VMware Advanced Deploy VMware vRealize Automation 8.6 - 3V0-31.22 Exam Questions
QUESTION NO: 1
TASK 2
As a Cloud Administrator you have two tasks to complete:
1. Onboard new interns into vRealize Automation and assign the correct access. The Interns are split into two Active Directory groups, interns-group-a and interns-group-b. The interns-group-a group requires access to Cloud Assembly and the interns-group-b group requires access to Service Broker. The interns should be allocated the most restrictive access available.
2 Assist in resolving issues reported by the following users who do not have the correct access permissions in vRealize Automation. Each user should have the minimum permissions required to fulfill their role:
* A User with logon id [email protected] is only responsible for creating new and deploying from cloud templates in Cloud Assembly.
The following additional information is provided to help complete both tasks:
* IDM URL: https://identity-manager.corp.tocal/SAAS/admin or use bookmark
* IDM System Domain Username: admin
* IDM Admin Password: VMware1!
* AD Organization Unit ON: OU=lnterns.DC=corp.DC=local
* vRealize Automation URL: vr-automalion.corp.local
* Cloud Administrator Username: vca pad mm @corp. local
* Cloud Administrator Password: VMware1!
TASK 2
As a Cloud Administrator you have two tasks to complete:
1. Onboard new interns into vRealize Automation and assign the correct access. The Interns are split into two Active Directory groups, interns-group-a and interns-group-b. The interns-group-a group requires access to Cloud Assembly and the interns-group-b group requires access to Service Broker. The interns should be allocated the most restrictive access available.
2 Assist in resolving issues reported by the following users who do not have the correct access permissions in vRealize Automation. Each user should have the minimum permissions required to fulfill their role:
* A User with logon id [email protected] is only responsible for creating new and deploying from cloud templates in Cloud Assembly.
The following additional information is provided to help complete both tasks:
* IDM URL: https://identity-manager.corp.tocal/SAAS/admin or use bookmark
* IDM System Domain Username: admin
* IDM Admin Password: VMware1!
* AD Organization Unit ON: OU=lnterns.DC=corp.DC=local
* vRealize Automation URL: vr-automalion.corp.local
* Cloud Administrator Username: vca pad mm @corp. local
* Cloud Administrator Password: VMware1!
Correct Answer:
See the Explanation for complete Solution
Explanation:
To complete the tasks as a Cloud Administrator, follow these steps:
Task 1: Onboard New Interns into vRealize Automation
Log in to the Identity Manager (IDM) using the provided URL and credentials.
Navigate to Identity & Access Management.
Under Enterprise Groups, find and select interns-group-a and interns-group-b.
Assign interns-group-a with the role of Cloud Assembly User, which is the most restrictive access for Cloud Assembly.
Assign interns-group-b with the role of Service Broker User, which is the most restrictive access for Service Broker.
Ensure that the AD Organization Unit is correctly set to OU=Interns,DC=corp,DC=local for proper group synchronization.
Task 2: Resolve Access Permissions Issues
Log in to the vRealize Automation URL using the Cloud Administrator credentials.
Go to Identity & Access Management.
Locate the user with the logon id [email protected].
Assign this user the role of Cloud Assembly User to allow creating and deploying from cloud templates in Cloud Assembly.
Verify that the user has the minimum permissions required and does not have any additional roles that exceed their responsibility.
By following these steps, you should be able to onboard the interns with the correct access and resolve the access permissions issues for the specified user. Always ensure to adhere to the principle of least privilege, granting users the minimum level of access necessary to perform their roles.
Explanation:
To complete the tasks as a Cloud Administrator, follow these steps:
Task 1: Onboard New Interns into vRealize Automation
Log in to the Identity Manager (IDM) using the provided URL and credentials.
Navigate to Identity & Access Management.
Under Enterprise Groups, find and select interns-group-a and interns-group-b.
Assign interns-group-a with the role of Cloud Assembly User, which is the most restrictive access for Cloud Assembly.
Assign interns-group-b with the role of Service Broker User, which is the most restrictive access for Service Broker.
Ensure that the AD Organization Unit is correctly set to OU=Interns,DC=corp,DC=local for proper group synchronization.
Task 2: Resolve Access Permissions Issues
Log in to the vRealize Automation URL using the Cloud Administrator credentials.
Go to Identity & Access Management.
Locate the user with the logon id [email protected].
Assign this user the role of Cloud Assembly User to allow creating and deploying from cloud templates in Cloud Assembly.
Verify that the user has the minimum permissions required and does not have any additional roles that exceed their responsibility.
By following these steps, you should be able to onboard the interns with the correct access and resolve the access permissions issues for the specified user. Always ensure to adhere to the principle of least privilege, granting users the minimum level of access necessary to perform their roles.
QUESTION NO: 2
TASK 8
As the Cloud Administrator, you must ensure that each virtual machine deployed by the Neptune Project is configured to a standard state.
You have already created a state file in the environment that can be used to meet this requirement.
The following tasks need to be completed:
Update the existing Neptune VMware Cloud Template to ensure that:
* The vRealize Automation SaltStack Config minion is installed during deployment.
* The base configuration state file is always run during deployment. The minion id of the machine should be dynamically assigned using the machine name.
* A secret should be used to ensure the remote access password is not visible within the cloud template.
NOTE: Do not deploy the Cloud template.
The following information has been provided to assist you in these tasks:
The following information has been provided to assist you in these tasks:
* vRA FQDN: vt-aulomation.corp.local
* Cloud Admin Username: [email protected]
* Cloud Admin Password: VMwarel!
* vRA Project Name: Neptune
* Existing Cloud Template Name: Neptune Ubunlu
* vRA-SSC Master Minion Id: saltstack
* vRA-SSC Master Id: saltstack_enterprise_installer
* vRA-SSC Environment: sse
* State File Location: /neptune/base/init.sls
* Remote Access Username: salt-user
* Remote Access Password: VMware1
* Password Secret name: salt-password
TASK 8
As the Cloud Administrator, you must ensure that each virtual machine deployed by the Neptune Project is configured to a standard state.
You have already created a state file in the environment that can be used to meet this requirement.
The following tasks need to be completed:
Update the existing Neptune VMware Cloud Template to ensure that:
* The vRealize Automation SaltStack Config minion is installed during deployment.
* The base configuration state file is always run during deployment. The minion id of the machine should be dynamically assigned using the machine name.
* A secret should be used to ensure the remote access password is not visible within the cloud template.
NOTE: Do not deploy the Cloud template.
The following information has been provided to assist you in these tasks:
The following information has been provided to assist you in these tasks:
* vRA FQDN: vt-aulomation.corp.local
* Cloud Admin Username: [email protected]
* Cloud Admin Password: VMwarel!
* vRA Project Name: Neptune
* Existing Cloud Template Name: Neptune Ubunlu
* vRA-SSC Master Minion Id: saltstack
* vRA-SSC Master Id: saltstack_enterprise_installer
* vRA-SSC Environment: sse
* State File Location: /neptune/base/init.sls
* Remote Access Username: salt-user
* Remote Access Password: VMware1
* Password Secret name: salt-password
Correct Answer:
See the Explanation for complete Solution
Explanation:
To update the existing Neptune VMware Cloud Template with the requirements for the Neptune Project, you would follow these steps:
Install the vRealize Automation SaltStack Config Minion During Deployment:
Open the existing Neptune Ubuntu Cloud Template in the vRealize Automation Cloud Assembly.
Add the SaltStack Config resource to the cloud template by dragging it to the canvas and attaching it to the machine resource1.
In the code pane, add the following properties to the SaltStack Config resource:
Cloud_SaltStack_1:
type: Cloud.SaltStack
properties:
masterId: saltstack_enterprise_installer
hosts:
- '${resource.Cloud_VM_1.id}'
saltEnvironment: sse
stateFiles:
- /neptune/base/init.sls
Dynamically Assign the Minion ID Using the Machine Name:
By default, the machine's name is passed in as the minion ID in SaltStack Config. Ensure that the machine names are appropriately set to be used as minion IDs.
Use a Secret for the Remote Access Password:
In the Cloud Assembly, go to Infrastructure > Administration > Secrets, and create a new secret with the name salt-password and the value of the remote access password2.
Refer to the secret directly in your Cloud Assembly cloud template by using the prefix secret. and the name of your property:
inputs:
...
resources:
Cloud_Machine_1:
type: Cloud.Machine
properties:
...
remoteAccess:
authentication: usernamePassword
username: salt-user
password: '${secret.salt-password}'
By incorporating these changes, the Neptune VMware Cloud Template will install the SaltStack Config minion during deployment, run the base configuration state file, and use a secret to secure the remote access password.
Explanation:
To update the existing Neptune VMware Cloud Template with the requirements for the Neptune Project, you would follow these steps:
Install the vRealize Automation SaltStack Config Minion During Deployment:
Open the existing Neptune Ubuntu Cloud Template in the vRealize Automation Cloud Assembly.
Add the SaltStack Config resource to the cloud template by dragging it to the canvas and attaching it to the machine resource1.
In the code pane, add the following properties to the SaltStack Config resource:
Cloud_SaltStack_1:
type: Cloud.SaltStack
properties:
masterId: saltstack_enterprise_installer
hosts:
- '${resource.Cloud_VM_1.id}'
saltEnvironment: sse
stateFiles:
- /neptune/base/init.sls
Dynamically Assign the Minion ID Using the Machine Name:
By default, the machine's name is passed in as the minion ID in SaltStack Config. Ensure that the machine names are appropriately set to be used as minion IDs.
Use a Secret for the Remote Access Password:
In the Cloud Assembly, go to Infrastructure > Administration > Secrets, and create a new secret with the name salt-password and the value of the remote access password2.
Refer to the secret directly in your Cloud Assembly cloud template by using the prefix secret. and the name of your property:
inputs:
...
resources:
Cloud_Machine_1:
type: Cloud.Machine
properties:
...
remoteAccess:
authentication: usernamePassword
username: salt-user
password: '${secret.salt-password}'
By incorporating these changes, the Neptune VMware Cloud Template will install the SaltStack Config minion during deployment, run the base configuration state file, and use a secret to secure the remote access password.
