A platform engineering team is using Tanzu Mission Control (TMC) to manage a large fleet of Tanzu Kubernetes Grid (TKG) workload clusters. They need to ensure that all clusters within the 'pci-environment' cluster group use a specific, hardened OVA for their nodes and are restricted to a single vSphere resource pool. Which TMC policy type should be configured to enforce these infrastructure-level constraints?
A DevOps team is deploying a new TKG workload cluster on vSphere with Tanzu. The application requires access to two distinct networks: a corporate backend network for database access and a separate DMZ network for public-facing traffic. Which Tanzu package must be installed and configured on the cluster to enable pods to have multiple network interfaces?
An administrator is configuring a Supervisor Cluster in a vSphere with Tanzu environment. They need to provide developers with three standardized T-shirt sizes for Kubernetes nodes: small, medium, and large. Which vSphere with Tanzu construct should the administrator create to define these standardized node sizes?
A security team wants to enforce a policy in Tanzu Mission Control that prevents any container image with a 'High' or 'Critical' CVE from being deployed to production clusters. They also want to ensure that only images from the company's approved Harbor registry can be used. Which TWO policy types in TMC should be configured to meet these requirements? (Select TWO)
True or False: When a vSphere with Tanzu Supervisor Cluster is enabled on a vSphere cluster, the ESXi hosts in that cluster become worker nodes that can run native Kubernetes pods scheduled directly by the Supervisor Cluster's control plane.
A platform operator is deploying a new Tanzu Kubernetes Grid (TKG) management cluster to a vSphere environment using the CLI. The deployment fails during the provider resource creation step. Upon reviewing the logs, the operator suspects an issue with the credentials used to connect to vCenter. Which command should the operator use to verify and, if necessary, regenerate the vSphere credentials stored in the local Tanzu configuration?
A financial services company has deployed Tanzu Service Mesh across their hybrid environment, which includes TKG clusters on-premises and in AWS. They have created a Global Namespace (GNS) for their 'trading-app' to facilitate secure, cross-cluster communication. A new regulation requires that all traffic between the 'market-data' service and the 'order-processing' service within this GNS must be mutually authenticated using mTLS. How should an administrator enforce this requirement?
During the deployment of a TKG cluster on vSphere, the process fails. An operator runs `tanzu cluster get ` and observes that the control plane nodes are stuck in the 'Provisioning' phase. Which underlying technology is responsible for the declarative reconciliation of the cluster's state against the vSphere infrastructure?
**Case Study:** A healthcare organization is modernizing its patient portal application using VMware Tanzu for Kubernetes Operations. They have a vSphere 7.0U3 environment with vSAN as the primary datastore. A Supervisor Cluster has been successfully deployed, and a vSphere Namespace called 'patient-portal-prod' has been created for the development team. The application consists of several microservices, including a stateful database component that requires persistent storage with high availability. The security team mandates that all application traffic must be routed through a centralized ingress point with TLS termination, and developers must not have permissions to create their own ingress objects. The operations team needs to ensure they can back up the entire 'patient-portal-prod' namespace, including persistent volumes, to an S3-compatible object store for disaster recovery. They also need to provide developers with a simple way to deploy the application stack without managing complex Kubernetes YAML manifests. Which combination of Tanzu components and configurations best meets all the stated requirements?
An SRE is troubleshooting application latency in a Kubernetes cluster that is monitored by Aria Operations for Applications (formerly Tanzu Observability). The SRE needs to identify which specific microservice call in a distributed transaction is causing the slowdown. Which capability of Aria Operations for Applications is essential for this type of analysis?