VMware Professional NSX-T Data Center 2.4 v1.0
Question 1
An NSX administrator is reviewing syslog and notices that Distributed Firewall Rules hit counts are not being logged.
What could cause this issue?
- A. Syslog is not configured on the NSX Manager
- B. Distributed Firewall Rule logging is not enabled
- C. Zero Trust Security is not enabled
- D. Syslog is not configured on the ESXi transport node
Answer : D
Question 2
A company is deploying a NSX-T Data Center micro-segmentation in their vSphere environment to allow simple 3-tier app forms through web, app, and database.
The naming convention will be:
"¢ WKS-WEB-SRV-XXX
"¢ WKY-APP-SRR-XXX
"¢ WKI-DB-SRR-XXX
What is the optimal way to group them in order to enforce security policies from NSX-T Data Center?
- A. Use Edge as a firewall between tiers.
- B. Create an Ethernet based security policy.
- C. Do a service insertion to accomplish the task.
- D. Group all by means of tags membership.
Answer : D
Question 3
The NSX Control Plane is responsible for which two functions? (Choose two.)
- A. push stateless configurations to forwarding engines
- B. propagate topology information
- C. receive and validate configuration from NSX Policy
- D. host API services
- E. maintain packet-level statistics
Answer : AB
Question 4
The security administrator turns on logging for a firewall rule.
Where is the log stored on ESXi and KVM transport nodes?
- A. /var/log/vmware/nsx/firewall.log
- B. /var/log/fw.log
- C. /var/log/messages.log
- D. /var/log/dfwpktlogs.log
Answer : D
Question 5
Which visual tool within the NSX User Interface should an administrator use to monitor hop-by-hop connectivity between two virtual machines or logical ports?
- A. IPFIX
- B. Port Connection
- C. Port Mirroring
- D. Port Status
Answer : B
Explanation:
Port connection tool "" this tool is a visualization of connectivity between two container logical ports. As the topology is built, realized state data like machine information, logical port status, and tunnel health status, gets represented as hop by hop connectivity between various points in the path.
Reference:
https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/nsx/vmware-containers-and-container-networking-whitepaper.pdf
Question 6
An NSX administrator would like to configure syslog for a KVM transport node.
Which host log files could be exported to a remote syslog server?
- A. /var/log/vmware/nsx-syslog
- B. /var/log/cfgAgent.log
- C. /var/log/nsx-audit.log
- D. /var/log/cloudnet/nsx-ccp.log
Answer : A
Question 7
Refer to the exhibit.
A vSphere administrator is trying to connect T1-Web-01 virtual machine to a NSX-T logical switch and is receiving an error.
Which service must be restarted to connect the virtual machine to a NSX-T logical switch?
- A. /etc/init.d/nsx-opsagent start
- B. /etc/init.d/nsx-proxy start
- C. /etc/init.d/nsxa start
- D. /etc/init.d/nsx-datapath start
Answer : A
Question 8
Which three steps must be taken to assign a new IP address to a member of a NSX Management Cluster that was deployed manually? (Choose three.)
- A. Delete NSX Manager VM
- B. Change IP address of NSX Manager in vApp Properties
- C. Execute detach node <node-id> from the NSX Manager CLI
- D. Deploy new NSX Manager VM
- E. Delete NSX Management cluster member from NSX Simplified UI
Answer : ACD
Question 9
What is required to configure a load balancer in inline mode?
- A. DNAT
- B. SNAT
- C. Client and server connected to different Tier-1 Gateways
- D. Client and server running on different transport nodes
Answer : C
Question 10
Which NSX CLI command is used to check the GENEVE tunnel status on ESXi transport node?
- A. get host-switch <Host-Switch-Name> tunnels
- B. get host-switch <Host-Switch-Name> tunnel status
- C. get transport-node tunnel state
- D. get transport-node tunnel status
Answer : A
Question 11
In a NSX-T Data Center environment, an administrator is observing low throughput and congestion between the Tier-0 Gateway and the upstream physical routers.
Which two actions could address low throughput and congestion? (Choose two.)
- A. Configure a Tier-1 gateway and connect it directly to the physical routers.
- B. Configure ECMP on the Tier-0 gateway.
- C. Configure NAT on the Tier-0 gateway.
- D. Deploy Large size Edge node/s.
- E. Add an additional vNIC to the NSX Edge node.
Answer : BD
Question 12
How many IPs are required when deploying a highly available NSX Management Cluster with VIP in a production environment?
- A. 3
- B. 5
- C. 4
- D. 6
Answer : C
Question 13
Which vmkernel module implements the N-VDS on an ESXi transport node?
- A. openvswitch
- B. etherswitch
- C. nsxt-vswitch
- D. dvswitch
Answer : C
Reference:
http://www.vstellar.com/2018/08/03/learning-nsx-t-part-8configuring-transport-zone-and-transport-nodes/
Question 14
Which two IP Discovery mechanisms are supported in KVM-environments? (Choose two.)
- A. IGMP Snooping
- B. Packet Snooping
- C. DHCP Snooping
- D. ARP Snooping
- E. ND Snooping
Answer : CD
Reference:
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.4.0/rn/VMware-NSX-T-Data-Center-240-Release-Notes.html
Question 15
An NSX administrator is creating a NAT rule on a Tier-0 Gateway configured in active-standby high availability mode.
Which two NAT rule types are supported for this configuration? (Choose two.)
- A. Port NAT
- B. Source NAT
- C. Destination NAT
- D. 1:1 NAT
- E. Reflexive NAT
Answer : BC