Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. VMware
  5. 2V0-21.23

VMware 2V0-21.23 Exam
VMware vSphere 8.x Professional (Page 3 )

Updated On: 30-Jan-2026
Page 3 of 22
PDF with 110 Questions

An administrator is investigating user logon failures for a VMware vCenter instance Where can the administrator find log files containing information related to user login activities?

  1. On the vCenter Management Interface
  2. On the ESXi host using the Direct Console User Interface (®)
  3. On the vCenter Server Appliance
  4. In the vSphere Client when viewing the vCenter virtual machine

Answer(s): C

Explanation:

The administrator can find log files containing information related to user login activities on the vCenter Server Appliance, which is a preconfigured Linux-based virtual machine that runs all vCenter Server services. The log files are located in /var/log/vmware/vmware-vpx/vpxd.log and /var/log/vmware/sso/ssoAdminServer.log directories.


Reference:

https://docs.vmware.com/en/VMware-
vSphere/8.0/com.vmware.vsphere.troubleshooting.doc/GUID-5F9A7E49-5F9E-4F8A-BE6A- CAC5EE8E3734.html



An administrator is tasked with allowing a single user the ability to take snapshots on a virtual machine. When looking in vCenter, the administrator can see that there are already users and groups assigned permissions on the virtual machine as follows:

- The group VMJJsers has the Virtual Machine Power User role.
- The group VM_Viewers has the Read Only role.

The administrator confirms that the user requesting the additional access is currently one of five members of the VM_Viewers group.

Which two steps should the administrator take to grant this user the additional access required without impacting the user access of others? (Choose two.)

  1. Add the user to the VM_Users group and leave the permissions on the virtual machine object unchanged
  2. Add a new permission on the virtual machine object selecting the user and the new custom role.
  3. Edit the Read Only role to add the Virtual Machine Snapshot Management privileges.
  4. Create a new custom role with the Virtual Machine Snapshot Management privileges.
  5. new permission on the virtual machine object selecting the VM_Viewers group and the new custom

Answer(s): B,D

Explanation:

The administrator should create a new custom role with the Virtual Machine Snapshot Management privileges, which allows the user to create, delete and revert snapshots. The administrator should then add a new permission on the virtual machine object selecting the user and the new custom role, which grants the user the additional access required without affecting other users or groups.


Reference:

https://docs.vmware.com/en/VMware-
vSphere/8.0/com.vmware.vsphere.security.doc/GUID-93B962A7-93FA-4E96-B68F- AE66D3D6C663.html



Following a merger with another company, an administrator is tasked with configuring an identity source for VMware vCenter so that all vSphere administrators can authenticate using their existing Active Directory accounts. Each company has user accounts in their own Active Directory forests. The following additional information has been provided:

- The corporate policy states that only Windows-based machine accounts are allowed in Active Directory. Which action should the administrator take to configure vCenter Single Sign-On (SSO) to meet this requirement?

  1. Configure SSO to use Active Directory over LDAP as the identity source.
  2. Configure SSO to use OpenLDAP as the identity source.
  3. Join the vCenter Server Appliance to the LDAP domain.
  4. Configure SSO to use Active Directory (Integrated Windows Authentication) as the identity source.

Answer(s): A

Explanation:

Integrated Windows Authentication is now depreciated (from v7). "The Active Directory over LDAP identity source is preferred over the Active Directory (Integrated Windows Authentication) option." https://kb.vmware.com/s/article/78506



An administrator is asked to configure a security policy at the port group level of a standard switch.
The following requirements must be met:

- The security policy must apply to all virtual machines on portgroup-1.
- All traffic must be forwarded, regardless of the destination.

  1. Forged transmits set to reject
  2. MAC address changes set to accept
  3. Promiscuous mode set to reject
  4. Promiscuous mode set to accept

Answer(s): D

Explanation:

The security policy that must be configured at the port group level to allow all traffic to be forwarded regardless of the destination is promiscuous mode set to accept, which allows receiving all traffic on a virtual switch port.


Reference:

https://docs.vmware.com/en/VMware-
vSphere/7.0/com.vmware.vsphere.networking.doc/GUID-D5960C77-0D19-4669-A00C- B05D58A422F8.html



A vSphere cluster has the following vSphere Distributed Resource Scheduler (DRS) group configuration:

* Virtual machine (VM) group named DB
* Host groups named PROD11 and PROD55

The administrator wants to force the VMs in the DB group to run on the hosts in the PROD11 group.
However, if all the hosts in PROD55.
Which VM/Host rule must the administrator create to ensure that these requirements are met?

  1. A preferential rule between the DB group and PROD11 group
  2. A preferential rule between the DB group and the PROD55 group
  3. A preferential rule between the DB group and the PROD55 group
  4. A required rule between the DB group and the PROD11 group

Answer(s): A

Explanation:

Option A is correct because it allows the administrator to create a preferential rule between the DB group and PROD11 group, which will force the VMs in the DB group to run on the hosts in the PROD11 group if possible, but will allow them to run on the hosts in PROD55 group if necessary.
Option B is incorrect because it will create a preferential rule between the DB group and PROD55 group, which will force the VMs in the DB group to run on the hosts in PROD55 group if possible, which is not what the administrator wants.
Option C is incorrect because it is the same as option B.
Option D is incorrect because it will create a required rule between the DB group and PROD11 group, which will force the VMs in the DB group to run only on the hosts in PROD11 group and not allow them to run on the hosts in PROD55 group if needed.


Reference:

https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.resmgmt.doc/GUID- 60077B40-66FF-4625-934A-641703ED7601.html



Viewing page 3 of 22
Viewing questions 11 - 15 out of 110 questions



Post your Comments and Discuss VMware 2V0-21.23 exam prep with other Community members:

Join the 2V0-21.23 Discussion