VMware Cloud Foundation Administrator Practice Exam

What the VMware Cloud Foundation Administrator exam covers

• VCF Architecture118 questions
• Workload Domains104 questions
• Networking with NSX124 questions
• Lifecycle and Operations165 questions
• Storage (vSAN)89 questions

Free VMware Cloud Foundation Administrator sample questions

A sample of 10 questions with answers and explanations. Sign up free to practice all 600.

1. Question 1VCF Architecture

   What is VMware Cloud Foundation (VCF)?

   • AA backup tool
   • BA DNS service
   • CAn integrated software-defined stack combining vSphere, vSAN, NSX, and management (SDDC Manager)Correct
   • DA single hypervisor only
   ✓ Correct answer: C

   VCF integrates compute (vSphere), storage (vSAN), networking (NSX), and lifecycle management (SDDC Manager). It's more than a hypervisor and isn't DNS/backup.

2. Question 2Storage (vSAN)

   Which vSAN feature reduces capacity consumption to lower storage cost when workloads have repetitive or compressible data?

   • ADeduplication and compression on the vSAN datastoreCorrect
   • BIncreasing FTT to 3
   • CAdding more cache devices only
   • DDisabling storage policies
   ✓ Correct answer: A

   Deduplication and compression shrink the on-disk footprint, lowering effective cost-per-usable-GB. Raising FTT to 3 increases capacity overhead; disabling policies removes protection; adding cache alone doesn't reduce capacity usage.

3. Question 3VCF Architecture

   For a large enterprise expecting multiple isolated tenants and independent lifecycle, which VCF architecture is the recommended design choice?

   • AManagement VMs running inside each tenant workload domain
   • BStandard architecture with a dedicated management domain and separate VI workload domainsCorrect
   • CConsolidated architecture sharing one cluster for management and workloads
   • DA single ESXi host with nested clusters
   ✓ Correct answer: B

   Standard architecture isolates the management domain from VI workload domains, enabling independent lifecycle and tenant isolation at scale. Consolidated is for small/edge sites; a single host or nesting management into tenant domains breaks isolation and resilience.

4. Question 4Lifecycle and Operations

   Which VMware Aria Operations construct proactively flags an object based on combined symptoms and recommends remediation?

   • AAn alert definition (symptoms plus recommendations)Correct
   • BA DNS forwarder
   • CA vSAN disk group
   • DA DHCP reservation
   ✓ Correct answer: A

   Aria Operations alert definitions combine symptom definitions with recommendations to flag problems proactively. DNS/DHCP are unrelated services, and a vSAN disk group is storage hardware, not a monitoring construct.

5. Question 5Lifecycle and Operations

   A VCF upgrade fails during the SDDC Manager precheck stage with errors about expired component passwords. What is the correct first action?

   • ADisable password expiry monitoring and proceed with the upgrade
   • BManually change each password in vCenter and NSX outside SDDC Manager
   • CDelete the affected workload domain and recreate it
   • Duse SDDC Manager password management to rotate/remediate the expired component credentials, then re-run the precheckCorrect
   ✓ Correct answer: D

   SDDC Manager owns component credentials, so rotating/remediating them in SDDC Manager fixes the precheck. Changing passwords outside SDDC Manager causes drift; deleting domains is destructive; disabling monitoring hides the problem without fixing it.

6. Question 6VCF Architecture

   An architect is mapping out the VCF 5.2 software stack for a customer and must identify which single component is responsible for orchestrating the provisioning of workload domains, automated bundle-based lifecycle management, and password/certificate management across the instance. Which component fills this role?

   • ASDDC Manager, which orchestrates domain provisioning and lifecycle for the VCF instanceCorrect
   • BvCenter Server, which manages ESXi hosts and clusters within each domain
   • CNSX Manager, which administers the software-defined networking and security plane
   • DVMware Aria Suite Lifecycle, which deploys and patches the Aria products
   ✓ Correct answer: A

   SDDC Manager is the VCF orchestration component that provisions workload domains, applies validated bundles for lifecycle management, and centralizes credential/certificate management. vCenter only manages ESXi hosts/clusters and is itself a managed resource. NSX Manager handles networking/security, not stack orchestration. Aria Suite Lifecycle deploys/patches only the Aria products, not the full SDDC stack.

7. Question 7Workload Domains

   During management domain bring-up, on which platform is the VMware Cloud Builder appliance deployed, and how is it used?

   • AIt is deployed as an OVA onto one of the prepared ESXi hosts (or a temporary host) and orchestrates the automated bring-up before SDDC Manager existsCorrect
   • BIt is installed inside SDDC Manager and launched after the management vCenter is already running
   • CIt is a Windows installer run on the administrator's workstation that pushes configuration over SSH
   • DIt is deployed into the VI workload domain vCenter and only used to add clusters
   ✓ Correct answer: A

   Cloud Builder is delivered as an OVA and deployed to an ESXi host (typically the first management host or a separate jump host) before any VCF management components exist; it validates the parameter workbook and performs the automated bring-up that creates vCenter, NSX, and SDDC Manager. B is wrong because SDDC Manager is a product of bring-up, not its host. C is wrong because Cloud Builder is an appliance, not a Windows installer. D is wrong because Cloud Builder builds the management domain, not VI workload domains (SDDC Manager adds those).

8. Question 8Networking with NSX

   In VCF, what is the functional difference between a Tier-0 gateway and a Tier-1 gateway?

   • ATier-0 provides north-south connectivity and external (BGP) peering; Tier-1 provides segment/tenant routing and connects to the Tier-0Correct
   • BTier-0 enforces the distributed firewall while Tier-1 handles Geneve encapsulation
   • CTier-0 runs only on ESXi hosts while Tier-1 runs only on physical routers
   • DTier-1 peers with the physical fabric using BGP while Tier-0 connects local segments
   ✓ Correct answer: A

   The Tier-0 gateway is the boundary to the physical world, handling north-south traffic and external dynamic routing (BGP) on the Edge cluster, while Tier-1 gateways provide downstream segment/tenant routing and connect upstream to the Tier-0. Tier-0 does not run the DFW (the DFW is a hypervisor kernel feature), Tier-0 runs on Edge transport nodes not physical routers, and it is the Tier-0 (not Tier-1) that peers with the fabric via BGP.

9. Question 9Lifecycle and Operations

   A customer is on VCF 4.5 and wants to reach VCF 5.2. SDDC Manager indicates a direct upgrade is not supported. What does this requirement represent?

   • AA skip-level upgrade that must be performed in sequential steps through supported intermediate releasesCorrect
   • BA defect that requires a support request to bypass
   • CA reason to redeploy the entire environment from scratch
   • DA licensing limitation removed by adding more cores
   ✓ Correct answer: A

   When a direct jump between two releases is not on the supported upgrade path, the upgrade is a skip-level scenario that must be done sequentially through validated intermediate releases (e.g., 4.5 to an intermediate, then to 5.2). It is not a bug to bypass (B), does not require a full redeploy (C), and has nothing to do with licensing/cores (D).

10. Question 10Lifecycle and Operations

    A workload-domain creation workflow fails at the 'NSX deployment' sub-task. The administrator opens the failed task and sees a generic error. Which is the most effective next diagnostic step to find the actual NSX failure reason?

    • ACollect a scoped SoS bundle with NSX logs for that domain and review the domainmanager/NSX deployment logs for the detailed errorCorrect
    • BImmediately re-run bring-up from Cloud Builder
    • CDisable the NSX Distributed Firewall on the management domain
    • DIncrease the vSAN failures-to-tolerate setting and retry
    ✓ Correct answer: A

    A scoped SoS bundle including NSX logs plus the SDDC Manager domainmanager/NSX deployment logs surface the underlying cause behind a generic UI error. Re-running bring-up applies only to initial deployment, disabling the management DFW is unrelated and risky, and changing vSAN FTT has nothing to do with an NSX deployment sub-task failure.

VMware Cloud Foundation Administrator practice exam FAQ