What is the purpose of the VMware Cloud on AWS Compute Gateway (CGW)?
Correct Answer:
B
Compute Gateway (CGW) The CGW is a Tier 1 router that handles network traffic for workload VMs connected to routed compute network segments. Compute gateway firewall rules, along with NAT rules, run on the Tier 0 router. In the default configuration, these rules block all traffic to and from compute network segments (see Configure Compute Gateway Networking and Security).
https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/vmc-on-aws-networking-security.pdf
An organization Is running multiple applications that span different public clouds. The cloud administrator is asked to perform budget management, cost reporting and cost forecasting from a single platform.
Which VMware Cloud service can the cloud administrator use to meet this requirement?
Correct Answer:
D
CloudHealth by VMware is a cloud cost governance platform that provides budget management, cost reporting, and cost forecasting from a single platform. It provides comprehensive visibility and control to manage cloud costs in hybrid and multi-cloud environments. CloudHealth by VMware also provides cost optimization, resource optimization, and real-time alerting capabilities to help organizations make
cost-effective decisions to reduce cloud costs.
In VMware Cloud, who is responsible for the encryption of virtual machines?
Correct Answer:
B
Customer responsibility “Security in the Cloud” – Customers are responsible for the deployment and ongoing configuration of their SDDC, virtual machines, and data that reside therein. In addition to determining the network firewall and VPN configuration, customers are responsible for managing virtual machines (including in guest security and encryption) and using VMware Cloud on AWS User Roles and Permissions along with vCenter Roles and Permissions to apply the appropriate controls for users.
The responsibility for the encryption of virtual machines in VMware Cloud lies with the customer. The customer is responsible for configuring and managing any encryption or security related settings and configurations in the virtual machines, such as disk encryption or the configuration of security protocols. The VMware Cloud Provider Partner (VCPP) is responsible for the overall security of the cloud
environment [1][2], including the encryption of data at rest, but the customer is responsible for configuring
and managing the encryption settings within their virtual machines.
Reference: https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws.encryption/
A customer is running a software-defined data center (SDDC) In the US-East-2 region and wants to connect the workload network segment to their on-premises data center and multiple company Amazon Virtual Private Clouds (VPCs) running In US-East-2.
Which connectivity option can they use to accomplish this?
Correct Answer:
C
To connect the workload network segment to their on-premises data center and multiple company Amazon VPCs running in US-East-2, the customer can use VMware Transit Connect. VMware Transit Connect is a service that provides secure connectivity between AWS and on-premises data centers or other clouds. It allows customers to connect and extend their networks to the AWS cloud with minimal effort and cost.
A cloud administrator needs to extend a network and requires that routing be handled at the source. Which network segment type does VMware HCX Network Extension create in the VMware Cloud
software-defined data center (SDDC) when extending the network?
Correct Answer:
B
https://docs.vmware.com/en/VMware-Validated-Design/services/sddc-extending-to-vmware-cloud-on-aws/GUI https://docs.vmware.com/en/VMware-HCX/4.5/hcx-user-guide/GUID-4052AC3F-9FFC-4FA2-ACB4-18B296
VMware HCX Network Extension creates a routed network segment type in the VMware Cloud
software-defined data center (SDDC) when extending the network. This routed segment is used to connect the on-premises environment with the VMware Cloud SDDC, allowing traffic to flow between the two. The other options (extended, private, and disconnected segments) are not created by Network Extension.
