An architect is designing the network model for a new VMware Cloud Foundation (VCF) solut…

Question

An architect is designing the network model for a new VMware Cloud Foundation (VCF) solution. During the requirements gathering phase, the customer stated that the VCF solution must comply with the organization's security policy for traffic separation. The customer provided the architect with the following information from the policy:
The physical network architecture is divided into multiple security zones.
Traffic is not permitted to traverse between the zones with the exception of pre-approved monitoring tools.
Physical servers may not may connected to multiple zones via a single network interface.
Management and Storage traffic must be kept within network zone 1.
Workload traffic must be kept within network zone 2.
The architect makes a design decision to use two vSphere Distributed Switches per cluster for both the Management and VI Workload domains.
Which two additional design decisions should the architect include in the virtual networking design for the separation of traffic between the vSphere Distributed Switches? (Choose two.)

Accepted Answer

Correct answer: A, B. A. Configure one vSphere Distributed Switch for ESX Management, Storage and vMotion traffic. — B. Configure one vSphere Distributed Switch for all workload traffic and all NSX - Host and Edge TEP/Edge Uplinks. — The correct answers are A and B because they ensure that traffic types are properly separated according to the defined security zones. Option A isolates management, storage, and vMotion traffic, while Option B handles workload traffic and NSX-related uplinks separately. The other options either combine traffic types that should be separated or do not adequately address the requirements for traffic separation as outlined in the policy.

VMware vSAN Administrator (2025) — Question 57

Answer options

Correct answer: A, B

Explanation