New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

VMware 2V0-41.23 VMware NSX 4.x Professional Exam Practice Test

Demo: 32 questions
Total 107 questions

VMware NSX 4.x Professional Questions and Answers

Question 1

What can the administrator use to identify overlay segments in an NSX environment if troubleshooting is required?

Options:

A.

VNI ID

B.

Segment ID

C.

Geneve ID

D.

VIAN ID

Question 2

An NSX administrator is using ping to check connectivity between VM1 running on ESXi1 to VM2 running on ESXi2. The ping tests fails. The administrator knows the maximum transmission unit size on the physical switch is 1600.

Which command does the administrator use to check the VMware kernel ports for tunnel end point communication?

Options:

A.

esxcli network diag ping -I vmk0O -H

B.

vmkping ++netstack=geneve -d -s 1572

C.

esxcli network diag ping -H

D.

vmkping ++netstack=vxlan -d -s 1572

Question 3

A customer is preparing to deploy a VMware Kubernetes solution in an NSX environment.

What is the minimum MTU size for the UPLINK profile?

Options:

A.

1500

B.

1550

C.

1700

D.

1650

Question 4

Which two BGP configuration parameters can be configured in the VRF Lite gateways? (Choose two.)

Options:

A.

Graceful Restart

B.

BGP Neighbors

C.

Local AS

D.

Route Distribution

E.

Route Aggregation

Question 5

Which three protocols could an NSX administrator use to transfer log messages to a remote log server? (Choose three.)

Options:

A.

HTTPS

B.

TCP

C.

SSH

D.

UDP

E.

TLS

F.

SSL

Question 6

How is the RouterLink port created between a Tier-1 Gateway and Tler-0 Gateway?

Options:

A.

Manually create a Logical Switch and connect to bother Tler-1 and Tier-0 Gateways.

B.

Automatically created when Tler-1 is created.

C.

Manually create a Segment and connect to both Titrr-1 and Tier-0 Gateways.

D.

Automatically created when Tier-t Is connected with Tier-0 from NSX UI.

Question 7

Which two choices are solutions offered by the VMware NSX portfolio? (Choose two.)

Options:

A.

VMware Tanzu Kubernetes Grid

B.

VMware Tanzu Kubernetes Cluster

C.

VMware NSX Advanced Load Balancer

D.

VMware NSX Distributed IDS/IPS

E.

VMware Aria Automation

Question 8

A company Is deploying NSX micro-segmentation in their vSphere environment to secure a simple application composed of web. app, and database tiers.

The naming convention will be:

• WKS-WEB-SRV-XXX

• WKY-APP-SRR-XXX

• WKI-DB-SRR-XXX

What is the optimal way to group them to enforce security policies from NSX?

Options:

A.

Use Edge as a firewall between tiers.

B.

Do a service insertion to accomplish the task.

C.

Group all by means of tags membership.

D.

Create an Ethernet based security policy.

Question 9

Sort the rule processing steps of the Distributed Firewall. Order responses from left to right.

Options:

Question 10

When a stateful service is enabled for the first lime on a Tier-0 Gateway, what happens on the NSX Edge node'

Options:

A.

SR is instantiated and automatically connected with DR.

B.

DR Is instantiated and automatically connected with SR.

C.

SR and DR Is instantiated but requites manual connection.

D.

SR and DR doesn't need to be connected to provide any stateful services.

Question 11

Which three data collection sources are used by NSX Network Detection and Response to create correlations/Intrusion campaigns? (Choose three.)

Options:

A.

Files and anti-malware (lie events from the NSX Edge nodes and the Security Analyzer

B.

East-West anti-malware events from the ESXi hosts

C.

Distributed Firewall flow data from the ESXi hosts

D.

IDS/IPS events from the ESXi hosts and NSX Edge nodes

E.

Suspicious Traffic Detection events from NSX Intelligence

Question 12

Which CLI command would an administrator use to allow syslog on an ESXi transport node when using the esxcli utility?

Options:

A.

esxcli network firewall ruleset set -r syslog -e true

B.

esxcli network firewall ruleset -e syslog

C.

esxcli network firewall ruleset set -r syslog -e false

D.

esxcli network firewall ruleset set -a -e false

Question 13

Which three of the following describe the Border Gateway Routing Protocol (BGP) configuration on a Tier-0 Gateway? (Choose three.)

Options:

A.

Can be used as an Exterior Gateway Protocol.

B.

It supports a 4-byte autonomous system number.

C.

The network is divided into areas that are logical groups.

D.

EIGRP Is disabled by default.

E.

BGP is enabled by default.

Question 14

Which two statements describe the characteristics of an Edge Cluster in NSX? (Choose two.)

Options:

A.

Can have a maximum of 10 edge nodes

B.

Can have a maximum of 8 edge nodes

C.

Can contain multiple types of edge nodes (VM or bare metal)

D.

Must contain only one type of edge nodes (VM or bare metal)

E.

Must have only active-active edge nodes

Question 15

A security administrator needs to configure a firewall rule based on the domain name of a specific application.

Which field in a distributed firewall rule does the administrator configure?

Options:

A.

Profile

B.

Service

C.

Policy

D.

Source

Question 16

NSX improves the security of today's modern workloads by preventing lateral movement, which feature of NSX can be used to achieve this?

Options:

A.

Network Segmentation

B.

Virtual Security Zones

C.

Edge Firewalling

D.

Dynamic Routing

Question 17

Which of the following exist only on Tler-1 Gateway firewall configurations and not on Tier-0?

Options:

A.

Applied To

B.

Actions

C.

Profiles

D.

Sources

Question 18

Which two of the following will be used for Ingress traffic on the Edge node supporting a Single Tier topology? (Choose two.)

Options:

A.

Inter-Tier interface on the Tier-0 gateway

B.

Tier-0 Uplink interface

C.

Downlink Interface for the Tier-0 DR

D.

Tier-1 SR Router Port

E.

Downlink Interface for the Tier-1 DR

Question 19

Which table on an ESXi host is used to determine the location of a particular workload for a frame-forwarding decision?

Options:

A.

TEP Table

B.

MAC Table

C.

ARP Table

D.

Routing Table

Question 20

When configuring OSPF on a Tler-0 Gateway, which three of the following must match in order to establish a neighbor relationship with an upstream router? (Choose three.)

Options:

A.

Naming convention

B.

MTU of the Uplink

C.

Subnet mask

D.

Address of the neighbor

E.

Protocol and Port

F.

Area ID

Question 21

How does the Traceflow tool identify issues in a network?

Options:

A.

Compares the management plane configuration states containing control plane traffic and error reporting from transport node agents.

B.

Compares intended network state in the control plane with Tunnel End Point (TEP) keepalives in the data plane.

C.

Injects ICMP traffic into the data plane and observes the results in the control plane.

D.

Injects synthetic traffic into the data plane and observes the results in the control plane.

Question 22

Which two statements are correct about East-West Malware Prevention? (Choose two.)

Options:

A.

A SVM is deployed on every ESXi host.

B.

NSX Application Platform must have Internet access.

C.

An agent must be installed on every ESXi host.

D.

An agent must be installed on every NSX Edge node.

E.

NSX Edge nodes must have Internet access.

Question 23

What must be configured on Transport Nodes for encapsulation and decapsulation of Geneve protocol?

Options:

A.

VXIAN

B.

UDP

C.

STT

D.

TEP

Question 24

Which three NSX Edge components are used for North-South Malware Prevention? (Choose three.)

Options:

A.

Thin Agent

B.

RAPID

C.

Security Hub

D.

IDS/IPS

E.

Security Analyzer

F.

Reputation Service

Question 25

How is the RouterLink port created between a Tier-1 Gateway and Tier-O Gateway?

Options:

A.

Automatically created when Tier-1 is connected with Tier-0 from NSX UI.

B.

Automatically created when Tier-1 is created.

C.

Manually create a Logical Switch and connect to bother Tier-1 and Tier-0 Gateways.

D.

Manually create a Segment and connect to both Tier-1 and Tier-0 Gateways.

Question 26

An NSX administrator has deployed a single NSX Manager node and will be adding two additional nodes to form a 3-node NSX Management Cluster for a production environment. The administrator will deploy these two additional nodes and Cluster VIP using the NSX UI.

What two are the prerequisites for this configuration? (Choose two.)

Options:

A.

All nodes must be in separate subnets.

B.

The cluster configuration must be completed using API.

C.

NSX Manager must reside on a Windows Server.

D.

All nodes must be in the same subnet.

E.

A compute manager must be configured.

Question 27

The security administrator turns on logging for a firewall rule.

Where is the log stored on an ESXi transport node?

Options:

A.

/var/log/vmware/nsx/firewall.log

B.

/var/log/messages.log

C.

/var/log/dfwpktlogs.log

D.

/var/log/fw.log

Question 28

What are the four types of role-based access control (RBAC) permissions? (Choose four.)

Options:

A.

Read

B.

None

C.

Auditor

D.

Full access

E.

Enterprise Admin

F.

Execute

G.

Network Admin

Question 29

As part of an organization's IT security compliance requirement, NSX Manager must be configured for 2FA (two-factor authentication).

What should an NSX administrator have ready before the integration can be configured? O

Options:

A.

Active Directory LDAP integration with OAuth Client added

B.

VMware Identity Manager with an OAuth Client added

C.

Active Directory LDAP integration with ADFS

D.

VMware Identity Manager with NSX added as a Web Application

Question 30

Refer to the exhibit.

Which two items must be configured to enable OSPF for the Tler-0 Gateway in the Image? Mark your answers by clicking twice on the image.

Options:

Question 31

Which of the two following characteristics about NAT64 are true? (Choose two.)

Options:

A.

NAT64 is stateless and requires gateways to be deployed in active-standby mode.

B.

NAT64 is supported on Tier-1 gateways only.

C.

NAT64 is supported on Tier-0 and Tier-1 gateways.

D.

NAT64 requires the Tier-1 gateway to be configured in active-standby mode.

E.

NAT64 requires the Tier-1 gateway to be configured in active-active mode.

Question 32

Where in the NSX UI would an administrator set the time attribute for a time-based Gateway Firewall rule?

Options:

A.

The option to set time-based rule is a clock Icon in the rule.

B.

The option to set time based rule is a field in the rule Itself.

C.

There Is no option in the NSX UI. It must be done via command line interface.

D.

The option to set time-based rule is a clock Icon in the policy.

Demo: 32 questions
Total 107 questions