Practice Free 2V0-15.25 Exam Online Questions
A Security Administrator is troubleshooting an issue where users from a newly integrated Active Directory (LDAPS) domain are unable to log in to VCF Operations. Local users can log in successfully. The administrator checks the logs on the VMware Identity Broker (VIDB) appliance.
Review the log snippet from the VIDB appliance:
2025-10-07T10:15:30.123Z ERROR [vidb-connector] [Activity-9876] c.v.vidb.connector.ldap.LdapService
Failed to establish connection with upstream identity provider ‘ad-domain-prod’.
URL: ldaps://dc01.corp.local:636
Reason: java.net.SocketTimeoutException: connect timed out
2025-10-07T10:15:30.125Z WARN [vidb-sso] [Activity-9876] c.v.vidb.sso.AuthenticationManager
Upstream IdP ‘ad-domain-prod’ is unreachable. Failing authentication for user ‘[email protected]’.
Based on this log, what is the most likely cause of the authentication failure?
- A . The user ‘[email protected]’ has entered an incorrect password.
- B . The Active Directory service account used by VIDB has been locked out.
- C . The system time on the VIDB appliance is out of sync with the domain controller.
- D . A network firewall is blocking TCP port 636 between the VIDB appliance and the domain controller.
A Network Administrator is troubleshooting why a newly created Tier-0 Gateway is not passing any traffic. When viewing the gateway’s configuration, the administrator sees that it has no Service Routers (SRs) instantiated. The administrator has confirmed that the NSX Edge Nodes are healthy and configured as Transport Nodes.
What is the most likely missing configuration step that is preventing the Tier-0 Gateway’s SRs from being deployed onto the Edge Nodes?
- A . The Tier-0 Gateway has not been associated with an NSX Edge Cluster.
- B . A BGP neighbor has not been configured for the Tier-0 Gateway.
- C . The Tier-0 Gateway has not been linked to any Tier-1 Gateways.
- D . Route redistribution has not been configured on the Tier-0 Gateway.
A Compliance Officer needs to audit the status of all managed SSL certificates within a VCF Workload Domain to ensure none are close to expiring.
Where in the VCF 9.0 user interface can a consolidated view of all component certificates and their expiration dates be found?
- A . In the SDDC Manager UI, under Inventory > Workload Domains > select the domain > Certificates Tab.
- B . In the vCenter Server UI, under Administration > Certificates > Certificate Management.
- C . In the VCF Operations Security Operations page, under the "Certificates" widget.
- D . A consolidated view is not available; each component must be checked individually.
A Platform Engineer is configuring a new Organization for a tenant in VCF Automation. The tenant has two distinct teams: one that will only deploy pre-built virtual machine applications from the catalog, and another that will develop and deploy complex, multi-tier applications and have more control over their environment.
Which VCF Automation Organization types would be most appropriate for these two teams, respectively?
- A . The VM deployment team in a ‘VM-App’ organization; the developer team in an ‘All-App’ organization.
- B . Both teams should be in an ‘All-App’ organization.
- C . The VM deployment team in an ‘All-App’ organization; the developer team in a ‘VM-App’ organization.
- D . Both teams should be in a ‘VM-App’ organization.
A Security Administrator needs to perform a scheduled, automated rotation of the root password for all ESXi hosts within a specific workload domain.
Where in the SDDC Manager UI would the administrator initiate this task?
- A . Under Developer Center > API Explorer
- B . Under Administration > Security Settings
- C . Under Lifecycle Management > Hosts
- D . Under Inventory > Workload Domains > select the domain > Security tab
A Security Administrator needs to perform a scheduled, automated rotation of the root password for all ESXi hosts within a specific workload domain.
Where in the SDDC Manager UI would the administrator initiate this task?
- A . Under Developer Center > API Explorer
- B . Under Administration > Security Settings
- C . Under Lifecycle Management > Hosts
- D . Under Inventory > Workload Domains > select the domain > Security tab
An Infrastructure Administrator is preparing to add a new vSAN cluster to an existing VCF Workload Domain using SDDC Manager.
What is a critical prerequisite that must be performed on the new ESXi hosts before they can be used in the "Add Cluster" workflow?
- A . The hosts must be "commissioned" into the VCF inventory using SDDC Manager.
- B . The hosts must have their vSAN datastores pre-configured using the vSphere Client.
- C . The hosts must be part of a DRS cluster with affinity rules configured.
- D . The hosts must be manually added to the vCenter Server for the workload domain.
A Network Administrator is designing a network for a new VCF workload domain. The design requires several stateful services, including a DHCP server for overlay segments and an IPsec VPN tunnel to a remote site.
On which NSX component are these stateful services realized?
- A . The vCenter Server appliance
- B . The NSX Manager appliance
- C . The ESXi host kernel (Distributed Router)
- D . The NSX Edge Cluster
A Network Administrator is designing a network for a new VCF workload domain. The design requires several stateful services, including a DHCP server for overlay segments and an IPsec VPN tunnel to a remote site.
On which NSX component are these stateful services realized?
- A . The vCenter Server appliance
- B . The NSX Manager appliance
- C . The ESXi host kernel (Distributed Router)
- D . The NSX Edge Cluster