Which NSX feature can be leveraged to achieve consistent policy configuration and simplicity across sites?

A. NSX HTML5 UI

B. Ethernet VPN

C. VRF Lite

D. NSX Federation

A security administrator needs to configure a firewall rule based on the domain name of a specific application.
Which field in a distributed firewall rule does the administrator configure?

A. Profile

B. Service

C. Source

D. Policy

HOTSPOT -
Refer to the exhibit.
An administrator configured NSX Advanced Load Balancer to redistribute the traffic between the web servers. However, requests are sent to only one server.
Which of the following pool configuration settings needs to be adjusted to resolve the problem? Mark the correct answer by clicking on the image.
 

Which two statements are correct about East-West Malware Prevention? (Choose two.)

A. NSX Application Platform must have Internet access.

B. NSX Edge nodes must have Internet access.

C. A SVM is deployed on every ESXi host.

D. An agent must be installed on every NSX Edge node.

E. An agent must be installed on every ESXi host.

What is the VMware recommended way to deploy a virtual NSX Edge Node?

A. Through the NSX UI

B. Through automated or interactive mode using an ISO

C. Through the vSphere Web Client

D. Through the OVF command line tool

Which two statements describe the characteristics of an Edge Cluster in NSX? (Choose two.)

A. Can have a maximum of 10 edge nodes

B. Can have a maximum of 8 edge nodes

C. Can contain multiple types of edge nodes (VM or bare metal)

D. Must contain only one type of edge nodes (VM or bare metal)

E. Must have only active-active edge nodes

Which two of the following will be used for ingress traffic on the Edge node supporting a Single Tier topology? (Choose two.)

A. Inter-Tier interface on the Tier-0 gateway

B. Tier-0 Uplink interface

C. Downlink Interface for the Tier-0 DR

D. Tier-1 SR Router Port

E. Downlink Interface for the Tier-1 DR

Which three data collection sources are used by NSX Network Detection and Response to create correlations/intrusion campaigns? (Choose three.)

A. Distributed Firewall flow data from the ESXi hosts

B. East-West anti-malware events from the ESXi hosts

C. Files and anti-malware file events from the NSX Edge nodes and the Security Analyzer

D. IDS/IPS events from the ESXi hosts and NSX Edge nodes

E. Suspicious Traffic Detection events from NSX Intelligence

Which of the following exist only on Tier-1 Gateway firewall configurations and not on Tier-0?

A. Applied To

B. Actions

C. Sources

D. Profiles

Which two of the following features are supported for the Standard NSX Application Platform Deployment? (Choose two.)

A. NSX Network Detection and Response

B. NSX Intelligence

C. NSX Malware Prevention Metrics

D. NSX Intrinsic Security

E. NSX Intrusion Detection and Prevention

What can the administrator use to identify overlay segments in an NSX environment if troubleshooting is required?

A. VNI ID

B. VLAN ID

C. Segment ID

D. Geneve ID

Which CLI command shows syslog on NSX Manager?

A. show log manager follow

B. get log-file syslog

C. /var/log/syslog/syslog.log

D. get log-file auth.log

An NSX administrator is using ping to check connectivity between VM1 running on ESXi1 to VM2 running on ESXi2. The ping tests fails. The administrator knows the maximum transmission unit size on the physical switch is 1600.
Which command does the administrator use to check the VMware kernel ports for tunnel end point communication?

A. vmkping ++netstack=geneve -d -s 1572

B. esxcli network diag ping -I vmk0 -H

C. esxcli network diag ping -H

D. vmkping ++netstack=vxlan -d -s 1572

What are two valid options when configuring the scope of a distributed firewall rule? (Choose two.)

A. Segment Port

B. DFW

C. Tier-1 Gateway

D. Segment

E. Group

An NSX administrator would like to create an L2 segment with the following requirements:
•	L2 domain should not exist on the physical switches.
•	East/West communication must be maximized as much as possible.
Which type of segment must the administrator choose?

A. Hybrid

B. Overlay

C. Bridge

D. VLAN

Which two of the following are used to configure Distributed Firewall on VDS? (Choose two.)

A. vCenter API

B. NSX UI

C. NSX CLI

D. vSphere API

E. NSX API

Where does an administrator configure the VLANs used in VRF Lite? (Choose two.)

A. uplink interface of the default Tier-0 gateway

B. uplink trunk segment

C. uplink interface of the VRF gateway

D. downlink interface of the default Tier-0 gateway

E. segment connected to the Tier-1 gateway

Which two CLI commands could be used to see if vmnic link status is down? (Choose two.)

A. esxcfg-nics -1

B. esxcfg-vmknic -1

C. esxcli network vswitch dvs vmware list

D. esxcfg-vmsvc/get.networks

E. esxcli network nic list

Which statement is true about an alarm in a Suppressed state?

A. An alarm can be suppressed for a specific duration in hours.

B. An alarm can be suppressed for a specific duration in seconds.

C. An alarm can be suppressed for a specific duration in minutes.

D. An alarm can be suppressed for a specific duration in days.

Refer to the exhibit.
An administrator would like to change the private IP address of the NAT VM 172.16.101.11 to a public address of 80.80.80.1 as the packets leave the NAT-Segment network.
Which type of NAT solution should be implemented to achieve this?
 

A. DNAT

B. Reflexive NAT

C. NAT64

D. SNAT

Which two choices are solutions offered by the VMware NSX portfolio? (Choose two.)

A. VMware Aria Automation

B. VMware NSX Distributed IDS/IPS

C. VMware NSX Advanced Load Balancer

D. VMware Tanzu Kubernetes Grid

E. VMware Tanzu Kubernetes Cluster

In which VPN type are the Virtual Tunnel interfaces (VTI) used?

A. Policy & Route based VPNs

B. Route & SSL based VPNs

C. SSL-based VPN

D. Route-based VPN

Which is an advantages of a L2 VPN in an NSX 4.x environment?

A. Enables Multi-Cloud solutions

B. Enables VM mobility with re-IP

C. Achieve better performance

D. Use the same broadcast domain

Which VMware GUI tool is used to identify problems in a physical network?

A. VMware Site Recovery Manager

B. VMware Aria Automation

C. VMware Aria Operations Networks

D. VMware Aria Orchestrator

Which two commands does an NSX administrator use to check the IP address of the VMkernel port for the Geneve protocol on the ESXi transport node? (Choose two.)

A. net-dvs

B. esxcli network ip interface ipv4 get

C. esxcfg-vmknic -1

D. esxcfg-nics -1

E. esxcli network nic list

Which command is used to set the NSX Manager's logging-level to debug mode for troubleshooting?

A. set service manager logging-level debug

B. set service nsx-manager logging-level debug

C. set service nsx-manager log-level debug

D. set service manager log-level debug

An administrator has a requirement to have consistent policy configuration and enforcement across NSX instances.
What feature of NSX fulfills this requirement?

A. Federation

B. Policy-driven configuration

C. Load balancer

D. Multi-hypervisor support

Which of the two following characteristics about NAT64 are true? (Choose two.)

A. NAT64 is stateless and requires gateways to be deployed in active-standby mode.

B. NAT64 is supported on Tier-1 gateways only.

C. NAT64 is supported on Tier-0 and Tier-1 gateways.

D. NAT64 requires the Tier-1 gateway to be configured in active-standby mode.

E. NAT64 requires the Tier-1 gateway to be configured in active-active mode.

An administrator wants to validate the BGP connection status between the Tier-0 Gateway and the upstream physical router.
What sequence of commands could be used to check this status on NSX Edge node?

A. – enable – get vrf – show bgp neighbor

B. – set vrf – show logical-routers- show bgp

C. – get gateways- vrf – get bgp neighbor

D. – show logical-routers- get vrf- show ip route bgp

Which three of the following describe the Border Gateway Routing Protocol (BGP) configuration on a Tier-0 Gateway? (Choose three.)

A. It supports a 4-byte autonomous system number.

B. The network is divided into areas that are logical groups.

C. Can be used as an Exterior Gateway Protocol.

D. BGP is enabled by default.

E. EIGRP is disabled by default.

How does the Traceflow tool identify issues in a network?

A. Compares intended network state in the control plane with Tunnel End Point (TEP) keepalives in the data plane.

B. Injects ICMP traffic into the data plane and observes the results in the control plane.

C. Compares the management plane configuration states containing control plane traffic and error reporting from transport node agents.

D. Injects synthetic traffic into the data plane and observes the results in the control plane.

Which three selections are capabilities of Network Topology? (Choose three.)

A. Display the uplinks configured on the Tier-1 Gateways.

B. Display how the different NSX components are interconnected.

C. Display the VMs connected to Segments.

D. Display the uplinks configured on the Tier-0 Gateways.

E. Display how the Physical components are interconnected.

Which three security features are dependent on the NSX Application Platform? (Choose three.)

A. NSX Intelligence

B. NSX Firewall

C. NSX Network Detection and Response

D. NSX TLS Inspection

E. NSX Distributed IDS/IPS

F. NSX Malware Prevention

The security administrator turns on logging for a firewall rule.
Where is the log stored on an ESXi transport node?

A. /var/log/fw.log

B. /var/log/messages.log

C. /var/log/dfwpktlogs.log

D. /var/log/vmware/nsx/firewall.log

An NSX administrator is creating a NAT rule on a Tier-0 Gateway configured in active-standby high availability mode.
Which two NAT rule types are supported for this configuration? (Choose two.)

A. Destination NAT

B. Reflexive NAT

C. Port NAT

D. Source NAT

E. 1:1 NAT

Which steps are required to activate Malware Prevention on the NSX Application Platform?

A. Activate NSX Network Detection and Response and run Pre-checks.

B. Select Cloud Region and Deploy Network Detection and Response.

C. Activate NSX Network Detection and Response and Deploy Malware Prevention.

D. Select Cloud Region and run Pre-checks.

What are two supported host switch modes? (Choose two.)

A. Overlay Datapath

B. DPDK Datapath

C. Standard Datapath

D. Enhanced Datapath

E. Secure Datapath

Which two built-in VMware tools will help identify the cause of packet loss on VLAN Segments? (Choose two.)

A. Packet Capture

B. Live Flow

C. Traceflow

D. Flow Monitoring

E. Activity monitoring

Which CLI command is used for packet capture on the ESXi Node?

A. debug

B. pktcap-uw

C. set capture

D. tcpdump

Which two statements are true for IPSec VPN? (Choose two.)

A. VPNs can be configured on the command line interface on the NSX manager.

B. Dynamic routing is supported for any IPSec mode in NSX.

C. IPSec VPNs use the DPDK accelerated performance library.

D. IPSec VPN services can be configured at Tier-0 and Tier-1 gateways.

DRAG DROP
-
Match the NSX Intelligence recommendations with their correct purpose.
 

An NSX administrator is creating a Tier-1 Gateway configured in Active-Standby High Availability Mode. In the event of node failure, the failover policy should not allow the original failed node to become the Active node upon recovery.
Which failover policy meets this requirement?

A. Enable Preemptive

B. Non-Preemptive

C. Preemptive

D. Disable Preemptive

What are four NSX built-in role-based access control (RBAC) roles? (Choose four.)

A. Read

B. Network Admin

C. Full Access

D. Enterprise Admin

E. LB Operator

F. Auditor

G. None

What should an NSX administrator check to verify that VMware Identity Manager integration is successful?

A. From the NSX UI the status of the VMware Identity Manager Integration must be “Enabled”.

B. From VMware Identity Manager the status of the remote access application must be green.

C. From the NSX UI the URI in the address bar must have “local=false” part of it.

D. From the NSX CLI the status of the VMware Identity Manager Integration must be “Configured”.

Which two logical router components span across all transport nodes? (Choose two.)

A. DISTRIBUTED_ROUTER_TIER1

B. TIER0_DISTRIBUTED_ROUTER

C. SERVICE_ROUTER_TIER0

D. DISTRIBUTED_ROUTER_TIER0

E. SERVICE_ROUTER_TIER1

When a stateful service is enabled for the first time on a Tier-0 Gateway, what happens on the NSX Edge node?

A. SR and DR is instantiated but requires manual connection.

B. SR is instantiated and automatically connected with DR.

C. DR is instantiated and automatically connected with SR.

D. SR and DR doesn’t need to be connected to provide any stateful services.

HOTSPOT
-
Refer to the exhibit.
An administrator configured NSX Advanced Load Balancer to load balance the production web server traffic, but the end users are unable to access the production website by using the VIP address.
Which of the following Tier-1 gateway route advertisement settings needs to be enabled to resolve the problem? Mark the correct answer by clicking on the image.
 

Which two are requirements for FQDN Analysis? (Choose two.)

A. The NSX Edge nodes require access to the Internet to download category and reputation definitions.

B. ESXi control panel requires access to the Internet to download category and reputation definitions.

C. The NSX Manager requires access to the Internet to download category and reputation definitions.

D. A layer 7 gateway firewall rule must be configured on the Tier-1 gateway uplink.

E. A layer 7 gateway firewall rule must be configured on the Tier-0 gateway uplink.

NSX improves the security of today's modern workloads by preventing lateral movement, which feature of NSX can be used to achieve this?

A. Virtual Security Zones

B. Network Segmentation

C. Edge Firewalling

D. Dynamic Routing

An NSX administrator would like to export syslog events that capture messages related to NSX host preparation events.
Which message ID (msgid) should be used in the syslog export configuration command as a filter?

A. MONITORING

B. GROUPING

C. FABRIC

D. SYSTEM