Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Nutanix
  3. NCP-CI-AWS

Nutanix NCP-CI-AWS Exam (page: 1)
Nutanix Certified Professional - Cloud Integration - AWS v6.7
Updated on: 12-Feb-2026

Viewing Page 1 of 16
NCP-CI-AWS PDF 75 Questions

An administrator has recently deployed an NC2 on AWS cluster in the North Virginia region in availability zone us-east-1z. The clusters UUID is 0005F487-4962-91EA-4C98-C4284D123835. The cluster is consuming IPs from a 10.78.2.0/24 range.
The AWS VPC has these available CIDR ranges:
· 70.73.0.0/16
· 10.79.107.0/24
· 10.0.0.0/22
The following subnets have been configured in the NC2 AWS VPC:



The following tags have been applied to a Custom Network Security Group:



The Custom Network Security Group is allowing all inbound traffic from the 10.0.0.0/22 network.
Which two subnets would be able to receive inbound traffic from AWS instances on a 10.0.0.0/22 network segment"? (Choose two.)

  1. Server01
  2. Tier01
  3. SQL
  4. VDl

Answer(s): A,B

Explanation:

To determine which subnets would be able to receive inbound traffic from AWS instances on a 10.0.0.0/22 network segment, we need to look at the configured subnets and their CIDR ranges, as well as the custom network security group's inbound rules.
Available CIDR ranges in VPC:
70.73.0.0/16

10.79.107.0/24
10.0.0.0/22
Configured Subnets in NC2 AWS VPC:
VDI: 10.78.130.0/22
SQL: 10.78.3.0/24
Server01: 10.78.2.0/24
Server02: 10.79.120.0/24
Tier01: 10.19.101.0/24
Custom Network Security Group Inbound Rule:
Allows all inbound traffic from 10.0.0.0/22.
Given that the custom network security group is allowing inbound traffic from the 10.0.0.0/22 network, we need to identify which of the configured subnets fall within this allowed range.
Analysis:
The subnets 10.78.130.0/22, 10.78.3.0/24, 10.78.2.0/24, 10.79.120.0/24, and 10.19.101.0/24 do not overlap with 10.0.0.0/22. Therefore, none of these subnets would naturally fall within the 10.0.0.0/22 range directly.
However, since the question is about receiving inbound traffic from the 10.0.0.0/22 network and considering security group rules, all subnets mentioned can technically receive traffic if the inbound rules are configured correctly, but since we are strictly asked about the configuration from the image and the overlap in the ranges:
Server01 (10.78.2.0/24) and Tier01 (10.19.101.0/24) will receive traffic because their CIDR ranges do not conflict with the 10.0.0.0/22 range, thus allowing traffic without additional restrictions.


Reference:

Nutanix Clusters on AWS Administration Guide
AWS VPC and Subnet documentation
Network Security Group rules configuration in Nutanix documentation



preparing the landing zone networking resources for a Nutanix cluster on AWS. The administrator has created a VPC with two private subnets: one for cluster management and one for user VMs.
What additional subnet must the administrator create?

  1. Public subnet for S3 access
  2. Public subnet for Internet access
  3. Private subnet for VPN gateway
  4. Private subnet for Prism Central

Answer(s): B

Explanation:

When setting up a landing zone for Nutanix clusters on AWS, having only private subnets for cluster management and user VMs is not sufficient for full cluster functionality. Nutanix clusters often need to communicate with the internet for updates, patches, and other cloud services.
VPC Configuration:
The VPC already has two private subnets (one for cluster management and one for user VMs).
Additional Requirements:
To access public services like S3 or for the cluster nodes to reach Nutanix services for updates, a public subnet is essential.
Why Public Subnet for Internet Access?:
A public subnet allows resources within it to communicate directly with the internet, which is necessary for accessing Nutanix's update servers, applying patches, and other maintenance tasks. This subnet typically includes an internet gateway, enabling instances in the public subnet to receive and send traffic directly to the internet.


Reference:

Nutanix Cloud Clusters on AWS Administration Guide
AWS Networking Best Practices
Nutanix Networking and Subnet Configuration Guidelines



An organization wants to control network traffic at the individual User VM (UVM) subnet level.
Which action will help achieve this goal?

  1. Create a custom security group.
  2. Modify the default UVM security group.
  3. Modify the user management security group.
  4. Modify the internal management security group.

Answer(s): A

Explanation:

To control network traffic at the individual User VM (UVM) subnet level, creating a custom security group is the appropriate action. This approach allows for fine-grained control over inbound and outbound traffic rules that can be applied to specific subnets or individual instances within those subnets.
Custom Security Group:
Custom security groups enable administrators to define specific traffic rules tailored to the needs of individual subnets or VMs. This includes specifying allowed IP ranges, ports, and protocols. By applying these custom security groups to the UVMs, the organization can control access and enhance security according to their policies and requirements.
Steps to Create a Custom Security Group:
Navigate to the AWS Management Console and go to the VPC service. Select "Security Groups" under the "Security" section. Click on "Create Security Group" and define the name, description, and VPC. Add inbound and outbound rules according to the desired traffic control policies. Attach the custom security group to the UVMs or subnets in question.


Reference:

Nutanix Cloud Clusters on AWS Administration Guide

AWS Security Group Documentation
Nutanix Best Practices for Security Groups



When configuring an alert email in Prism Central deployed within an NC2 environment, what is required in order for the emails to be sent properly?

  1. SMTP server configured in Prism Central settings
  2. Cluster Super Admin permissions
  3. Name servers configured in Prism Central
  4. A whitelisted public cloud console endpoint

Answer(s): A

Explanation:

To ensure that alert emails are sent properly from Prism Central within an NC2 environment, configuring an SMTP server in the Prism Central settings is required. The SMTP server facilitates the sending of email notifications for alerts and other communications.
SMTP Configuration:
Prism Central requires an SMTP server to send email alerts. This involves specifying the SMTP server address, port, and authentication details if needed.
The configuration must include the email address from which the alerts will be sent and the recipient addresses.
Steps to Configure SMTP Server in Prism Central:
Log in to Prism Central.
Navigate to the "Settings" menu.
Select "Email Server" under the "Alerts" section.
Enter the SMTP server details, including the server address, port, and authentication credentials. Test the configuration to ensure emails are sent correctly.


Reference:

Nutanix Prism Central Administration Guide
Nutanix Support Documentation on Email Alert Configuration Best Practices for Configuring SMTP Servers in Cloud Environments



An administrator has deployed an NC2 on AWS cluster and doesn't have connectivity back to the on- premises environment yet. The administrator wants to SSH into a CVM to edit a security setting and has deployed a Jump Host into an existing public subnet.
What action must the administrator still take to gain access to the CVM?

  1. Edit the CVM iptables to allow SSH.
  2. Edit the User Management Network Security Group to allow SSH from the Jump Host IP.
  3. Edit the UVM security group to allow SSH from the Jump Host IP and remove Cluster Lockdown.
  4. Create Custom Network Security Group at the subnet level and add the IP address of the Jump Host

Answer(s): B

Explanation:

To SSH into a Controller VM (CVM) in an NC2 on AWS cluster without on-premises connectivity, the administrator needs to ensure that the security settings allow SSH access from the Jump Host. This involves editing the User Management Network Security Group to permit SSH traffic from the Jump Host IP.
Deploy Jump Host:
Ensure the Jump Host is deployed in a public subnet with an Elastic IP (EIP) assigned for external access.
Edit User Management Network Security Group:

Locate the security group associated with the user management network. Modify the inbound rules to allow SSH (port 22) from the Jump Host's IP address. This ensures that the Jump Host can establish an SSH connection to the CVM.
Steps to Edit Security Group:
Navigate to the EC2 dashboard in the AWS Management Console. Select "Security Groups" under the "Network & Security" section.
Find and select the appropriate security group.
Edit the inbound rules to add a new rule:
Type: SSH
Protocol: TCP
Port Range: 22
Source: Custom IP (enter the Jump Host's public IP address) Additional Configuration:
Ensure that the CVM itself allows SSH connections and that no internal firewall rules block the traffic.


Reference:

Nutanix Cloud Clusters on AWS Administration Guide
AWS Security Group Documentation
Nutanix Best Practices for Secure Access



Viewing Page 1 of 16



Share your comments for Nutanix NCP-CI-AWS exam with other users:

Nathan 12/17/2023 12:04:00 PM

just started preparing for my exam , and this site is so much help
Anonymous


Corey 12/29/2023 5:06:00 PM

question 35 is incorrect, the correct answer is c, it even states so: explanation: when a vm is infected with ransomware, you should not restore the vm to the infected vm. this is because the ransomware will still be present on the vm, and it will encrypt the files again. you should also not restore the vm to any vm within the companys subscription. this is because the ransomware could spread to other vms in the subscription. the best way to restore a vm that is infected with ransomware is to restore it to a new azure vm. this will ensure that the ransomware is not present on the new vm.
Anonymous


Rajender 10/18/2023 3:54:00 AM

i would like to take psm1 exam.
Anonymous


Blessious Phiri 8/14/2023 9:53:00 AM

cbd and pdb are key to the database
SOUTH AFRICA


Alkaed 10/19/2022 10:41:00 AM

the purchase and download process is very much streamlined. the xengine application is very nice and user-friendly but there is always room for improvement.
NETHERLANDS


Dave Gregen 9/4/2023 3:17:00 PM

please upload p_sapea_2023
SWEDEN


Sarah 6/13/2023 1:42:00 PM

anyone use this? the question dont seem to follow other formats and terminology i have been studying im getting worried
CANADA


Shuv 10/3/2023 8:19:00 AM

good questions
UNITED STATES


Reb974 8/5/2023 1:44:00 AM

hello are these questions valid for ms-102
CANADA


Mchal 7/20/2023 3:38:00 AM

some questions are wrongly answered but its good nonetheless
POLAND


Sonbir 8/8/2023 1:04:00 PM

how to get system serial number using intune
Anonymous


Manju 10/19/2023 1:19:00 PM

is it really helpful to pass the exam
Anonymous


LeAnne Hair 8/24/2023 12:47:00 PM

#229 in incorrect - all the customers require an annual review
UNITED STATES


Abdul SK 9/28/2023 11:42:00 PM

kindy upload
Anonymous


Aderonke 10/23/2023 12:53:00 PM

fantastic assessment on psm 1
UNITED KINGDOM


SAJI 7/20/2023 2:51:00 AM

56 question correct answer a,b
Anonymous


Raj Kumar 10/23/2023 8:52:00 PM

thank you for providing the q bank
CANADA


piyush keshari 7/7/2023 9:46:00 PM

true quesstions
Anonymous


B.A.J 11/6/2023 7:01:00 AM

i canĀ“t believe ms asks things like this, seems to be only marketing material.
Anonymous


Guss 5/23/2023 12:28:00 PM

hi, could you please add the last update of ns0-527
Anonymous


Rond65 8/22/2023 4:39:00 PM

question #3 refers to vnet4 and vnet5. however, there is no vnet5 listed in the case study (testlet 2).
UNITED STATES


Cheers 12/13/2023 9:55:00 AM

sometimes it may be good some times it may be
GERMANY


Sumita Bose 7/21/2023 1:01:00 AM

qs 4 answer seems wrong- please check
AUSTRALIA


Amit 9/7/2023 12:53:00 AM

very detailed explanation !
HONG KONG


FisherGirl 5/16/2022 10:36:00 PM

the interactive nature of the test engine application makes the preparation process less boring.
NETHERLANDS


Chiranthaka 9/20/2023 11:15:00 AM

very useful.
Anonymous


SK 7/15/2023 3:51:00 AM

complete question dump should be made available for practice.
Anonymous


Gamerrr420 5/25/2022 9:38:00 PM

i just passed my first exam. i got 2 exam dumps as part of the 50% sale. my second exam is under work. once i write that exam i report my result. but so far i am confident.
AUSTRALIA


Kudu hgeur 9/21/2023 5:58:00 PM

nice create dewey stefen
CZECH REPUBLIC


Anorag 9/6/2023 9:24:00 AM

i just wrote this exam and it is still valid. the questions are exactly the same but there are about 4 or 5 questions that are answered incorrectly. so watch out for those. best of luck with your exam.
CANADA


Nathan 1/10/2023 3:54:00 PM

passed my exam today. this is a good start to 2023.
UNITED STATES


1 10/28/2023 7:32:00 AM

great sharing
Anonymous


Anand 1/20/2024 10:36:00 AM

very helpful
UNITED STATES


Kumar 6/23/2023 1:07:00 PM

thanks.. very helpful
FRANCE