Page: 1
/ 8
Total 106 questions
An NSX administrator wants to create a Tier-0 Gateway to support equal cost multi-path (ECMP) routing.
Which failover detection protocol must be used to meet this requirement?
- A. Beacon Probing (BP)
- B. Bidirectional Forwarding Detection (BFD)
- C. Virtual Router Redundancy Protocol (VRRP)
- D. Host Standby Router Protocol (HSRP)
Answer : B
A company is deploying NSX micro-segmentation in their vSphere environment to secure a simple application composed of web, app, and database tiers.
The naming convention will be:
WKS-WEB-SRV-XXX -
WKY-APP-SRR-XXX -
WKI-DB-SRR-XXX -
What is the optimal way to group them to enforce security policies from NSX?
- A. Use Edge as a firewall between tiers.
- B. Group all by means of tags membership.
- C. Create an Ethernet based security policy.
- D. Do a service insertion to accomplish the task.
Answer : B
An NSX administrator is creating a NAT rule on a Tier-0 Gateway configured in active-standby high availability mode.
Which two NAT rule types are supported for this configuration? (Choose two.)
- A. Destination NAT
- B. Reflexive NAT
- C. Port NAT
- D. Source NAT
- E. 1:1 NAT
Answer : AD
Which choice is a valid insertion point for North-South network introspection?
- A. Tier-0 gateway
- B. Host Physical NIC
- C. Guest VM vNIC
- D. Partner SVM
Answer : A
Where in the NSX UI would an administrator set the time attribute for a time-based Gateway Firewall rule?
- A. There is no option in the NSX UI. It must be done via command line interface.
- B. The option to set time-based rule is a clock icon in the policy.
- C. The option to set time-based rule is a field in the rule itself.
- D. The option to set time-based rule is a clock icon in the rule.
Answer : B
When configuring OSPF on a Tier-0 Gateway, which three of the following must match in order to establish a neighbor relationship with an upstream router? (Choose three.)
- A. Address of the neighbor
- B. Subnet mask
- C. MTU of the Uplink
- D. Protocol and Port
- E. Area ID
- F. Naming convention
Answer : BCE
Which two of the following features are supported for the Standard NSX Application Platform Deployment? (Choose two.)
- A. NSX Network Detection and Response
- B. NSX Intelligence
- C. NSX Malware Prevention Metrics
- D. NSX Intrinsic Security
- E. NSX Intrusion Detection and Prevention
Answer : AB
Which three NSX Edge components are used for North-South Malware Prevention? (Choose three.)
- A. IDS/IPS
- B. Security Analyzer
- C. Reputation Service
- D. RAPID
- E. Thin Agent
- F. Security Hub
Answer : ACD
DRAG DROP -
Sort the rule processing steps of the Distributed Firewall. Order responses from left to right.
Answer :
Which two commands does an NSX administrator use to check the IP address of the VMkernel port for the Geneve protocol on the ESXi transport node? (Choose two.)
- A. net-dvs
- B. esxcli network ip interface ipv4 get
- C. esxcfg-vmknic -1
- D. esxcfg-nics -1
- E. esxcli network nic list
Answer : BC
Where is the insertion point for East-West network introspection?
- A. Guest VM vNIC
- B. Partner SVM
- C. Tier-0 router
- D. Host Physical NIC
Answer : A
What are two functions of the Service Engines in NSX Advanced Load Balancer? (Choose two.)
- A. It collects real-time analytics from application traffic flows.
- B. It stores the configuration and policies related to load-balancing services.
- C. It deploys web servers to perform load-balancing operations.
- D. It performs application load-balancing operations.
- E. It provides a user interface to perform configuration and management tasks.
Answer : AD
Which field in a Tier-1 Gateway Firewall would be used to allow access for a collection of trustworthy web sites?
- A. Destination
- B. Profiles -> Context Profiles
- C. Source
- D. Profiles -> L7 Access Profile
Answer : D
An administrator wants to validate the BGP connection status between the Tier-0 Gateway and the upstream physical router.
What sequence of commands could be used to check this status on NSX Edge node?
-
A. - enable
- get vrf
- show bgp neighbor -
B. - set vrf
- show logical-routers
- showbgp -
C. - get gateways
- vrf
- get bgp neighbor -
D. - show logical-routers
- get vrf
- show ip route bgp
Answer : A
30 days access 