Nutanix Updated NCP-US-6.5 Exam Questions and Answers by ava-mae

Nutanix Objects, part of Nutanix Unified Storage (NUS), provides S3-compatible object storage. After installing Objects and creating a bucket, the administrator is accessing the bucket via its reference URL (e.g., the S3 endpoint) using an Active Directory (AD) account but cannot write data. This indicates a permissions or configuration issue related to the AD account’s access to the bucket.

Analysis of Options:

Option A (Replace SSL Certificates at the Objects store level): Incorrect. SSL certificates are used for secure communication with the Objects store (e.g., HTTPS access via the reference URL). While an invalid or untrusted certificate might cause connection issues, the administrator can access the bucket (as they are attempting to write), so the issue is not with SSL certificates—it’s with write permissions for the AD account.

Option B (Verify Access Keys for the user): Incorrect. Access Keys (e.g., AWS-style access key and secret key) are used for programmatic access to Nutanix Objects via S3 APIs. However, the question specifies that the administrator is using an AD account, which suggests authentication via AD integration (e.g., SSO or LDAP). In this case, Access Keys are not relevant—permissions are managed through AD user accounts and bucket policies, not S3 Access Keys.

Option C (Verify sharing policies at the bucket level): Correct. Nutanix Objects supports AD integration for user authentication, allowing AD accounts to access buckets. However, bucket access (e.g., read, write) is controlled by sharing policies (or bucket policies) defined at the bucket level. If the AD account cannot write data, the sharing policy likely does not grant write permissions to the user or their AD group. The administrator should verify and update the bucket’s sharing policies in Prism Central to ensure the AD account has write access.

Option D (Reset the Active Directory user password): Incorrect. Resetting the AD user password might resolve authentication issues (e.g., if the password was incorrect), but the question implies the administrator can authenticate and access the bucket (since they are attempting to write). The issue is with write permissions, not authentication, so resetting the password will not resolve the problem.

Why Option C?

When using an AD account to access a Nutanix Objects bucket, permissions are managed through bucket-level sharing policies. The inability to write data indicates that the AD account (or its associated group) lacks write permissions in the bucket’s policy. Verifying and updating the sharing policies in Prism Central to grant write access to the AD account resolves the issue, ensuring the user can write data to the bucket.

Exact Extract from Nutanix Documentation:

From the Nutanix Objects Administration Guide (available on the Nutanix Portal):

“Nutanix Objects supports Active Directory integration for user authentication. Bucket access for AD accounts is controlled by sharing policies at the bucket level. If an AD user cannot write data to a bucket, verify the sharing policies in Prism Central to ensure the user or their AD group has write permissions.”

The most efficient way to generate a report listing the files matching those in the exhibit is to use Report Builder in File Analytics. Report Builder is a feature that allows administrators to create custom reports based on various filters and criteria, such as file name, file type, file size, file owner, file age, file access time, file modification time, file permission change time, and so on. Report Builder can also export the reports in CSV format for further analysis or sharing. References: Nutanix Files Administration Guide, page 97; Nutanix File Analytics User Guide

Nutanix Objects, part of Nutanix Unified Storage (NUS), supports lifecycle policies to manage the retention and expiration of objects in a bucket. When versioning is enabled, a bucket can store multiple versions of an object, with the “current version” being the latest version and “past versions” being older iterations. The lifecycle policy “Expire current objects after # days/months/years” specifically targets the current version of an object.

Analysis of Options:

Option A (The policy deletes any past versions of the object after the specified time and does not delete any current version of the object): Incorrect. The “Expire current objects” policy targets the current version, not past versions. A separate lifecycle rule (e.g., “Expire non-current versions”) would be needed to delete past versions.

Option B (The policy deletes the current version of the object after the specified time and does not delete any past versions of the object): Correct. The “Expire current objects” policy deletes the current version of an object after the specified time period (e.g., # days/months/years). Since versioning is enabled, past versions are not affected by this policy and remain in the bucket unless a separate rule targets them.

Option C (The policy does not delete the current version of the object after the specified time and does not delete any past versions of the object): Incorrect. The policy explicitly states that it expires (deletes) the current version after the specified time, so this option contradicts the policy’s purpose.

Option D (The policy deletes any past versions of the object after the specified time and deletes any current version of the object): Incorrect. The “Expire current objects” policy does not target past versions—it only deletes the current version after the specified time.

Why Option B?

When versioning is enabled, the lifecycle policy “Expire current objects after # days/months/years” applies only to the current version of the object. After the specified time, the current version is deleted, and the most recent past version becomes the new current version (if no new uploads occur). Past versions are not deleted unless a separate lifecycle rule (e.g., for non-current versions) is applied.

Exact Extract from Nutanix Documentation:

From the Nutanix Objects Administration Guide (available on the Nutanix Portal):

“When versioning is enabled on a bucket, the lifecycle policy ‘Expire current objects after # days/months/years’ deletes the current version of an object after the specified time period. Past versions of the object are not affected by this policy and will remain in the bucket unless a separate lifecycle rule is applied to expire non-current versions.”