Which two steps must an NSX administrator take to integrate VMware Identity Manager in NSX to support role-based access control? (Choose two.)

A. Create a SAML authentication in VMware Identity Manager using the NSX Manager FQDN.

B. Enter the Identity Provider (IdP) metadata URL in NSX Manager.

C. Create an OAuth 2.0 client in VMware Identity Manager.

D. Add NSX Manager as a Service Provider (SP) in VMware Identity Manager.

E. Enter the service URL, Client Secret, and SSL thumbprint in NSX Manager.

HOTSPOT -
Refer to the exhibit.
Which two items must be configured to enable OSPF for the Tier-0 Gateway in the image? Mark your answers by clicking twice on the image.
 

What are two valid options when configuring the scope of a distributed firewall rule? (Choose two.)

A. Segment Port

B. DFW

C. Tier-1 Gateway

D. Segment

E. Group

An administrator has been tasked with implementing the SSL certificates for the NSX Manager Cluster VIP.
Which is the correct way to implement this change?

A. Send an API call to https:///api/v1/cluster/api-certificate? action=set_cluster_certificate&certificate_id=

B. Send an API call to https:///api/v1/node/services/http? action=apply_certificate&certificate_id=

C. SSH as admin into the NSX manager with the cluster VIP IP and run nsxcli cluster certificate vip install

D. SSH as admin into the NSX manager with the cluster VIP IP and run nsxcli cluster certificate node install

In an NSX environment, an administrator is observing low throughput and congestion between the Tier-0 Gateway and the upstream physical routers.
Which two actions could address low throughput and congestion? (Choose two.)

A. Add an additional vNIC to the NSX Edge node.

B. Configure NAT on the Tier-0 gateway.

C. Configure ECMP on the Tier-0 gateway.

D. Configure a Tier-1 gateway and connect it directly to the physical routers.

E. Deploy Large size Edge node/s.

An architect receives a request to apply distributed firewall in a customer environment without making changes to the network and vSphere environment. The architect decides to use Distributed Firewall on VDS.
Which two of the following requirements must be met in the environment? (Choose two.)

A. VDS version 6.6.0 and later

B. vCenter 8.0 and later

C. NSX version must be 3.2 and later

D. NSX version must be 3.0 and later

What can the administrator use to identify overlay segments in an NSX environment if troubleshooting is required?

A. VNI ID

B. VLAN ID

C. Segment ID

D. Geneve ID

A company security policy requires all users to log into applications using a centralized authentication system.
Which two authentication, authorization, and accounting (AAA) systems are available when integrating NSX with VMware Identity Manager? (Choose two.)

A. LDAP and OpenLDAP based on Active Directory (AD)

B. RSA SecureID

C. Keygen Enterprise

D. SecureDAP

E. RADII 2.0

Which command on ESXi is used to verify the Local Control Plane connectivity with Central Control Plane?

A. esxcli network ip connection list | grep 1235

B. esxcli network ip connection list | grep ccpd

C. esxcli network ip connection list | grep netcpa

D. esxcli network ip connection list | grep 1234

How does the Traceflow tool identify issues in a network?

A. Compares intended network state in the control plane with Tunnel End Point (TEP) keepalives in the data plane.

B. Injects ICMP traffic into the data plane and observes the results in the control plane.

C. Compares the management plane configuration states containing control plane traffic and error reporting from transport node agents.

D. Injects synthetic traffic into the data plane and observes the results in the control plane.

Which two BGP configuration parameters can be configured in the VRF Lite gateways? (Choose two.)

A. Route Aggregation

B. Route Distribution

C. Graceful Restart

D. BGP Neighbors

E. Local AS

When collecting support bundles through NSX Manager, which files should be excluded for potentially containing sensitive information?

A. Audit Files

B. Core Files

C. Management Files

D. Controller Files

Which command is used to test management connectivity from a transport node to NSX Manager?

A. esxcli network ip connection list | grep 1234

B. esxcli network connection list | grep 1235

C. esxcli network ip connection list | grep 1235

D. esxcli network connection list | grep 1234

Which three NSX Edge components are used for North-South Malware Prevention? (Choose three.)

A. IDS/IPS

B. Security Analyzer

C. Reputation Service

D. RAPID

E. Thin Agent

F. Security Hub

Which of the following settings must be configured in an NSX environment before enabling stateful active-active SNAT?

A. A Punting Traffic Group for the NSX Edge uplinks

B. Tier-1 gateway in distributed only mode

C. Tier-1 gateway in active-standby mode

D. An Interface Group for the NSX Edge uplinks

Which two tools are used for centralized logging in VMware NSX? (Choose two.)

A. VMware Aria Automation

B. VMware Aria Operations for Logs

C. Syslog Server

D. VMware Aria Operations

E. VMware Aria Operations for Networks

As part of an organization's IT security compliance requirement, NSX Manager must be configured for 2FA (two-factor authentication).
What should an NSX administrator have ready before the integration can be configured?

A. VMware Identity Manager with NSX added as a Web Application

B. Active Directory LDAP integration with OAuth Client added

C. VMware Identity Manager with an OAuth Client added

D. Active Directory LDAP integration with ADFS

A customer is preparing to deploy a VMware Kubernetes solution in an NSX environment.
What is the minimum MTU size for the UPLINK profile?

A. 1700

B. 1550

C. 1650

D. 1500

Which is the only supported mode in NSX Global Manager when using Federation?

A. Controller

B. Proxy

C. Policy

D. Proton

An administrator has deployed 10 Edge Transport Nodes in their NSX Environment, but has forgotten to specify an NTP server during the deployment.
What is the efficient way to add an NTP server to all 10 Edge Transport Nodes?

A. Use a Node Profile

B. Use the CLI on each Edge Node

C. Use Transport Node Profile

D. Use a PowerCLI script

Which three data collection sources are used by NSX Network Detection and Response to create correlations/intrusion campaigns? (Choose three.)

A. Distributed Firewall flow data from the ESXi hosts

B. East-West anti-malware events from the ESXi hosts

C. Files and anti-malware file events from the NSX Edge nodes and the Security Analyzer

D. IDS/IPS events from the ESXi hosts and NSX Edge nodes

E. Suspicious Traffic Detection events from NSX Intelligence

An NSX administrator is creating a Tier-1 Gateway configured in Active-Standby High Availability Mode. In the event of node failure, the failover policy should not allow the original failed node to become the Active node upon recovery.
Which failover policy meets this requirement?

A. Enable Preemptive

B. Non-Preemptive

C. Preemptive

D. Disable Preemptive

Which VMware GUI tool is used to identify problems in a physical network?

A. VMware Site Recovery Manager

B. VMware Aria Automation

C. VMware Aria Operations Networks

D. VMware Aria Orchestrator

Which two of the following features are supported for the Standard NSX Application Platform Deployment? (Choose two.)

A. NSX Network Detection and Response

B. NSX Intelligence

C. NSX Malware Prevention Metrics

D. NSX Intrinsic Security

E. NSX Intrusion Detection and Prevention

In which VPN type are the Virtual Tunnel interfaces (VTI) used?

A. Policy & Route based VPNs

B. Route & SSL based VPNs

C. SSL-based VPN

D. Route-based VPN

An NSX administrator is troubleshooting a connectivity issue with virtual machines running on an ESXi transport node.
Which feature in the NSX UI shows the mapping between the virtual NIC and the host's physical adapter?

A. Port Mirroring

B. IPFIX

C. Activity Monitoring

D. Switch Visualization

Which CLI command is used for packet capture on the ESXi Node?

A. debug

B. pktcap-uw

C. set capture

D. tcpdump

Which NSX feature can be leveraged to achieve consistent policy configuration and simplicity across sites?

A. NSX HTML5 UI

B. Ethernet VPN

C. VRF Lite

D. NSX Federation

Which two statements describe the characteristics of an Edge Cluster in NSX? (Choose two.)

A. Can have a maximum of 10 edge nodes

B. Can have a maximum of 8 edge nodes

C. Can contain multiple types of edge nodes (VM or bare metal)

D. Must contain only one type of edge nodes (VM or bare metal)

E. Must have only active-active edge nodes

Which of the following exist only on Tier-1 Gateway firewall configurations and not on Tier-0?

A. Applied To

B. Actions

C. Sources

D. Profiles

What needs to be configured on a Tier-0 Gateway to make NSX Edge Services available to a VM on a VLAN-backed logical switch?

A. Loopback Router Port

B. VLAN Uplink

C. Service interface

D. Downlink interface

Where does an administrator configure the VLANs used in VRF Lite? (Choose two.)

A. uplink interface of the default Tier-0 gateway

B. uplink trunk segment

C. uplink interface of the VRF gateway

D. downlink interface of the default Tier-0 gateway

E. segment connected to the Tier-1 gateway

When a stateful service is enabled for the first time on a Tier-0 Gateway, what happens on the NSX Edge node?

A. SR and DR is instantiated but requires manual connection.

B. SR is instantiated and automatically connected with DR.

C. DR is instantiated and automatically connected with SR.

D. SR and DR doesn’t need to be connected to provide any stateful services.

What are four NSX built-in role-based access control (RBAC) roles? (Choose four.)

A. Read

B. Network Admin

C. Full Access

D. Enterprise Admin

E. LB Operator

F. Auditor

G. None

Which two logical router components span across all transport nodes? (Choose two.)

A. DISTRIBUTED_ROUTER_TIER1

B. TIER0_DISTRIBUTED_ROUTER

C. SERVICE_ROUTER_TIER0

D. DISTRIBUTED_ROUTER_TIER0

E. SERVICE_ROUTER_TIER1

When configuring OSPF on a Tier-0 Gateway, which three of the following must match in order to establish a neighbor relationship with an upstream router? (Choose three.)

A. Address of the neighbor

B. Subnet mask

C. MTU of the Uplink

D. Protocol and Port

E. Area ID

F. Naming convention

An NSX administrator is using ping to check connectivity between VM1 running on ESXi1 to VM2 running on ESXi2. The ping tests fails. The administrator knows the maximum transmission unit size on the physical switch is 1600.
Which command does the administrator use to check the VMware kernel ports for tunnel end point communication?

A. vmkping ++netstack=geneve -d -s 1572

B. esxcli network diag ping -I vmk0 -H

C. esxcli network diag ping -H

D. vmkping ++netstack=vxlan -d -s 1572

When running nsxcli on an ESXi host, which command will show the Replication mode?

A. get logical-switch status

B. get logical-switch status

C. get logical-switch

D. get logical-switches

Which TraceFlow traffic type should an NSX administrator use for validating connectivity between App and DB virtual machines that reside on different segments?

A. Multicast

B. Anycast

C. Broadcast

D. Unicast

An NSX administrator is reviewing syslog and notices that Distributed Firewall Rules hit counts are not being logged.
What could cause this issue?

A. Zero Trust Security is not enabled.

B. Distributed Firewall Rule logging is not enabled.

C. Syslog is not configured on the NSX Manager.

D. Syslog is not configured on the ESXi transport node.

A customer has a network where BGP has been enabled and the BGP neighbor is configured on the Tier-0 Gateway. An NSX administrator used the get gateways command to retrieve this information:
 
Which two commands must be executed to check BGP neighbor status? (Choose two.)

A. vrf 3

B. sa-nsxedge-01(tier1_sr)> get bgp neighbor

C. vrf 4

D. sa-nsxedge-01(tier0_dr)> get bgp neighbor

E. vrf 1

F. sa-nsxedge-01(tier0_sr)> get bgp neighbor

An administrator is configuring service insertion for Network Introspection.
Which two places can the Network Introspection be configured? (Choose two.)

A. Partner SVM

B. Host pNIC

C. Tier-0 gateway

D. Tier-1 gateway

E. Edge Node

Which two statements are true for IPSec VPN? (Choose two.)

A. VPNs can be configured on the command line interface on the NSX manager.

B. Dynamic routing is supported for any IPSec mode in NSX.

C. IPSec VPNs use the DPDK accelerated performance library.

D. IPSec VPN services can be configured at Tier-0 and Tier-1 gateways.

Which two are requirements for FQDN Analysis? (Choose two.)

A. The NSX Edge nodes require access to the Internet to download category and reputation definitions.

B. ESXi control panel requires access to the Internet to download category and reputation definitions.

C. The NSX Manager requires access to the Internet to download category and reputation definitions.

D. A layer 7 gateway firewall rule must be configured on the Tier-1 gateway uplink.

E. A layer 7 gateway firewall rule must be configured on the Tier-0 gateway uplink.

When deploying an NSX Edge Transport Node, what two valid IP address assignment options should be specified for the TEP IP addresses? (Choose two.)

A. Use a Static IP List

B. Use BootP

C. Use an IP Pool

D. Use RADIUS

E. Use a DHCP Server

What should an NSX administrator check to verify that VMware Identity Manager integration is successful?

A. From the NSX UI the status of the VMware Identity Manager Integration must be “Enabled”.

B. From VMware Identity Manager the status of the remote access application must be green.

C. From the NSX UI the URI in the address bar must have “local=false” part of it.

D. From the NSX CLI the status of the VMware Identity Manager Integration must be “Configured”.

Which two statements are correct about East-West Malware Prevention? (Choose two.)

A. NSX Application Platform must have Internet access.

B. NSX Edge nodes must have Internet access.

C. A SVM is deployed on every ESXi host.

D. An agent must be installed on every NSX Edge node.

E. An agent must be installed on every ESXi host.

What are two supported host switch modes? (Choose two.)

A. Overlay Datapath

B. DPDK Datapath

C. Standard Datapath

D. Enhanced Datapath

E. Secure Datapath

How is the RouterLink port created between a Tier-1 Gateway and Tier-0 Gateway?

A. Manually create a Segment and connect to both Tier-1 and Tier-0 Gateways.

B. Automatically created when Tier-1 is created.

C. Manually create a Logical Switch and connect to bother Tier-1 and Tier-0 Gateways.

D. Automatically created when Tier-1 is connected with Tier-0 from NSX UI.

A security administrator needs to configure a firewall rule based on the domain name of a specific application.
Which field in a distributed firewall rule does the administrator configure?

A. Profile

B. Service

C. Source

D. Policy