How is the RouterLink port created between a Tier-1 Gateway and Tier-0 Gateway?

A. Manually create a Segment and connect to both Tier-1 and Tier-0 Gateways.

B. Automatically created when Tier-1 is created.

C. Manually create a Logical Switch and connect to bother Tier-1 and Tier-0 Gateways.

D. Automatically created when Tier-1 is connected with Tier-0 from NSX UI.

Which CLI command is used for packet capture on the ESXi Node?

A. debug

B. pktcap-uw

C. set capture

D. tcpdump

A company security policy requires all users to log into applications using a centralized authentication system.
Which two authentication, authorization, and accounting (AAA) systems are available when integrating NSX with VMware Identity Manager? (Choose two.)

A. LDAP and OpenLDAP based on Active Directory (AD)

B. RSA SecureID

C. Keygen Enterprise

D. SecureDAP

E. RADII 2.0

Which three DHCP Services are supported by NSX? (Choose three.)

A. Port DHCP per VNF

B. Segment DHCP

C. Gateway DHCP

D. VRF DHCP Server

E. DHCP Relay

Which two logical router components span across all transport nodes? (Choose two.)

A. DISTRIBUTED_ROUTER_TIER1

B. TIER0_DISTRIBUTED_ROUTER

C. SERVICE_ROUTER_TIER0

D. DISTRIBUTED_ROUTER_TIER0

E. SERVICE_ROUTER_TIER1

What is the VMware recommended way to deploy a virtual NSX Edge Node?

A. Through the NSX UI

B. Through automated or interactive mode using an ISO

C. Through the vSphere Web Client

D. Through the OVF command line tool

Which of the following exist only on Tier-1 Gateway firewall configurations and not on Tier-0?

A. Applied To

B. Actions

C. Sources

D. Profiles

Which command is used to set the NSX Manager's logging-level to debug mode for troubleshooting?

A. set service manager logging-level debug

B. set service nsx-manager logging-level debug

C. set service nsx-manager log-level debug

D. set service manager log-level debug

Which CLI command on NSX Manager and NSX Edge is used to change NTP settings?

A. get time-server

B. set timezone

C. get timezone

D. set ntp-server

Which two BGP configuration parameters can be configured in the VRF Lite gateways? (Choose two.)

A. Route Aggregation

B. Route Distribution

C. Graceful Restart

D. BGP Neighbors

E. Local AS

An NSX administrator wants to create a Tier-0 Gateway to support equal cost multi-path (ECMP) routing.
Which failover detection protocol must be used to meet this requirement?

A. Beacon Probing (BP)

B. Bidirectional Forwarding Detection (BFD)

C. Virtual Router Redundancy Protocol (VRRP)

D. Host Standby Router Protocol (HSRP)

Which two of the following will be used for ingress traffic on the Edge node supporting a Single Tier topology? (Choose two.)

A. Inter-Tier interface on the Tier-0 gateway

B. Tier-0 Uplink interface

C. Downlink Interface for the Tier-0 DR

D. Tier-1 SR Router Port

E. Downlink Interface for the Tier-1 DR

An administrator is configuring service insertion for Network Introspection.
Which two places can the Network Introspection be configured? (Choose two.)

A. Partner SVM

B. Host pNIC

C. Tier-0 gateway

D. Tier-1 gateway

E. Edge Node

Which command on ESXi is used to verify the Local Control Plane connectivity with Central Control Plane?

A. esxcli network ip connection list | grep 1235

B. esxcli network ip connection list | grep ccpd

C. esxcli network ip connection list | grep netcpa

D. esxcli network ip connection list | grep 1234

What must be configured on Transport Nodes for encapsulation and decapsulation of Geneve protocol?

A. STT

B. TEP

C. UDP

D. VXLAN

Which two steps must an NSX administrator take to integrate VMware Identity Manager in NSX to support role-based access control? (Choose two.)

A. Create a SAML authentication in VMware Identity Manager using the NSX Manager FQDN.

B. Enter the Identity Provider (IdP) metadata URL in NSX Manager.

C. Create an OAuth 2.0 client in VMware Identity Manager.

D. Add NSX Manager as a Service Provider (SP) in VMware Identity Manager.

E. Enter the service URL, Client Secret, and SSL thumbprint in NSX Manager.

Which NSX feature can be leveraged to achieve consistent policy configuration and simplicity across sites?

A. NSX HTML5 UI

B. Ethernet VPN

C. VRF Lite

D. NSX Federation

When configuring OSPF on a Tier-0 Gateway, which three of the following must match in order to establish a neighbor relationship with an upstream router? (Choose three.)

A. Address of the neighbor

B. Subnet mask

C. MTU of the Uplink

D. Protocol and Port

E. Area ID

F. Naming convention

DRAG DROP -
Refer to the exhibits.
Drag and drop the NSX graphic element icons on the left found in an NSX Intelligence visualization graph to its correct description on the right.
 

Which of the two following characteristics about NAT64 are true? (Choose two.)

A. NAT64 is stateless and requires gateways to be deployed in active-standby mode.

B. NAT64 is supported on Tier-1 gateways only.

C. NAT64 is supported on Tier-0 and Tier-1 gateways.

D. NAT64 requires the Tier-1 gateway to be configured in active-standby mode.

E. NAT64 requires the Tier-1 gateway to be configured in active-active mode.

An NSX administrator is creating a NAT rule on a Tier-0 Gateway configured in active-standby high availability mode.
Which two NAT rule types are supported for this configuration? (Choose two.)

A. Destination NAT

B. Reflexive NAT

C. Port NAT

D. Source NAT

E. 1:1 NAT

Refer to the exhibit.
An administrator would like to change the private IP address of the NAT VM 172.16.101.11 to a public address of 80.80.80.1 as the packets leave the NAT-Segment network.
Which type of NAT solution should be implemented to achieve this?
 

A. DNAT

B. Reflexive NAT

C. NAT64

D. SNAT

Which two choices are solutions offered by the VMware NSX portfolio? (Choose two.)

A. VMware Aria Automation

B. VMware NSX Distributed IDS/IPS

C. VMware NSX Advanced Load Balancer

D. VMware Tanzu Kubernetes Grid

E. VMware Tanzu Kubernetes Cluster

Which two tools are used for centralized logging in VMware NSX? (Choose two.)

A. VMware Aria Automation

B. VMware Aria Operations for Logs

C. Syslog Server

D. VMware Aria Operations

E. VMware Aria Operations for Networks

Which field in a Tier-1 Gateway Firewall would be used to allow access for a collection of trustworthy web sites?

A. Destination

B. Profiles -> Context Profiles

C. Source

D. Profiles -> L7 Access Profile

Which three security features are dependent on the NSX Application Platform? (Choose three.)

A. NSX Intelligence

B. NSX Firewall

C. NSX Network Detection and Response

D. NSX TLS Inspection

E. NSX Distributed IDS/IPS

F. NSX Malware Prevention

In which VPN type are the Virtual Tunnel interfaces (VTI) used?

A. Policy & Route based VPNs

B. Route & SSL based VPNs

C. SSL-based VPN

D. Route-based VPN

Which CLI command does an NSX administrator run on the NSX Manager to generate support bundle logs if the NSX UI is inaccessible?

A. esxcli system syslog config logger set –id=nsxmanager

B. get support-bundle file vcpnv.tgz

C. vm-support

D. set support-bundle file vcpnv.tgz

Which command is used to display the network configuration of the Tunnel Endpoint (TEP) IP on a bare metal transport node?

A. tcpdump

B. ifconfig

C. tcpconfig

D. debug

Which two choices are use cases for Distributed Intrusion Detection? (Choose two.)

A. Identify risk and reputation of accessed websites.

B. Quarantine workloads based on vulnerabilities.

C. Gain insight about micro-segmentation traffic flows.

D. Identify security vulnerabilities in the workloads.

E. Use agentless antivirus with Guest Introspection.

In an NSX environment, an administrator is observing low throughput and congestion between the Tier-0 Gateway and the upstream physical routers.
Which two actions could address low throughput and congestion? (Choose two.)

A. Add an additional vNIC to the NSX Edge node.

B. Configure NAT on the Tier-0 gateway.

C. Configure ECMP on the Tier-0 gateway.

D. Configure a Tier-1 gateway and connect it directly to the physical routers.

E. Deploy Large size Edge node/s.

The security administrator turns on logging for a firewall rule.
Where is the log stored on an ESXi transport node?

A. /var/log/fw.log

B. /var/log/messages.log

C. /var/log/dfwpktlogs.log

D. /var/log/vmware/nsx/firewall.log

What can the administrator use to identify overlay segments in an NSX environment if troubleshooting is required?

A. VNI ID

B. VLAN ID

C. Segment ID

D. Geneve ID

Where does an administrator configure the VLANs used in VRF Lite? (Choose two.)

A. uplink interface of the default Tier-0 gateway

B. uplink trunk segment

C. uplink interface of the VRF gateway

D. downlink interface of the default Tier-0 gateway

E. segment connected to the Tier-1 gateway

What are the four types of role-based access control (RBAC) permissions? (Choose four.)

A. Network Admin

B. None

C. Read

D. Auditor

E. Full access

F. Execute

G. Enterprise Admin

An administrator has a requirement to have consistent policy configuration and enforcement across NSX instances.
What feature of NSX fulfills this requirement?

A. Federation

B. Policy-driven configuration

C. Load balancer

D. Multi-hypervisor support

Which two of the following features are supported for the Standard NSX Application Platform Deployment? (Choose two.)

A. NSX Network Detection and Response

B. NSX Intelligence

C. NSX Malware Prevention Metrics

D. NSX Intrinsic Security

E. NSX Intrusion Detection and Prevention

Which three data collection sources are used by NSX Network Detection and Response to create correlations/intrusion campaigns? (Choose three.)

A. Distributed Firewall flow data from the ESXi hosts

B. East-West anti-malware events from the ESXi hosts

C. Files and anti-malware file events from the NSX Edge nodes and the Security Analyzer

D. IDS/IPS events from the ESXi hosts and NSX Edge nodes

E. Suspicious Traffic Detection events from NSX Intelligence

Which two built-in VMware tools will help identify the cause of packet loss on VLAN Segments? (Choose two.)

A. Packet Capture

B. Live Flow

C. Traceflow

D. Flow Monitoring

E. Activity monitoring

Which two statements describe the characteristics of an Edge Cluster in NSX? (Choose two.)

A. Can have a maximum of 10 edge nodes

B. Can have a maximum of 8 edge nodes

C. Can contain multiple types of edge nodes (VM or bare metal)

D. Must contain only one type of edge nodes (VM or bare metal)

E. Must have only active-active edge nodes

Which two statements are true for IPSec VPN? (Choose two.)

A. VPNs can be configured on the command line interface on the NSX manager.

B. Dynamic routing is supported for any IPSec mode in NSX.

C. IPSec VPNs use the DPDK accelerated performance library.

D. IPSec VPN services can be configured at Tier-0 and Tier-1 gateways.

An NSX administrator would like to export syslog events that capture messages related to NSX host preparation events.
Which message ID (msgid) should be used in the syslog export configuration command as a filter?

A. MONITORING

B. GROUPING

C. FABRIC

D. SYSTEM

When deploying an NSX Edge Transport Node, what two valid IP address assignment options should be specified for the TEP IP addresses? (Choose two.)

A. Use a Static IP List

B. Use BootP

C. Use an IP Pool

D. Use RADIUS

E. Use a DHCP Server

Which command is used to test management connectivity from a transport node to NSX Manager?

A. esxcli network ip connection list | grep 1234

B. esxcli network connection list | grep 1235

C. esxcli network ip connection list | grep 1235

D. esxcli network connection list | grep 1234

Which three of the following describe the Border Gateway Routing Protocol (BGP) configuration on a Tier-0 Gateway? (Choose three.)

A. It supports a 4-byte autonomous system number.

B. The network is divided into areas that are logical groups.

C. Can be used as an Exterior Gateway Protocol.

D. BGP is enabled by default.

E. EIGRP is disabled by default.

Which CLI command would an administrator use to allow syslog on an ESXi transport node when using the esxcli utility?

A. esxcli network firewall ruleset set -r syslog -e true

B. esxcli network firewall ruleset -e syslog

C. esxcli network firewall ruleset set -a -e false

D. esxcli network firewall ruleset set -r syslog -e false

Which CLI command shows syslog on NSX Manager?

A. show log manager follow

B. get log-file syslog

C. /var/log/syslog/syslog.log

D. get log-file auth.log

Which VMware GUI tool is used to identify problems in a physical network?

A. VMware Site Recovery Manager

B. VMware Aria Automation

C. VMware Aria Operations Networks

D. VMware Aria Orchestrator

Which is the only supported mode in NSX Global Manager when using Federation?

A. Controller

B. Proxy

C. Policy

D. Proton

What are four NSX built-in role-based access control (RBAC) roles? (Choose four.)

A. Read

B. Network Admin

C. Full Access

D. Enterprise Admin

E. LB Operator

F. Auditor

G. None