Practice Free 3V0-24.25 Exam Online Questions
A Platform Engineer is defining a standard workload deployment model for a stateless web application on a Tanzu Kubernetes Grid (TKG) cluster. The requirement is to ensure high availability across three availability zones (Zone-A, Zone-B, Zone-C) with a preference for even distribution.
Which Kubernetes manifest configuration correctly implements this topology constraint?
- A . Use a Deployment with spec.topologySpreadConstraints, setting maxSkew: 1, topologyKey: topology.kubernetes.io/zone, and whenUnsatisfiable: DoNotSchedule.
- B . Use a Deployment with nodeSelector set to topology.kubernetes.io/zone: zone-a.
- C . Use a StatefulSet with podAntiAffinity set to requiredDuringSchedulingIgnoredDuringExecution targeting the hostname.
- D . Use a DaemonSet to ensure exactly one pod runs on every node in the cluster.
When diagnosing a "connectivity error" between a DevOps engineer’s workstation and the Supervisor Control Plane, which architectural component is the primary entry point that must be validated first?
- A . The Spherelet agent running on the ESXi host where the Control Plane VM resides.
- B . The Management Network IP address of the first Supervisor Control Plane VM.
- C . The Virtual IP (VIP) assigned to the Supervisor Control Plane Service on the Load Balancer.
- D . The Distributed Port Group associated with the Namespace’s Tier-1 Gateway.
A Platform Engineer attempts to create a snapshot of a PVC named mysql-data but the VolumeSnapshot object remains in a ReadyToUse: False state.
The engineer inspects the status:
$ kubectl describe volumesnapshot mysql-snap
…
Status:
Ready To Use: false
Error: Snapshot creation
failed: Error: CNS: CnsVolumeNotFound
What is the most likely cause of this error? (Choose 2.)
- A . The PVC mysql-data is currently mounted by a running Pod, and the vSphere CSI driver (in certain versions/configurations) or the specific filesystem requires the volume to be quiesced or unmounted (or the FCD ID is missing/mismatched).
- B . The virtual disk (VMDK) associated with the PV was manually moved to a different datastore using Storage vMotion without updating the CNS metadata.
- C . The Namespace quota for snapshots has been exceeded.
- D . The VolumeSnapshotClass specified does not exist.
- E . The underlying Persistent Volume (PV) backing the PVC mysql-data has been deleted or detached from the CNS (Cloud Native Storage) perspective in vSphere.
Name: Tanzu-Kubernetes-Lib.
Which specific settings must be applied in the subsequent configuration screens to meet the requirement?
- A . Select Local content library and enable "Optimize for syncing".
- B . Select Subscribed content library and provide the official VMware TKG subscription URL.
- C . Select Subscribed content library and choose the option "Enable publishing".
- D . Select Local content library and manually upload the OVAs downloaded from Customer Connect.
Name: Tanzu-Kubernetes-Lib.
Which specific settings must be applied in the subsequent configuration screens to meet the requirement?
- A . Select Local content library and enable "Optimize for syncing".
- B . Select Subscribed content library and provide the official VMware TKG subscription URL.
- C . Select Subscribed content library and choose the option "Enable publishing".
- D . Select Local content library and manually upload the OVAs downloaded from Customer Connect.
Isolation: The namespace must use a dedicated T1 Gateway in NSX.
Review the following design decisions.
Which configuration choices correctly support these requirements? (Select all that apply.)
- A . Define a specific Egress CIDR range for the Supervisor and ensure the namespace is assigned a specific SNAT IP (Egress IP) from this range, which is then reserved in the perimeter firewall.
- B . Deploy a Tanzu Kubernetes Cluster with a Service of type: LoadBalancer to expose the Ingress Controller, and point the external WAF to the allocated Load Balancer VIP.
- C . Configure the Supervisor with NSX networking to ensure each namespace receives a dedicated Tier-1 Gateway and SNAT rules.
- D . Use vDS networking with HAProxy, as it supports "Transparent Mode" for preserving client IPs better than NSX.
- E . Disable SNAT on the namespace to expose internal Pod IPs directly to the WAF.
The "Legacy-Ops" team needs to provision Windows Server 2019 VMs using Kubernetes commands.
Review the following Namespace configuration draft:
Namespace: Mixed-Workloads
Allowed Content Libraries:
– TKG-Lib (Subscribed)
– VM-Images-Lib (Local)
VM Classes:
– best-effort-small
– guaranteed-large
Which combination of actions and components enables all three requirements within this single namespace? (Select all that apply.)
- A . For the "Web-Front-End" team: The administrator must assign a TKG-compatible Content Library. The developers will use kind: TanzuKubernetesCluster (or Cluster) in their YAML.
- B . vSphere Pods and TKG Clusters cannot coexist in the same Namespace; separate namespaces are required.
- C . For the "Data-Science" team: They must use kind: VirtualMachine but specify a container image in the spec.
- D . For the "Legacy-Ops" team: The VM Service must be enabled, and the Windows 2019 OVA must be present in the associated Content Library. Developers will use kind: VirtualMachine.
- E . For the "Data-Science" team: The networking stack for the Supervisor must be configured with NSX to support vSphere Pods (kind: Pod).
The "Legacy-Ops" team needs to provision Windows Server 2019 VMs using Kubernetes commands.
Review the following Namespace configuration draft:
Namespace: Mixed-Workloads
Allowed Content Libraries:
– TKG-Lib (Subscribed)
– VM-Images-Lib (Local)
VM Classes:
– best-effort-small
– guaranteed-large
Which combination of actions and components enables all three requirements within this single namespace? (Select all that apply.)
- A . For the "Web-Front-End" team: The administrator must assign a TKG-compatible Content Library. The developers will use kind: TanzuKubernetesCluster (or Cluster) in their YAML.
- B . vSphere Pods and TKG Clusters cannot coexist in the same Namespace; separate namespaces are required.
- C . For the "Data-Science" team: They must use kind: VirtualMachine but specify a container image in the spec.
- D . For the "Legacy-Ops" team: The VM Service must be enabled, and the Windows 2019 OVA must be present in the associated Content Library. Developers will use kind: VirtualMachine.
- E . For the "Data-Science" team: The networking stack for the Supervisor must be configured with NSX to support vSphere Pods (kind: Pod).
A Platform Engineer needs to provision a new VKS cluster using the vcf-cli tool (or kubectl with the VKS plugin). The requirement is to deploy a cluster named dev-cluster-1 into the namespace dev-ns, utilizing a specific Virtual Machine Class guaranteed-large for all nodes to ensure performance.
Which of the following represents a valid configuration approach for defining the node pools in the YAML manifest? (Select all that apply.)
- A . Define a topology section in the YAML where vmClass is set to guaranteed-large for both controlPlane and workers.
- B . Use the command kubectl create cluster dev-cluster-1 –class guaranteed-large directly (imperative).
- C . Map the guaranteed-large class to the dev-ns namespace in the vSphere Client before applying the YAML, otherwise the admission controller will reject the request.
- D . Specify the vmClass explicitly in the TanzuKubernetesCluster spec to ensure the Supervisor schedules VMs with the correct CPU and Memory reservations backed by the guaranteed-large definition in vCenter.
- E . Leave the vmClass field empty to allow the Supervisor to automatically select the largest available class.
Which statement accurately describes the function of the vSphere Plugin for kubectl (also known as vsphere-plugin) when authenticating to a vSphere with Tanzu environment?
- A . It acts as a proxy that tunnels all kubectl commands directly to the ESXi hosts bypassing the Supervisor Control Plane.
- B . It is a server-side component installed on the Supervisor Control Plane that translates Kubernetes API calls into vSphere API calls.
- C . It is a client-side helper that integrates with vCenter Single Sign-On (SSO) to generate a valid kubeconfig file and authentication token for accessing the Supervisor Cluster and TKG clusters.
- D . It is used solely for deploying vSphere Pods and cannot be used to interact with Tanzu Kubernetes Grid (TKG) clusters.