Nutanix NCP-CI-AZURE Exam Questions
Questions for the NCP-CI-AZURE were updated on : Dec 01 ,2025
Page 1 out of 5. Viewing questions 1-15 out of 75
Question 1
Exhibit.
An administrator is trying to figure out why the NC2 cluster deployment in Azure failed.
Which issue might be the cause?
- A. The administrator has not specified a DNS server during deployment.
- B. The selected bare metal node type is not supported in the deployment region.
- C. DNS servers are not reachable from cluster management VNet.
- D. The company does not have sufficient NCI/AOS licenses.
Answer:
B
Explanation:
Error Message Analysis: The error message indicates that the node cannot boot successfully and will
be replaced with a new node. This points towards an issue related to the specific node type or
configuration.
Bare Metal Node Support: One common cause for such deployment failures is selecting a bare metal
node type that is not supported in the chosen deployment region. Azure has specific regions where
certain node types are available, and attempting to use an unsupported node type in a region can
result in provisioning failures.
Reference:
Nutanix KB 9768 for troubleshooting deployment issues: KB 9768
Azure Region Availability Documentation
Nutanix NC2 on Azure Deployment Guide
Question 2
An administrator deploys a new NC2 cluster in Azure in a new subscription. No VPN or Express Route
exists.
Which two actions will allow the administrator access to Prism Central to start the configuration?
(Choose two.)
- A. Deploy a Jump Host VM instance in an external VNet and peer the VNets.
- B. Deploy a Jump Host VM instance and NAT Gateway in an external VNet and peer the VNets.
- C. Deploy a Jump Host VM instance in the Prism Central VNet inside a delegated subnet.
- D. Deploy a Jump Host VM instance in the Prism Central VNet inside a non-delegated subnet.
Answer:
AC
Explanation:
Jump Host VM in External VNet with VNet Peering:
Deploy Jump Host VM: Deploy a VM in an external VNet that is not within the same network as Prism
Central.
VNet Peering: Establish VNet peering between the external VNet and the Prism Central VNet. This
allows the Jump Host to communicate with Prism Central securely.
Jump Host VM in Prism Central VNet Inside a Delegated Subnet:
Deploy Jump Host VM: Deploy the Jump Host VM directly in the Prism Central VNet within a
delegated subnet. This places the Jump Host in the same network environment as Prism Central,
allowing direct access.
Reference:
Azure VNet Peering Documentation
Nutanix NC2 Networking and Access Configuration Guide
Question 3
Which resource is capable of being connected to a private endpoint as it is not displayed on
delegated subnets?
- A. User VMs
- B. Prism Central
- C. Hosts
- D. CVMs
Answer:
B
Explanation:
Private Endpoint: Private Endpoints allow secure access to Azure services over a private network
connection. They do not typically appear on delegated subnets, which are used for specific Azure
services.
Prism Central Connectivity: Prism Central can be connected to a private endpoint to ensure secure
communication without exposing it to the public internet. This setup ensures secure and private
management of the Nutanix environment.
Reference:
Azure Private Endpoint Documentation
Nutanix NC2 Deployment and Security Guide
Question 4
NC2 Azure API calls are failing and MCM no longer shows telemetry or health of the cluster.
Where should the administrator look first?
- A. Check whitelisting of Outbound Communication
- B. Log into Prism and check alerts and notifications
- C. SSH into the NC2 Azure CVMs
- D. Check VPN/ExpressRoute
Answer:
A
Explanation:
Outbound Communication Whitelisting: For NC2 Azure API calls and telemetry data to function
correctly, certain outbound communications must be allowed. If these communications are not
whitelisted, API calls can fail, and telemetry or health data might not be reported correctly.
First Check: Given the symptoms (failing API calls and missing telemetry), the first step should be to
ensure that all necessary outbound communications are correctly whitelisted. This includes ensuring
that endpoints and services required for NC2 operation are accessible.
Reference:
Nutanix NC2 Networking Requirements
Azure Networking and Security Configuration Guide
Question 5
A nutanix User VPC named Servers has a subnet named Tier1:
Servers: 10.0.0.0/20
Tier1: 10.0.0.0/25
Tier is using floating IPS to allow inbound traffic to the web servers that are hosted for a payroll
system.
The company requires that the Network Security Group allow other Native Azure instances running
in subnet AD (10.20.0.0/24) in the Prism Central VNet to be able to contact the web servers.
Which statement is true regarding this company requirement?
- A. Native Azure instances \n the Prism Central vNet will be allowed access by default.
- B. The internal NIC of the Flow Gateway Network Security Group needs to allow to traffic from 1 10.20.0.0/24.
- C. The external NIC of the Flow Gateway Network Security Group needs to allow traffic from 10.20.0,0/24.
- D. Policy based routing in the Servers VPC must be edited to allow traffic from 10.20.0.0/24.
Answer:
B
Explanation:
Flow Gateway Network Security Group (NSG): NSGs control the traffic flow to and from network
interfaces associated with VMs and other resources. Configuring the NSG correctly is crucial for
ensuring that required traffic is allowed.
Internal NIC Configuration: To allow Native Azure instances in the Prism Central VNet (10.20.0.0/24)
to access the web servers in the Tier1 subnet, the internal NIC of the Flow Gateway must be
configured to allow traffic from 10.20.0.0/24. This ensures that inbound traffic from these instances is
permitted and properly routed to the web servers.
Reference:
Azure Network Security Group Documentation
Nutanix Flow Gateway Configuration Guide
Question 6
An administrator must ensure that certain NC2 VMs can access Azure resources. The NC2 VM traffic
must not traverse the internet.
How would the administrator achieve this?
- A. By creating an Azure Private Endpoint for VMs in a Delegated Subnet
- B. By creating an Azure Private Endpoint for VMs in a NAT network via vWAN.
- C. By creating an Azure Private Endpoint for VMs in a No-NAT network via vWAN.
- D. By creating an Azure Private Endpoint for VMs in the host-mgmt subnet.
Answer:
A
Explanation:
Azure Private Endpoint: A Private Endpoint provides secure connectivity to Azure resources by
enabling private access through the Azure backbone network. This ensures that the traffic does not
traverse the internet, providing enhanced security and performance.
Delegated Subnet: By creating an Azure Private Endpoint for VMs in a delegated subnet, the
administrator ensures that the VMs can access Azure resources directly and securely without using
the public internet.
Reference:
Azure Private Endpoint Documentation
Nutanix NC2 Networking Configuration Guide
Question 7
An organization want to use existing Azure resources to deploy NC2.
What is a valid requirement to use existing Azure resources for this task?
- A. More than two DNS servers must be used.
- B. A new Azure resource group must be created where all resources, such as VNets must be created.
- C. Azure NAT gateway must be attached to the cluster management Prism Central, and external Flow Gateway subnets.
- D. The fastpathenabled tag must be added after creating a NAT gateway.
Answer:
B
Explanation:
Resource Group Requirement: When deploying NC2 on Azure, it is essential to organize resources
such as VNets, subnets, and other components in a dedicated resource group. This helps in managing
and maintaining the resources efficiently.
New Resource Group: Creating a new Azure resource group ensures that all the necessary NC2
resources are isolated and managed together, avoiding conflicts with existing resources and
providing a clear separation for administration and billing purposes.
Reference:
Azure Resource Group Documentation
Nutanix NC2 Deployment Guide
Question 8
Which console must be used to deploy a Nutanix cluster on Azure?
- A. Prism Central Console
- B. NC2 Console
- C. Azure Console
- D. Prism Element Console
Answer:
B
Explanation:
NC2 Console: The NC2 console is specifically designed for deploying and managing Nutanix clusters
on Azure. It provides the necessary tools and interface to configure, monitor, and manage the NC2
clusters effectively.
Cluster Deployment: Using the NC2 console ensures that all configurations and integrations with
Azure are correctly handled, providing a seamless deployment experience.
Reference:
Nutanix NC2 Deployment Guide
Nutanix Console Documentation
Question 9
An administrator has noticed the company’s NC2 free trial expired 60 days ago.
What should the administrator do to continue using all of the NC2 features on existing clusters?
- A. Switch to a paid subscription plan.
- B. Nothing. The clusters will have full feature support.
- C. Contact the cloud vendor.
- D. Contact Nutanix support to redeploy the cluster.
Answer:
A
Explanation:
Free Trial Expiration: Once the NC2 free trial period expires, the administrator needs to switch to a
paid subscription plan to continue using all the features and functionalities provided by Nutanix NC2.
Paid Subscription Benefits: Transitioning to a paid subscription ensures uninterrupted access to NC2
features, support, and updates, maintaining the operational capabilities of the existing clusters.
Reference:
Nutanix Subscription and Billing Documentation
Nutanix NC2 Support and Subscription Guide
Question 10
Which statement best describes south bound traffic to a Nutanix User VPC originating outside the
BC2 cluster when using a no-NAT (routed path) having two or more Flow Gateways (FGW)?
- A. A BGP gateway runs on the CVM of the bare-metal hosts. The BGP gateway advertises externally routable IP addresses to the Azure Route Server, with each active FGW external IP address the next hop.
- B. A BGP gateway runs inside of Prism Central. The BGP gateway advertises externally mutable IP addresses to the Azure Route Server, with each active FGW external IP address as the next hop.
- C. A BGP gateway is deployed as Azure native VMs in the Prism Central VNet. The BGP gateway advertises externally routable IP addresses to the Prism Central, with each active FGW external IP address as the next hop.
- D. A BGP gateway is deployed as Azure native VMs in the Prism Central VNet. The BGP gateway advertises externally routable IP addresses to the Azure Route Server, with each active FGW external IP address as the next hop.
Answer:
D
Explanation:
BGP Gateway Deployment: The BGP gateway is deployed as Azure native VMs within the Prism
Central VNet. This deployment ensures seamless integration with Azure's networking infrastructure.
Route Advertisement: The BGP gateway advertises the externally routable IP addresses to the Azure
Route Server. This setup allows for dynamic routing and efficient traffic management.
Flow Gateways (FGW) as Next Hops: Each active Flow Gateway's external IP address is used as the
next hop. This configuration ensures that southbound traffic is correctly routed to the appropriate
Flow Gateway, providing efficient and reliable connectivity.
Reference:
Nutanix NC2 Networking Guide
Azure Route Server and BGP Documentation
Question 11
What action is performed in Azure when an instance is reported as being in a terminated state, but
NC2 expects it to be in a running state?
- A. NC2 restarts the AHV host.
- B. NC2 alerts the administrator that a manual replacement is required.
- C. NC2 automatically reconnects with the instance.
- D. NC2 condemns the host and triggers replacement of the host.
Answer:
D
Explanation:
Instance Termination Detection: When an instance in Azure is reported as being in a terminated state
but NC2 expects it to be running, the system will automatically take corrective actions.
Host Condemnation and Replacement: NC2 will condemn the host, marking it as unusable, and will
then trigger the replacement process to ensure that the cluster maintains its required capacity and
performance levels. This automatic handling ensures minimal disruption to the workloads running
on the cluster.
Reference:
Nutanix NC2 Automated Management Features
Azure Instance State Documentation
Question 12
What is the purpose of an organization in the NC2 console?
- A. To Link with a Public Cloud account
- B. To link with NC2 subscription plans
- C. To segregate clusters based on specific requirements
- D. To map the on-premises Prism Central environment
Answer:
C
Explanation:
Purpose of an Organization in NC2: In the NC2 console, an organization serves to manage and
segregate clusters based on specific requirements such as departmental needs, project goals, or
security policies.
Cluster Management: This segregation allows administrators to apply unique configurations,
permissions, and policies to different clusters within the same environment, providing flexibility and
control over resource allocation and management.
Reference:
Nutanix NC2 Console Documentation
Best Practices for Managing NC2 Clusters
Question 13
What will be observed in the NC2 cluster when terminating a node from the Azure portal?
- A. NC2 will shutdown the node.
- B. NC2 will continue re-provisioning the node.
- C. NC2 will terminate the node from the cluster.
- D. NC2 will mark the node as degraded.
Answer:
D
Explanation:
Node Termination Observation: When a node is terminated from the Azure portal, the NC2 cluster
will detect that the node is no longer operational.
Marking as Degraded: NC2 will mark the node as degraded, indicating that the node is not
functioning as expected. This status allows administrators to take necessary actions to resolve the
issue, such as provisioning a new node or addressing the degradation cause.
Reference:
Nutanix NC2 Cluster Management Guide
Azure Instance Termination Documentation
Question 14
Which interface must be used to deploy NC2?
- A. Foundation running in a Cloud Virtual Machine
- B. Cloud Provider portal
- C. NC2 Tile within the my.nutanix.com portal
- D. Prism Central Dashboard
Answer:
C
Explanation:
my.nutanix.com Portal: This portal provides access to various Nutanix services and features, including
the NC2 deployment interface.
NC2 Tile: The NC2 tile within the portal is specifically designed for deploying and managing Nutanix
Cloud Clusters. It provides the necessary tools and settings to initiate and configure NC2 clusters on
Azure or other cloud environments.
Reference:
Nutanix NC2 Deployment Guide
my.nutanix.com Portal Documentation
Question 15
An administrator is tasked with providing User VMs in Azure that are hosted within a Flow NAT
network outbound internet connectivity.
In which order would the traffic flow through each component?
- A. User VM >Flow Gateway > Floating IP Address > Azure NAT GW
- B. User VM >Floating IP Address > Flow Gateway > Azure LB
- C. User VM > Delegated Subnet > Flow Gateway > Floating IP Address > Azure LB
- D. User VM > Delegated Subnet > Flow Gateway > Floating IP Address > Azure NAT GW
Answer:
D
Explanation:
User VM: The initial source of the traffic within the Azure environment.
Delegated Subnet: Traffic from the User VM flows through the delegated subnet, which is configured
to handle specific network traffic.
Flow Gateway: The Flow Gateway manages and routes the traffic from the delegated subnet,
providing network services and connectivity.
Floating IP Address: The Flow Gateway assigns a floating IP address for the outbound traffic,
facilitating NAT operations.
Azure NAT Gateway: The traffic is then routed through the Azure NAT Gateway, which provides
outbound internet connectivity for the User VMs, ensuring secure and efficient routing.
Reference:
Azure Virtual Network NAT Documentation
Nutanix NC2 Configuration Guide