Which NSX feature can be leveraged to achieve consistent policy configuration and simplicity across sites?

A. NSX HTML5 UI

B. Ethernet VPN

C. VRF Lite

D. NSX Federation

Which field in a Tier-1 Gateway Firewall would be used to allow access for a collection of trustworthy web sites?

A. Destination

B. Profiles -> Context Profiles

C. Source

D. Profiles -> L7 Access Profile

Which two BGP configuration parameters can be configured in the VRF Lite gateways? (Choose two.)

A. Route Aggregation

B. Route Distribution

C. Graceful Restart

D. BGP Neighbors

E. Local AS

Which table on an ESXi host is used to determine the location of a particular workload for a frame-forwarding decision?

A. TEP Table

B. ARP Table

C. Routing Table

D. MAC Table

Which command on ESXi is used to verify the Local Control Plane connectivity with Central Control Plane?

A. esxcli network ip connection list | grep 1235

B. esxcli network ip connection list | grep ccpd

C. esxcli network ip connection list | grep netcpa

D. esxcli network ip connection list | grep 1234

An NSX administrator wants to create a Tier-0 Gateway to support equal cost multi-path (ECMP) routing.
Which failover detection protocol must be used to meet this requirement?

A. Beacon Probing (BP)

B. Bidirectional Forwarding Detection (BFD)

C. Virtual Router Redundancy Protocol (VRRP)

D. Host Standby Router Protocol (HSRP)

Which command is used to display the network configuration of the Tunnel Endpoint (TEP) IP on a bare metal transport node?

A. tcpdump

B. ifconfig

C. tcpconfig

D. debug

When configuring OSPF on a Tier-0 Gateway, which three of the following must match in order to establish a neighbor relationship with an upstream router? (Choose three.)

A. Address of the neighbor

B. Subnet mask

C. MTU of the Uplink

D. Protocol and Port

E. Area ID

F. Naming convention

An administrator has a requirement to have consistent policy configuration and enforcement across NSX instances.
What feature of NSX fulfills this requirement?

A. Federation

B. Policy-driven configuration

C. Load balancer

D. Multi-hypervisor support

An architect receives a request to apply distributed firewall in a customer environment without making changes to the network and vSphere environment. The architect decides to use Distributed Firewall on VDS.
Which two of the following requirements must be met in the environment? (Choose two.)

A. VDS version 6.6.0 and later

B. vCenter 8.0 and later

C. NSX version must be 3.2 and later

D. NSX version must be 3.0 and later

Where in the NSX UI would an administrator set the time attribute for a time-based Gateway Firewall rule?

A. There is no option in the NSX UI. It must be done via command line interface.

B. The option to set time-based rule is a clock icon in the policy.

C. The option to set time-based rule is a field in the rule itself.

D. The option to set time-based rule is a clock icon in the rule.

Which two statements are correct about East-West Malware Prevention? (Choose two.)

A. NSX Application Platform must have Internet access.

B. NSX Edge nodes must have Internet access.

C. A SVM is deployed on every ESXi host.

D. An agent must be installed on every NSX Edge node.

E. An agent must be installed on every ESXi host.

Which three of the following describe the Border Gateway Routing Protocol (BGP) configuration on a Tier-0 Gateway? (Choose three.)

A. It supports a 4-byte autonomous system number.

B. The network is divided into areas that are logical groups.

C. Can be used as an Exterior Gateway Protocol.

D. BGP is enabled by default.

E. EIGRP is disabled by default.

Which three NSX Edge components are used for North-South Malware Prevention? (Choose three.)

A. IDS/IPS

B. Security Analyzer

C. Reputation Service

D. RAPID

E. Thin Agent

F. Security Hub

Which two commands does an NSX administrator use to check the IP address of the VMkernel port for the Geneve protocol on the ESXi transport node? (Choose two.)

A. net-dvs

B. esxcli network ip interface ipv4 get

C. esxcfg-vmknic -1

D. esxcfg-nics -1

E. esxcli network nic list

An NSX administrator would like to export syslog events that capture messages related to NSX host preparation events.
Which message ID (msgid) should be used in the syslog export configuration command as a filter?

A. MONITORING

B. GROUPING

C. FABRIC

D. SYSTEM

Which of the following settings must be configured in an NSX environment before enabling stateful active-active SNAT?

A. A Punting Traffic Group for the NSX Edge uplinks

B. Tier-1 gateway in distributed only mode

C. Tier-1 gateway in active-standby mode

D. An Interface Group for the NSX Edge uplinks

What should an NSX administrator check to verify that VMware Identity Manager integration is successful?

A. From the NSX UI the status of the VMware Identity Manager Integration must be “Enabled”.

B. From VMware Identity Manager the status of the remote access application must be green.

C. From the NSX UI the URI in the address bar must have “local=false” part of it.

D. From the NSX CLI the status of the VMware Identity Manager Integration must be “Configured”.

Which troubleshooting step will resolve an error with code 1001 during the configuration of a time-based firewall rule?

A. Changing the time zone on the ESXi host.

B. Re-installing the NSX VIBs on the ESXi host.

C. Restarting the NTPservice on the ESXi host.

D. Reconfiguring the ESXi host with a local NTP server.

Which CLI command on NSX Manager and NSX Edge is used to change NTP settings?

A. get time-server

B. set timezone

C. get timezone

D. set ntp-server

The security administrator turns on logging for a firewall rule.
Where is the log stored on an ESXi transport node?

A. /var/log/fw.log

B. /var/log/messages.log

C. /var/log/dfwpktlogs.log

D. /var/log/vmware/nsx/firewall.log

An administrator has deployed 10 Edge Transport Nodes in their NSX Environment, but has forgotten to specify an NTP server during the deployment.
What is the efficient way to add an NTP server to all 10 Edge Transport Nodes?

A. Use a Node Profile

B. Use the CLI on each Edge Node

C. Use Transport Node Profile

D. Use a PowerCLI script

How is the RouterLink port created between a Tier-1 Gateway and Tier-0 Gateway?

A. Manually create a Segment and connect to both Tier-1 and Tier-0 Gateways.

B. Automatically created when Tier-1 is created.

C. Manually create a Logical Switch and connect to bother Tier-1 and Tier-0 Gateways.

D. Automatically created when Tier-1 is connected with Tier-0 from NSX UI.

Which two choices are solutions offered by the VMware NSX portfolio? (Choose two.)

A. VMware Aria Automation

B. VMware NSX Distributed IDS/IPS

C. VMware NSX Advanced Load Balancer

D. VMware Tanzu Kubernetes Grid

E. VMware Tanzu Kubernetes Cluster

Which two statements are true about IDS Signatures? (Choose two.)

A. Users can upload their own IDS signature definitions.

B. An IDS signature contains data used to identify the creator of known exploits and vulnerabilities.

C. IDS signatures can be High Risk, Suspicious, Low Risk and Trustworthy.

D. An IDS signature contains data used to identify known exploits and vulnerabilities.

E. An JDS signature contains a set of instructions that determine which traffic is analyzed.

Which steps are required to activate Malware Prevention on the NSX Application Platform?

A. Activate NSX Network Detection and Response and run Pre-checks.

B. Select Cloud Region and Deploy Network Detection and Response.

C. Activate NSX Network Detection and Response and Deploy Malware Prevention.

D. Select Cloud Region and run Pre-checks.

As part of an organization's IT security compliance requirement, NSX Manager must be configured for 2FA (two-factor authentication).
What should an NSX administrator have ready before the integration can be configured?

A. VMware Identity Manager with NSX added as a Web Application

B. Active Directory LDAP integration with OAuth Client added

C. VMware Identity Manager with an OAuth Client added

D. Active Directory LDAP integration with ADFS

Which two are requirements for FQDN Analysis? (Choose two.)

A. The NSX Edge nodes require access to the Internet to download category and reputation definitions.

B. ESXi control panel requires access to the Internet to download category and reputation definitions.

C. The NSX Manager requires access to the Internet to download category and reputation definitions.

D. A layer 7 gateway firewall rule must be configured on the Tier-1 gateway uplink.

E. A layer 7 gateway firewall rule must be configured on the Tier-0 gateway uplink.

A company security policy requires all users to log into applications using a centralized authentication system.
Which two authentication, authorization, and accounting (AAA) systems are available when integrating NSX with VMware Identity Manager? (Choose two.)

A. LDAP and OpenLDAP based on Active Directory (AD)

B. RSA SecureID

C. Keygen Enterprise

D. SecureDAP

E. RADII 2.0

Which two statements describe the characteristics of an Edge Cluster in NSX? (Choose two.)

A. Can have a maximum of 10 edge nodes

B. Can have a maximum of 8 edge nodes

C. Can contain multiple types of edge nodes (VM or bare metal)

D. Must contain only one type of edge nodes (VM or bare metal)

E. Must have only active-active edge nodes

Which VMware GUI tool is used to identify problems in a physical network?

A. VMware Site Recovery Manager

B. VMware Aria Automation

C. VMware Aria Operations Networks

D. VMware Aria Orchestrator

Which three security features are dependent on the NSX Application Platform? (Choose three.)

A. NSX Intelligence

B. NSX Firewall

C. NSX Network Detection and Response

D. NSX TLS Inspection

E. NSX Distributed IDS/IPS

F. NSX Malware Prevention

What are four NSX built-in role-based access control (RBAC) roles? (Choose four.)

A. Read

B. Network Admin

C. Full Access

D. Enterprise Admin

E. LB Operator

F. Auditor

G. None

When running nsxcli on an ESXi host, which command will show the Replication mode?

A. get logical-switch status

B. get logical-switch status

C. get logical-switch

D. get logical-switches

Which three DHCP Services are supported by NSX? (Choose three.)

A. Port DHCP per VNF

B. Segment DHCP

C. Gateway DHCP

D. VRF DHCP Server

E. DHCP Relay

Which two tools are used for centralized logging in VMware NSX? (Choose two.)

A. VMware Aria Automation

B. VMware Aria Operations for Logs

C. Syslog Server

D. VMware Aria Operations

E. VMware Aria Operations for Networks

What is the VMware recommended way to deploy a virtual NSX Edge Node?

A. Through the NSX UI

B. Through automated or interactive mode using an ISO

C. Through the vSphere Web Client

D. Through the OVF command line tool

Which two built-in VMware tools will help identify the cause of packet loss on VLAN Segments? (Choose two.)

A. Packet Capture

B. Live Flow

C. Traceflow

D. Flow Monitoring

E. Activity monitoring

Which of the following exist only on Tier-1 Gateway firewall configurations and not on Tier-0?

A. Applied To

B. Actions

C. Sources

D. Profiles

Which is an advantages of a L2 VPN in an NSX 4.x environment?

A. Enables Multi-Cloud solutions

B. Enables VM mobility with re-IP

C. Achieve better performance

D. Use the same broadcast domain

When collecting support bundles through NSX Manager, which files should be excluded for potentially containing sensitive information?

A. Audit Files

B. Core Files

C. Management Files

D. Controller Files

A company is deploying NSX micro-segmentation in their vSphere environment to secure a simple application composed of web, app, and database tiers.
The naming convention will be:
WKS-WEB-SRV-XXX -
WKY-APP-SRR-XXX -
WKI-DB-SRR-XXX -
What is the optimal way to group them to enforce security policies from NSX?

A. Use Edge as a firewall between tiers.

B. Group all by means of tags membership.

C. Create an Ethernet based security policy.

D. Do a service insertion to accomplish the task.

An administrator needs to download the support bundle for NSX Manager.
Where does the administrator download the log bundle from?

A. System > Utilities > Tools

B. System > Settings > Support Bundle

C. System > Support Bundle

D. System > Settings

An administrator has been tasked with implementing the SSL certificates for the NSX Manager Cluster VIP.
Which is the correct way to implement this change?

A. Send an API call to https:///api/v1/cluster/api-certificate? action=set_cluster_certificate&certificate_id=

B. Send an API call to https:///api/v1/node/services/http? action=apply_certificate&certificate_id=

C. SSH as admin into the NSX manager with the cluster VIP IP and run nsxcli cluster certificate vip install

D. SSH as admin into the NSX manager with the cluster VIP IP and run nsxcli cluster certificate node install

HOTSPOT -
Refer to the exhibit.
Which two items must be configured to enable OSPF for the Tier-0 Gateway in the image? Mark your answers by clicking twice on the image.
 

Which two steps must an NSX administrator take to integrate VMware Identity Manager in NSX to support role-based access control? (Choose two.)

A. Create a SAML authentication in VMware Identity Manager using the NSX Manager FQDN.

B. Enter the Identity Provider (IdP) metadata URL in NSX Manager.

C. Create an OAuth 2.0 client in VMware Identity Manager.

D. Add NSX Manager as a Service Provider (SP) in VMware Identity Manager.

E. Enter the service URL, Client Secret, and SSL thumbprint in NSX Manager.

When deploying an NSX Edge Transport Node, what two valid IP address assignment options should be specified for the TEP IP addresses? (Choose two.)

A. Use a Static IP List

B. Use BootP

C. Use an IP Pool

D. Use RADIUS

E. Use a DHCP Server

What are two valid BGP Attributes that can be used to influence the route path traffic will take? (Choose two.)

A. AS-Path Prepend

B. Cost

C. BFD

D. MED

What are two supported host switch modes? (Choose two.)

A. Overlay Datapath

B. DPDK Datapath

C. Standard Datapath

D. Enhanced Datapath

E. Secure Datapath

An NSX administrator is creating a Tier-1 Gateway configured in Active-Standby High Availability Mode. In the event of node failure, the failover policy should not allow the original failed node to become the Active node upon recovery.
Which failover policy meets this requirement?

A. Enable Preemptive

B. Non-Preemptive

C. Preemptive

D. Disable Preemptive