Weekend Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

When a stateful service is enabled for the first lime on a Tier-0 Gateway, what happens on the NSX Edge node'

A.

SR is instantiated and automatically connected with DR.

B.

DR Is instantiated and automatically connected with SR.

C.

SR and DR Is instantiated but requites manual connection.

D.

SR and DR doesn't need to be connected to provide any stateful services.

Full Access
Question # 5

Which two statements are correct about East-West Malware Prevention? (Choose two.)

A.

A SVM is deployed on every ESXi host.

B.

NSX Application Platform must have Internet access.

C.

An agent must be installed on every ESXi host.

D.

An agent must be installed on every NSX Edge node.

E.

NSX Edge nodes must have Internet access.

Full Access
Question # 6

What are two valid options when configuring the scope of a distributed firewall rule? (Choose two.)

A.

DFW

B.

Tier-1 Gateway

C.

Segment

D.

Segment Port

E.

Group

Full Access
Question # 7

A customer is preparing to deploy a VMware Kubernetes solution in an NSX environment.

What is the minimum MTU size for the UPLINK profile?

A.

1500

B.

1550

C.

1700

D.

1650

Full Access
Question # 8

When collecting support bundles through NSX Manager, which files should be excluded for potentially containing sensitive information?

A.

Controller Files

B.

Management Files

C.

Core Files

D.

Audit Files

Full Access
Question # 9

A customer has a network where BGP has been enabled and the BGP neighbor is configured on the Tier-0 Gateway. An NSX administrator used the get gateways command to retrieve this Information:

Which two commands must be executed to check BGP neighbor status? (Choose two.)

A.

vrf 1

B.

vrf 4

C.

sa-nexedge-01(tier1_sr> get bgp neighbor

D.

sa-nexedge-01(tier0_sr> get bgp neighbor

E.

sa-nexedge-01(tier1_dr)> get bgp neighbor

F.

vrf 3

Full Access
Question # 10

Which troubleshooting step will resolve an error with code 1001 during the configuration of a time-based firewall rule?

A.

Reinstalling the NSX VIBs on the ESXi host.

B.

Restarting the NTPservice on the ESXi host.

C.

Changing the lime zone on the ESXi host.

D.

Reconfiguring the ESXI host with a local NTP server.

Full Access
Question # 11

The security administrator turns on logging for a firewall rule.

Where is the log stored on an ESXi transport node?

A.

/var/log/vmware/nsx/firewall.log

B.

/var/log/messages.log

C.

/var/log/dfwpktlogs.log

D.

/var/log/fw.log

Full Access
Question # 12

Which three of the following describe the Border Gateway Routing Protocol (BGP) configuration on a Tier-0 Gateway? (Choose three.)

A.

Can be used as an Exterior Gateway Protocol.

B.

It supports a 4-byte autonomous system number.

C.

The network is divided into areas that are logical groups.

D.

EIGRP Is disabled by default.

E.

BGP is enabled by default.

Full Access
Question # 13

Which VPN type must be configured before enabling a L2VPN?

A.

Route-based IPSec VPN

B.

Policy based IPSec VPN

C.

SSL-bosed IPSec VPN

D.

Port-based IPSec VPN

Full Access
Question # 14

A company Is deploying NSX micro-segmentation in their vSphere environment to secure a simple application composed of web. app, and database tiers.

The naming convention will be:

• WKS-WEB-SRV-XXX

• WKY-APP-SRR-XXX

• WKI-DB-SRR-XXX

What is the optimal way to group them to enforce security policies from NSX?

A.

Use Edge as a firewall between tiers.

B.

Do a service insertion to accomplish the task.

C.

Group all by means of tags membership.

D.

Create an Ethernet based security policy.

Full Access
Question # 15

Which three data collection sources are used by NSX Network Detection and Response to create correlations/Intrusion campaigns? (Choose three.)

A.

Files and anti-malware (lie events from the NSX Edge nodes and the Security Analyzer

B.

East-West anti-malware events from the ESXi hosts

C.

Distributed Firewall flow data from the ESXi hosts

D.

IDS/IPS events from the ESXi hosts and NSX Edge nodes

E.

Suspicious Traffic Detection events from NSX Intelligence

Full Access
Question # 16

Which steps are required to activate Malware Prevention on the NSX Application Platform?

A.

Select Cloud Region and Deploy Network Detection and Response.

B.

Activate NSX Network Detection and Response and run Pre-checks.

C.

Activate NSX Network Detection and Response and Deploy Malware Prevention.

D.

Select Cloud Region and run Pre-checks.

Full Access
Question # 17

Which two BGP configuration parameters can be configured in the VRF Lite gateways? (Choose two.)

A.

Graceful Restart

B.

BGP Neighbors

C.

Local AS

D.

Route Distribution

E.

Route Aggregation

Full Access
Question # 18

An architect receives a request to apply distributed firewall in a customer environment without making changes to the network and vSphere environment. The architect decides to use Distributed Firewall on VDS.

Which two of the following requirements must be met in the environment? (Choose two.)

A.

vCenter 8.0 and later

B.

NSX version must be 3.2 and later

C.

NSX version must be 3.0 and later

D.

VDS version 6.6.0 and later

Full Access
Question # 19

Which two choices are solutions offered by the VMware NSX portfolio? (Choose two.)

A.

VMware Tanzu Kubernetes Grid

B.

VMware Tanzu Kubernetes Cluster

C.

VMware NSX Advanced Load Balancer

D.

VMware NSX Distributed IDS/IPS

E.

VMware Aria Automation

Full Access
Question # 20

Which two statements are true about IDS Signatures? (Choose two.)

A.

Users can upload their own IDS signature definitions.

B.

An IDS signature contains data used to identify known exploits and vulnerabilities.

C.

An IDS signature contains data used to identify the creator of known exploits and vulnerabilities.

D.

IDS signatures can be High Risk, Suspicious, Low Risk and Trustworthy.

E.

An IDS signature contains a set of instructions that determine which traffic is analyzed.

Full Access
Question # 21

Which CLI command is used for packet capture on the ESXi Node?

A.

tcpdump

B.

debug

C.

pktcap-uw

D.

set capture

Full Access
Question # 22

A security administrator needs to configure a firewall rule based on the domain name of a specific application.

Which field in a distributed firewall rule does the administrator configure?

A.

Profile

B.

Service

C.

Policy

D.

Source

Full Access
Question # 23

What must be configured on Transport Nodes for encapsulation and decapsulation of Geneve protocol?

A.

VXIAN

B.

UDP

C.

STT

D.

TEP

Full Access
Question # 24

Which CLI command on NSX Manager and NSX Edge is used to change NTP settings?

A.

get timezone

B.

get time-server

C.

set timezone

D.

set ntp-server

Full Access
Question # 25

Which two steps must an NSX administrator take to integrate VMware Identity Manager in NSX to support role-based access control? (Choose two.)

A.

Create a SAML authentication in VMware Identity Manager using the NSX Manager FQDN.

B.

Enter the Identity Provider (IdP) metadata URL in NSX Manager.

C.

Create an OAuth 2.0 client in VMware Identity Manager.

D.

Add NSX Manager as a Service Provider (SP) in VMware Identity Manager.

E.

Enter the service URL, Client Secret, and SSL thumbprint in NSX Manager.

Full Access
Question # 26

How is the RouterLink port created between a Tier-1 Gateway and Tier-O Gateway?

A.

Automatically created when Tier-1 is connected with Tier-0 from NSX UI.

B.

Automatically created when Tier-1 is created.

C.

Manually create a Logical Switch and connect to bother Tier-1 and Tier-0 Gateways.

D.

Manually create a Segment and connect to both Tier-1 and Tier-0 Gateways.

Full Access
Question # 27

Which two logical router components span across all transport nodes? (Choose two.)

A.

SFRVICE_ROUTER_TJER0

B.

TIERO_DISTRI BUTE D_ ROUTER

C.

DISTRIBUTED_R0UTER_TIER1

D.

DISTRIBUTED_ROUTER_TIER0

E.

SERVICE_ROUTER_TIERl

Full Access
Question # 28

Which choice is a valid insertion point for North-South network introspection?

A.

Guest VM vNIC

B.

Partner SVM

C.

Tier-0 gateway

D.

Host Physical NIC

Full Access
Question # 29

Which statement is true about an alarm in a Suppressed state?

A.

An alarm can be suppressed for a specific duration in seconds.

B.

An alarm can be suppressed for a specific duration in days.

C.

An alarm can be suppressed for a specific duration in minutes.

D.

An alarm can be suppressed for a specific duration in hours.

Full Access
Question # 30

Refer to the exhibits.

Drag and drop the NSX graphic element icons on the left found in an NSX Intelligence visualization graph to Its correct description on the right.

Full Access
Question # 31

Which two of the following are used to configure Distributed Firewall on VDS? (Choose two.)

A.

vSphere API

B.

NSX API

C.

NSX CU

D.

vCenter API

E.

NSX UI

Full Access
Question # 32

An administrator wants to validate the BGP connection status between the Tier-O Gateway and the upstream physical router.

What sequence of commands could be used to check this status on NSX Edge node?

A.

set vrf

show logical-routers

show bgp

B.

show logical-routers

get vrf

show ip route bgp

C.

get gateways

vrf

get bgp neighbor

D.

enable

get vrf

show bgp neighbor

Full Access