VMware vSAN Administrator (2025) — Question 77

An architect has been tasked with designing a new VMware Cloud Foundation (VCF) solution. The following design decisions were documented after requirements gathering workshops with the customer:

• Deploy a VCF Fleet into each of the DC1 and DC2 datacenters.
• Deploy two VCF instances (VCF1 and VCF2) into each VCF Fleet.
• Use the existing, supported third-party solution to provide Multifactor Authentication (MFA) for users accessing the VCF components.

The architect also documented the following information from the workshops:

• The customer wants to minimize the risk of a single operational task performed by an administrator impacting multiple components.
• The customer wants to avoid single points of failure by using high availability architectures.

Which two design decisions should the architect include for the authentication approach based on the information provided? (Choose two.)

Answer options

• A. Deploy a shared VCF Identity Broker for all VCF instances within a VCF Fleet.
• B. Deploy a shared VCF Identity Broker for all VCF instances across all VCF Fleets.
• C. Use the external VCF Identity Broker model.
• D. Use the embedded VCF Identity Broker model.
• E. Deploy a dedicated VCF Identity Broker for each VCF instance within a VCF Fleet.

Correct answer: C, E

Explanation

The correct answer is C and E. Using the external VCF Identity Broker model (C) allows for better separation and flexibility, reducing the risk of a single task affecting multiple components. Deploying a dedicated VCF Identity Broker for each VCF instance (E) ensures that there are no single points of failure, as each instance operates independently. Options A and B would create shared resources that could introduce risks if operational tasks impact the shared brokers.