NCP-MCI: Nutanix Certified Professional - Multicloud Infrastructure Practice Exam

What the NCP-MCI exam covers

• Cluster Management and Deployment80 questions
• AHV Virtualization and VM Management80 questions
• Networking80 questions
• Storage Management80 questions
• Data Protection and Disaster Recovery80 questions
• Security80 questions
• Monitoring, Health, and Alerts80 questions
• Lifecycle Management and Upgrades80 questions

Free NCP-MCI sample questions

A sample of 10 questions with answers and explanations. Sign up free to practice all 640.

1. Question 1Cluster Management and Deployment

   An administrator has received three new factory-shipped nodes that need their hypervisor and AOS imaged before a cluster can be built. Which Nutanix tool is purpose-built to discover bare-metal nodes and image them with a chosen hypervisor and AOS version?

   • AFoundationCorrect
   • BLife Cycle Manager (LCM)
   • CNutanix Cluster Check (NCC)
   • DPrism Central
   ✓ Correct answer: A

   Foundation is the Nutanix bare-metal provisioning tool that discovers unconfigured nodes over IPv6 link-local, installs the selected hypervisor (AHV, ESXi, or Hyper-V) along with the chosen AOS version, and optionally creates the cluster in a single workflow. It runs from a portable Foundation VM, the standalone Foundation applet, or the CVM-embedded Foundation, and assigns the CVM, hypervisor, and IPMI IP addresses during imaging. This is the only tool designed to take factory or wiped nodes from no operating system to a fully imaged, cluster-ready state.

   Why the other options are wrong

   • BLife Cycle Manager (LCM) updates firmware and software on an already-running cluster, but it cannot image bare-metal nodes that have no AOS installed.
   • CNutanix Cluster Check (NCC) is a health-checking framework that runs diagnostics on an existing cluster, not an imaging tool.
   • DPrism Central is a multi-cluster management plane that registers and monitors clusters after they exist, and it does not perform node imaging.
2. Question 2Cluster Management and Deployment

   Which statement BEST describes the relationship between an AHV host and its Controller VM (CVM)?

   • AThe CVM runs as a process inside the AHV hypervisor kernel
   • BOne CVM runs per node and serves the storage I/O for all user VMs on that hostCorrect
   • CA single CVM is shared across all nodes in the cluster
   • DThe AHV host runs as a guest VM managed by the CVM
   ✓ Correct answer: B

   Every Nutanix node runs exactly one Controller VM, a special VM that owns the node's physical storage devices through PCI passthrough and runs the Stargate, Cassandra, Curator, and other AOS services. User VMs on the host send their storage I/O to the local CVM, which presents the Nutanix Distributed Storage Fabric to the hypervisor. This per-node CVM design is what makes the architecture distributed and linearly scalable as nodes are added.

   Why the other options are wrong

   • AThe CVM is a full virtual machine, not a process running inside the AHV kernel.
   • CA single shared CVM across all nodes contradicts the distributed design, where each node has its own CVM for locality and resiliency.
   • DThe AHV host is the hypervisor that the CVM runs on top of, not a guest managed by the CVM.
3. Question 3AHV Virtualization and VM ManagementSelect all that apply

   Which two capabilities are provided by installing Nutanix Guest Tools (NGT) on a VM? (Choose TWO)

   • AApplication-consistent snapshots via the VSS requestor/provider on WindowsCorrect
   • BSelf-service file-level restore from within the guestCorrect
   • CReplacing the AHV hypervisor scheduler inside the guest
   • DAutomatic expansion of the cluster's storage container capacity
   ✓ Correct answer: A, B

   NGT bundles several in-guest integrations with AOS. The VSS requestor and provider allow AOS to coordinate with Windows VSS (or pre/post scripts on Linux) so snapshots are application-consistent rather than only crash-consistent. NGT also enables self-service restore, letting a guest user mount a previous snapshot and recover individual files without administrator action. NGT additionally supports features like in-guest scripting for snapshots and reporting NGT version/communication status to Prism.

   Why the other options are wrong

   • CReplacing the AHV hypervisor scheduler inside the guest is not a function of NGT; scheduling is handled by AHV/KVM on the host, not by guest software.
   • DAutomatic expansion of storage container capacity is an AOS storage administration action and is completely unrelated to guest tools.
4. Question 4Networking

   A guest VM on a managed AHV subnet is powered off and later deleted. What happens to the IP address it held in the IPAM lease database?

   • AThe address is permanently blacklisted and cannot be reused on the subnet
   • BThe lease is released back to the pool so IPAM can assign it to another VMCorrect
   • CCurator must run before the address is freed
   • DThe address remains statically bound to the VM's MAC until manually cleared
   ✓ Correct answer: B

   When a VM on a managed subnet is deleted, IPAM releases the address it held back into the pool so it becomes available for assignment to other VMs. This automatic reclamation keeps the pool efficient without manual cleanup. There is no permanent reservation or blacklist for a deleted VM's address. The freed address can be reused immediately.

   Why the other options are wrong

   • AThe address is not permanently blacklisted; IPAM returns it to the pool for reuse.
   • CNo Curator run is required to free the address; IPAM releases it as part of the deletion.
   • DThe address is not statically bound to the deleted VM's MAC; the lease is released automatically.
5. Question 5Storage Management

   On a Nutanix cluster, what is the relationship between a vDisk and a storage container?

   • AA vDisk is a physical disk that is added to a container
   • BA vDisk is a logical object that resides within a container and represents a VM's virtual diskCorrect
   • CA container is a subset of a single vDisk
   • DvDisks and containers are unrelated constructs in AOS
   ✓ Correct answer: B

   A vDisk is a logical storage object that lives inside a storage container and represents a VM's virtual disk, with the container providing the policies (replication factor, compression, deduplication) that govern that vDisk's data. The container is the logical boundary; the vDisk is the per-VM disk within it. This hierarchy is fundamental to how AOS organizes storage. Physical disks sit beneath, in the storage pool.

   Why the other options are wrong

   • AA vDisk is a logical object, not a physical disk added to a container; physical disks belong to the pool.
   • CA container is not a subset of a vDisk; the container holds vDisks, not the other way around.
   • DvDisks and containers are directly related, with vDisks residing inside containers.
6. Question 6Storage Management

   Which statement correctly describes the relationship between the OpLog and the Extent Store in the AOS data path?

   • AThe OpLog is a low-latency staging buffer for random writes that are later drained into the persistent Extent StoreCorrect
   • BThe Extent Store buffers writes that are then drained into the OpLog for long-term storage
   • CThe OpLog and Extent Store both reside only in CVM memory and are lost on reboot
   • DThe Extent Store is a read-only cache while the OpLog holds all persistent data
   ✓ Correct answer: A

   In the AOS write path, the OpLog is a fast, SSD-backed staging area that absorbs and coalesces random writes with low latency, and those writes are later drained (flushed) into the persistent Extent Store for long-term storage. This two-tier design gives quick write acknowledgment while ensuring durability. The OpLog is the front-end buffer; the Extent Store is the back-end persistent store. Their roles are distinct and complementary.

   Why the other options are wrong

   • BThe relationship is reversed; the OpLog buffers writes that drain into the Extent Store, not the other way around.
   • CThe OpLog and Extent Store are persistent on disk, not memory-only constructs lost on reboot.
   • DThe Extent Store is the persistent data store, not a read-only cache, and the OpLog does not hold all persistent data.
7. Question 7Data Protection and Disaster Recovery

   NearSync uses a specialized type of snapshot to track changes at a very fine granularity so that data can be shipped to the remote site almost continuously. What is the name of this snapshot mechanism?

   • ALightweight snapshots (LWS)Correct
   • BCrash-consistent snapshots
   • CVSS application-consistent snapshots
   • DCurator-managed full snapshots
   ✓ Correct answer: A

   Lightweight snapshots are the foundation of NearSync. Instead of creating a traditional vDisk snapshot for each recovery point, Stargate continuously logs the changed data into an LWS store, allowing recovery points to be generated as frequently as every minute with minimal overhead. These LWS records are streamed to the remote cluster nearly continuously, which is what enables the sub-15-minute RPO that defines NearSync.

   Why the other options are wrong

   • BCrash-consistent snapshots describe a consistency level for a snapshot, not the lightweight change-tracking mechanism that NearSync depends on.
   • CVSS application-consistent snapshots quiesce applications inside the guest to ensure transactional consistency but are a guest integration feature, not the LWS streaming engine.
   • DCurator-managed full snapshots refer to background full snapshot maintenance and garbage collection, which is the coarse mechanism NearSync was designed to avoid for fine-grained RPOs.
8. Question 8Security

   An administrator needs to display a legal warning to anyone connecting to the Prism Element web console before they authenticate. Which configuration should be used?

   • ALogin banner / welcome banner policyCorrect
   • BCluster lockdown
   • CClient authentication certificate
   • DNetwork segmentation policy
   ✓ Correct answer: A

   Prism supports configuring a welcome (login) banner that displays custom text, such as a legal or acceptable-use warning, to users before they sign in to the Prism web console. The banner is enabled and its message defined in the Prism Element settings (Welcome Banner), and many regulated environments require such consent-to-monitor messaging at login. This satisfies the requirement to present a legal notice prior to authentication.

   Why the other options are wrong

   • BCluster lockdown controls key-based SSH access and does not display any pre-login web banner.
   • CA client authentication certificate enforces certificate-based user authentication, not a textual legal warning.
   • DA network segmentation policy isolates traffic types onto separate networks and has nothing to do with displaying login messages.
9. Question 9Monitoring, Health, and Alerts

   An administrator configures an SMTP server in Prism that requires authenticated, encrypted submission on port 587. Which SMTP security mode should the administrator select to use STARTTLS on this submission port?

   • ANone
   • BSTARTTLSCorrect
   • CSSL
   • DSNMPv3
   ✓ Correct answer: B

   For authenticated, encrypted submission on port 587, the correct SMTP security mode is STARTTLS, which upgrades the plaintext connection to TLS on the submission port. SSL mode is for the implicit-TLS port (465), and None provides no encryption. Selecting STARTTLS matches the port 587 submission requirement. It is the standard for modern authenticated mail submission.

   Why the other options are wrong

   • ANone provides no encryption, which does not meet the encrypted submission requirement.
   • CSSL mode is for implicit TLS on port 465, not STARTTLS on the 587 submission port.
   • DSNMPv3 is a network management protocol, not an SMTP security mode.
10. Question 10Lifecycle Management and Upgrades

    An administrator is reviewing the LCM Updates page after an inventory. Some entities show an available newer version, while one critical firmware entity shows no available update even though a newer version exists on the Nutanix portal. What is the MOST likely cause?

    • AA dependency or compatibility requirement (such as a minimum AOS version) for that firmware is not yet satisfiedCorrect
    • BThe cluster has run out of guest VM licenses
    • CCurator has paused all background scans
    • DThe Protection Domain schedule is currently active
    ✓ Correct answer: A

    LCM only offers an update for an entity when its dependency and compatibility rules are met for the current cluster state. A firmware version often requires a minimum AOS or hypervisor version, or a particular hardware model and disk type; if those prerequisites are not satisfied, LCM intentionally withholds the option (or marks it as blocked) until the dependency is resolved, typically by first updating AOS or another prerequisite entity. This prevents applying a firmware level that the platform cannot yet support.

    Why the other options are wrong

    • BThe cluster has run out of guest VM licenses is unrelated; LCM update availability is driven by version compatibility, not guest licensing.
    • CCurator has paused all background scans would affect data balancing and rebuilds, not whether a specific firmware version appears in the LCM catalog.
    • DThe Protection Domain schedule is currently active concerns DR snapshot timing and does not determine which firmware updates LCM exposes.

NCP-MCI practice exam FAQ