the following:
Full virtual machine image backup and restore
Incremental virtual machine image backup and restore
File level backup and restore within both Windows and Linux virtual machines LAN-free backup Which functional requirement should the architect include in the design of the new backup solution?
- A. The backup solution must leverage VMware vStorage APIs for Data Protection (VADP).
- B. The backup solution must leverage virtual machine snapshots.
- C. The backup solution must leverage the VMware Consolidated Backup (VCB) framework.
- D. The backup solution must leverage VMware vSphere Storage APIs - Data Protection.
正解:D
質問 # 55
An architect is preparing a design for a company planning digital transformation. During the requirements gathering workshop, the following requirements (REQ) and constraints (CON) are identified:
REQ01 The platform must host different types of workloads including applications that must be compliant with internal security standard.
REQ02 The infrastructure must initially run 100 virtual machines.
REQ03 Ten of the virtual machines must be compliant with internal security standard.
REQ04 The internal security standard specifies logical network separation for in-scope applications.
CON01 The customer has already purchased the licenses as part of another project.
CON02 The customer has five physical servers that must be reused.
Additionally, based on resource requirements, four physical servers will be enough to run all workloads. Which recommendation should the architect make to meet requirements while minimizing project costs?
- A. Purchase additional servers and plan separate, isolated clusters for workloads that must be compliant with internal security
- B. Use Network I/O Control to ensure the internal security zone has higher share value
- C. Use a single cluster and configure DRS anti-affinity rules to ensure internal security compliant virtual machines cannot migrate between ESXi hosts.
- D. Use a single cluster and ensure that different security zones are separated at least with dedicated VLANs and firewall
正解:D
質問 # 56
As part of a new hybrid cloud initiative for a large financial company, the customer technical team is presenting an overview of the current state of the infrastructure and their vision for a new solution.
The project team captures notes during the presentation and adds them to the discovery documentation. Which of the listed statements is a design constraint?
- A. The applications are created in-house with in-guest recovery protection
- B. The maximum tolerable data loss is 10 minutes
- C. The existing storage is out of maintenance
- D. The two data center locations have a network latency of 8 ms round-trip time (RTT)
正解:C
質問 # 57
An architect is considering placement of virtual machines within an existing VMware software-defined data center (SDDC).
During the discovery phase, the following information is documented:
Which two recommendations should the architect make for placement of the virtual machines to meet resource profile requirements? (Choose two.)
- A. All virtual machines matching Virtual Machine Resource Profile 2 should be placed on Cluster Two.
- B. All virtual machines matching Virtual Machine Resource Profile 1 should be placed on Cluster Two.
- C. All virtual machines matching Virtual Machine Resource Profile 2 should be placed on Cluster One.
- D. All virtual machines matching Virtual Machine Resource Profile 2 should be placed on Cluster Three.
- E. All virtual machines matching Virtual Machine Resource Profile 1 should be placed on Cluster One.
正解:B、C
解説:
https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.resmgmt.doc/GUID-FEAC3A43-C57E-49A2-8303-B06DBC9054C5.html Profile 2 to Cluster 1 Fully Automated DRS allows Automated Initial VM Placement TPS is enabled to support Memory Sharing requirement (can be used) Profile 1 to Cluster 2 Partially Automated DRS still allows Automated Initial VM placement.
TPS is disabled to support Memory Sharing requirement (cannot be used)
質問 # 58
An architect is designing a new vSphere cluster. The requirement is to provide a total of 96 CPU cores and 1.5 TB RAM across all hosts.
The following information has been provided:
Two different physical hardware profiles are available for the ESXi hosts in the cluster.
- Profile 1: 16 CPU cores and 256 GB RAM
- Profile 2: 32 CPU cores and 512 GB RAM
Profile 2 is twice as expensive to purchase as Profile 1.
Which two aspects should the architect consider when selecting the hardware profile? (Choose two.)
- A. The amount of capacity available for failover of virtual machines within the cluster
- B. The cost to procure and maintain the hardware
- C. The number of virtual machines that will be running within the cluster
- D. The downtime allowed for virtual machines that will be running within the cluster
- E. The manufacturer and model of the CPUs in the hosts
正解:A、C
質問 # 59
During a requirements gathering workshop, the customer's Chief Information Security Office (CISO) provides the following requirements that are pertinent to the design of a new vSphere environment:
All operating system critical patches must be installed within 24 hours of release.
All virtual machine templates must be updated every three months in line with company policy.
Which requirement classification is being gathered for the design documentation?
- A. Availability
- B. Security
- C. Manageability
- D. Recoverability
正解:C
質問 # 60
An architect is reviewing a physical storage design. The customer has specified that storage DRS will be used for ease of operational management for capacity and performance.
Which recommendation should the architect include in the design?
- A. Create smaller datastores to balance space with Storage DRS
- B. Use a larger number of storage profiles (varied disk speeds and RAID levels) to improve performance
- C. Create more datastores within each Storage DRS cluster to balance space and performance
- D. Create larger datastores to balance space with Storage DRS
正解:C
解説:
You could create 2x 64TB LUNs, 4x 32TB LUNs, 16x 8TB LUNs or 32x 4TB LUNs. When there are more datastores, SDRS will have more option to find right datastore to fit the virtual machine to placed or moved
質問 # 61
An architect makes the design decision to install ESXi on embedded and resilient 8 GB SD cards.
What is the impact of this design decision?
- A. Host profiles must be used for this kind of installation
- B. Scratch partition would need to be created on the external storage
- C. The size of the SD cards is too small and the installation will fail
- D. The vSphere Auto Deploy feature must be enabled on vCenter Server
正解:A
質問 # 62
An architect is designing a VMware solution for a customer to meet the following requirements:
The solution must use investments in existing storage array that supports both block and file storage.
The solution must support the ability to migrate workloads between hosts within a cluster.
The solution must support resource management priorities.
The solution must support the ability to connect virtual machines directly to LUNs.
The solution should use existing 32G fabric infrastructure.
There is no budget for additional physical hardware.
Which design decision should the architect make to meet these requirements?
- A. The ESXi hosts will leverage iSCSI.
- B. The ESXi hosts will leverage Fibre Channel (FC).
- C. The ESXi hosts will leverage NFS.
- D. The ESXi hosts will leverage Fibre Channel over Ethernet (FCoE).
正解:B
質問 # 63
Refer to the exhibit.
During a requirements gathering workshop, a customer shares the following diagram regarding their availability service-level agreements (SLAs):
The customer states that there is no application level availability for legacy applications.
Which recommendation could the architect make to meet the customer's high availability requirements for the legacy applications virtual machines?
- A. Enable Fault Tolerance
- B. Enable vSphere HA and add a VM Override with VM Restart Priority set to Lowest
- C. Achieve application availability with snapshots
- D. Enable vSphere HA and add a VM Override with VM Restart Priority set to Disabled
正解:D
質問 # 64
During a requirements gathering workshop, the customer provides the following requirement:
A new vSphere platform must be designed securely and all interfaces must be protected against potential snooping.
How should this non-functional security requirement be documented?
- A. Interfaces must be audited.
- B. Encrypted channels must be used for all communications.
- C. Communications must be through Private VLANs (PVLAN).
- D. Unauthorized access to interfaces must be reported within 15 minutes.
正解:A
質問 # 65
An architect is tasked with recommending a solution for a company that is running out of VLANs. Currently the company is running two separate data centers based on vSphere including an Enterprise Plus license. In the first data center, the problem was solved by using VMware NSX and overlay network. In the second data center, there is currently no VMware NSX implementation in place and no budget for additional licenses.
What should the architect recommend as a potential solution to provide support for additional VLANs?
- A. Separate Distributed Virtual Switches (DVS)
- B. Private VLANs (PVLAN)
- C. vSwitch VLAN Tagging (VST)
- D. Virtual Guest Tagging (VGT)
正解:A
質問 # 66
During a requirements gathering workshop, the customer provides the following requirement (REQ) and constraints (CON):
REQ01: The customer is looking for a way to limit database virtual machine (VM) placement to save on CPU licensing costs.
CON01: There is a single cluster with no budget to scale.
CON02: All virtual machines must run on the consolidated cluster.
Which two design decisions should the architect make to meet the customer requirement? (Choose two.)
- A. The solution must use VM-Host affinity rules
- B. The solution must use VM-VM anti-affinity rules
- C. The solution must use a vRealize Orchestrator workflow for VM placement
- D. The solution must use vSphere VM and host DRS groups
- E. The solution must use vSphere DRS in manual mode
正解:A、D
解説:
https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.mscs.doc/GUID-1F39CF51-CDA5-40B7-B5AA-8CBA37C65314.html
質問 # 67
During a requirements gathering workshop, the customer provides the following requirement (REQ) and constraints (CON):
REQ01: The customer is looking for a way to limit database virtual machine (VM) placement to save on CPU licensing costs.
CON01: There is a single cluster with no budget to scale.
CON02: All virtual machines must run on the consolidated cluster.
Which two design decisions should the architect make to meet the customer requirement? (Choose two.)
- A. The solution must use VM-Host affinity rules
- B. The solution must use a vRealize Orchestrator workflow for VM placement
- C. The solution must use VM-VM anti-affinity rules
- D. The solution must use vSphere VM and host DRS groups
- E. The solution must use vSphere DRS in manual mode
正解:B、D
質問 # 68
Following a recent acquisition, the architect learns that both companies use vSphere on-premise and will need to combine the data centers into one. The acquired company's licenses will not be renewed for cost-savings related to the acquisition. All consumed vSphere licenses must have active support to support line-of-business operations. The merged environment must maintain 25% spare capacity. The architect has a small budget remaining unallocated for hardware.
The architect has calculated that the current vSphere environment can absorb the acquired company's virtual machines but the cluster will run at 90% memory utilization and at 50% CPU utilization.
Which design decision can the architect make to incorporate the new company's virtual machines into the combined vSphere environment?
- A. Use the current budget to add memory to the cluster to increase each ESXi host's capacity and add the new virtual machines.
- B. Purchase new licenses for some of the acquired company's ESXi hosts and add them to the cluster to hold the acquired company's virtual machines.
- C. Migrate the acquired company's virtual machines into the vSphere environment as it will currently fit.
- D. Purchase extra hosts to add to the cluster in anticipation of adding the acquired company's virtual machines.
正解:A
質問 # 69
Following a recent acquisition, an architect needs to merge IT assets into its current data center. The combined vSphere environment will need to run the newly acquired company's virtual machines.
Network integration work has already been completed and the current environment has capacity to host all virtual machines. The Operations team needs to identify which virtual machines belong to the acquired company and report on their usage.
How should the architect merge the company's assets and virtual machines?
- A. Lift and shift the acquired assets into the data center
- B. Migrate the acquired company's virtual machines into the existing vSphere environment
- C. Migrate and apply vSphere tags to the acquired company's virtual machines
- D. Leave the newly acquired company's assets in its current place
正解:C
質問 # 70
An architect is designing a new greenfield environment with 600 ESXi hosts in an automated fashion. The engineering department already has a PXE Boot server, TFTP server, and DHCP server set up with an NFS mount for their current Linux servers.
The architect must be able to demonstrate and meet a security requirement to have all infrastructure processes separated.
Which recommendation should the architect make for the ESXi host deployment?
- A. Deploy each ESXi host individually and document it to satisfy security requirements
- B. Ask the business to expand the engineering environment to service the virtual environment as well
- C. Request an isolated network segment to use and dedicate it to Auto Deploy functions
- D. Request a common shared network with flexible security measures to accommodate different auto deployment options
正解:C
解説:
https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.esxi.install.doc/GUID-8DAC6FEE-0441-4072-8195-9461095C2041.html
質問 # 71
Refer to the exhibit.
During a requirements gathering workshop, a customer shares the following diagram regarding their availability service-level agreements (SLAs):
The customer states that there is no application level availability for legacy applications.
Which recommendation could the architect make to meet the customer's high availability requirements for the legacy applications virtual machines?
- A. Enable Fault Tolerance
- B. Enable vSphere HA and add a VM Override with VM Restart Priority set to Lowest
- C. Achieve application availability with snapshots
- D. Enable vSphere HA and add a VM Override with VM Restart Priority set to Disabled
正解:B
質問 # 72
The architect for a large enterprise is tasked with reviewing a proposed design created by a service partner. Which design elements are expected to be detailed within the physical design section of the documentation?
- A. A design diagram illustrating the configuration and specific attributes, such as IP addresses
- B. An entity relationship diagram describing upstream and downstream dependencies for specific service components
- C. A list of requirements, constraints, and risks
- D. A solution architecture diagram with the components and data flow
正解:A
解説:
"The physical design is based on the logical design. The physical design includes specific hardware from specific vendors. This design also lists specific configurations for each of the components that are deployed"
質問 # 73
An architect is finalizing the design for a new vSphere platform based on the following information:
All Windows virtual machines will be hosted on a dedicated cluster for licensing purposes.
All Linux virtual machines will be hosted on a dedicated cluster for licensing purposes. All management virtual machines will be hosted on a dedicated cluster.
A total of ten physical sites will be used to host virtual machines.
In the event of one physical datacenter becoming unavailable, the manageability of the virtual infrastructure in the remaining data centers should not be impacted.
Access to configure the management virtual machines via vCenter Server must be controlled through the management Active Directory domain.
Access to configure the Windows and Linux virtual machines must be controlled through the resource Active Directory domain.
The management and resource Active Directory domains are part of separate Active Directory forests and do not have any trusts between them.
The design will use Active Directory with Integrated Windows Authentication.
How should the architect document the vCenter Server configuration for this design?
- A. Deploy a vCenter Server for the management cluster with a dedicated SSO domain.
Deploy a vCenter Server for all remaining clusters and use a dedicated SSO domain for each physical site. - B. Deploy a vCenter Server for the management cluster with a dedicated SSO domain.
Deploy a vCenter Server for all remaining clusters and use a dedicated SSO domain into a single physical site. - C. Deploy a vCenter server for the management cluster.
Deploy a vCenter Server for all remaining clusters. Create a shared SSO domain for each physical site. - D. Deploy a vCenter Server for the management cluster.
Deploy a vCenter Server for all remaining clusters.
Create a shared SSO domain across all physical sites.
正解:A
質問 # 74
During a requirements gathering workshop, the customer provides the following information:
Each host has 2 × 10 GbE NIC
EtherChannel is not currently configured
No changes can be made to the physical network
Network throughput must be prioritized for defined critical services
Which two recommendations should the architect make with regard to virtual networking? (Choose two.)
- A. Use Network I/O Control with Shares.
- B. Use Network I/O Control with Limits.
- C. Use Link Aggregation Control Protocol (LACP).
- D. Use Route Based on Physical NIC Load.
- E. Use Network I/O Control with Reservation.
正解:C、D
質問 # 75
A customer requires the use of data encryption to ensure data is not accessible when a drive is removed from the primary storage platform. However, there is also a requirement to use deduplication and compression against all workloads in order to conserve space.
Which solution meets the customer requirements?
- A. Data-in-transit encryption
- B. Encrypted backups
- C. OS-level encryption
- D. Array-based encryption
正解:D
質問 # 76
A architect is designing a new VMware software-designed data center (SDDC) using vSphere 7 to meet the following requirements:
The SDDC must be deployed at two locations: primary and secondary.
vSphere Replication must be used to replicate virtual machines between the two locations.
Site Recovery Manager must be used to orchestrate disaster recovery (DR) activities.
One single-sign on (SSO) domain must be used to authenticate access at both locations.
Which design decision should the architect make to meet these requirements?
- A. A vCenter Server will be installed on Windows virtual machines deployed to both sites.
- B. A vCenter Server Appliance will be deployed to the primary site only.
- C. A vCenter Server Appliance will be deployed to each site. Unique SSO domains will be created per site.
- D. A vCenter Server Appliance will be deployed to each site.
正解:D
解説:
https://docs.vmware.com/en/Site-Recovery-Manager/8.4/com.vmware.srm.install_config.doc/GUID-BB0C03E4-72BE-4C74-96C3-97AC6911B6B8.html
"One single-sign on (SSO) domain must be used to authenticate access at both locations." Install vCenter at Primary site, create SSO Domain. Install vCenter at Secondary site, join to SSO Domain.
質問 # 77
......
VMware 3V0-21.21 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
| トピック 8 |
|
| トピック 9 |
|
究極なガイド準備3V0-21.21認定試験VCAP-DCV Design 2021:https://www.jpntest.com/shiken/3V0-21.21-mondaishu