Master VMware 6V0-22.25: Avi Load Balancer 30.x Administrator Exam Prep

Correct : B

The Virtual Service Analytics page provides different graph categories for traffic, connection, timing, and error visibility. VMware Avi documentation states that the Requests chart shows the number of responses to requests per second and breaks down successful requests versus errors, including 4xx and 5xx errors. This makes the Requests graph the appropriate place to view the rate of HTTP 5xx errors for a Virtual Service. The Conns graph is focused on connection counts and rates, while End-to-End Timing shows timing components such as client RTT, server RTT, application response, and data transfer. ''HTTP Errors'' may sound plausible, but in the Avi Virtual Service Analytics graph naming described here, 5xx rate visibility is included under Requests.

Correct : D

The Basic Virtual Service creation workflow is intended for common settings and does not expose every placement and advanced option. VMware Avi documentation states that creating a Virtual Service in Advanced Setup allows configuration of all options through the available tabs. Service Engine Group selection is a Virtual Service placement property, so when a Virtual Service must be placed on Service Engines belonging to a specific Service Engine Group, the administrator should use Advanced Setup and set the Service Engine Group in the Advanced section. The Policy section is for traffic policy logic, not Service Engine placement. Therefore, the correct method is to create the Virtual Service in Advanced mode and override the default Service Engine Group in the Advanced section.

Correct : A

The TCP Proxy Profile controls TCP behavior for a Virtual Service when Avi terminates the client TCP connection and opens a separate server-side TCP connection. VMware Avi documentation states that the TCP proxy terminates client connections, processes traffic, and then establishes a connection to the destination server. The Custom TCP Proxy Profile mode is used when administrators need to manually configure TCP proxy settings rather than use predefined system defaults. A valid reason to use this mode is to change TCP timeout behavior, including the idle duration timeout. Rate limiting is generally handled by policy or security controls, disabling SNAT is configured through network service or preserve-client-IP-related settings, and exposing destination port to the application is not the standard reason for selecting TCP Proxy Custom mode in this question.

Correct : D

The TCP Proxy Profile controls TCP behavior for a Virtual Service. Avi provides system TCP proxy profiles for common use cases, but Custom mode is used when an administrator needs to modify specific TCP proxy behavior beyond the default templates. In this question, the key valid use case is exposing the original client destination TCP port to the application. This is useful when the Virtual Service listens on multiple ports or when the backend application needs awareness of the client-facing destination port. Port Address Translation is handled through Virtual Service and pool port mappings, not as the main reason for TCP Proxy Custom mode. Default gateway configuration is a network routing function, and statically increasing the TCP receive window is not the best Avi-specific answer here. Therefore, the correct choice is D.

Correct : B

Avi Load Balancer health score includes multiple penalty categories, including security penalties. VMware Avi documentation for SSL certificate expiration explains that a certificate approaching expiry can reduce the Virtual Service health score. Specifically, when a certificate is within 30 days of expiration, Avi applies a 20-point security penalty to the Virtual Service, which caps the maximum health score at 80. This exactly matches the question's stated Security Penalty of -20. CPU utilization on the Service Engine would align more closely with a resource or performance impact, not a certificate-related security penalty. A health monitor protocol mismatch could mark servers down, but it does not correspond to the documented -20 SSL certificate security penalty.