100% Pass Your NCP-CI-AWS Exam Dumps at First Attempt with Prep4away
Penetration testers simulate NCP-CI-AWS exam PDF
Nutanix NCP-CI-AWS Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
NEW QUESTION # 27
What should be checked within Flow Virtual Networking to ensure on premises traffic will be routed correctly?
- A. Next Hop is the overlay-external-subnet-nat
- B. Next Hop is the Transit Gateway P2P link
- C. Next Hop is the ERP of the Transit Gateway
- D. Next Hop is the overlay-external-subnet-nonat
Answer: D
NEW QUESTION # 28
An administrator has noticed the company's NC2 free trial expired 60 days ago.
What should the administrator do to continue using all of the NC2 features on existing clusters?
- A. Nothing. The clusters will have full feature support.
- B. Contact the AWS cloud vendor.
- C. Contact Nutanix support to redeploy the cluster.
- D. Switch to a paid subscription plan.
Answer: D
NEW QUESTION # 29
An administrator is deploying a new cluster on AWS and would like to ensure the data is encrypted. Due to cost constraints, the deployment will leverage the native local key manager (LKM).
What is the minimal number of nodes needed to support the Nutanix native LKM?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: D
Explanation:
To support Nutanix's native Local Key Manager (LKM) for data encryption in a cost-effective manner, a minimum of three nodes is required. This ensures that there is enough redundancy and reliability for the encryption services to function properly, complying with best practices for distributed key management.
Reference:
Nutanix Support & Insights
Nutanix Cloud Clusters on AWS Administration
NEW QUESTION # 30
During the recovery of entities protected by Cluster Project, an administrator discovers that the recovery plan is not executing correctly because it exceeds the number of supported entities.
How many entities can be recovered using a Single recovery plan?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: D
Explanation:
The Nutanix disaster recovery capabilities include recovery plans that define how entities are recovered in the event of a failure. There is a limit to the number of entities that can be managed within a single recovery plan.
Entity Limit:
According to Nutanix documentation, the maximum number of entities that can be recovered using a single recovery plan is 300. Exceeding this limit will cause issues during the execution of the recovery plan.
Impact of Exceeding the Limit:
If the number of entities in a recovery plan exceeds the supported limit, the recovery process may fail or not execute correctly, as observed in the scenario.
Reference:
Nutanix Cloud Clusters on AWS Administration Guide
Nutanix Disaster Recovery Best Practices Documentation
NEW QUESTION # 31
Exhibit.
What does the exhibit indicate?
- A. Replication in paused state
- B. Ongoing replication
- C. No ongoing replication
- D. Replication in error state
Answer: C
Explanation:
The exhibit indicates a replication operation with specific details about the protection domain, remote site, and snapshot. Key points to note are:
Bytes Completed: 0 bytes completed.
Complete Percent: 0.0%
Paused: false
Aborted: false
Given these details:
No ongoing replication: The operation has started, but there is no progress in terms of bytes completed or percentage completed. Since the status shows 0 bytes and 0 percent completed, it indicates that no data has been replicated yet.
Reference:
Nutanix Protection Domain and Replication Documentation
Nutanix Best Practices for Monitoring Replication
NEW QUESTION # 32
An administrator has created an NC2 cluster on AWS, but the NC2 console has issued this alert:
Which two scenarios could have resulted in the cluster creation failure? (Choose two.)
- A. Bad Terraform (TF) state in provisioning
- B. No available AWS credits
- C. Insufficient permissions
- D. AWS Quota exceeded/instance limit exceeded
Answer: C,D
Explanation:
The error message in the image indicates that the cluster creation failed due to reaching the maximum retries for provisioning cluster nodes. Here are two possible scenarios that could lead to this issue:
Insufficient Permissions (Answer B):
If the AWS user or role used to create the cluster does not have sufficient permissions, it can result in failures during the provisioning process. Proper IAM policies must be attached to ensure that the necessary actions can be performed, such as launching instances, creating VPCs, or managing networking components.
AWS Quota Exceeded/Instance Limit Exceeded (Answer D):
AWS imposes quotas and limits on the number of instances and other resources that can be created within an account. If these quotas are exceeded, new instances cannot be provisioned, causing the cluster creation to fail. This can be resolved by requesting a quota increase from AWS.
Reference:
Nutanix Knowledge Base Article 9774
AWS Service Quotas
Nutanix NC2 on AWS Documentation
NEW QUESTION # 33
An administrator is planning a new NC2 on AWS deployment. The workload VMs to be deployed on the new cluster have low storage and memory, but high CPU frequency (>3.0 GHz) requirements.
The administrate! has also been tasked with ensuring that the cluster nodes have the lowest number of CPU cores to reduce application licensing requirements.
Which node type will satisfy this new deployment?
- A. i3.metal
- B. i4i.metal
- C. zld.metal
- D. m5d.metal
Answer: A
Explanation:
For a new NC2 on AWS deployment where workload VMs have low storage and memory requirements but high CPU frequency (>3.0 GHz) requirements, and the goal is to minimize the number of CPU cores to reduce application licensing costs, the i3.metal instance type is the most suitable.
i3.metal:
High CPU Frequency: i3.metal instances offer high-frequency Intel Xeon processors (up to 3.1 GHz) which meet the high CPU frequency requirement.
Low Storage and Memory: These instances come with a balanced amount of storage and memory, suitable for workloads with low requirements in these areas.
Minimized CPU Cores: i3.metal instances have fewer CPU cores compared to other high-frequency instances like i4i.metal, making them ideal for minimizing application licensing costs.
Other Instance Types:
z1d.metal: While also offering high CPU frequency, these instances typically come with a higher core count and more memory, which may not be optimal for minimizing licensing costs.
i4i.metal: Designed for I/O intensive applications with higher core counts.
m5d.metal: Balanced instance type but with more cores and not as high CPU frequency as required.
Reference:
AWS EC2 Instance Types Documentation
Nutanix Cloud Clusters on AWS Administration Guide
Nutanix Best Practices for Instance Selection
NEW QUESTION # 34
An administrator is deploying an NC2 cluster on AWS in the us-west-2 region. A VPC, management subnet, and a VM subnet are already created in the target region.
The management subnet has a local route and a route to the internet. The subnet has a route and a route to the NAT gateway. During the deployment, the management subnet appears in the drop-down list in the Create Cluster wizard, but cannot be selected.
What is the cause of this problem?
- A. The subnet has both an IPv4 CIDR block and an IPv6 CIDR block.
- B. The subnet does not have route to a Site-to-Site VPN connection through a virtual private gateway.
- C. The subnet has an IPv4 CIDR block but does not have an IPv6 CIDR block.
- D. The subnet has a direct route to an Internet gateway.
Answer: A
Explanation:
The Nutanix Create Cluster wizard may not support selecting subnets that have both IPv4 and IPv6 CIDR blocks due to compatibility or configuration constraints.
When a subnet with both CIDR blocks is present, it can cause issues in the selection process during cluster creation, as the system might not be able to properly handle or recognize the dual-stack configuration.
Ensuring that the management subnet has only an IPv4 CIDR block, without an IPv6 CIDR block, could resolve this issue and allow for successful selection in the cluster creation wizard.
Reference:
Refer to the Nutanix and AWS documentation on subnet configuration and requirements for NC2 cluster deployments, specifically addressing IPv4 and IPv6 compatibility and constraints.
NEW QUESTION # 35
An administrator is tasked with adding an AWS account to the NC2 console. A requirement is to configure an AWS IAM user with the appropriate permissions.
Which permission must be assigned to the user?
- A. AmazonEC2ReadOnlyAccess
- B. AmazonEC2FullAccess
- C. lAMReadOnlyAccess
- D. lAMFullAccess
Answer: B
Explanation:
To add an AWS account to the NC2 console, an AWS IAM user needs to be configured with the appropriate permissions to manage the EC2 resources. The required permission for the IAM user includes full access to manage EC2 instances, volumes, and related resources.
AmazonEC2FullAccess:
This permission grants full access to all EC2 resources, including the ability to create, modify, and delete instances, volumes, security groups, and more.
Essential for NC2 operations to manage the lifecycle of EC2 instances and associated components within the AWS environment.
Why Not Other Permissions:
IAMFullAccess: Grants full access to IAM resources but not specifically needed for EC2 operations.
IAMReadOnlyAccess: Only provides read access to IAM resources, insufficient for managing EC2 instances.
AmazonEC2ReadOnlyAccess: Provides read-only access to EC2 resources, insufficient for creating or modifying instances and other resources.
Reference:
AWS IAM Policies Documentation
Nutanix Cloud Clusters on AWS Administration Guide
Nutanix Best Practices for IAM User Permissions
NEW QUESTION # 36
What are the supported NC2 on AWS instance types?
- A. i3.metal, i3en.metal, i4i.metal
- B. i4i.4xlarge, i3.8xlarge, i7ie.2xlarge
- C. i7ie.24xlarge, i4i.32xlarge, i3.12xlarge
- D. i3.metal, t2.micro, g4dn.xlarge, M5d.medium
Answer: A
NEW QUESTION # 37
Which NC2 user role will allow full access to clusters created within an organization?
- A. Organization Security Administrator
- B. Organization Administrator
- C. Cluster Super Admin
- D. Cluster Administrator
Answer: B
Explanation:
In Nutanix Cloud Integration with AWS, specifically version 6.7, the role that allows full access to clusters created within an organization is the Organization Administrator.
The Organization Administrator role has the highest level of privileges within an organization, enabling the user to manage all aspects of the clusters, including creation, modification, and deletion.
This role is designed to oversee and control the entire organization's resources, ensuring comprehensive management capabilities over all clusters and associated resources.
Reference:
Refer to the Nutanix documentation on roles and permissions for NC2 on AWS for further details.
NEW QUESTION # 38
Exhibit.
What action is taken against the Condemned node shown in the exhibit?
- A. The node is restarted.
- B. The node has a power reset sent to it.
- C. The node is powered off.
- D. The node Is automatically replaced.
Answer: B
Explanation:
When a node is marked as "Condemned," it indicates that the system has determined that the node is no longer reliable for operations. As part of the automated recovery and protection process, the following action is typically taken:
The node has a power reset sent to it (Answer A):
In most cases, a condemned node undergoes a power reset as an initial recovery attempt. This action attempts to reboot the node to bring it back to a healthy state. If the reset fails, further manual or automated steps may be required to address the hardware or software issue.
Reference:
Nutanix Cluster Management Documentation
Nutanix Support Knowledge Base
NEW QUESTION # 39
An administrator wants to route the outbound and inbound traffic from the NC2 cluster through a proxy server. Which two statements are correct about using a proxy server? (Choose two.)
- A. The proxy server must be configured only while creating a cluster because the proxy server settings cannot be configured after the cluster is deployed.
- B. The proxy configuration can be changed while tasks for adding or removing nodes are in progress.
- C. A proxy server is only supported with AOS 6.7.1.6 or higher versions and only with user-created VPCs.
- D. NC2 clusters using Flow Virtual Networking do not support a proxy server.
Answer: C,D
NEW QUESTION # 40
An administrator is deploying an NC2 cluster into an existing AWS VPC.
The cluster deployment fails, with the following error message:
Why has the deployment failed?
- A. The administrator has not created the necessary Security Group.
- B. Shared subnets are not supported for Nutanix clusters.
- C. Outbound Internet access is not configured on the VPC.
- D. The administrator has not configured the Security Group to manage the shared subnet.
Answer: A
Explanation:
The administrator has not created the necessary Security Group:
The error message indicates that the creation of network interfaces in a shared subnet requires specifying a security group. This means that the necessary security group has not been created or assigned to the network interfaces.
Creating the appropriate security group and ensuring it is associated with the network interfaces during cluster deployment should resolve this issue.
Reference:
Refer to AWS documentation on security groups and network interface configuration and Nutanix documentation on prerequisites for deploying NC2 clusters in an existing AWS VPC.
NEW QUESTION # 41
Exhibit.
An administrator is attempting, but failing to create an NC2 cluster in AWS. The administrator checks the configuration in the NC and notices the configuration shown in the exhibit.
What action should the administrator take to resolve the issue?
- A. Create a new cloud account in the organization.
- B. Recreate the AWS CloudFormation stack.
- C. Grant the administrator's account access to the NC2 organization.
- D. Restart Genesis on a Prism Central instance.
Answer: A
Explanation:
The exhibit shows two cloud accounts, one for Azure and one for AWS, with their statuses indicated. The AWS cloud account status is marked as "U" (which likely stands for "Unavailable" or "Unreachable"). This indicates that the AWS cloud account configuration is not properly connected or accessible.
Status Check:
The AWS cloud account is marked with an "U" status, meaning it is not active or accessible.
This status prevents the creation of an NC2 cluster because the necessary cloud resources cannot be allocated or managed without a proper connection.
Action:
The best course of action is to create a new cloud account in the organization. This involves setting up the cloud account details correctly and ensuring it is properly configured to communicate with Nutanix and AWS.
Steps to Create a New Cloud Account:
Log in to the Nutanix console.
Navigate to the "Organizations" section.
Select "Add Cloud Account" and provide the required AWS credentials and permissions.
Ensure the new cloud account is active and correctly configured.
Reference:
Nutanix Cloud Clusters on AWS Administration Guide
Nutanix Best Practices for Cloud Account Management
NEW QUESTION # 42
A company has just adopted Nutanix as their technology of choice and is preparing to deploy Nutanix Cloud Clusters (NC2).
Which step must be taken first to again access to the CN2 console?
- A. Open a support case with Nutanix.
- B. Navigate to cloud.nutanix.com
- C. Start a free trial via Billing Portal.
- D. Create a My Nutanix account
Answer: D
Explanation:
Before accessing the Nutanix Cloud Clusters (NC2) console, the first step is to create a My Nutanix account.
This account serves as the primary gateway for managing and accessing Nutanix services, including NC2.
Once the account is created, users can log in to the Nutanix portal, where they can manage their subscriptions, start trials, and access various Nutanix services, including the NC2 console.
Reference:
Refer to the Nutanix documentation on getting started with NC2 and the My Nutanix account creation process.
NEW QUESTION # 43
What is an available log module when configuring a syslog server in the Prism Central Admin Center?
- A. Acropolis
- B. Zookeeper
- C. Prism
- D. API Audit
Answer: A
Explanation:
When configuring a syslog server in the Prism Central Admin Center for Nutanix, one of the available log modules is Acropolis.
The Acropolis module logs system events related to the Nutanix Acropolis operating system, which is critical for monitoring and auditing system activities and performance.
Configuring syslog with the Acropolis module ensures that important events and issues related to the Acropolis environment are captured and can be forwarded to an external syslog server for centralized logging and analysis.
Reference:
Refer to the Nutanix documentation on Prism Central and syslog configuration for the full list of available log modules and detailed steps for configuration.
NEW QUESTION # 44
Which interface must be used to deploy NC2?
- A. Cloud Provider portal
- B. NC2 Tile within the my.nutanix.com portal
- C. Prism Central Dashboard
- D. Foundation running in a Cloud Virtual Machine
Answer: B
Explanation:
The NC2 Tile within the my.nutanix.com portal is the correct interface to deploy NC2. This portal provides an integrated and user-friendly interface specifically designed for deploying and managing Nutanix Clusters on AWS.
NC2 Deployment Interface:
NC2 Tile within the my.nutanix.com portal: This portal provides the necessary tools and options to deploy and manage NC2 clusters. It includes functionalities for setting up the clusters, configuring network settings, and managing resources.
Advantages:
User-Friendly Interface: Simplifies the deployment process with a guided setup.
Integrated Tools: Provides access to all necessary tools for managing the deployment and monitoring of NC2 clusters.
Reference:
Nutanix Cloud Clusters on AWS Administration Guide
Nutanix my.nutanix.com Portal Documentation
Nutanix Best Practices for Cluster Deployment
NEW QUESTION # 45
An administrator has noticed the company's NC2 free trial expired 60 days ago.
What should the administrator do to continue using all of the NC2 features on existing clusters?
- A. Nothing. The clusters will have full feature support.
- B. Contact the AWS cloud vendor.
- C. Contact Nutanix support to redeploy the cluster.
- D. Switch to a paid subscription plan.
Answer: D
Explanation:
After the NC2 free trial expires, to continue using all features of NC2 on existing clusters, the administrator needs to switch to a paid subscription plan.
A paid subscription ensures uninterrupted access to the full range of features and support for NC2 clusters.
Without switching to a paid plan, the features might be limited, and support may not be available, impacting the cluster's operations and management.
Reference:
Refer to the Nutanix billing and subscription documentation for details on switching from a trial to a paid plan and the benefits associated with paid subscriptions.
NEW QUESTION # 46
An administrator has been tasked with ensuring NC2 VMs are able to access AWS resources. The NC2 VM traffic must not traverse the internet.
in which two ways would the administrator achieve this? (Choose two.)
- A. By using an Interface Endpoint
- B. By using a NAT Gateway.
- C. By using a VPC Peer.
- D. By using a Gateway Endpoint
Answer: A,C
Explanation:
To ensure that NC2 VMs can access AWS resources without traversing the internet, the administrator can use AWS VPC Peering and Interface Endpoints. Both methods ensure that traffic stays within the AWS network, maintaining security and efficiency.
Interface Endpoint:
Interface Endpoints allow you to privately connect your VPC to supported AWS services. They use AWS PrivateLink to route traffic directly to services within the AWS network, bypassing the public internet.
Steps:
Create an interface endpoint for the required service in the AWS VPC console.
Ensure the security groups and route tables are configured to allow traffic to the interface endpoint.
VPC Peering:
VPC Peering allows the routing of traffic between VPCs using private IP addresses, without the need for internet gateways, NAT devices, or VPN connections.
Steps:
Create a VPC peering connection between the VPCs.
Update the route tables to direct traffic between the peered VPCs.
Ensure security group rules allow the necessary traffic between VPCs.
Reference:
AWS VPC Peering Documentation
AWS Interface Endpoint Documentation
Nutanix Cloud Clusters on AWS Administration Guide
NEW QUESTION # 47
An administrator is deploying Disaster Recovery for two NC2 clusters on AWS. The organization would prefer to use synchronous replication.
What are two supported configurations for this type of implementation? (Choose two.)
- A. Two NC2 on AWS clusters in different regions, using native networking on both clusters.
- B. Two NC2 on AWS clusters in the same region, using native networking on both clusters.
- C. Two NC2 on AWS clusters in different regions using native networking on the primary cluster, and Flow Virtual Networking on the other remote cluster.
- D. Two NC2 on AWS clusters in the same region using native networking on the primary cluster, and Flow Virtual Networking on the other remote cluster.
Answer: B,D
NEW QUESTION # 48
An administrator has deployed an NC2 cluster in AWS.
The following configuration decisions were made:
Created a new VPC from the NC2 console as part of the deployment
Selected the Public option for prism access policy
Host type selected was i13en,metal
The administrator now has a goal of provision public internet access to a user VM (UVM),web-1, on the Nutanix cluster. The admin can access Prism Element via the public DNS of the Auto-created load balancer.
The administrator tries to create another network load balancer for the web server access. After creating the load balancer and registering web-1's IP address as a target, the administrator finds that the health check for the VM target is failing and the DNS returns as NOT Found message in the browser.
Why is the issue happening?
- A. The administrator needs to provision an application load balancer instead of a network load balancer to allow Internet traffic to access the UVM subnet.
- B. The administrator has not assigned a public IP to web-1.
- C. The load balancer is still in a Provisioning state.
- D. The administrator has not modified the inbound rules under the UVM security group to a/low the network load balancer to access the UVM subnet.
Answer: B
Explanation:
For a VM to be accessible over the internet through a load balancer, the VM itself must have a public IP address.
In this case, the health check for the VM target is failing and the DNS returns a "NOT Found" message because web-1 does not have a public IP assigned.
Without a public IP, the load balancer cannot route traffic to web-1 from the internet.
Assigning a public IP to web-1 ensures that the VM can be accessed via the load balancer, resolving the connectivity issue.
Reference:
Refer to the AWS documentation on network load balancers and public IP assignments, and Nutanix documentation on VM network configurations.
NEW QUESTION # 49
An administrator has deployed an NC2 on AWS cluster and doesn't have connectivity back to the on-premises environment yet. The administrator wants to SSH into a CVM to edit a security setting and has deployed a Jump Host into an existing public subnet.
What action must the administrator still take to gain access to the CVM?
- A. Edit the CVM iptables to allow SSH.
- B. Create Custom Network Security Group at the subnet level and add the IP address of the Jump Host
- C. Edit the UVM security group to allow SSH from the Jump Host IP and remove Cluster Lockdown.
- D. Edit the User Management Network Security Group to allow SSH from the Jump Host IP.
Answer: D
Explanation:
To SSH into a Controller VM (CVM) in an NC2 on AWS cluster without on-premises connectivity, the administrator needs to ensure that the security settings allow SSH access from the Jump Host. This involves editing the User Management Network Security Group to permit SSH traffic from the Jump Host IP.
Deploy Jump Host:
Ensure the Jump Host is deployed in a public subnet with an Elastic IP (EIP) assigned for external access.
Edit User Management Network Security Group:
Locate the security group associated with the user management network.
Modify the inbound rules to allow SSH (port 22) from the Jump Host's IP address. This ensures that the Jump Host can establish an SSH connection to the CVM.
Steps to Edit Security Group:
Navigate to the EC2 dashboard in the AWS Management Console.
Select "Security Groups" under the "Network & Security" section.
Find and select the appropriate security group.
Edit the inbound rules to add a new rule:
Type: SSH
Protocol: TCP
Port Range: 22
Source: Custom IP (enter the Jump Host's public IP address)
Additional Configuration:
Ensure that the CVM itself allows SSH connections and that no internal firewall rules block the traffic.
Reference:
Nutanix Cloud Clusters on AWS Administration Guide
AWS Security Group Documentation
Nutanix Best Practices for Secure Access
NEW QUESTION # 50
An administrator is tasked with deploying a VM in an NC2 cluster on AWS that needs to by accessed by resources within the on-premises datacenter.
The cluster has the following characteristics:
* 8 nodes
* Resides in the us-east-1a Availability Zone
* Contains 13 Subnets
* Has access to a Direct Connect connection
* Subnet that the User VM (UVM) is being deployed to:UserVM_subnet
There are multiple VMs within the cluster and the UserVM_subnet has access to the on-premises resources.
The administrator deploys the machine, but communication is not possible.
What is the most likely resolution for this situation?
- A. The AWS UVM Security Group requires the new application's ports adding to inbound traffic.
- B. The AWS User Management Security Group requires the new application's ports adding to and traffic
- C. The AWS IGW requires the new application's ports adding to inbound traffic.
- D. The AWS Internal Management Security Group requires the new application's ports adding to outbound traffic.
Answer: A
Explanation:
For a VM deployed in an NC2 cluster on AWS to be accessed by resources within the on-premises datacenter, the security group associated with the User VM (UVM) subnet must allow inbound traffic on the specific ports required by the application.
If the security group rules do not permit inbound traffic on these ports, the communication will fail, even if other network configurations are correct.
The administrator should ensure that the UVM Security Group includes rules to allow inbound traffic for the application's required ports, facilitating proper communication between the VM and on-premises resources.
Reference:
Refer to the AWS documentation on security group configurations and Nutanix NC2 documentation for details on configuring network access and security group rules.
NEW QUESTION # 51
......
All NCP-CI-AWS Dumps and Training Courses: https://certblaster.prep4away.com/Nutanix-certification/braindumps.NCP-CI-AWS.ete.file.html