ExamGecko
Home / Nutanix / NCP-CI-AWS / List of questions
Ask Question

Nutanix NCP-CI-AWS Practice Test - Questions Answers, Page 3

List of questions

Question 21

Report
Export
Collapse

An administrator has deployed an NC2 on AWS cluster and doesn't have connectivity back to the on-premises environment yet. The administrator wants to SSH into a CVM to edit a security setting and has deployed a Jump Host into an existing public subnet.

What action must the administrator still take to gain access to the CVM?

Edit the CVM iptables to allow SSH.
Edit the CVM iptables to allow SSH.
Edit the User Management Network Security Group to allow SSH from the Jump Host IP.
Edit the User Management Network Security Group to allow SSH from the Jump Host IP.
Edit the UVM security group to allow SSH from the Jump Host IP and remove Cluster Lockdown.
Edit the UVM security group to allow SSH from the Jump Host IP and remove Cluster Lockdown.
Create Custom Network Security Group at the subnet level and add the IP address of the Jump Host
Create Custom Network Security Group at the subnet level and add the IP address of the Jump Host
Suggested answer: B

Explanation:

To SSH into a Controller VM (CVM) in an NC2 on AWS cluster without on-premises connectivity, the administrator needs to ensure that the security settings allow SSH access from the Jump Host. This involves editing the User Management Network Security Group to permit SSH traffic from the Jump Host IP.

Deploy Jump Host:

Ensure the Jump Host is deployed in a public subnet with an Elastic IP (EIP) assigned for external access.

Edit User Management Network Security Group:

Locate the security group associated with the user management network.

Modify the inbound rules to allow SSH (port 22) from the Jump Host's IP address. This ensures that the Jump Host can establish an SSH connection to the CVM.

Steps to Edit Security Group:

Navigate to the EC2 dashboard in the AWS Management Console.

Select 'Security Groups' under the 'Network & Security' section.

Find and select the appropriate security group.

Edit the inbound rules to add a new rule:

Type: SSH

Protocol: TCP

Port Range: 22

Source: Custom IP (enter the Jump Host's public IP address)

Additional Configuration:

Ensure that the CVM itself allows SSH connections and that no internal firewall rules block the traffic.

Nutanix Cloud Clusters on AWS Administration Guide

AWS Security Group Documentation

Nutanix Best Practices for Secure Access

asked 23/09/2024
matias alvarez
29 questions

Question 22

Report
Export
Collapse

Which service enables the monitoring of key metrics on various AWS services, inducing EC2, EBS, and VPC for an NC2 cluster deployments?

Amazon CloudWatch
Amazon CloudWatch
AWS CloudTrail
AWS CloudTrail
AWS CloudFormation
AWS CloudFormation
Amazon inspector
Amazon inspector
Suggested answer: A

Explanation:

Amazon CloudWatch is the service that enables the monitoring of key metrics on various AWS services, including EC2, EBS, and VPC, for NC2 cluster deployments.

Amazon CloudWatch:

Amazon CloudWatch provides monitoring for AWS cloud resources and applications. It collects and tracks metrics, collects and monitors log files, and sets alarms.

Specifically, for NC2 deployments, CloudWatch can be used to monitor key metrics such as CPU utilization, disk I/O, network I/O for EC2 instances, EBS volume performance, and VPC network traffic.

Features:

Metrics Monitoring: Collects and visualizes operational data in the form of metrics, including utilization, performance, and health.

Logs Monitoring: Collects log data, monitors it in real-time, and triggers alarms based on predefined thresholds.

Alarms: Notifies when operational performance thresholds are breached.

Integration with NC2:

By setting up CloudWatch, administrators can ensure they have visibility into the performance and health of their Nutanix clusters on AWS, aiding in proactive management and troubleshooting.

Amazon CloudWatch Documentation

Nutanix Cloud Clusters on AWS Administration Guide

AWS Monitoring Best Practices

asked 23/09/2024
Beatriz Mejia
42 questions

Question 23

Report
Export
Collapse

An administrator needs the permissions to create and manage multiple organizations and clusters in NC2, as well as manage user access for the entire company.

What role should be assigned to meet the minimum requirements of this task?

Organization Administrator
Organization Administrator
Customer Administrator
Customer Administrator
Customer Security Administrator
Customer Security Administrator
Cluster Administrator
Cluster Administrator
Suggested answer: B

Explanation:

The role of 'Customer Administrator' in Nutanix Cloud Integration with AWS (NC2) is designed to meet the requirements of creating and managing multiple organizations and clusters, as well as managing user access for the entire company.

Roles and Permissions:

Customer Administrator: This role has the broadest set of permissions, allowing the user to create and manage organizations, clusters, and user access across the entire company. It encompasses administrative control over multiple aspects of the NC2 environment.

Capabilities:

Organization Management: Ability to create and manage multiple organizations.

Cluster Management: Full control over creating, configuring, and managing clusters.

User Access Management: Manage user roles and permissions, ensuring that the right individuals have access to the necessary resources.

Why Not Other Roles:

Organization Administrator: Limited to managing organizations but not clusters and user access at the company level.

Customer Security Administrator: Focuses on security aspects, lacking broader administrative capabilities.

Cluster Administrator: Limited to managing clusters without the ability to manage organizations and user access comprehensively.

Nutanix Cloud Clusters on AWS Administration Guide

Nutanix Role-Based Access Control Documentation

asked 23/09/2024
Leon Chukwuma
30 questions

Question 24

Report
Export
Collapse

An administrator needs to create user VM subnets for multiple NC2 clusters in AWS.

What would be the best approach to take?

Create guest-VM VNets for each cluster.
Create guest-VM VNets for each cluster.
Use the cluster management subnet dedicated to each cluster.
Use the cluster management subnet dedicated to each cluster.
Create guest-VM subnets to be shared by all clusters.
Create guest-VM subnets to be shared by all clusters.
Create guest-VM subnets for each cluster.
Create guest-VM subnets for each cluster.
Suggested answer: D

Explanation:

When creating user VM subnets for multiple NC2 clusters in AWS, the best approach is to create guest-VM subnets for each cluster. This ensures that each cluster has its own dedicated subnets, which simplifies network management and avoids potential IP conflicts.

Advantages of Dedicated Subnets:

Isolation: Each cluster operates in its own subnet, providing better isolation and security.

Management: Easier to manage and troubleshoot network issues when each cluster has its own subnets.

Scalability: More scalable as each subnet can be managed and expanded independently.

Steps to Create Guest-VM Subnets:

Identify the IP range for each subnet.

In the AWS VPC console, create a new subnet for each cluster using the identified IP ranges.

Associate the new subnets with the respective clusters during or after the cluster deployment process.

Why Not Shared Subnets:

Shared subnets could lead to IP conflicts and make network management more complex, especially as the number of clusters grows.

Nutanix Cloud Clusters on AWS Administration Guide

AWS VPC Subnet Creation Documentation

asked 23/09/2024
Daniel Bucknor-Ankrah
41 questions

Question 25

Report
Export
Collapse

An administrator has been tasked with deploying an NC2 cluster on AWS with the requirement to protect workloads. Which two options are valid to protect the workloads on this cluster? (Choose two.)

Deploy one-node cluster in another availability zone.
Deploy one-node cluster in another availability zone.
Create a second NCZ cluster in a different availability zone.
Create a second NCZ cluster in a different availability zone.
Use an existing on-prem Nutanix cluster as a disaster recovery target.
Use an existing on-prem Nutanix cluster as a disaster recovery target.
Deploy a cluster across two availability zones.
Deploy a cluster across two availability zones.
Suggested answer: B

Explanation:

To protect workloads on an NC2 cluster on AWS, deploying strategies that ensure high availability and disaster recovery are essential. The two valid options are:

Create a Second NC2 Cluster in a Different Availability Zone:

High Availability: Deploying a second NC2 cluster in a different availability zone ensures that workloads can be quickly recovered in case of an availability zone failure.

Disaster Recovery: This setup enables asynchronous replication between clusters, providing a robust disaster recovery solution.

Use an Existing On-Prem Nutanix Cluster as a Disaster Recovery Target:

Hybrid DR: Leveraging an existing on-premises Nutanix cluster for disaster recovery provides a cost-effective and efficient DR solution.

Replication: Set up replication policies to ensure data is consistently copied from the NC2 cluster on AWS to the on-premises cluster.

Why Not Other Options:

One-node cluster in another availability zone: Not a valid DR solution as a single-node cluster cannot provide the required resilience and high availability.

Deploy a cluster across two availability zones: While this can enhance availability, it is not a typical approach for Nutanix clusters which are designed to operate within a single availability zone for simplicity and performance reasons.

Nutanix Cloud Clusters on AWS Administration Guide

Nutanix Disaster Recovery Best Practices

AWS Availability Zones and Disaster Recovery Documentation

asked 23/09/2024
Mina Shaker
45 questions

Question 26

Report
Export
Collapse

Exhibit.

Nutanix NCP-CI-AWS image Question 26 81220 09232024012944000000

An administrator is attempting, but failing to create an NC2 cluster in AWS. The administrator checks the configuration in the NC and notices the configuration shown in the exhibit.

What action should the administrator take to resolve the issue?

Recreate the AWS CloudFormation stack.
Recreate the AWS CloudFormation stack.
Create a new cloud account in the organization.
Create a new cloud account in the organization.
Restart Genesis on a Prism Central instance.
Restart Genesis on a Prism Central instance.
Grant the administrator's account access to the NC2 organization.
Grant the administrator's account access to the NC2 organization.
Suggested answer: B

Explanation:

The exhibit shows two cloud accounts, one for Azure and one for AWS, with their statuses indicated. The AWS cloud account status is marked as 'U' (which likely stands for 'Unavailable' or 'Unreachable'). This indicates that the AWS cloud account configuration is not properly connected or accessible.

Status Check:

The AWS cloud account is marked with an 'U' status, meaning it is not active or accessible.

This status prevents the creation of an NC2 cluster because the necessary cloud resources cannot be allocated or managed without a proper connection.

Action:

The best course of action is to create a new cloud account in the organization. This involves setting up the cloud account details correctly and ensuring it is properly configured to communicate with Nutanix and AWS.

Steps to Create a New Cloud Account:

Log in to the Nutanix console.

Navigate to the 'Organizations' section.

Select 'Add Cloud Account' and provide the required AWS credentials and permissions.

Ensure the new cloud account is active and correctly configured.

Nutanix Cloud Clusters on AWS Administration Guide

Nutanix Best Practices for Cloud Account Management

asked 23/09/2024
Jerry Manalo
32 questions

Question 27

Report
Export
Collapse

An administrator has been tasked with ensuring NC2 VMs are able to access AWS resources. The NC2 VM traffic must not traverse the internet.

in which two ways would the administrator achieve this? (Choose two.)

By using a Gateway Endpoint
By using a Gateway Endpoint
By using a NAT Gateway.
By using a NAT Gateway.
By using an Interface Endpoint
By using an Interface Endpoint
By using a VPC Peer.
By using a VPC Peer.
Suggested answer: C, D

Explanation:

To ensure that NC2 VMs can access AWS resources without traversing the internet, the administrator can use AWS VPC Peering and Interface Endpoints. Both methods ensure that traffic stays within the AWS network, maintaining security and efficiency.

Interface Endpoint:

Interface Endpoints allow you to privately connect your VPC to supported AWS services. They use AWS PrivateLink to route traffic directly to services within the AWS network, bypassing the public internet.

Steps:

Create an interface endpoint for the required service in the AWS VPC console.

Ensure the security groups and route tables are configured to allow traffic to the interface endpoint.

VPC Peering:

VPC Peering allows the routing of traffic between VPCs using private IP addresses, without the need for internet gateways, NAT devices, or VPN connections.

Steps:

Create a VPC peering connection between the VPCs.

Update the route tables to direct traffic between the peered VPCs.

Ensure security group rules allow the necessary traffic between VPCs.

AWS VPC Peering Documentation

AWS Interface Endpoint Documentation

Nutanix Cloud Clusters on AWS Administration Guide

asked 23/09/2024
Miguel Tuimil Galdo
40 questions

Question 28

Report
Export
Collapse

An administrator is tasked with adding an AWS account to the NC2 console. A requirement is to configure an AWS IAM user with the appropriate permissions.

Which permission must be assigned to the user?

lAMFullAccess
lAMFullAccess
lAMReadOnlyAccess
lAMReadOnlyAccess
AmazonEC2ReadOnlyAccess
AmazonEC2ReadOnlyAccess
AmazonEC2FullAccess
AmazonEC2FullAccess
Suggested answer: D

Explanation:

To add an AWS account to the NC2 console, an AWS IAM user needs to be configured with the appropriate permissions to manage the EC2 resources. The required permission for the IAM user includes full access to manage EC2 instances, volumes, and related resources.

AmazonEC2FullAccess:

This permission grants full access to all EC2 resources, including the ability to create, modify, and delete instances, volumes, security groups, and more.

Essential for NC2 operations to manage the lifecycle of EC2 instances and associated components within the AWS environment.

Why Not Other Permissions:

IAMFullAccess: Grants full access to IAM resources but not specifically needed for EC2 operations.

IAMReadOnlyAccess: Only provides read access to IAM resources, insufficient for managing EC2 instances.

AmazonEC2ReadOnlyAccess: Provides read-only access to EC2 resources, insufficient for creating or modifying instances and other resources.

AWS IAM Policies Documentation

Nutanix Cloud Clusters on AWS Administration Guide

Nutanix Best Practices for IAM User Permissions

asked 23/09/2024
Ariel Acosta
35 questions

Question 29

Report
Export
Collapse

An administrator has created an NC2 cluster on AWS, but the NC2 console has issued this alert:

Nutanix NCP-CI-AWS image Question 29 81223 09232024012944000000

Which two scenarios could have resulted in the cluster creation failure? (Choose two.)

Bad Terraform (TF) state in provisioning
Bad Terraform (TF) state in provisioning
Insufficient permissions
Insufficient permissions
No available AWS credits
No available AWS credits
AWS Quota exceeded/instance limit exceeded
AWS Quota exceeded/instance limit exceeded
Suggested answer: B, D

Explanation:

The error message in the image indicates that the cluster creation failed due to reaching the maximum retries for provisioning cluster nodes. Here are two possible scenarios that could lead to this issue:

Insufficient Permissions (Answer B):

If the AWS user or role used to create the cluster does not have sufficient permissions, it can result in failures during the provisioning process. Proper IAM policies must be attached to ensure that the necessary actions can be performed, such as launching instances, creating VPCs, or managing networking components.

AWS Quota Exceeded/Instance Limit Exceeded (Answer D):

AWS imposes quotas and limits on the number of instances and other resources that can be created within an account. If these quotas are exceeded, new instances cannot be provisioned, causing the cluster creation to fail. This can be resolved by requesting a quota increase from AWS.

Nutanix Knowledge Base Article 9774

AWS Service Quotas

Nutanix NC2 on AWS Documentation

asked 23/09/2024
Lars Bleckmann
41 questions

Question 30

Report
Export
Collapse

Administrator has recently deployed an NC2 cluster on AWS in the North Virginia region in availability zone us-east-id. The consuming IPS from a 10.78.2.0/24 range.

The AWS VPC has two available CIDR ranges:

10.78.0.0/16

10.19.101.0/24

The following subnet have been configured in the NC2 AWS VPC:

Nutanix NCP-CI-AWS image Question 30 81224 09232024012944000000

Which two subnet will show up in the Network configuration of the Prism Element Settings page? (Choose two.)

DR01
DR01
L2stretch
L2stretch
VDI
VDI
DR02
DR02
Suggested answer: A, B

Explanation:

For the NC2 cluster deployed in the North Virginia region (us-east-id), consuming IPs from the 10.78.2.0/24 range, the subnets configured within the same CIDR range of 10.78.0.0/16 will be recognized.

The subnet DR01 (10.78.2.0/24) is directly within the range of the deployed cluster.

The subnet L2stretch (10.19.101.0/24) is also configured in the NC2 AWS VPC, although not in the immediate range of the cluster, it may show up due to broader network configurations for stretched L2 operations.

Subnets VDI (10.78.130.0/22) and DR02 (10.79.120.0/24), although part of the same VPC, are not directly within the immediate CIDR range or may not be recognized in this specific configuration scenario.

Reference: Refer to the Nutanix documentation on NC2 AWS VPC subnet configurations and Prism Element settings for detailed guidelines on network visibility and configuration.

asked 23/09/2024
JEROME SANANES
40 questions
Total 75 questions
Go to page: of 8
Search

Related questions