Which troubleshooting step will resolve an error with code 1001 during the configuration of a time-based firewall rule?

A. Changing the time zone on the ESXi host.

B. Re-installing the NSX VIBs on the ESXi host.

C. Restarting the NTPservice on the ESXi host.

D. Reconfiguring the ESXi host with a local NTP server.

Which NSX feature can be leveraged to achieve consistent policy configuration and simplicity across sites?

A. NSX HTML5 UI

B. Ethernet VPN

C. VRF Lite

D. NSX Federation

What are two functions of the Service Engines in NSX Advanced Load Balancer? (Choose two.)

A. It collects real-time analytics from application traffic flows.

B. It stores the configuration and policies related to load-balancing services.

C. It deploys web servers to perform load-balancing operations.

D. It performs application load-balancing operations.

E. It provides a user interface to perform configuration and management tasks.

An NSX administrator is creating a Tier-1 Gateway configured in Active-Standby High Availability Mode. In the event of node failure, the failover policy should not allow the original failed node to become the Active node upon recovery.
Which failover policy meets this requirement?

A. Enable Preemptive

B. Non-Preemptive

C. Preemptive

D. Disable Preemptive

What must be configured on Transport Nodes for encapsulation and decapsulation of Geneve protocol?

A. STT

B. TEP

C. UDP

D. VXLAN

Which CLI command on NSX Manager and NSX Edge is used to change NTP settings?

A. get time-server

B. set timezone

C. get timezone

D. set ntp-server

An NSX administrator is creating a NAT rule on a Tier-0 Gateway configured in active-standby high availability mode.
Which two NAT rule types are supported for this configuration? (Choose two.)

A. Destination NAT

B. Reflexive NAT

C. Port NAT

D. Source NAT

E. 1:1 NAT

How does the Traceflow tool identify issues in a network?

A. Compares intended network state in the control plane with Tunnel End Point (TEP) keepalives in the data plane.

B. Injects ICMP traffic into the data plane and observes the results in the control plane.

C. Compares the management plane configuration states containing control plane traffic and error reporting from transport node agents.

D. Injects synthetic traffic into the data plane and observes the results in the control plane.

An NSX administrator is using ping to check connectivity between VM1 running on ESXi1 to VM2 running on ESXi2. The ping tests fails. The administrator knows the maximum transmission unit size on the physical switch is 1600.
Which command does the administrator use to check the VMware kernel ports for tunnel end point communication?

A. vmkping ++netstack=geneve -d -s 1572

B. esxcli network diag ping -I vmk0 -H

C. esxcli network diag ping -H

D. vmkping ++netstack=vxlan -d -s 1572

Which command is used to set the NSX Manager's logging-level to debug mode for troubleshooting?

A. set service manager logging-level debug

B. set service nsx-manager logging-level debug

C. set service nsx-manager log-level debug

D. set service manager log-level debug

An administrator has a requirement to have consistent policy configuration and enforcement across NSX instances.
What feature of NSX fulfills this requirement?

A. Federation

B. Policy-driven configuration

C. Load balancer

D. Multi-hypervisor support

NSX improves the security of today's modern workloads by preventing lateral movement, which feature of NSX can be used to achieve this?

A. Virtual Security Zones

B. Network Segmentation

C. Edge Firewalling

D. Dynamic Routing

A company security policy requires all users to log into applications using a centralized authentication system.
Which two authentication, authorization, and accounting (AAA) systems are available when integrating NSX with VMware Identity Manager? (Choose two.)

A. LDAP and OpenLDAP based on Active Directory (AD)

B. RSA SecureID

C. Keygen Enterprise

D. SecureDAP

E. RADII 2.0

Which steps are required to activate Malware Prevention on the NSX Application Platform?

A. Activate NSX Network Detection and Response and run Pre-checks.

B. Select Cloud Region and Deploy Network Detection and Response.

C. Activate NSX Network Detection and Response and Deploy Malware Prevention.

D. Select Cloud Region and run Pre-checks.

An NSX administrator would like to create an L2 segment with the following requirements:
•	L2 domain should not exist on the physical switches.
•	East/West communication must be maximized as much as possible.
Which type of segment must the administrator choose?

A. Hybrid

B. Overlay

C. Bridge

D. VLAN

Which two commands does an NSX administrator use to check the IP address of the VMkernel port for the Geneve protocol on the ESXi transport node? (Choose two.)

A. net-dvs

B. esxcli network ip interface ipv4 get

C. esxcfg-vmknic -1

D. esxcfg-nics -1

E. esxcli network nic list

Which choice is a valid insertion point for North-South network introspection?

A. Tier-0 gateway

B. Host Physical NIC

C. Guest VM vNIC

D. Partner SVM

What are the four types of role-based access control (RBAC) permissions? (Choose four.)

A. Network Admin

B. None

C. Read

D. Auditor

E. Full access

F. Execute

G. Enterprise Admin

The security administrator turns on logging for a firewall rule.
Where is the log stored on an ESXi transport node?

A. /var/log/fw.log

B. /var/log/messages.log

C. /var/log/dfwpktlogs.log

D. /var/log/vmware/nsx/firewall.log

A customer is preparing to deploy a VMware Kubernetes solution in an NSX environment.
What is the minimum MTU size for the UPLINK profile?

A. 1700

B. 1550

C. 1650

D. 1500

Which three security features are dependent on the NSX Application Platform? (Choose three.)

A. NSX Intelligence

B. NSX Firewall

C. NSX Network Detection and Response

D. NSX TLS Inspection

E. NSX Distributed IDS/IPS

F. NSX Malware Prevention

An administrator has connected two virtual machines on the same overlay segment. Ping between both virtual machines is successful.
What type of network boundary does this represent?

A. Layer 2 VPN

B. Layer 2 broadcast domain

C. Layer 2 bridge

D. Layer 3 route

Which three selections are capabilities of Network Topology? (Choose three.)

A. Display the uplinks configured on the Tier-1 Gateways.

B. Display how the different NSX components are interconnected.

C. Display the VMs connected to Segments.

D. Display the uplinks configured on the Tier-0 Gateways.

E. Display how the Physical components are interconnected.

When a stateful service is enabled for the first time on a Tier-0 Gateway, what happens on the NSX Edge node?

A. SR and DR is instantiated but requires manual connection.

B. SR is instantiated and automatically connected with DR.

C. DR is instantiated and automatically connected with SR.

D. SR and DR doesn’t need to be connected to provide any stateful services.

An NSX administrator is troubleshooting a connectivity issue with virtual machines running on an ESXi transport node.
Which feature in the NSX UI shows the mapping between the virtual NIC and the host's physical adapter?

A. Port Mirroring

B. IPFIX

C. Activity Monitoring

D. Switch Visualization

Which CLI command would an administrator use to allow syslog on an ESXi transport node when using the esxcli utility?

A. esxcli network firewall ruleset set -r syslog -e true

B. esxcli network firewall ruleset -e syslog

C. esxcli network firewall ruleset set -a -e false

D. esxcli network firewall ruleset set -r syslog -e false

Which is the only supported mode in NSX Global Manager when using Federation?

A. Controller

B. Proxy

C. Policy

D. Proton

What should an NSX administrator check to verify that VMware Identity Manager integration is successful?

A. From the NSX UI the status of the VMware Identity Manager Integration must be “Enabled”.

B. From VMware Identity Manager the status of the remote access application must be green.

C. From the NSX UI the URI in the address bar must have “local=false” part of it.

D. From the NSX CLI the status of the VMware Identity Manager Integration must be “Configured”.

Which CLI command does an NSX administrator run on the NSX Manager to generate support bundle logs if the NSX UI is inaccessible?

A. esxcli system syslog config logger set –id=nsxmanager

B. get support-bundle file vcpnv.tgz

C. vm-support

D. set support-bundle file vcpnv.tgz

HOTSPOT
-
Refer to the exhibit.
An administrator configured NSX Advanced Load Balancer to load balance the production web server traffic, but the end users are unable to access the production website by using the VIP address.
Which of the following Tier-1 gateway route advertisement settings needs to be enabled to resolve the problem? Mark the correct answer by clicking on the image.
 

How is the RouterLink port created between a Tier-1 Gateway and Tier-0 Gateway?

A. Manually create a Segment and connect to both Tier-1 and Tier-0 Gateways.

B. Automatically created when Tier-1 is created.

C. Manually create a Logical Switch and connect to bother Tier-1 and Tier-0 Gateways.

D. Automatically created when Tier-1 is connected with Tier-0 from NSX UI.

Which three NSX Edge components are used for North-South Malware Prevention? (Choose three.)

A. IDS/IPS

B. Security Analyzer

C. Reputation Service

D. RAPID

E. Thin Agent

F. Security Hub

An architect receives a request to apply distributed firewall in a customer environment without making changes to the network and vSphere environment. The architect decides to use Distributed Firewall on VDS.
Which two of the following requirements must be met in the environment? (Choose two.)

A. VDS version 6.6.0 and later

B. vCenter 8.0 and later

C. NSX version must be 3.2 and later

D. NSX version must be 3.0 and later

Refer to the exhibit.
An administrator would like to change the private IP address of the NAT VM 172.16.101.11 to a public address of 80.80.80.1 as the packets leave the NAT-Segment network.
Which type of NAT solution should be implemented to achieve this?
 

A. DNAT

B. Reflexive NAT

C. NAT64

D. SNAT

An administrator wants to validate the BGP connection status between the Tier-0 Gateway and the upstream physical router.
What sequence of commands could be used to check this status on NSX Edge node?

A. – enable – get vrf – show bgp neighbor

B. – set vrf – show logical-routers- show bgp

C. – get gateways- vrf – get bgp neighbor

D. – show logical-routers- get vrf- show ip route bgp

Which two CLI commands could be used to see if vmnic link status is down? (Choose two.)

A. esxcfg-nics -1

B. esxcfg-vmknic -1

C. esxcli network vswitch dvs vmware list

D. esxcfg-vmsvc/get.networks

E. esxcli network nic list

Which TraceFlow traffic type should an NSX administrator use for validating connectivity between App and DB virtual machines that reside on different segments?

A. Multicast

B. Anycast

C. Broadcast

D. Unicast

An administrator has deployed 10 Edge Transport Nodes in their NSX Environment, but has forgotten to specify an NTP server during the deployment.
What is the efficient way to add an NTP server to all 10 Edge Transport Nodes?

A. Use a Node Profile

B. Use the CLI on each Edge Node

C. Use Transport Node Profile

D. Use a PowerCLI script

When deploying an NSX Edge Transport Node, what two valid IP address assignment options should be specified for the TEP IP addresses? (Choose two.)

A. Use a Static IP List

B. Use BootP

C. Use an IP Pool

D. Use RADIUS

E. Use a DHCP Server

Which two choices are use cases for Distributed Intrusion Detection? (Choose two.)

A. Identify risk and reputation of accessed websites.

B. Quarantine workloads based on vulnerabilities.

C. Gain insight about micro-segmentation traffic flows.

D. Identify security vulnerabilities in the workloads.

E. Use agentless antivirus with Guest Introspection.

An NSX administrator has deployed a single NSX Manager node and will be adding two additional nodes to form a 3-node NSX Management Cluster for a production environment. The administrator will deploy these two additional nodes and Cluster VIP using the NSX UI.
What two are the prerequisites for this configuration? (Choose two.)

A. The cluster configuration must be completed using API.

B. All nodes must be in separate subnets.

C. All nodes must be in the same subnet.

D. A compute manager must be configured.

E. NSX Manager must reside on a Windows Server.

DRAG DROP -
Refer to the exhibits.
Drag and drop the NSX graphic element icons on the left found in an NSX Intelligence visualization graph to its correct description on the right.
 

When configuring OSPF on a Tier-0 Gateway, which three of the following must match in order to establish a neighbor relationship with an upstream router? (Choose three.)

A. Address of the neighbor

B. Subnet mask

C. MTU of the Uplink

D. Protocol and Port

E. Area ID

F. Naming convention

An NSX administrator would like to export syslog events that capture messages related to NSX host preparation events.
Which message ID (msgid) should be used in the syslog export configuration command as a filter?

A. MONITORING

B. GROUPING

C. FABRIC

D. SYSTEM

An NSX administrator is reviewing syslog and notices that Distributed Firewall Rules hit counts are not being logged.
What could cause this issue?

A. Zero Trust Security is not enabled.

B. Distributed Firewall Rule logging is not enabled.

C. Syslog is not configured on the NSX Manager.

D. Syslog is not configured on the ESXi transport node.

Which two of the following are used to configure Distributed Firewall on VDS? (Choose two.)

A. vCenter API

B. NSX UI

C. NSX CLI

D. vSphere API

E. NSX API

Which three DHCP Services are supported by NSX? (Choose three.)

A. Port DHCP per VNF

B. Segment DHCP

C. Gateway DHCP

D. VRF DHCP Server

E. DHCP Relay

Where does an administrator configure the VLANs used in VRF Lite? (Choose two.)

A. uplink interface of the default Tier-0 gateway

B. uplink trunk segment

C. uplink interface of the VRF gateway

D. downlink interface of the default Tier-0 gateway

E. segment connected to the Tier-1 gateway

Which command on ESXi is used to verify the Local Control Plane connectivity with Central Control Plane?

A. esxcli network ip connection list | grep 1235

B. esxcli network ip connection list | grep ccpd

C. esxcli network ip connection list | grep netcpa

D. esxcli network ip connection list | grep 1234

Which two of the following features are supported for the Standard NSX Application Platform Deployment? (Choose two.)

A. NSX Network Detection and Response

B. NSX Intelligence

C. NSX Malware Prevention Metrics

D. NSX Intrinsic Security

E. NSX Intrusion Detection and Prevention