vpc24124

What is the VMware recommended way to deploy a virtual NSX Edge Node?. Through the NSX UI. Through automated or interactive mode using an ISO. Through the vSphere Web Client. Through the OVF command line tool.

Which three selections are capabilities of Network Topology? (Choose three.). Display how the different NSX components are interconnected. Display the VMs connected to Segments. Display how the Physical components are interconnected. Display the uplinks configured on the Tier-1 Gateways. Display the uplinks configured on the Tier-0 Gateways.

An NSX administrator has deployed a single NSX Manager node and will be adding two additional nodes to form a 3-node NSX Management Cluster for a production environment. The administrator will deploy these two additional nodes and Cluster VIP using the NSX UI. What two are the prerequisites for this configuration? (Choose two.). The cluster configuration must be completed using API. All nodes must be in the same subnet. All nodes must be in separate subnets. A compute manager must be configured. NSX Manager must reside on a Windows Server.

Which two commands does an NSX administrator use to check the IP address of the VMkernel port for the Geneve protocol on the ESXi transport node? (Choose two.). net-dvs. esxcfg-nics -l. esxcli network ip interface ipv4 get. esxcfg-vmknic -l. esxcli network nic list.

Which two are supported by L2 VPN clients? (Choose two.). NSX Autonomous Edge. NSX Edge. NSX for vSphere Edge. 3rd party Hardware VPN Device.

As part of an organization’s IT security compliance requirement, NSX Manager must be configured for 2FA (two-factor authentication). What should an NSX administrator have ready before the integration can be configured?. Active Directory LDAP integration with ADFS. VMware Identity Manager with NSX added as a Web Application. VMware Identity Manager with an OAuth Client added. Active Directory LDAP integration with OAuth Client added.

What should an NSX administrator check to verify that VMware Identity Manager integration is successful?. From the NSX UI the status of the VMware Identity Manager Integration must be “Enabled”. From the NSX CLI the status of the VMware Identity Manager Integration must be “Configured”. From VMware Identity Manager the status of the remote access application must be green. From the NSX UI the URI in the address bar must have “local=false” part of it.

An administrator has been tasked with implementing the SSL certificates for the NSX Manager Cluster VIP. Which is the correct way to implement this change?. Send an API call to https://<nsx-mgr>/api/vl/cluster/api-certificate?action=set_cluster_certificate&certificate_id=<certificate_id>. Send an API call to https://<nsx-mgr>/api/vl/node/services/http?action=apply_certificate&certificate_id=<certificate_id>. SSH as admin into the NSX manager with the cluster VIP IP and run nsxcli cluster certificate node install <certificate_id>. SSH as admin into the NSX manager with the cluster VIP IP and run nsxcli cluster certificate vip install <certificate_id>.

An administrator wants to validate the BGP connection status between the Tier-0 Gateway and the upstream physical router. What sequence of commands could be used to check this status on NSX Edge node?. - enable <LR-D> - get vrf <ID> - show bgp neighbor. - get gateways - vrf <number> - get bgp neighbor. - set vrf <ID> - show logical-routers - show <LR-D> bgp. - show logical-routers - get vrf - show ip route bgp.

What is VMware’s recommendation for the minimum MTU requirements when planning an NSX deployment?. MTU should be set to 1700 or greater across the data center network including inter-data center connections. MTU should be set to 1500 or less only on inter-data center connections. Configure Path MTU Discovery and rely on fragmentation. MTU should be set to 1550 or less across the data center network including inter-data center connections.

In which VPN type are the Virtual Tunnel interfaces (VTI) used?. SSL-based VPN. Route & SSL based VPNs. Policy & Route based VPNs. Route-based VPN.

In an NSX environment, an administrator is observing low throughput and congestion between the Tier-0 Gateway and the upstream physical routers. Which two actions could address low throughput and congestion? (Choose two.). Configure ECMP on the Tier-0 gateway. Configure a Tier-1 gateway and connect it directly to the physical routers. Deploy Large size Edge node/s. Configure NAT on the Tier-0 gateway. Add an additional vNIC to the NSX Edge node.

A company security policy requires all users to log into applications using a centralized authentication system. Which two authentication, authorization, and accounting (AAA) systems are available when integrating NSX with VMware Identity Manager? (Choose two.). RSA SecureID. SecureDAP. RADII 2.0. LDAP and OpenLDAP based on Active Directory (AD). Keygen Enterprise.

An NSX administrator would like to export syslog events that capture messages related to NSX host preparation events. Which message ID (msgid) should be used in the syslog export configuration command as a filter?. FABRIC. SYSTEM. GROUPING. MONITORING.

An NSX administrator wants to create a Tier-0 Gateway to support equal cost multi-path (ECMP) routing. Which failover detection protocol must be used to meet this requirement?. Host Standby Router Protocol (HSRP). Beacon Probing (BP). Virtual Router Redundancy Protocol (VRRP). Bidirectional Forwarding Detection (BFD).

An administrator has connected two virtual machines on the same overlay segment. Ping between both virtual machines is successful. What type of network boundary does this represent?. Layer 2 bridge. Layer 2 broadcast domain. Layer 2 VPN. Layer 3 route.

What are two supported host switch modes? (Choose two.). Overlay Datapath. Secure Datapath. Standard Datapath. Enhanced Datapath. DPDK Datapath.

Which is an advantage of an L2 VPN in an NSX 4.x environment?. Achieve better performance. Use the same broadcast domain. Enables Multi-Cloud solutions. Enables VM mobility with re-IP.

Which two steps must an NSX administrator take to integrate VMware Identity Manager in NSX to support role-based access control? (Choose two.). Create a SAML authentication in VMware Identity Manager using the NSX Manager FQDN. Add NSX Manager as a Service Provider (SP) in VMware Identity Manager. Enter the Identity Provider (IdP) metadata URL in NSX Manager. Enter the service URL, Client Secret, and SSL thumbprint in NSX Manager. Create an OAuth 2.0 client in VMware Identity Manager.

Which of the two following characteristics about NAT64 are true? (Choose two.). NAT64 requires the Tier-1 gateway to be configured in active-active mode. NAT64 is stateless and requires gateways to be deployed in active-standby mode. NAT64 is supported on Tier-0 and Tier-1 gateways. NAT64 is supported on Tier-1 gateways only. NAT64 requires the Tier-1 gateway to be configured in active-standby mode.

Which VMware GUI tool is used to identify problems in a physical network?. VMware Aria Operations Networks. VMware Aria Automation. VMware Site Recovery Manager. VMware Aria Orchestrator.

Which three protocols could an NSX administrator use to transfer log messages to a remote log server? (Choose three.). HTTPS. SSH. TCP. UDP. SSL. TLS.

Where does an administrator configure the VLANs used in VRF Lite? (Choose two.). uplink interface of the VRF gateway. uplink interface of the default Tier-0 gateway. downlink interface of the default Tier-0 gateway. uplink trunk segment. segment connected to the Tier-1 gateway.

Which two logical router components span across all transport nodes? (Choose two.). SERVICE_ROUTER_TIER0. TIER0_DISTRIBUTED_ROUTER. DISTRIBUTED_ROUTER_TIER0. DISTRIBUTED_ROUTER_TIER1. SERVICE_ROUTER_TIER1.

What must be configured on Transport Nodes for encapsulation and decapsulation of Geneve protocol?. TEP. STT. VXLAN. UDP.

A customer is preparing to deploy a VMware Kubernetes solution in an NSX environment. What is the minimum MTU size for the UPLINK profile?. 1700. 1500. 1550. 1650.

What are three NSX Manager roles? (Choose three.). master. cloud. policy. zookeeper. manager. controller.

Which two CLI commands could be used to see if vmnic link status is down? (Choose two.). esxcfg-nics -l. esxcli network nic list. esxcfg-vmknic -l. esxcfg-vmsvc/get.networks. esxcli network vswitch dvs vmware list.

Which VMware NSX Portfolio product can be described as a distributed analysis solution that provides visibility and dynamic security policy enforcement for NSX environments?. NSX Manager. NSX Distributed IDS/IPS. NSX Intelligence. NSX Cloud.

An administrator has a requirement to have consistent policy configuration and enforcement across NSX instances. What feature of NSX fulfills this requirement?. Multi-hypervisor support. Federation. Load balancer. Policy-driven configuration.

When collecting support bundles through NSX Manager, which files should be excluded for potentially containing sensitive information?. Core Files. Controller Files. Audit Files. Management Files.

What can the administrator use to identify overlay segments in an NSX environment if troubleshooting is required?. Geneve ID. VNI ID. Segment ID. VLAN ID.

How does the Traceflow tool identify issues in a network?. Compares intended network state in the control plane with Tunnel End Point (TEP) keepalives in the data plane. Compares the management plane configuration states containing control plane traffic and error reporting from transport node agents. Injects ICMP traffic into the data plane and observes the results in the control plane. Injects synthetic traffic into the data plane and observes the results in the control plane.

Where is the insertion point for East-West network introspection?. Tier-0 router. Guest VM vNIC. Partner SVM. Host Physical NIC.

Which is the only supported mode in NSX Global Manager when using Federation?. Proxy. Policy. Controller. Proton.

When a stateful service is enabled for the first time on a Tier-0 Gateway, what happens on the NSX Edge node?. DR is instantiated and automatically connected with SR. SR is instantiated and automatically connected with DR. SR and DR doesn’t need to be connected to provide any stateful services. SR and DR is instantiated but requires manual connection.

An NSX administrator is creating a Tier-1 Gateway configured in Active-Standby High Availability Mode. In the event of node failure, the failover policy should not allow the original failed node to become the Active node upon recovery. Which failover policy meets this requirement?. Enable Preemptive. Non-Preemptive. Preemptive. Disable Preemptive.

Which CLI command is used for packet capture on the ESXi Node?. tcpdump. set capture. pktcap-uw. debug.

Which command on ESXi is used to verify the Local Control Plane connectivity with Central Control Plane?. esxcli network ip connection list | grep netcpa. esxcli network ip connection list | grep ccpd. esxcli network ip connection list | grep 1234. esxcli network ip connection list | grep 1235.

Which two statements describe the characteristics of an Edge Cluster in NSX? (Choose two.). Must have only active-active edge nodes. Can contain multiple types of edge nodes (VM or bare metal). Must contain only one type of edge nodes (VM or bare metal). Can have a maximum of 10 edge nodes. Can have a maximum of 8 edge nodes.

An NSX administrator is using ping to check connectivity between VM1 running on ESXi1 to VM2 running on ESXi2. The ping tests fail. The administrator knows the maximum transmission unit size on the physical switch is 1600. Which command does the administrator use to check the VMware kernel ports for tunnel end point communication?. vmkping ++netstack=geneve -d -s 1572 <destination IP address>. vmkping ++netstack=vxlan -d -s 1572 <destination IP address>. esxcli network diag ping –H <destination IP address>. esxcli network diag ping -I vmk0 -H <destination IP address>.

An NSX administrator is creating a NAT rule on a Tier-0 Gateway configured in active-standby high availability mode. Which two NAT rule types are supported for this configuration? (Choose two.). Port NAT. 1:1 NAT. Destination NAT. Reflexive NAT. Source NAT.

When deploying an NSX Edge Transport Node, what two valid IP address assignment options should be specified for the TEP IP addresses? (Choose two.). Use an IP Pool. Use RADIUS. Use a Static IP List. Use BootP. Use a DHCP Server.

DRAG DROP - Match the NSX Intelligence recommendations with their correct purpose. security policy :are east west distributed firewall def. security group: are vms or physical server. server recommend : are service objects that were used by appplications.

Which two built-in VMware tools will help identify the cause of packet loss on VLAN Segments? (Choose two.). Flow Monitoring. Traceflow. Live Flow. Packet Capture. Activity Monitoring.

A customer has a network where BGP has been enabled and the BGP neighbor is configured on the Tier-0 Gateway. An NSX administrator used the get gateways command to retrieve this information: vrf 3. sa-nsxedge-01(tier0_dr)> get bgp neighbor. vrf 1. sa-nsxedge-01(tier1_sr)> get bgp neighbor. sa-nsxedge-01(tier0_sr)> get bgp neighbor. vrf 4.

Which two of the following will be used for ingress traffic on the Edge node supporting a Single Tier topology? (Choose two.). Tier-1 SR Router Port. Tier-0 Uplink interface. Downlink Interface for the Tier-0 DR. Downlink Interface for the Tier-1 DR. Inter-Tier interface on the Tier-0 gateway.

Which TraceFlow traffic type should an NSX administrator use for validating connectivity between App and DB virtual machines that reside on different segments?. Anycast. Multicast. Broadcast. Unicast.

Which two tools are used for centralized logging in VMware NSX? (Choose two.). Syslog Server. VMware Aria Automation. VMware Aria Operations for Logs. VMware Aria Operations for Networks. VMware Aria Operations.

An administrator is configuring service insertion for Network Introspection. Which two places can the Network Introspection be configured? (Choose two.). Edge Node. Host pNIC. Tier-0 gateway. Tier-1 gateway. Partner SVM.

Where can an administrator see a visual overview of network connections between different VMs and different networks, within the NSX domain?. Network Intelligence. NSX Intelligence. VMware Aria Operations. VMware Aria Operations for Networks.

An NSX administrator is troubleshooting a connectivity issue with virtual machines running on an ESXi transport node. Which feature in the NSX UI shows the mapping between the virtual NIC and the host’s physical adapter?. Port Mirroring. Activity Monitoring. IPFIX. Switch Visualization.

What are the four types of role-based access control (RBAC) permissions? (Choose four.). Auditor. Full access. Enterprise Admin. None. Execut. Read. Network Admin.

Which CLI command does an NSX administrator run on the NSX Manager to generate support bundle logs if the NSX UI is inaccessible?. esxcli system syslog config logger set --id=nsxmanager. get support-bundle file vcpnv.tgz. vm-support. set support-bundle file vcpnv.tgz.

Which NSX CLI command is used to change the authentication policy for local users?. set hardening-policy. get auth-policy minimum-password-length. set cli-timeout. set auth-policy.

When configuring OSPF on Tier-0 Gateway, which three of the following must match in order to establish a neighbor relationship with an upstream router? (Choose three.). Area ID. MTU of the Uplink. Naming convention. Address of the neighbor. Subnet mask. Protocol and Port.

Which command is used to set the NSX Manager’s logging-level to debug mode for troubleshooting?. set service manager log-level debug. set service nsx-manager logging-level debug. set service nsx-manager log-level debug. set service manager logging-level debug.

Which CLI command shows syslog on NSX Manager?. show log manager follow. get log-file syslog. get log-file auth.log. /var/log/syslog/syslog.log.

Which two BGP configuration parameters can be configured in the VRF Lite gateways? (Choose two.). Route Aggregation. Route Distribution. BGP Neighbors. Graceful Restart. Local AS.

Which CLI command would an administrator use to allow syslog on an ESXi transport node when using the esxcli utility?. esxcli network firewall ruleset set -a -e false. esxcli network firewall ruleset set -r syslog -e false. esxcli network firewall ruleset -e syslog. esxcli network firewall ruleset set -r syslog -e true.