Practice Free 3V0-24.25 Exam Online Questions
All TKG clusters in the environment must automatically trust this registry.
Review the deployment strategy:
– Step 1: Upload the Harbor Service Definition to vCenter.
– Step 2: Create a vSphere Namespace shared-services.
– Step 3: Enable the Harbor service on shared-services.
Which additional configuration steps are necessary to satisfy the security requirements? (Select all that apply.)
- A . No certificate configuration is needed; vCenter’s VMCA will automatically sign the Harbor certificate, which is trusted by default.
- B . Ensure the TkgServiceConfiguration (or global Supervisor Trust settings) includes the corp-ca.pem in the trust.additionalTrustedCAs list. This ensures all future TKG clusters provisioned by this Supervisor will have the CA injected into their nodes and can pull images from the Harbor registry without x509 errors.
- C . The TKG clusters must be manually patched with the CA certificate after deployment using SSH.
- D . The Harbor service cannot use custom certificates; it only supports self-signed.
- E . During the Harbor Service installation wizard, upload the server.crt (signed by Corp CA) and server.key in the "Certificate" section.
All TKG clusters in the environment must automatically trust this registry.
Review the deployment strategy:
– Step 1: Upload the Harbor Service Definition to vCenter.
– Step 2: Create a vSphere Namespace shared-services.
– Step 3: Enable the Harbor service on shared-services.
Which additional configuration steps are necessary to satisfy the security requirements? (Select all that apply.)
- A . No certificate configuration is needed; vCenter’s VMCA will automatically sign the Harbor certificate, which is trusted by default.
- B . Ensure the TkgServiceConfiguration (or global Supervisor Trust settings) includes the corp-ca.pem in the trust.additionalTrustedCAs list. This ensures all future TKG clusters provisioned by this Supervisor will have the CA injected into their nodes and can pull images from the Harbor registry without x509 errors.
- C . The TKG clusters must be manually patched with the CA certificate after deployment using SSH.
- D . The Harbor service cannot use custom certificates; it only supports self-signed.
- E . During the Harbor Service installation wizard, upload the server.crt (signed by Corp CA) and server.key in the "Certificate" section.
In a vSphere with Tanzu deployment using the vSphere Distributed Switch (VDS) networking topology, which component is responsible for providing Layer 4 load balancing services to the Supervisor Control Plane and Tanzu Kubernetes Grid workload clusters?
- A . The native NSX Edge Cluster, which is automatically deployed by the Supervisor during enablement.
- B . The distributed routing capabilities of the underlying physical network fabric.
- C . The kube-proxy service running on every ESXi host in the cluster.
- D . An external load balancer appliance, such as HAProxy or NSX Advanced Load Balancer (Avi) , which must be deployed and configured prior to enabling the Supervisor.
In the context of vSphere with Tanzu, what is a Supervisor Service (formerly known as a vSphere Pod Service or Embedded Service)?
- A . It is a certified Kubernetes operator or application (such as Harbor or Velero) that runs directly on the Supervisor Cluster to provide shared infrastructure services to tenant namespaces.
- B . It is a hardware-accelerated function provided by a DPU (Data Processing Unit) to offload NSX routing.
- C . It is a dedicated Tanzu Kubernetes Grid cluster provisioned for the sole purpose of running the vCenter Server Appliance.
- D . It is a standard Virtual Machine deployed by a user that runs a legacy application.
A Platform Engineer is designing a Supervisor architecture for a critical production environment that requires resilience against the failure of an entire Availability Zone (AZ). The environment consists of three vSphere Zones: Zone-1, Zone-2, and Zone-3.
Review the following proposed configuration for the Supervisor deployment:
# Proposed Supervisor Config
Name: Prod-Supervisor
Zones:
– Zone-1
– Zone-2
Control Plane Size: Medium
Network: vDS with NSX Advanced Load Balancer
Storage: vSAN Stretched Cluster
Why will this configuration fail to meet the requirement of tolerating a full zone failure while maintaining full control plane functionality? (Select all that apply.)
- A . The vSAN Stretched Cluster provides storage resilience, but the Supervisor Control Plane VMs must be anti-affined across three distinct fault domains to ensure one remains available and quorum is held.
- B . A Supervisor deployed across only two zones (Zone-1 and Zone-2) cannot maintain a quorum (etcd) if one of those zones fails; a minimum of three zones is required for a Zonal Supervisor to survive a zone failure.
- C . The "Medium" Control Plane size does not support multi-zone availability; "Large" is required.
- D . vDS networking does not support multi-zone Supervisor deployments; NSX-T Data Center is a strict requirement for Zonal Supervisors.
- E . The Supervisor must be deployed in a single zone and rely on vSphere HA to restart VMs in the other zones.
There is a limited number of GPU-capable hosts in the vSphere cluster.
Which design considerations are critical for the correct functioning of the Cluster Autoscaler in this scenario? (Choose 2.)
- A . The Cluster Autoscaler must be configured to ignore GPU resource requests because vSphere handles GPU assignment via DRS.
- B . The vSphere Namespace must have a resource quota that allows for the maximum potential CPU/Memory/GPU usage of the scaled-out cluster (e.g., sufficient for 12+ nodes).
- C . The TanzuKubernetesCluster YAML must define a separate worker node pool specifically using a GPU-enabled VM Class (e.g., gpu-large).
- D . The min-size for the GPU node pool should be set to 0 (Zero) to allow scaling from zero, assuming the VKS version supports scale-from-zero behavior.
- E . The workload Pods must use podAntiAffinity to ensure they are scheduled on the Control Plane nodes.
There is a limited number of GPU-capable hosts in the vSphere cluster.
Which design considerations are critical for the correct functioning of the Cluster Autoscaler in this scenario? (Choose 2.)
- A . The Cluster Autoscaler must be configured to ignore GPU resource requests because vSphere handles GPU assignment via DRS.
- B . The vSphere Namespace must have a resource quota that allows for the maximum potential CPU/Memory/GPU usage of the scaled-out cluster (e.g., sufficient for 12+ nodes).
- C . The TanzuKubernetesCluster YAML must define a separate worker node pool specifically using a GPU-enabled VM Class (e.g., gpu-large).
- D . The min-size for the GPU node pool should be set to 0 (Zero) to allow scaling from zero, assuming the VKS version supports scale-from-zero behavior.
- E . The workload Pods must use podAntiAffinity to ensure they are scheduled on the Control Plane nodes.
A Platform Engineer creates a custom Supervisor Service for a proprietary admission controller.
The service definition YAML includes a PreInstall hook.
What is the purpose of this hook?
- A . To upgrade the vCenter Server.
- B . To perform prerequisite checks (e.g., validating that a required Secret exists or checking License validity) or infrastructure setup before the main application pods are deployed. If the hook fails, the installation aborts.
- C . To register the service with NSX.
- D . To delete old data before installing.
Which characteristic distinguishes a vSphere Pod from a standard virtual machine in a vSphere with Tanzu environment?
- A . A vSphere Pod cannot be managed via the vSphere Client and is only visible via kubectl.
- B . A vSphere Pod runs a full heavy-weight guest operating system (Linux/Windows) managed by the tenant.
- C . A vSphere Pod runs directly on the ESXi host using a lightweight generic kernel (CRX) optimized for containers.
- D . A vSphere Pod requires a pre-existing Tanzu Kubernetes Grid cluster to be deployed.
Silver : HDD/Hybrid, Low Cost, RAID-5.
How is this mapped in vSphere with Tanzu?
- A . The administrator configures "Gold" and "Silver" datastores and uses hostPath.
- B . The administrator creates two vSphere Storage Policies in vCenter (Gold-Policy, Silver-Policy) defining the respective vSAN/Tag rules. These policies are then assigned to the tenant Namespaces . The system automatically generates StorageClass objects named gold-policy and silver-policy in those namespaces.
- C . Storage Classes are pre-defined by VMware and cannot be customized.
- D . The administrator creates StorageClass YAMLs manually in every cluster.