Weekend Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

A Security Administrator needs to update their NSX Distributed IDS/IPS policy to detect new attacks with critical CVSS scoring that leads to credential theft from targeted systems.

Which actions should you take?

A.

• Update Distributed IDS/IPS signature database

• Edit your profile from Security > Distributed IDS > Profiles

• Select Critical severity, filter on attack type and select Successful Credential Theft Detected

• Check the profile is applied in Distributed IDS rules

B.

• Edit your Distributed IDS rule from Security > Distributed IDS/IPS > Rules

• Filter on attack type and select Successful Credential Theft Detected

• Update Mode to detect and prevent

• Click on gear icon and change direction to OUT

C.

• Create a new profile from Security > Distributed IDS > Profiles

• Select Critical severity, filter on attack type and select Successful Credential Theft Detected

• Check the profile is applied In Distributed IDS rules

• Monitor Distributed IDS alerts to validate changes are applied

D.

• Edit your Distributed IDS rule from Security > Distributed IDS/IPS > Rules

• Filter on attack type and select Successful Credential Theft Detected

• Update Mode to detect and prevent

• Click on gear icon and change direction to IN-OUT

Full Access
Question # 5

Refer to the exhibit.

Referencing the exhibit, what is the VMware recommended number of NSX Manager Nodes to additionally deploy to form an NSX-T Manager Cluster?

A.

4

B.

3

C.

2

D.

5

Full Access
Question # 6

Which are two use-cases for the NSX Distributed Firewall' (Choose two.)

A.

Zero-Trust with segmentation

B.

Security Analytics

C.

Lateral Movement of Attacks prevention

D.

Software defined networking

E.

Network Visualization

Full Access
Question # 7

When configuring members of a Security Group, which membership criteria art permitted?

A.

Virtual Machine, Physical Machine, Cloud Native Service Instance, and IP Set

B.

Segment Port, Segment, Virtual Machine, and IP Set

C.

Virtual Interface, Segment, Cloud Native Service Instance, and IP Set.

D.

Virtual Interface, Segment, Physical Machine, and IP Set

Full Access
Question # 8

Which two are the insertion points for North-South service insertion? (Choose two.)

A.

Partner Service VM

B.

Uplink of tier-1 gateway

C.

Transport Node NIC

D.

Guest VM vNIC

E.

Uplink of tier-0 gateway

Full Access
Question # 9

What component in a transport node receives the firewall configuration from the central control plane?

A.

nsx-ccp

B.

nsx-appl-proxy

C.

nsx-mpa

D.

nsx-proxy

Full Access
Question # 10

A security administrator is verifying why users are blocked from sports sites but are able to access gambling websites from the corporate network. What needs to be updated In nsx-T to block the gambling websites?

A.

vSphere Firewall Policy

B.

Endpoint Protection Rules

C.

Network Introspection Policy

D.

URL Analysis Attributes

Full Access