Free Practice Questions for Nutanix NCP-MCI-7.5 Exam

Nutanix AHV documentation for Windows Defender Credential Guard support states that the VM must be configured with UEFI and Secure Boot enabled, and Nutanix security guidance for vTPM explains that vTPM is used to protect Windows credentials and is part of the trusted platform features required by modern Windows security functions. Together, these requirements map directly to option D: enable UEFI firmware, enable Secure Boot, and add a vTPM device.

The other options each contain a flaw. IDE is not the correct secure-boot bus choice in these workflows, legacy BIOS does not satisfy the modern secure boot requirement, and “Generation 2 firmware” is Hyper-V-oriented wording rather than the standard AHV requirement stated in Nutanix docs. The policy in the question explicitly mentions rootkit resistance and credential isolation, both of which are tied to Secure Boot and TPM-backed trust. Therefore Nutanix’s documented VM configuration that satisfies those requirements is exactly what is described in D.

This question is about CPU feature compatibility, not storage or networking uniformity. Nutanix documentation and KB guidance explain that VM migration can fail when clusters contain nodes with different CPU generations or different exposed CPU features. A VM that is already running with features negotiated on a newer-generation CPU may not live-migrate successfully to an older or feature-different node until it is power-cycled or configured with advanced processor compatibility. That makes C the correct answer. ( portal.nutanix.com , portal.nutanix.com , portal.nutanix.com )

The important subtlety is that “same core count, memory, storage, subnet, and software version” does not guarantee CPU-feature equivalency. Firmware or ADS activity is not the primary issue described. Affinity rules can restrict placement, but the classic symptom after mixing repurposed nodes is CPU compatibility. Nutanix also documents that advanced processor compatibility settings persist across migrations and power cycles, reinforcing that CPU exposure is the real gating factor here.

In PD-based DR, Nutanix distinguishes between planned migration and unplanned failover/activation. When the source side is unstable or unreachable, the administrator cannot rely on a clean migration workflow initiated from the source. In that case, the correct recovery action is to activate the protection domain on the destination cluster. This is the classic unplanned failover behavior: bring the replicated workload online at the target because the source cannot be trusted to participate in a coordinated handoff. That makes A the correct answer. ( portal.nutanix.com , portal.nutanix.com )

The exam distinction is simple: Migrate is for planned movement when both sides cooperate; Activate is for disaster-style recovery at the target. Since the question explicitly says the source has intermittent network issues, it is pointing you toward the unplanned-failover path. Therefore the administrator should perform Activate on the destination.

The wording “security drift” points to SCMA rather than AIDE. In Nutanix security hardening guidance, SCMA scheduling is the control that determines how often SCMA runs, with schedule options such as hourly, daily, weekly, and monthly. That makes the SCMA schedule the setting that changes the cadence of security drift checking without changing the underlying controls themselves. ( Nutanix Portal )

AIDE is a file-integrity mechanism and has its own role, but the question is specifically asking about how often the platform checks for drift in a broader security-configuration sense. Changing the list of entities inspected or baseline enforcement behavior would alter scope or enforcement semantics, not merely frequency. The most direct administrative answer is to change the schedule for SCMA. From an exam perspective, Nutanix often separates what runs, how it is enforced, and when it runs into different settings. Here the requirement is only about “how often,” so option B is the precise match. ( Nutanix Portal )

Nutanix security documentation for configuring OpenLDAP authentication in Prism Central clearly states that Prism Central uses a service account to query the OpenLDAP directory and that this service account must have the required read permissions on the directory service. That means the correct account type is not a generic admin, root, or Nutanix local account, but a dedicated service account created for the integration. Therefore D is the authentic answer.

This is an important design principle in Nutanix authentication integration. A service account is preferred because it supports controlled, non-interactive access with appropriate least-privilege permissions and stable directory lookup behavior. Using a root or broad admin account would be poor security practice and is not how Nutanix documents the setup. The service account’s role is not to log into Prism as a user but to let Prism Central query the directory safely and consistently. Because the official documentation names that account type directly, D. Service Account is the correct exam answer.

Nutanix Flow Network Security provides built-in Quarantine category values, including Strict and Forensic. Nutanix documentation states that Strict blocks all inbound and outbound traffic, while Forensic is specifically intended for situations where you want to quarantine the VM but still allow connectivity for forensic access. The documentation also notes that you can configure the allow behavior for forensic mode, which is exactly what this incident-response scenario requires. Therefore A is the correct answer.

This is a strong example of why built-in categories matter operationally. The organization wants a change that can be applied quickly during an incident and does not require redesigning existing policies. Assigning the VM to the Quarantine: Forensic category accomplishes both goals: it uses an existing system-defined control and preserves investigator access. Strict mode would over-isolate the VM and block the forensic tooling too. Thus the most authentic Nutanix response is A.

Nutanix documentation confirms that Prism Element supports both NCC execution and log collection from the web console, so options A and B are incorrect. However, Nutanix also distinguishes running checks from collecting logs as separate actions. Operationally, if the administrator is actively running NCC at that moment, log collection is not available until that task is no longer in progress. That is why the most likely explanation is that logs cannot be collected while NCC is running. ( Nutanix )

This is a classic UI workflow question. Nutanix does allow log bundle collection from the web console, and newer NCC/Logbay capabilities even extend collection options further. But that does not mean every action is available concurrently. The supported mental model is: run checks, review output, then collect logs as needed. Since the question specifically says the administrator is running NCC and is not able to collect logs, the best explanation is the conflict between those two operations at the same time. Therefore, D is the correct answer. ( Nutanix )

Nutanix documentation for Performing Failover in PD-based DR includes the exact error message quoted in the question: “Protection domain is already active on source site ... Please trigger migrate from source site to activate the protection domain.” Nutanix shows this message when the protection domain is still active on the source cluster and the proper action is a planned migrate from the source, not an activate at the target. In other words, the source cluster is still reachable and authoritative, so trying to activate the protection domain on the other side is the wrong operation. That makes D the correct answer. ( Nutanix Portal )

This is a classic Nutanix DR distinction between planned migration and unplanned failover/activation. If the primary cluster is still available, Nutanix expects the administrator to use migrate from the source site. Activation at the destination is reserved for failover conditions when the source cannot safely coordinate the move. The error itself tells you the reason if you read it carefully: the protection domain is still active on the source site. Therefore the root cause is that the administrator is trying to activate the PD while the primary cluster is still reachable and still owns the active copy, which is exactly option D. ( Nutanix Portal )

Nutanix security guidance is explicit on this point. After adding an SSH public key and verifying connectivity, Nutanix recommends disabling password authentication for all CVMs and AHV hosts to reduce interactive access risk. The Security Guide notes that after the SSH key inclusion and connectivity validation are complete, password authentication should be disabled as the next hardening step. That makes B the correct answer.

This is a straightforward hardening sequence question. The administrator has already completed the prerequisite—public-key access is working—so the next step is to remove the weaker interactive method. Core dumps, login banners, and UI session settings do not address SSH authentication exposure. Nutanix’s security model favors moving from password-based remote shell access to key-based access only. Therefore B is the authentic and recommended next step.

Nutanix Move documentation states that when the administrator changes the preparation mode for only a subset of VMs under Change Settings, and there is now a mix of preparation modes across the migration plan, the overall preparation mode automatically switches to Mixed. That is exactly the condition described in the question: 10 VMs in the migration plan, two manually changed, which creates more than one preparation mode across the plan. Therefore the correct answer is D. Mixed. ( Nutanix Portal )

This is an important Nutanix Move behavior because it affects how the migration plan is displayed and managed. The administrator does not get a brand-new custom label such as “Hybrid”; Nutanix specifically uses the term Mixed to indicate that some VMs are prepared one way and others another way. It also means the plan must be reviewed carefully so each VM’s preparation setting aligns with guest OS requirements and migration prerequisites. Since the official Move documentation names this exact automatic state change, the authentic answer is D rather than Manual or Automatic. ( Nutanix Portal )