Nutanix NCP Exam Dumps & Practice Test Questions

Question 1:

An administrator must run Microsoft Exchange and Microsoft SQL workloads on a shared infrastructure while ensuring each has guaranteed and isolated storage capacity. What is the most effective way to achieve this?

A. Set a capacity reservation within a single container
B. Create two separate containers with reserved capacity for each
C. Use a single container with compression enabled
D. Reserve space for individual vDisks across two containers

Answer:  B

Explanation:

When hosting critical applications such as Microsoft Exchange and Microsoft SQL Server on the same infrastructure, ensuring performance isolation is essential. These applications have different I/O profiles—SQL tends to produce high random I/O with intensive writes, whereas Exchange often exhibits more sequential access patterns. Running them together without proper resource separation can result in resource contention and performance degradation.

In a Nutanix environment, containers serve as logical segments within a storage pool, allowing administrators to define performance and data services policies. By using two containers, one for each workload, the administrator gains the ability to independently manage performance, capacity reservations, and features such as deduplication or compression per workload.

Choosing Option A—a single container with a reserved capacity—does not meet the goal of workload isolation, as both applications would draw from the same reserved space, potentially affecting each other's performance during peak usage.

Option C, enabling compression, may reduce storage consumption but does not guarantee storage isolation or capacity assurance.

Option D, reserving space at the vDisk level, provides more granular control but lacks the high-level management benefits that containers offer. Containers allow broader data services configuration and centralized management, making them a better choice for this use case.

Therefore, Option B is the most effective approach. By assigning separate containers with reserved capacity for Exchange and SQL, each workload gets guaranteed storage availability, ensuring consistency and reliability. This setup minimizes performance issues caused by resource contention and makes future scaling and performance tuning more manageable. Additionally, this method aligns with best practices for managing mixed workload environments in hyperconverged infrastructure.

Question 2:

In an environment configured with a single domain and forest, and without SSL encryption, which port should an administrator use to establish a connection with the LDAP server?

A. 389
B. 3269
C. 636
D. 3268

Answer: A

Explanation:

LDAP (Lightweight Directory Access Protocol) is widely used in enterprise environments for directory services and authentication. The port used for LDAP depends on two main factors: whether SSL encryption is enabled, and whether the queries need to access the Global Catalog (GC) for cross-domain searches.

In the given scenario—a single domain, single forest setup without SSL—the appropriate choice is port 389, which is the default for unencrypted LDAP communication. This port allows standard LDAP operations like user authentication, group enumeration, and directory browsing within the domain.

Option B (port 3269) and Option D (port 3268) are used for Global Catalog services. These ports become relevant when performing directory searches that span multiple domains. Port 3268 is used for unencrypted GC queries, while 3269 is reserved for SSL-encrypted GC access. Since the setup in the question involves a single domain and does not require Global Catalog access, these ports are unnecessary.

Option C (port 636) is used for LDAPS, the secure version of LDAP over SSL/TLS. Because the scenario explicitly states that SSL is not enabled, using this port would not establish a successful connection.

Therefore, port 389 is the correct choice for connecting to the LDAP server in this environment. It supports basic directory lookups and authentication tasks efficiently within the constraints described. However, in real-world deployments—especially those involving sensitive data or external-facing services—LDAP over SSL (LDAPS) using port 636 is recommended to ensure encrypted communication.

This understanding of LDAP port usage is crucial for administrators when configuring directory-based authentication or integrating third-party systems. Correct port selection ensures reliable connectivity and helps avoid unnecessary configuration errors.

Question 3:

What is the recommended best practice when configuring a network bond within a Nutanix cluster?

A. Combine NICs of varying speeds into a single bond
B. Set the bond to operate using LACP
C. Use network interfaces of identical speeds in the bond
D. Leave the bond configuration at its post-installation default

Answer: C

Explanation:

When setting up a bonded network interface in a Nutanix cluster, the most important best practice is to ensure all the NICs (Network Interface Cards) included in the bond operate at the same speed. This approach ensures network consistency, avoids congestion, and optimizes load balancing across the interfaces.

Bonding NICs that have different speeds—like mixing a 1 Gbps NIC with a 10 Gbps NIC—can create serious performance issues. In such cases, traffic may not be evenly distributed, leading to unpredictable behavior, bottlenecks, or even dropped packets. This is because the network bonding logic generally assumes uniform performance across all interfaces. If that assumption is violated, it may either overload the slower NIC or underutilize the faster one.

Option A is incorrect because combining different-speed NICs undermines network stability. Instead of improving performance, it introduces inconsistencies in throughput and latency.
Option B mentions LACP (Link Aggregation Control Protocol), which is useful for dynamic bonding and active-active traffic distribution. However, its effectiveness depends heavily on switch compatibility and specific deployment goals. It’s a viable strategy, but not a universal best practice for all Nutanix configurations.
Option D suggests keeping the default bond settings. Nutanix often sets up an active-backup bond by default, which offers failover protection but no load balancing. This may not meet the performance requirements of all environments and should be reviewed during implementation.

Overall, using same-speed NICs ensures optimal performance, reduces troubleshooting complexity, and aligns with Nutanix’s recommended network configuration guidelines for production environments.

Question 4:

A customer sets up a firewall VM with two network interfaces to secure a group of VMs in Nutanix. Despite proper software and certificate installation, external users can't access the application.

What is the most likely root cause?

A. All VMs must use a shared volume group
B. VMs cannot have more than one NIC
C. One NIC hasn’t been set to use the internal VLAN
D. The NAT VM is running Wireshark

Answer: C

Explanation:

The described issue most likely stems from a network misconfiguration involving VLANs. In a common firewall setup within a Nutanix cluster, the firewall VM uses two NICs: one connected to an external or public network and the other to an internal or private VLAN. This design enables traffic to be routed securely between public users and protected internal services.

If external users cannot access the application, it suggests that traffic isn’t reaching the internal VMs. This often happens when the NIC assigned to the internal network isn't properly configured or isn't assigned to the correct VLAN. Without proper VLAN tagging, the firewall VM cannot route traffic between the internal network and the outside world, effectively blocking access.

Option C correctly identifies this oversight. Ensuring that the internal NIC is bound to the appropriate VLAN allows the firewall to pass traffic to and from internal VMs.

Option A is incorrect because shared volume groups relate to block storage for virtual disks and have no role in VM network isolation.
Option B is also incorrect; Nutanix fully supports multiple NICs per VM, which is standard for firewalls and routers that bridge multiple networks.
Option D is misleading; while Wireshark is a packet analysis tool that can inspect traffic, it doesn’t interfere with routing or connectivity. Its presence on a VM would not, on its own, prevent access to applications.

Proper VLAN assignment and verification of NIC configurations are essential when implementing network isolation or firewall-based segmentation in Nutanix environments. Failure to do so often results in the kind of connectivity issues described here.

Question 5

When Nutanix Files is initially set up, how many File Server Virtual Machines (FSVMs) are provisioned by default?

A. 1
B. 2
C. 3
D. 5

Correct Answer: C

Explanation:

During the standard deployment of Nutanix Files (previously referred to as Acropolis File Services or AFS), the system automatically provisions three File Server Virtual Machines (FSVMs). This three-node setup is not arbitrary—it’s designed to provide high availability, fault tolerance, and balanced performance from the outset.

Each FSVM is deployed on a separate host within the Nutanix cluster. They collaborate as part of a distributed file system that handles file sharing, redundancy, and load distribution. This architecture is integral to Nutanix’s focus on resilience and operational continuity, particularly in production environments where uptime is critical.

Let’s evaluate the other options:

• Option A (1 FSVM): Deploying a single FSVM would introduce a significant risk—a single point of failure. This goes against Nutanix’s principles of redundancy and high availability.

• Option B (2 FSVMs): While better than one in terms of fault tolerance, two FSVMs still lack the optimal level of quorum-based decision-making and failover capabilities that a triad model provides.

• Option D (5 FSVMs): While larger deployments can scale to five or more FSVMs for additional capacity and performance, this is not part of the default configuration. More FSVMs are typically added based on custom requirements or performance demands.

In summary, Nutanix sets up three FSVMs by default because this setup provides the minimal viable unit for both high availability and cluster-wide distribution of services. This design ensures that even if one FSVM fails or is under maintenance, the remaining two can continue to serve clients with minimal disruption.

Question 6:

Which two network-related conditions are essential for successful live VM migration between AHV hosts in a Nutanix cluster? (Choose two.)

A. All AHV hosts must have IP addresses within the same subnet
B. All AHV hosts must belong to the same VLAN
C. All virtual machines must have IP addresses within the same subnet
D. All virtual machines must be assigned to the same VLAN

Correct Answers: A, B

Explanation:

Live migration is a feature in Nutanix’s Acropolis Hypervisor (AHV) that allows administrators to move virtual machines (VMs) from one physical host to another without interrupting services. For this to work seamlessly, certain network prerequisites must be met to support the movement of active workloads.

First, option A is correct. All AHV hosts must have IP addresses within the same subnet to simplify Layer 2 communication. Being in the same subnet ensures direct, efficient communication without the need for complex routing, which is essential during memory and state transfers in a migration operation. This alignment reduces latency and minimizes the risk of communication errors or packet loss.

Second, option B is also a requirement. All AHV hosts need to be on the same VLAN to ensure that migration traffic—especially data related to VM state, CPU registers, and memory—flows unimpeded between hosts. A consistent VLAN ensures that the broadcast domain is uniform across all hypervisors, enabling reliable transmission and reception of live migration traffic.

In contrast, option C is incorrect because the IP addresses of the VMs themselves are irrelevant to the live migration process. VM migration is handled at the hypervisor level and does not depend on the guest operating system’s IP configuration.

Option D is also not required** for live migration to succeed. Although keeping VMs on the same VLAN may benefit network organization and performance from a guest OS perspective, it does not affect the ability of AHV to perform the migration itself.

In conclusion, live migration depends primarily on hypervisor-level network consistency, specifically between the physical hosts. Ensuring that all AHV hosts share the same subnet and VLAN forms the foundation for reliable and interruption-free migration operations in a Nutanix environment.

Question 7:

What protocol should an administrator implement to secure access to volumes using password-based authentication?

A. iSER
B. SAML
C. CHAP
D. LDAP

Correct Answer: C

Explanation:

In a Nutanix environment where volumes are accessed using block storage protocols like iSCSI, it's vital to secure those connections to prevent unauthorized access. When password-based authentication is required for such access, the most appropriate and widely used protocol is CHAP—Challenge-Handshake Authentication Protocol.

CHAP provides security by implementing a challenge-response mechanism. Instead of transmitting the password in plain text, it uses a hashed version of the password combined with a server-issued challenge. This method ensures that sensitive information, like the user's password, is not exposed during transmission. Additionally, CHAP protects against replay attacks and verifies the identity of the client attempting to access the storage volume. In Nutanix deployments, CHAP can be configured either per target or per initiator, allowing flexible and secure authentication for hosts.

Option A, iSER, refers to iSCSI Extensions for RDMA, which is a high-performance transport protocol that enhances data transfer by using RDMA technology. However, it does not deal with authentication mechanisms and is unrelated to password-based access control.

Option B, SAML, is a protocol used primarily in web-based authentication and federated identity management. It is ideal for single sign-on (SSO) scenarios but not applicable to low-level block storage authentication.

Option D, LDAP, is used for directory services and user information lookups. While LDAP can play a role in managing users or authenticating administrative access in certain environments, it is not designed to secure iSCSI volume access.

To summarize, when the goal is to enforce password-based security for volume access—especially over iSCSI—CHAP is the correct protocol to use. It provides the necessary authentication without exposing credentials and aligns with best practices for securing storage in enterprise environments.

Question 8:

When deploying a one-node Remote Office/Branch Office (ROBO) cluster, which statement accurately reflects a valid requirement or feature of this setup?

A. The Controller VM must have 8 vCPUs and 20 GB RAM
B. Supported hardware includes NX-1175S-G5 and NX-1175S-G6
C. The minimum Recovery Point Objective (RPO) is 8 hours
D. A Witness VM is necessary to maintain quorum during a failure

Correct Answer: B

Explanation:

One-node ROBO clusters are designed for remote or branch locations that require minimal infrastructure while still offering core Nutanix functionality. These setups are commonly used in environments where space, power, and administrative resources are limited. The goal is to deliver virtualized workloads and storage services in a compact, manageable footprint.

Option B is correct because Nutanix officially supports hardware models NX-1175S-G5 and NX-1175S-G6 for one-node ROBO deployments. These platforms are built to run the Nutanix Acropolis Operating System (AOS) efficiently within small physical constraints. Using these certified platforms ensures that customers receive proper support and can leverage the latest software features in a reliable manner.

Option A is incorrect. While CVM (Controller VM) sizing can vary, one-node ROBO configurations are intentionally lightweight. Allocating 8 vCPUs and 20 GB of RAM would be excessive and inefficient for such setups. Nutanix generally recommends lighter resource allocations to accommodate limited host capabilities.

Option C incorrectly claims the minimum RPO is 8 hours. In reality, Nutanix offers asynchronous replication that can achieve RPOs as low as 1 minute, depending on the configuration. This flexibility allows organizations to tailor their disaster recovery strategies to their specific business needs, minimizing potential data loss.

Option D incorrectly suggests that a Witness VM is mandatory. In multi-node clusters—especially two-node configurations—a Witness VM helps maintain quorum to prevent split-brain scenarios. However, in a single-node setup, the concept of quorum doesn’t apply in the same way. A Witness VM is not required for one-node ROBO deployments.

In conclusion, the only valid and accurate statement is that NX-1175S-G5 and NX-1175S-G6 are supported hardware platforms for one-node ROBO clusters. This makes Option B the correct answer.

Question 9:

After receiving an automated alert email that a system health check has failed in a Nutanix environment, what is the most effective step the administrator should take to investigate the issue further?

A. Log into the Prism Web Console and follow the link provided in the alert
B. Re-run the health check by executing the ncc command on the Controller VM (CVM)
C. Send the alert email to Nutanix Support and wait for their feedback
D. Use the ncli command from the CVM to manually check the health status

Correct Answer: B

Explanation:

In a Nutanix cluster, maintaining system stability and performance depends on constant health monitoring. One of the primary tools for diagnostics in such environments is the Nutanix Cluster Check (NCC). When an automated email alert reports a health check failure, it usually indicates an underlying issue that needs immediate attention.

The best course of action in such a situation is to manually re-run the NCC health check from the Controller VM’s command line interface (CLI). This is because the ncc utility performs an in-depth assessment of all cluster components—ranging from storage and network configurations to hypervisor health and system services. It categorizes results into PASS, FAIL, or WARNING, allowing the administrator to narrow down the problem based on logs and error details. This makes Option B the most efficient and direct troubleshooting method.

Option A, which involves using the Prism Web Console, might give an overview, but not every alert provides a direct link, and those that do often lead to a general dashboard rather than specific diagnostics.

Option C, forwarding the email to Nutanix Support, could eventually lead to a resolution but introduces unnecessary delays. Nutanix support typically expects administrators to perform basic diagnostic steps, like running NCC, before engaging further.

Option D, using ncli, is inappropriate for this context. The ncli command is primarily used for cluster management operations like configuring networking or VMs—not for running system health checks. It lacks the detailed health analytics and output that ncc provides.

In conclusion, to diagnose and potentially resolve the problem efficiently, manually executing the NCC tool from the CVM is the most appropriate and powerful step—making B the correct answer.

Question 10:

In a Nutanix cluster that is configured with Replication Factor 2 (RF2), what is the likely outcome if two drives on different nodes fail within the same storage tier?

A. Some virtual machine (VM) data might become permanently lost
B. Data loss is avoided if the nodes have more than one SSD
C. Some VMs may temporarily reboot but retain data access
D. No VM data loss will occur because of the RF2 configuration

Correct Answer: A

Explanation:

In Nutanix environments, Replication Factor (RF) refers to how many copies of data are maintained across the cluster for redundancy. RF2 means that each piece of data is stored in two separate locations, typically across different nodes, to ensure high availability in case of hardware failures.

However, this replication strategy assumes that only one failure occurs at a time. When two drives fail on different nodes within the same storage tier, the replication integrity is at risk. If both drives happened to hold the only two replicas of a data block, that block is lost—making data loss a real possibility.

Therefore, Option A is the correct answer. Even though RF2 is designed to tolerate one failure, two simultaneous drive failures across nodes can cause irrecoverable data loss if they affect both copies of the same data.

Option B is incorrect because having multiple SSDs in a node doesn't prevent data loss in this scenario. The failure risk here is inter-node, not intra-node. Even with redundant SSDs, if both replicas are on the failed drives across two nodes, data is still lost.

Option C implies temporary inaccessibility or VM reboot, which can occur in some failure scenarios, but in this particular case, we’re talking about actual data loss, not just service disruption. If the data is gone, the VMs won’t be able to access it, no matter how many times they reboot.

Option D wrongly assumes that RF2 alone guarantees no data loss. This is only true when a single point of failure occurs. Two separate drive failures, especially if unluckily aligned with the replica locations, can defeat the RF2 protection.

In summary, while RF2 provides basic fault tolerance, it cannot withstand multiple simultaneous failures that affect both replicas. That’s why Option A is the accurate choice—it recognizes the potential for VM data loss in this failure scenario.