Simulado NSX

What can the administrator use to identify overlay segments in an NSX environment if troubleshooting is required?. Geneve ID. VMI ID. Segment ID. VLANID.

Where is the insertion point for East-West network introspection?. Tier-0 router. Guest VM vNIC. Partner SVM. Host Physical NIC.

What are two supported host switch modes? (Choose two.). Overlay Datapath. Secure Datapath. Standard Datapath. Enhanced Datapath. DPDK Datapath.

A customer has a network where BGP has been enabled and the BGP neighbor is configured on the Tier-0 Gateway. An NSX administrator used the get gateways command to retrieve this information: Which two commands must be executed to check BGP neighbor status? (Choose two.). vrf 3. sa-nsxedge-01(tier0_dr)> get bgp neighbor. vrf 1. sa-nsxedge-01(tier1_sr)> get bgp neighbor. sa-nsxedge-01(tier0_sr)> get bgp neighbor. vrf 4.

Which command is used to display the network configuration of the Tunnel Endpoint (TEP) IP on a bare metal transport node?. debug. tcpdump. tcpconfig. ifconfig.

Which two of the following will be used for ingress traffic on the Edge node supporting a Single Tier topology? (Choose two.). Tier-1 SR Router Port. Tier-0 Uplink interface. Downlink Interface for the Tier-0 DR. Downlink Interface for the Tier-1 DR. Inter-Tier interface on the Tier-0 gateway.

Which two are supported by L2 VPN clients? (Choose two.). NSX Autonomous Edge. NSX Edge. NSX for vSphere Edge. 3rd party Hardware VPN Device.

When collecting support bundles through NSX Manager, which files should be excluded for potentially containing sensitive information?. Core Files. Controller Files. Audit Files. Management Files.

Which two choices are use cases for Distributed Intrusion Detection? (Choose two.). Use agentless antivirus with Guest Introspection. Quarantine workloads based on vulnerabilities. Identify risk and reputation of accessed websites. Gain Insight about micro-segmentation traffic flows. Identify security vulnerabilities in the workloads.

Which three security features are dependent on the NSX Application Platform? (Choose three.). NSX Intelligence. NSX Firewall. NSX Network Detection and Response. NSX TLS Inspection. NSX Distributed IDS/IPS. NSX Malware Prevention.

What is the most restrictive NSX built-in role which will allow a user to apply configuration changes on an NSX Edge?. Network Engineer. Cloud Service Administrator. NSX Administrator. Network Operator.

Which two statements are true for IPSec VPN? (Choose two.). IPSec VPN services can be configured at Tier-0 and Tier-1 gateways. Dynamic routing is supported for any IPSec mode in NSX. IPSec VPNs use the DPDK accelerated performance library. VPNs can be configured on the command line interface on the NSX manager.

Refer to the exhibit. Which two items must be configured to enable OSPF for the Tler-0 Gateway in the Image? Mark your answers by clicking twice on the image. Enable OSPF. Area Definition.

Which two statements are correct about East-West Malware Prevention? (Choose two.). A SVM is deployed on every ESXi host. NSX Application Platform must have Internet access. An agent must be installed on every ESXi host. An agent must be installed on every NSX Edge node. NSX Edge nodes must have Internet access.

Which two of the following parameters are required for deploying the NSX Application Platform? (Choose two.). Interface Name. Upload XML File. Cluster Format Type. Interface Service Name. Upload Kubernetes Configuration File.

What are four NSX built-in role-based access control (RBAC) roles? (Choose four.). None. Read. Auditor. Full Access. Network Admin. Enterprise Admin. Operator.

Which VMware NSX Portfolio product can be described as a distributed analysis solution that provides visibility and dynamic security policy enforcement for NSX environments?. NSX Manager. NSX Distributed IDS/IPS. NSX Intelligence. NSX Cloud.

Which two CLI commands could be used to see if vmnic link status is down? (Choose two.). esxcfg-nics -l. esxcli network nic list. esxcfg-vmknic -l. esxcfg-vmsvc/get.networks. esxcli network vswitch dvs vmware lis.

Which two steps must an NSX administrator take to integrate VMware Identity Manager in NSX to support role-based access control? (Choose two.). Create a SAML authentication in VMware Identity Manager using the NSX Manager FQDN. Add NSX Manager as a Service Provider (SP) in VMware Identity Manager. Enter the Identity Provider (IdP) metadata URL in NSX Manager. Enter the service URL, Client Secret, and SSL thumbprint in NSX Manager. Create an OAuth 2.0 client in VMware Identity Manager.

Which field in a Tier-1 Gateway Firewall would be used to allow access for a collection of trustworthy web sites?. Source. Profiles -> Context Profiles. Destination. Profiles -> L7 Access Profile.

Which choice is a valid insertion point for North-South network introspection?. Host Physical NIC. Tier-0 gateway. Guest VM vNIC. Partner SVM.

An administrator is configuring service insertion for Network Introspection. Which two places can the Network Introspection be configured? (Choose two.). Edge Node. Host pNIC. Tier-0 gateway. Tier-1 gateway. Partner SVM.

What is the VMware recommended way to deploy a virtual NSX Edge Node?. Through the NSX Ul. Through automated or interactive mode using an ISO. Through the vSphere Web Client. Through the OVF command line tool.

A company Is deploying NSX micro-segmentation in their vSphere environment to secure a simple application composed of web. app, and database tiers. The naming convention will be: • WKS-WEB-SRV-XXX • WKY-APP-SRR-XXX • WKI-DB-SRR-XXX What is the optimal way to group them to enforce security policies from NSX?. Use Edge as a firewall between tiers. Do a service insertion to accomplish the task. Group all by means of tags membership. Create an Ethernet based security policy.

NSX improves the security of today's modern workloads by preventing lateral movement, which feature of NSX can be used to achieve this?. Network Segmentation. Virtual Security Zones. Edge Firewalling. Dynamic Routing.

Which steps are required to activate Malware Prevention on the NSX Application Platform?. Select Cloud Region and Deploy Network Detection and Response. Activate NSX Network Detection and Response and run Pre-checks. Activate NSX Network Detection and Response and Deploy Malware Prevention. Select Cloud Region and run Pre-checks.

When running nsxcli on an ESXi host, which command will show the Replication mode?. get logical-switch <Local-Switch-UUID> status. get logical-switch <Logical-Switch-UUID>. get logical-switches. get logical-switch status.

Which two commands does an NSX administrator use to check the IP address of the VMkernel port for the Geneve protocol on the ESXi transport node? (Choose two.). net-dvs. esxcfg-nics -l. esxcli network ip interface ipv4 get. esxcfg-vmknic -l. esxcli network nic list.

Which three data collection sources are used by NSX Network Detection and Response to create correlations /Intrusion campaigns? (Choose three.). Files and anti-malware (lie events from the NSX Edge nodes and the Security Analyzer. East-West anti-malware events from the ESXi hosts. Distributed Firewall flow data from the ESXi hosts. IDS/IPS events from the ESXi hosts and NSX Edge nodes. Suspicious Traffic Detection events from NSX Intelligence.

What are the four types of role-based access control (RBAC) permissions? (Choose four.). Auditor. Full access. Enterprise Admin. None. Execute. Read. Network Admin.

Which two logical router components span across all transport nodes? (Choose two.). SERVICE_ROUTER_TIER0. TIER0_DISTRIBUTED_ROUTER. DISTRIBUTED_ROUTER_TIER0. DISTRIBUTED_ROUTER_TIER1. SERVICE_ROUTER_TIER1.

How does the Traceflow tool identify issues in a network?. Compares intended network state in the control plane with Tunnel End Point (TEP) keepalives in the data plane. Compares the management plane configuration states containing control plane traffic and error reporting from transport node agents. Injects ICMP traffic into the data plane and observes the results in the control plane. Injects synthetic traffic into the data plane and observes the results in the control plane.

How is the RouterLink port created between a Tier-1 Gateway and Tier-0 Gateway?. Automatically created when Tier-1 is created. Manually create a Logical Switch and connect to bother Tier-1 and Tier-0 Gateways. Manually create a Segment and connect to both Tier-1 and Tier-0 Gateways. Automatically created when Tier-1 is connected with Tier-0 from NSX Ul.

Which CLI command is used for packet capture on the ESXi Node?. tcpdump. set capture. pktcap-uw. debug.

An NSX administrator is creating a Tier-1 Gateway configured in Active-Standby High Availability Mode. In the event of node failure, the failover policy should not allow the original failed node to become the Active node upon recovery. Which failover policy meets this requirement?. Enable Preemptive. Non-Preemptive. Preemptive. Disable Preemptive.

An administrator has a requirement to have consistent policy configuration and enforcement across NSX instances. What feature of NSX fulfills this requirement?. Multi-hvpervisor support. Federation. Load balancer. Policy-driven configuration.

What are two functions of the Service Engines in NSX Advanced Load Balancer? (Choose two. It collects real-time analytics from application traffic flows. It stores the configuration and policies related to load-balancing services. It performs application load-balancing operations. It deploys web servers to perform load-balancing operations. It provides a user interface to perform configuration and management tasks.

When configuring OSPF on Tier-0 Gateway, which three of the following must match in order to establish a neighbor relationship with an upstream router? (Choose three.). Area ID. MTU of the Uplink C Naming convention. Address of the neighbor. Subnet mask. Protocol and Port.

An administrator needs to download the support bundle for NSX Manager. Where does the administrator download the log bundle from?. System > Support Bundle. System > Settings. System > Utilities > Tools. System > Settings > Support Bundle.

Which CLI command on NSX Manager and NSX Edge is used to change NTP settings?. set timezone. set ntp-server. get timezone. get time-server.

Which two of the following are used to configure Distributed Firewall on VDS? (Choose two.). vSphere API. NSX API. NSX CU. vCenter API. NSX UI.

Order the sentence correctly: (LEMBRA DE USAR A ÚLTIMA PALAVRA NA RESPOSTA). Packet-packet action packet table defined.

Which CLI command would an administrator use to allow syslog on an ESXi transport node when using the esxcli utility?. esxcli network firewall ruleset set -a -e false. esxcli network firewall ruleset set -r syslog -e false. esxcli network firewall ruleset -e syslog. esxcli network firewall ruleset set -r syslog -e true.

Which of the following statements is true regarding the use of a Dynamic Routing Protocol on a Tier-1 Gateway?. Both BGP and OSPF can be used on a Tier-1 Gateway. You can only use OSPF on the Tier-1 Gateway. A Dynamic Routing Protocol cannot be used on a Tier-1 Gateway. You can only use BGP on the Tier-1 Gateway.

An NSX administrator would like to create an L2 segment with the following requirements: • L2 domain should not exist on the physical switches. • East/West communication must be maximized as much as possible. Which type of segment must the administrator choose?. VLAN. Overlay. Bridge. Hybrid.

Which two are requirements for FQDN Analysis? (Choose two.). The NSX Edge nodes require access to the Internet to download category and reputation definitions. ESXi control panel requires access to the Internet to download category and reputation definitions. The NSX Manager requires access to the Internet to download category and reputation definitions. A layer 7 gateway firewall rule must be configured on the Tier-1 gateway uplink. A layer 7 gateway firewall rule must be configured on the Tier-0 gateway uplink.

Which two statements describe the characteristics of an Edge Cluster in NSX? (Choose two.). Must have only active-active edge nodes. Can contain multiple types of edge nodes (VM or bare metal). Must contain only one type of edge nodes (VM or bare metal). Can have a maximum of 10 edge nodes. Can have a maximum of 8 edge nodes.

The security administrator turns on logging for a firewall rule. Where is the log stored on an ESXi transport node?. /var/log/messages.log. /var/log/vmware/nsx/firewall.log. /var/log/fw.log. /var/log/dfwpktlogs.log.

Which of the following exist only on Tler-1 Gateway firewall configurations and not on Tier-0?. Applied To. Actions. Profiles. Sources.

Which is an advantage of an L2 VPN in an NSX 4.x environment?. Achieve better performance. Use the same broadcast domain. Enables Multi-Cloud solutions. Enables VM mobility with re-IP.