Free VMware 3V0-32.23 Actual Exam Questions - Question 1 Discussion
VMware Aria Automation design to address changes in requirements.
The new requirements state:
The solution must continue to operate in the event of a single node failure.
The corporate encryption standard requires all solutions to encrypt data in transit using revocable
certificates.
Which two design decision should the architect make to meet the new requirements? (Choose two.)
I’d drop options C and D because self-signed certs don’t meet the corporate standard for revocable ones, and using a DNS CNAME alone doesn’t guarantee node failure tolerance. Between E and A, an integrated load balancer might limit scalability or resilience compared to an external one, so A feels more robust for HA. The CA-signed certs (B) are pretty much a must for real-world encryption standards since they can be revoked if compromised. Anyone think integrated load balancers could still meet the single-node failure requirement reliably?
A/B for sure. Three nodes with an external load balancer cover the high availability bit, and CA-signed certs fit the revocable encryption requirement way better than self-signed ones.
A, B. For high availability, three nodes with an external load balancer (A) is a solid choice since it’s proven and flexible. Integrated load balancers might simplify things but could be less robust in bigger environments. Also, the corporate standard wants revocable certs, which points clearly to CA-signed certificates (B) over self-signed ones. Self-signed just doesn’t meet those strict encryption requirements. So combining A and B covers both HA and proper encryption without guessing about DNS tricks or integrated components that might not fit the standard as well.
A/E — External load balancer or integrated can handle HA, but integrated might simplify deployment. Definitely need three nodes to survive a single failure. Also, integrated LB usually plays nicer with cert management.
Option E makes sense since an integrated load balancer can simplify SSL management without extra hardware. Plus, B fits because corporate standards usually require CA-signed certs, not self-signed.
Probably A and B, external load balancer is more reliable than integrated or DNS-based.
Maybe A and B too. External load balancer ensures real failover, and CA-signed certs are needed for revocable certificates, which self-signed can’t handle properly.
I’d go with A and B. Three nodes with an external load balancer cover the single node failure, and CA-signed certs fit the corporate encryption standard better than self-signed.