VMware 2V0-33.22 Exam - Topic 1 Question 58 Discussion

Actual exam question for VMware's 2V0-33.22 exam

Question #: 58
Topic #: 1

A cloud administrator is asked to validate a proposed internetworking design that will provide connectivity to a VMware Cloud on AWS environment from multiple company locations.

The following requirements must be met:

* Connectivity to the VMware Cloud on AWS environment must support high-throughput data transfer.

* Connectivity to the VMware Cloud on AWS environment must NOT have a single point of failure.

* Any network traffic between on-premises company locations must be sent over a private IP address space.

Which design decisions should be made to meet these network connectivity requirements?

A* Configure a Direct Connect from headquarters to VMware Cloud on AWS.
* Use a private VIF for this connection.
* Configure a secondary, standby Direct Connect from headquarters using a public VIF.
* Configure dual, redundant, policy-based IPsec VPN connections from each regional office to VMware Cloud on AWS.

B* Configure a Direct Connect from headquarters to VMware Cloud on AWS.
* Use a public VIF for this connection.
* Configure a route-based IPsec VPN tunnel as a secondary method of connectivity from headquarters to VMware Cloud on AWS.
* Configure dual, redundant, route-based IPsec VPN connections from each regional office to VMware Cloud on AWS.

C* Configure a Direct Connect from headquarters to VMware Cloud on AWS.
* Use a private VIF for this connection.
* Configure a route-based IPsec VPN tunnel as a secondary method of connectivity from headquarters to VMware Cloud on AWS, taking care to enable the 'Use VPN as Backup to Direct Connect' option.
* Configure dual, redundant, route-based IPsec VPN connections from each regional office to VMware Cloud on AWS.

D* Configure a Direct Connect from headquarters to VMware Cloud on AWS.
* Use a private VIF for this connection.
* Configure a policy-based IPsec VPN tunnel as a secondary method of connectivity from headquarters to VMware Cloud on AWS, taking care to enable the 'Use VPN as Backup to Direct Connect' option.
* Configure dual, redundant, policy-based IPsec VPN connections from each regional office to VMware Cloud on AWS.

Show Suggested Answer

Suggested Answer: C

Option C is the best design decision that meets the network connectivity requirements. Configuring a Direct Connect from headquarters to VMware Cloud on AWS with a private VIF will ensure high-throughput data transfer and eliminate the single point of failure. To ensure that all network traffic between on-premises company locations is sent over a private IP address space, a route-based IPsec VPN tunnel should be configured as a secondary method of connectivity from headquarters to VMware Cloud on AWS, taking care to enable the 'Use VPN as Backup to Direct Connect' option. Finally, dual, redundant, route-based IPsec VPN connections should be configured from each regional office to VMware Cloud on AWS.

A route-based VPN creates an IPsec tunnel interface and routes traffic through it as dictated by the SDDC routing table. A route-based VPN provides resilient, secure access to multiple subnets. When you use a route-based VPN, new routes are added automatically when new networks are created. https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws-networking-security/GUID-5AF45CE6-FA53-45C0-83E5-25F8E3A055E9.html

by Dortha at Aug 17, 2025, 06:26 AM

Limited Time Offer

25%

6 months ago

I think the answer is A.

upvoted 0 times

...