Page: 1
/ 8
Total 126 questions
The user at 192.168.150.10 can reach the physical router but CANNOT reach edge-2 or any virtual machines.
What routing change would resolve the issue?
- A. EnableDefault Originateon edge-2 for OSPF.
- B. Configure static routes on the physical router.
- C. Enable route redistribution on edge-2 between both routing protocols.
- D. EnableDefault Originateon edge-2 for BGP
Answer : D
An NSX Administrator is examining traffic on the network shown below.
What is the packet flow when VM1 communicates to VM5?
- A. Host A will perform a destination lookup, route the packet, switch the packet ontosegment 5002, then encapsulate and send the packet to Host C.
- B. Host A will perform a destination lookup, switch the packet onto segment 5002, route the packet, then encapsulate the packet and send it to the DLR control VM.
- C. Host A will encapsulate thepacket, send the encapsulated packet to host C, Host C will perform a destination lookup and switch the packet onto segment 5002.
- D. Host A will encapsulate the packet, perform a destination lookup, route the packet to the DLR control VM, the control DLR will bridge the packet onto segment 5002.
Answer : D
An administrator wants to perform Activity Monitoring on a large group of virtual machines in an NSX environment.
How would this task be accomplished with minimal administrative effort?
- A. Create a PowerCLI script to enable virtual machine data collection on each virtual machine.
- B. Create a security group in Service Composer and add the virtual machines to the security group.
- C. Add the virtual machines to the pre-defined Activity Monitoring security group in Service Composer.
- D. Add the virtual machines to a VM folder in vCenter Server and enable data collection.
Answer : C
Which is a best practice to secure system traffic, ensure optimal performance and satisfy prerequisites for NSX?
- A. Configure a single VMkernel and a single distributed port group for all the system traffic.
- B. Configure a single distributed port group with a single VMkernel for Management and iSCSI traffic, a separate VMkernel for vMotion and VSAN traffic.
- C. Dedicate separate VMkernel adapters for each type of system traffic. Dedicate separate distributed port groups for each VMkernel adapter and isolate the VLANs for each type of system traffic.
- D. Dedicate separate VMkernel adapters for each type ofsystem traffic and dedicate separate standard switches for each type of system traffic connected to a single physical network.
Answer : B
VMware NSX is a key component in enabling enterprises to realize the full potential of their investment in which technology?
- A. Physical to virtual bridged networks.
- B. Integrated physical topology.
- C. Distributed firewall.
- D. Software-defined data center.
Answer : D
Explanation:
Referencehttps://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/whitepap er/products/nsx/vmware-nsx-network-virtualization-platform-white-paper.pdf
A customer has Cisco Nexus 1000V switches in their environment and is looking at deploying NSX
Which statement is correct?
- A. The environment must be migrated from the Nexus 1000V to vSphere Distributed Switches.
- B. The environment must be configured for VXLAN over the Nexus 1000V.
- C. The environment can use the Nexus 1000V switches for the NSX deployment.
- D. The environment must be migrated from the Nexus 1000V to vSphere Standard Switches.
Answer : A
An administrator has implemented VMware NSX on a leaf-spine underlay. They have deployed the following in the data center:
Two racks for a management cluster that is not prepared for VMware NSX
Six racks for compute clusters
Two racks for an Edge cluster which holds a DLR control VM for bridging, and
North/South Edge Service Gateways
Which three of the following are true regarding the physical and logical networking of the environment? (Choose three )
- A. At least one VXLAN segment spans across all the racks
- B. VXLAN segments span the compute and Edge racks
- C. At least one VLAN spans the compute racks
- D. At least one VLAN spans across the two management racks
- E. At least 2 VLANs span across the two Edge racks.
Answer : B,C,D
An NSX Edge Service Gateway has two interfaces:
Internal interface named Internal Access
-- IP address = 10.10.10.1
-- Network mask = 255.255.255.0
Uplink interface named Physical Uplink
-- IP address = 20.20.20.1
-- Network mask = 255.255.255.0
A vSphere administrator wants to add a SNAT rule to allow traffic from the internal network segment to access external resources via the uplink interface.
Which three steps should the vSphere administrator do to add the SNAT rule? (Choose three.)
- A. Apply the SNAT rule to the Internal Access interface.
- B. Select 10.10.10.1 as the translated source IP.
- C. Apply the SNAT rule on the Physical Uplink interface.
- D. Select 10.10.10.0/24 as the original subnet.
- E. Choose 20.20.20.2 as the translated source IP address.
Answer : C,D,E
Internet access is required from virtual machines located on any logical switch Direct access from the internet to these virtual machines is NOT permitted
Which perimeter NSX Edge feature would achieve this with the least configuration?
- A. LB
- B. VPN
- C. SNAT
- D. DNAT
Answer : D
Which NSX component can validate that security policies at your organization are being enforced correctly?
- A. Activity Monitoring
- B. Flow Monitoring
- C. ERSPAN
- D. Distributed firewalls
Answer : A
In which VMware NSX use case would VXLAN NOT be required?
- A. L2 Bridging physical to virtual
- B. NSX micro-segmentation
- C. Active/Active Datacenter
- D. Distributed Logical Routing
Answer : C
An administrator needs to perform a configuration backup of NSX. From which two locations can this task be performed? (Choose two.)
- A. Directly on the NSX Manager
- B. From the vSphere Web Client
- C. Using the NSX API
- D. Directly on each NSX Controller
Answer : A,C
Which two networking and security components are contained m the backup configuration data of an NSX Manager backup file? (Choose two )
- A. vSphere Distributed Switch
- B. Resource Pools
- C. Edge Services Gateway
- D. Grouping Objects
Answer : C,D
An organization has PCI compliant application deployed as part of a larger NSX environment. Every year a team of contractors evaluates the security of the environment and recommends changes.
What NSX Role and Scope should the contractors be given to minimize access but still allow them to fulfill the staled requirement?
- A. Security Administrator, No restrictions
- B. Auditor. Limit access scope
- C. NSX Administrator, Limit access scope
- D. Enterprise Administrator, Limit access scope
Answer : B
Explanation:
https://c368768.ssl.cf1.rackcdn.com/product_files/28022/original/VMware_SDDC_Validate d_Reference_Architecture_for_PCI_v3.0_June_2014b1844892b9e7e4c6aa280f5fd9df5a0f. pdf
Page 3 -
VMware NSX VMware NSX Edge, VMware NSX Firewall, VMware NSX Router,
VMware NSX Load -
Balancer, and, VMware NSX Service Composer