Which VMware GUI tool is used to identify problems in a physical network?

A. VMware Site Recovery Manager

B. VMware Aria Automation

C. VMware Aria Operations Networks

D. VMware Aria Orchestrator

A security administrator needs to configure a firewall rule based on the domain name of a specific application.
Which field in a distributed firewall rule does the administrator configure?

A. Profile

B. Service

C. Source

D. Policy

HOTSPOT -
Refer to the exhibit.
Which two items must be configured to enable OSPF for the Tier-0 Gateway in the image? Mark your answers by clicking twice on the image.
 

Which of the following settings must be configured in an NSX environment before enabling stateful active-active SNAT?

A. A Punting Traffic Group for the NSX Edge uplinks

B. Tier-1 gateway in distributed only mode

C. Tier-1 gateway in active-standby mode

D. An Interface Group for the NSX Edge uplinks

The security administrator turns on logging for a firewall rule.
Where is the log stored on an ESXi transport node?

A. /var/log/fw.log

B. /var/log/messages.log

C. /var/log/dfwpktlogs.log

D. /var/log/vmware/nsx/firewall.log

Where in the NSX UI would an administrator set the time attribute for a time-based Gateway Firewall rule?

A. There is no option in the NSX UI. It must be done via command line interface.

B. The option to set time-based rule is a clock icon in the policy.

C. The option to set time-based rule is a field in the rule itself.

D. The option to set time-based rule is a clock icon in the rule.

Which CLI command is used for packet capture on the ESXi Node?

A. debug

B. pktcap-uw

C. set capture

D. tcpdump

An NSX administrator is creating a Tier-1 Gateway configured in Active-Standby High Availability Mode. In the event of node failure, the failover policy should not allow the original failed node to become the Active node upon recovery.
Which failover policy meets this requirement?

A. Enable Preemptive

B. Non-Preemptive

C. Preemptive

D. Disable Preemptive

Which two CLI commands could be used to see if vmnic link status is down? (Choose two.)

A. esxcfg-nics -1

B. esxcfg-vmknic -1

C. esxcli network vswitch dvs vmware list

D. esxcfg-vmsvc/get.networks

E. esxcli network nic list

Refer to the exhibit.
An administrator would like to change the private IP address of the NAT VM 172.16.101.11 to a public address of 80.80.80.1 as the packets leave the NAT-Segment network.
Which type of NAT solution should be implemented to achieve this?
 

A. DNAT

B. Reflexive NAT

C. NAT64

D. SNAT

DRAG DROP -
Refer to the exhibits.
Drag and drop the NSX graphic element icons on the left found in an NSX Intelligence visualization graph to its correct description on the right.
 

An administrator has connected two virtual machines on the same overlay segment. Ping between both virtual machines is successful.
What type of network boundary does this represent?

A. Layer 2 VPN

B. Layer 2 broadcast domain

C. Layer 2 bridge

D. Layer 3 route

Which two of the following are used to configure Distributed Firewall on VDS? (Choose two.)

A. vCenter API

B. NSX UI

C. NSX CLI

D. vSphere API

E. NSX API

An architect receives a request to apply distributed firewall in a customer environment without making changes to the network and vSphere environment. The architect decides to use Distributed Firewall on VDS.
Which two of the following requirements must be met in the environment? (Choose two.)

A. VDS version 6.6.0 and later

B. vCenter 8.0 and later

C. NSX version must be 3.2 and later

D. NSX version must be 3.0 and later

An administrator is configuring service insertion for Network Introspection.
Which two places can the Network Introspection be configured? (Choose two.)

A. Partner SVM

B. Host pNIC

C. Tier-0 gateway

D. Tier-1 gateway

E. Edge Node

An administrator needs to download the support bundle for NSX Manager.
Where does the administrator download the log bundle from?

A. System > Utilities > Tools

B. System > Settings > Support Bundle

C. System > Support Bundle

D. System > Settings

Which statement is true about an alarm in a Suppressed state?

A. An alarm can be suppressed for a specific duration in hours.

B. An alarm can be suppressed for a specific duration in seconds.

C. An alarm can be suppressed for a specific duration in minutes.

D. An alarm can be suppressed for a specific duration in days.

An administrator has been tasked with implementing the SSL certificates for the NSX Manager Cluster VIP.
Which is the correct way to implement this change?

A. Send an API call to https:///api/v1/cluster/api-certificate? action=set_cluster_certificate&certificate_id=

B. Send an API call to https:///api/v1/node/services/http? action=apply_certificate&certificate_id=

C. SSH as admin into the NSX manager with the cluster VIP IP and run nsxcli cluster certificate vip install

D. SSH as admin into the NSX manager with the cluster VIP IP and run nsxcli cluster certificate node install

HOTSPOT -
Refer to the exhibit.
An administrator configured NSX Advanced Load Balancer to redistribute the traffic between the web servers. However, requests are sent to only one server.
Which of the following pool configuration settings needs to be adjusted to resolve the problem? Mark the correct answer by clicking on the image.
 

An NSX administrator would like to export syslog events that capture messages related to NSX host preparation events.
Which message ID (msgid) should be used in the syslog export configuration command as a filter?

A. MONITORING

B. GROUPING

C. FABRIC

D. SYSTEM

Which CLI command does an NSX administrator run on the NSX Manager to generate support bundle logs if the NSX UI is inaccessible?

A. esxcli system syslog config logger set –id=nsxmanager

B. get support-bundle file vcpnv.tgz

C. vm-support

D. set support-bundle file vcpnv.tgz

An NSX administrator would like to create an L2 segment with the following requirements:
•	L2 domain should not exist on the physical switches.
•	East/West communication must be maximized as much as possible.
Which type of segment must the administrator choose?

A. Hybrid

B. Overlay

C. Bridge

D. VLAN

Which CLI command on NSX Manager and NSX Edge is used to change NTP settings?

A. get time-server

B. set timezone

C. get timezone

D. set ntp-server

In which VPN type are the Virtual Tunnel interfaces (VTI) used?

A. Policy & Route based VPNs

B. Route & SSL based VPNs

C. SSL-based VPN

D. Route-based VPN

An NSX administrator has deployed a single NSX Manager node and will be adding two additional nodes to form a 3-node NSX Management Cluster for a production environment. The administrator will deploy these two additional nodes and Cluster VIP using the NSX UI.
What two are the prerequisites for this configuration? (Choose two.)

A. The cluster configuration must be completed using API.

B. All nodes must be in separate subnets.

C. All nodes must be in the same subnet.

D. A compute manager must be configured.

E. NSX Manager must reside on a Windows Server.

Which troubleshooting step will resolve an error with code 1001 during the configuration of a time-based firewall rule?

A. Changing the time zone on the ESXi host.

B. Re-installing the NSX VIBs on the ESXi host.

C. Restarting the NTPservice on the ESXi host.

D. Reconfiguring the ESXi host with a local NTP server.

Which is the only supported mode in NSX Global Manager when using Federation?

A. Controller

B. Proxy

C. Policy

D. Proton

Which three security features are dependent on the NSX Application Platform? (Choose three.)

A. NSX Intelligence

B. NSX Firewall

C. NSX Network Detection and Response

D. NSX TLS Inspection

E. NSX Distributed IDS/IPS

F. NSX Malware Prevention

Which command on ESXi is used to verify the Local Control Plane connectivity with Central Control Plane?

A. esxcli network ip connection list | grep 1235

B. esxcli network ip connection list | grep ccpd

C. esxcli network ip connection list | grep netcpa

D. esxcli network ip connection list | grep 1234

What must be configured on Transport Nodes for encapsulation and decapsulation of Geneve protocol?

A. STT

B. TEP

C. UDP

D. VXLAN

Which two tools are used for centralized logging in VMware NSX? (Choose two.)

A. VMware Aria Automation

B. VMware Aria Operations for Logs

C. Syslog Server

D. VMware Aria Operations

E. VMware Aria Operations for Networks

An administrator has a requirement to have consistent policy configuration and enforcement across NSX instances.
What feature of NSX fulfills this requirement?

A. Federation

B. Policy-driven configuration

C. Load balancer

D. Multi-hypervisor support

Which CLI command would an administrator use to allow syslog on an ESXi transport node when using the esxcli utility?

A. esxcli network firewall ruleset set -r syslog -e true

B. esxcli network firewall ruleset -e syslog

C. esxcli network firewall ruleset set -a -e false

D. esxcli network firewall ruleset set -r syslog -e false

Which CLI command shows syslog on NSX Manager?

A. show log manager follow

B. get log-file syslog

C. /var/log/syslog/syslog.log

D. get log-file auth.log

An administrator wants to validate the BGP connection status between the Tier-0 Gateway and the upstream physical router.
What sequence of commands could be used to check this status on NSX Edge node?

A. – enable – get vrf – show bgp neighbor

B. – set vrf – show logical-routers- show bgp

C. – get gateways- vrf – get bgp neighbor

D. – show logical-routers- get vrf- show ip route bgp

Which two are requirements for FQDN Analysis? (Choose two.)

A. The NSX Edge nodes require access to the Internet to download category and reputation definitions.

B. ESXi control panel requires access to the Internet to download category and reputation definitions.

C. The NSX Manager requires access to the Internet to download category and reputation definitions.

D. A layer 7 gateway firewall rule must be configured on the Tier-1 gateway uplink.

E. A layer 7 gateway firewall rule must be configured on the Tier-0 gateway uplink.

Which TraceFlow traffic type should an NSX administrator use for validating connectivity between App and DB virtual machines that reside on different segments?

A. Multicast

B. Anycast

C. Broadcast

D. Unicast

Which steps are required to activate Malware Prevention on the NSX Application Platform?

A. Activate NSX Network Detection and Response and run Pre-checks.

B. Select Cloud Region and Deploy Network Detection and Response.

C. Activate NSX Network Detection and Response and Deploy Malware Prevention.

D. Select Cloud Region and run Pre-checks.

In an NSX environment, an administrator is observing low throughput and congestion between the Tier-0 Gateway and the upstream physical routers.
Which two actions could address low throughput and congestion? (Choose two.)

A. Add an additional vNIC to the NSX Edge node.

B. Configure NAT on the Tier-0 gateway.

C. Configure ECMP on the Tier-0 gateway.

D. Configure a Tier-1 gateway and connect it directly to the physical routers.

E. Deploy Large size Edge node/s.

Which NSX feature can be leveraged to achieve consistent policy configuration and simplicity across sites?

A. NSX HTML5 UI

B. Ethernet VPN

C. VRF Lite

D. NSX Federation

Which three DHCP Services are supported by NSX? (Choose three.)

A. Port DHCP per VNF

B. Segment DHCP

C. Gateway DHCP

D. VRF DHCP Server

E. DHCP Relay

Which three data collection sources are used by NSX Network Detection and Response to create correlations/intrusion campaigns? (Choose three.)

A. Distributed Firewall flow data from the ESXi hosts

B. East-West anti-malware events from the ESXi hosts

C. Files and anti-malware file events from the NSX Edge nodes and the Security Analyzer

D. IDS/IPS events from the ESXi hosts and NSX Edge nodes

E. Suspicious Traffic Detection events from NSX Intelligence

Which command is used to set the NSX Manager's logging-level to debug mode for troubleshooting?

A. set service manager logging-level debug

B. set service nsx-manager logging-level debug

C. set service nsx-manager log-level debug

D. set service manager log-level debug

What can the administrator use to identify overlay segments in an NSX environment if troubleshooting is required?

A. VNI ID

B. VLAN ID

C. Segment ID

D. Geneve ID

Which choice is a valid insertion point for North-South network introspection?

A. Tier-0 gateway

B. Host Physical NIC

C. Guest VM vNIC

D. Partner SVM

Which is an advantages of a L2 VPN in an NSX 4.x environment?

A. Enables Multi-Cloud solutions

B. Enables VM mobility with re-IP

C. Achieve better performance

D. Use the same broadcast domain

Which field in a Tier-1 Gateway Firewall would be used to allow access for a collection of trustworthy web sites?

A. Destination

B. Profiles -> Context Profiles

C. Source

D. Profiles -> L7 Access Profile

What are two supported host switch modes? (Choose two.)

A. Overlay Datapath

B. DPDK Datapath

C. Standard Datapath

D. Enhanced Datapath

E. Secure Datapath

Which two steps must an NSX administrator take to integrate VMware Identity Manager in NSX to support role-based access control? (Choose two.)

A. Create a SAML authentication in VMware Identity Manager using the NSX Manager FQDN.

B. Enter the Identity Provider (IdP) metadata URL in NSX Manager.

C. Create an OAuth 2.0 client in VMware Identity Manager.

D. Add NSX Manager as a Service Provider (SP) in VMware Identity Manager.

E. Enter the service URL, Client Secret, and SSL thumbprint in NSX Manager.

Which two choices are use cases for Distributed Intrusion Detection? (Choose two.)

A. Identify risk and reputation of accessed websites.

B. Quarantine workloads based on vulnerabilities.

C. Gain insight about micro-segmentation traffic flows.

D. Identify security vulnerabilities in the workloads.

E. Use agentless antivirus with Guest Introspection.