Questions for the 2V0-17-25 were updated on : Dec 01 ,2025
An administrator is responsible for the management of a VMware Cloud Foundation (VCF)-based
private cloud. The environment is configured in the following ways:
A single Organization for VM Applications with 50 application development projects.
Relevant configuration for the FitnessTrackerApp project:
Project Administrators: FTA_Admins (Group)
Project Members: FTA_Developers (Group), FTA_LeadDevelopers (Group)
Provisioning Zone(s): vcf-wld-01
The administrator has been tasked with ensuring that the newly created catalog item (Mobile
Application Backend) is initially only visible to the Lead Developers of the FitnessTrackerApp project.
The administrator has already completed:
Logged into VCF Automation.
Updated the Content Source to include the Mobile Application Backend blueprint.
Which four additional steps must the administrator take to complete the objective? (Choose four.)
B, C, D, F
Explanation:
The VCF 9.0 Automation Guide – Content Sharing Policies describes how to control catalog item
visibility. Administrators create Content Sharing Policies to restrict which groups can see specific
catalog items.
Steps required for this scenario:
Create a new Content Sharing Policy (D): This policy governs catalog item access.
Add the catalog item to the new policy (B): The Mobile Application Backend blueprint must be
explicitly added.
Configure the scope as Project → FitnessTrackerApp (C): This ensures the catalog restriction applies
only within the FitnessTrackerApp project.
Add the FTA_LeadDevelopers Group (F): Grants visibility only to this group, fulfilling the requirement
that only Lead Developers initially see the item.
Incorrect options:
Deployment Limit Policy (A) controls resource limits, not catalog visibility.
FTA_Developers (E) should not be included, as the requirement is Lead Developers only.
Organization scope (G) would expose the item to all projects, which violates the requirement.
Thus, the administrator must configure a Content Sharing Policy, add the catalog item, scope it to the
FitnessTrackerApp project, and restrict it to the Lead Developers group.
Reference: VMware Cloud Foundation 9.0 – Automation Guide, Content Hub and Content Sharing
Policy sections.
What prerequisite must an administrator complete in VCF before configuring Provider Networking in
VCF Automation?
B
Explanation:
The VCF Automation Provider Networking Guide states:
“Before you can configure Provider Networking, an active Tier-0 (T0) Gateway must be created in
NSX Manager and associated with the Provider region.”
This gateway provides external routing and forms the foundation for VPC and tenant networking.
Creating a T0 at the Organization level (A) is not correct—organizations consume Provider
networking but do not create T0s. vDS in Provider Management (C) or vCenter (D) is unrelated to
NSX-based provider networking.
Thus, the required prerequisite is: Create a T0 Gateway in NSX Manager.
An administrator is tasked with deploying several VMware ESX hosts in a new VMware environment.
The administrator wants to understand the general flow of a manual ESX installation and setup
process in VMware Cloud Foundation (VCF).
What are the stages of the ESX deployment process?
C
Explanation:
The VMware Cloud Foundation 9.0 Deployment Guide and the vSphere 9.0 Installation and Setup
documentation describe the standard manual ESXi installation workflow. The steps are as follows:
Boot from installation media: The host is started from the ESXi ISO image, either via physical media,
virtual media through iLO/iDRAC, or PXE boot.
Select target disk: During setup, administrators select the disk or device where ESXi will be installed.
Configure management network: After installation, the Direct Console User Interface (DCUI) is used
to set up basic network parameters for the management interface (IP address, DNS, gateway).
Set root password: A secure root password is set to complete the initial setup of the host.
The documentation makes it clear that these steps form the foundation before the host can be
discovered and commissioned by SDDC Manager in VMware Cloud Foundation.
Option A is incorrect because the VCF Installer is not used for installing ESXi; it is used for deploying
management domains and workload domains.
Option B includes “Join vCenter,” which happens after commissioning, not during installation.
Option D is incorrect since vCenter Server is installed later, not during the ESXi manual setup.
Therefore, the correct stages of manual ESXi installation are: Boot media → Select disk → Configure
management network → Set root password.
Reference:
VMware Cloud Foundation 9.0 Deployment Guide – ESXi Host Preparation section.
VMware vSphere 9.0 Installation and Setup Guide – “Installing ESXi” and “Configuring the Direct
Console User Interface (DCUI).”
An administrator has been tasked with showing the average health of all virtual machines (VMs) in a
VMware Cloud Foundation (VCF) fleet.
The following information has been provided:
All clusters are connected to the same VCF Operations instance.
The Virtual Machines in scope are located across different clusters in the same VCF instance.
What should the administrator create to meet the stated objective?
B
Explanation:
The VCF 9.0 Operations Guide – Metrics and Super Metrics explains that super metrics are used
when administrators need to aggregate or compute new values from existing metrics. Super metrics
can be applied across multiple objects, such as aggregating the health score of all VMs in a fleet.
The documentation states:
“A super metric is a user-defined formula that calculates a value derived from one or more existing
metrics. Super metrics can be applied across objects to provide aggregate insights such as averages
or totals.”
Dashboard (A): Dashboards can display metrics but cannot compute new aggregated values on their
own.
Symptom (C): Used to define conditions that trigger alerts, not to compute average health values.
Alert (D): Alerts notify administrators of issues but do not calculate averages across many VMs.
Therefore, to display the average health score of all VMs across multiple clusters, the administrator
must create a super metric and then visualize it in a dashboard.
Reference: VMware Cloud Foundation 9.0 – Operations Guide, Super Metrics section (aggregating
and computing metrics across objects).
An administrator has been tasked with providing audit information from VMware Cloud Foundation
(VCF) such as logins and configuration changes in VCF Operations. What must be configured to
provide the required information?
B
Explanation:
The VCF 9.0 Logging and Auditing Guide explains that audit information—including user logins,
configuration changes, and API requests—is collected and made searchable through VCF Operations
for Logs. The extract states:
“VCF Operations for Logs provides centralized log aggregation and auditing for all VCF services,
including audit trails of logins and configuration changes.”
Option A (audit logs per instance) is unnecessary because auditing is centralized. Option C (Enable
Audit Events) is not a standalone step; it is a capability surfaced through Logs. Option D (Event logs in
vCenter) covers only vCenter, not fleet-wide audit trails. Therefore, the correct step is to integrate
VCF Operations for Logs.
An administrator has deployed a VMware Cloud Foundation (VCF) environment and needs to
monitor the health of the environment. Which three components can be monitored using VCF Health
in VCF Operations? (Choose three.)
B, C, F
Explanation:
The VCF Health feature “provides a central location for monitoring the health of your environment,”
including the ability to track “vCenter Server instances,” “ESXi hosts,” and “NSX deployments.”
Health monitoring includes connectivity, configuration, and critical services status, surfacing alerts
for remediation. The documentation’s scope statements make clear that VCF Health targets the
infrastructure components—vCenter, ESXi, and NSX—rather than the VCF Operations applications
themselves (for example, Fleet Management or Logs). Therefore, the correct monitored components
are ESX hosts, vCenter Server, and NSX.
An administrator is tasked with creating a custom dashboard for the security team. The team has the
following requirements:
Monitor the CPU, memory, and disk usage across all Virtual Machines (VMs) in a workload domain.
Export the data to CSV.
Which custom view in VMware Cloud Foundation (VCF) Operations meets these requirements?
C
Explanation:
The VCF 9.0 Operations Guide – Views and Reports explains the four types of views available for
custom dashboards:
Object Relationship View: Displays dependencies and hierarchy between objects (for example, VMs,
hosts, datastores) but does not provide exportable tabular data.
Scoreboard View: Provides a high-level KPI visualization of a few key objects but is not intended for
large tabular exports.
List View (Correct): Displays tabular data across many objects, such as CPU, memory, and disk metrics
for VMs. The guide states: “List views are useful when you want to compare metrics across multiple
objects and can be exported to CSV for further analysis.”
Trend View: Focuses on historical data and growth over time, but export to CSV is not its primary
purpose.
Because the security team requires both tabular comparison of VM resource usage and the ability to
export the data to CSV, the List View is the only option that meets both requirements.
Reference: VMware Cloud Foundation 9.0 – Operations Guide, “Working with Views” (List View
supports tabular data and CSV export).
===========
Which component is used to provision Kubernetes workload clusters?
B
Explanation:
VCF 9.0 describes the VKS architecture and explicitly notes: “The Cluster API provides declarative,
Kubernetes-style APIs for cluster creation, configuration, and management.” Inputs include resources
describing the cluster, VMs, and add-ons. Provisioning flows also present ClusterClass/Cluster API as
the supported “cluster type” when creating a Kubernetes cluster via self-service. These extracts
confirm that Cluster API is the foundational component used by VMware Kubernetes Service (VKS)
on vSphere Supervisor to bootstrap and manage Kubernetes workload clusters in VCF 9.0.
===========
A security team informed an administrator that a VMware vCenter root password was compromised.
As a precaution, the password was changed directly in vCenter. What should an administrator do to
regain management capability of this vCenter by VCF Operations?
D
Explanation:
The documentation clarifies the scenario when a password is changed outside of VCF Operations:
“When an error occurs, for example after a password expires, you must manually reset the password
in the component product. After you reset the password in a component, you must remediate the
password in VCF Operations.” “Password Rotation” is different—it “allows you to orchestrate the
rotation” of stored credentials (a planned, VCF-driven change), not reconcile an externally altered
password. Therefore, after the direct password change in vCenter, the correct recovery step in VCF
Operations is to use Remediate password to synchronize credentials and restore management from
VCF Operations.
===========
An administrator needs to scale out the VMware Cloud Foundation (VCF) Automation node from a
small to a medium form factor. The environment is currently deployed using the Simple VCF
Automation Model. Which action should the administrator take to achieve this?
D
Explanation:
VCF 9.0 states for the Simple Automation model: “Single node… Applies to Small… Can be scaled out
to the high availability model by resizing the node to Medium or Large, which also forces the scale
out to 3 nodes.” In addition, the Day-N procedure confirms the action is a Scale (scale-out) operation:
“Scale VCF Automation… choose a larger target deployment type such as Medium or Large…” and
provide “Additional VIPs” and a “Cluster Node IP Pool” (Medium requires a minimum of four IPs),
then submit the scale out request. Therefore, moving from Small (Simple) to Medium necessarily
transitions to the High Availability (3-node) model rather than remaining a single medium node. This
aligns the form factor with the documented model behavior and the fleet management workflow.
===========
What is the required update interval for VMware Cloud Foundation (VCF) licenses in connected
mode to maintain the entitlement?
B
Explanation:
VCF 9.0 licensing is managed through VCF Operations and the VCF Business Services console. The
product requires periodic license updates even in connected mode. The documentation states
explicitly: “You must update your licenses at least once every 6 months (180 days). If license usage
data is not submitted… your licenses are treated as expired, your hosts are disconnected from the
vCenter instance, and you cannot start any workload operations.” This language is repeated in the
Licensing Overview and Upgrade/Registration sections, confirming the 180-day requirement applies
to both connected and disconnected modes (in connected mode usage submission is automated, but
you still must perform an update action). Therefore, the correct interval is 180 days.
Reference: VCF 9.0 Licensing – “Update Licenses in Connected Mode” and Licensing Overview
(update cycle and consequences).
An administrator has been tasked to create a new cluster in an existing VMware Cloud Foundation
(VCF) instance. The hosts within the cluster have different generation Intel processors.
What feature must be configured on the cluster to ensure VMware Distributed Resource Scheduler
(DRS) is able to automatically move Virtual Machines within the cluster?
D
Explanation:
The vSphere 9.0 Resource Management Guide describes Enhanced vMotion Compatibility (EVC) as
the mechanism that masks CPU instruction set differences across ESXi hosts, presenting a consistent
baseline to VMs.
The documentation states:
“EVC ensures vMotion compatibility across hosts with different CPU generations by exposing a
uniform set of CPU features to all virtual machines in the cluster.”
vSphere Fault Tolerance (A): Provides continuous availability for individual VMs but does not address
CPU instruction compatibility.
vSphere Availability (B): Refers to HA (High Availability) which handles VM failover, not CPU feature
alignment.
Host Affinity Rules (C): Control placement of VMs but cannot solve compatibility between mixed CPU
generations.
Enhanced vMotion Compatibility (D): Specifically addresses the requirement for vMotion and DRS
across mixed CPU generations, making it the correct answer.
Reference: vSphere 9.0 – Enhanced vMotion Compatibility (EVC) Overview and Configuration.
An administrator is tasked to monitor business-critical Virtual Machines (VMs) within a VMware
Cloud Foundation (VCF) fleet.
The following requirements must be met:
The existing policy named "Organization Policy" must be used for the entire environment.
Only business-critical VMs must be assigned additional metrics.
Business-critical VMs will be organized based on a naming schema.
Which three steps must an administrator complete to satisfy the requirements? (Choose three.)
B, C, F
Explanation:
The VCF 9.0 Operations Policies Guide explains how to extend and scope monitoring policies:
Create a child policy under the existing Organization Policy (C): Policies can inherit settings from
parent policies. By creating a child policy under Organization Policy, administrators can apply
additional metrics without overriding global policies.
Create a Custom Group (F): Custom Groups allow dynamic membership based on naming
conventions or criteria. In this case, business-critical VMs can be grouped automatically by naming
schema.
Assign the Custom Group to the new child policy (B): This ensures that the additional metrics only
apply to the business-critical VMs in the Custom Group.
Incorrect options:
Custom Datacenters (A, D) are not required; the grouping requirement can be met with Custom
Groups.
Creating the policy under Base Settings (E) would apply globally rather than inheriting from the
Organization Policy.
Reference: VMware Cloud Foundation 9.0 – Operations Guide, Custom Groups and Policy
Inheritance.
An administrator is tasked with creating a new VLAN-backed segment in a VMware Cloud Foundation
(VCF) environment to provide connectivity for a group of Virtual Machines (VMs). Which two actions
must the administrator take when creating a VLAN-backed segment in NSX Networking? (Choose
two.)
B, E
Explanation:
To create a VLAN segment in NSX, you must create it in a VLAN transport zone and provide a VLAN ID.
The NSX documentation states you “set up VLAN transport zones to… connect VLAN segments,” and
when creating a VLAN-backed segment you select the VLAN transport zone. The segment creation
flow shows “Segment Type: VLAN” with required “VLAN ID” entry and transport zone selection;
gateways are not required to merely create a L2 segment. Default gateway IP and Tier-1 attachment
are applicable for routed (overlay/T1) use cases, not mandatory for a basic VLAN L2 network;
segment profiles can be applied but are not required to create the segment. Thus, the two required
actions are selecting the VLAN transport zone and specifying the VLAN ID.
Reference: NSX Networking in VCF 9.0 – Transport Zones & VLAN Segment creation.
Which three statements are characteristics of a VMware Cloud Foundation (VCF) private cloud?
(Choose three.)
B, C, F
Explanation:
VCF provides integrated automation and orchestration for Day 0–2 operations, including networking:
VCF is a “full-stack IaaS” with “automation and orchestration to simplify Day 0, Day 1, and Day 2
tasks.” VCF supports modern apps: users can provision “VMs” and “Kubernetes workloads” from self-
service services, proving both VM and container support. Multi-tenancy with strong isolation is
native: Organizations are “secure and isolated” boundaries; All Apps organizations run “virtual
machines (VMs), Kubernetes… multiple tenants with secure infrastructure isolation.”
Incorrect choices: VCF is not limited to vSAN only (supports VMFS/NFS/CNS as documented
elsewhere) and does not rely on manual scalability—automation is core. Compliance is provided
within the private cloud, not only by a CSP.
Reference: VCF 9.0 Overview & Capabilities (What Is VCF), Organizations & Isolation, All Apps
organizations.