New Year Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

VMware 2V0-41.23 VMware NSX 4.x Professional Exam Practice Test

Page: 1 / 11
Total 107 questions

VMware NSX 4.x Professional Questions and Answers

Question 1

A customer is preparing to deploy a VMware Kubernetes solution in an NSX environment.

What is the minimum MTU size for the UPLINK profile?

Options:

A.

1500

B.

1550

C.

1700

D.

1650

Question 2

What are three NSX Manager roles? (Choose three.)

Options:

A.

master

B.

cloud

C.

zookeepet

D.

manager

E.

policy

F.

controller

Question 3

An administrator wants to validate the BGP connection status between the Tier-O Gateway and the upstream physical router.

What sequence of commands could be used to check this status on NSX Edge node?

Options:

A.

set vrf

show logical-routers

show bgp

B.

show logical-routers

get vrf

show ip route bgp

C.

get gateways

vrf

get bgp neighbor

D.

enable

get vrf

show bgp neighbor

Question 4

NSX improves the security of today's modern workloads by preventing lateral movement, which feature of NSX can be used to achieve this?

Options:

A.

Network Segmentation

B.

Virtual Security Zones

C.

Edge Firewalling

D.

Dynamic Routing

Question 5

When deploying an NSX Edge Transport Node, what two valid IP address assignment options should be specified for the TEP IP addresses? (Choose two.)

Options:

A.

Use an IP Pool

B.

Use a DHCP Server

C.

Use RADIUS

D.

Use a Static IP List

E.

Use BootP

Question 6

Which three selections are capabilities of Network Topology? (Choose three.)

Options:

A.

Display how the different NSX components are interconnected.

B.

Display the uplink configured on the Tier-0 Gateways.

C.

Display how the Physical components ate interconnected.

D.

Display the VMs connected to Segments.

E.

Display the uplinks configured on the Tier-1 Gateways.

Question 7

When collecting support bundles through NSX Manager, which files should be excluded for potentially containing sensitive information?

Options:

A.

Controller Files

B.

Management Files

C.

Core Files

D.

Audit Files

Question 8

A company security policy requires all users to log Into applications using a centralized authentication system.

Which two authentication, authorization, and accounting (AAA) systems are available when Integrating NSX with VMware Identity Manager? (Choose two.)

Options:

A.

RADII 2.0

B.

Keyoen Enterprise

C.

RSA SecurelD

D.

LDAP and OpenLDAP based on Active Directory (AD)

E.

SecureDAP

Question 9

Which two of the following are used to configure Distributed Firewall on VDS? (Choose two.)

Options:

A.

vSphere API

B.

NSX API

C.

NSX CU

D.

vCenter API

E.

NSX UI

Question 10

Which statement is true about an alarm in a Suppressed state?

Options:

A.

An alarm can be suppressed for a specific duration in seconds.

B.

An alarm can be suppressed for a specific duration in days.

C.

An alarm can be suppressed for a specific duration in minutes.

D.

An alarm can be suppressed for a specific duration in hours.

Question 11

Which two choices are use cases for Distributed Intrusion Detection? (Choose two.)

Options:

A.

Use agentless antivirus with Guest Introspection.

B.

Quarantine workloads based on vulnerabilities.

C.

Identify risk and reputation of accessed websites.

D.

Gain Insight about micro-segmentation traffic flows.

E.

Identify security vulnerabilities in the workloads.

Question 12

Refer to the exhibits.

Drag and drop the NSX graphic element icons on the left found in an NSX Intelligence visualization graph to Its correct description on the right.

Question # 12

Options:

Question 13

Which CLI command shows syslog on NSX Manager?

Options:

A.

get log-file auth.lag

B.

/var/log/syslog/syslog.log

C.

show log manager follow

D.

get log-file syslog

Question 14

An administrator has a requirement to have consistent policy configuration and enforcement across NSX instances.

What feature of NSX fulfills this requirement?

Options:

A.

Load balancer

B.

Federation

C.

Multi-hypervisor support

D.

Policy-driven configuration

Question 15

Which two of the following will be used for Ingress traffic on the Edge node supporting a Single Tier topology? (Choose two.)

Options:

A.

Inter-Tier interface on the Tier-0 gateway

B.

Tier-0 Uplink interface

C.

Downlink Interface for the Tier-0 DR

D.

Tier-1 SR Router Port

E.

Downlink Interface for the Tier-1 DR

Question 16

Refer to the exhibit.

An administrator configured NSX Advanced Load Balancer to redistribute the traffic between the web servers. However, requests are sent to only one server

Which of the following pool configuration settings needs to be adjusted to resolve the problem? Mark the correct answer by clicking on the image.

Question # 16

Options:

Question 17

An NSX administrator is reviewing syslog and notices that Distributed Firewall Rules hit counts are not being logged.

What could cause this issue?

Options:

A.

Syslog is not configured on the ESXi transport node.

B.

Zero Trust Security is not enabled.

C.

Syslog is not configured on the NSX Manager.

D.

Distributed Firewall Rule logging is not enabled.

Question 18

Which of the following settings must be configured in an NSX environment before enabling stateful active-active SNAT?

Options:

A.

Tier-1 gateway in active-standby mode

B.

Tier-1 gateway in distributed only mode

C.

An Interface Group for the NSX Edge uplinks

D.

A Punting Traffic Group for the NSX Edge uplinks

Question 19

Which two CLI commands could be used to see if vmnic link status is down? (Choose two.)

Options:

A.

esxcfg-nics -1

B.

excli network nic list

C.

esxcli network vswitch dvs wmare list

D.

esxcfg-vmknic -1

E.

esxcfg-vmsvc/get.network

Question 20

Which three DHCP Services are supported by NSX? (Choose three.)

Options:

A.

Gateway DHCP

B.

Port DHCP per VNF

C.

Segment DHCP

D.

VRF DHCP Server

E.

DHCP Relay

Question 21

How is the RouterLink port created between a Tier-1 Gateway and Tler-0 Gateway?

Options:

A.

Manually create a Logical Switch and connect to bother Tler-1 and Tier-0 Gateways.

B.

Automatically created when Tler-1 is created.

C.

Manually create a Segment and connect to both Titrr-1 and Tier-0 Gateways.

D.

Automatically created when Tier-t Is connected with Tier-0 from NSX UI.

Question 22

Which of the following exist only on Tler-1 Gateway firewall configurations and not on Tier-0?

Options:

A.

Applied To

B.

Actions

C.

Profiles

D.

Sources

Question 23

Refer to the exhibit.

An administrator configured NSX Advanced Load Balancer to load balance the production web server traffic, but the end users are unable to access the production website by using the VIP address.

Which of the following Tier-1 gateway route advertisement settings needs to be enabled to resolve the problem? Mark the correct answer by clicking on the image.

Question # 23

Options:

Question 24

Which of the two following characteristics about NAT64 are true? (Choose two.)

Options:

A.

NAT64 is stateless and requires gateways to be deployed in active-standby mode.

B.

NAT64 is supported on Tier-1 gateways only.

C.

NAT64 is supported on Tier-0 and Tier-1 gateways.

D.

NAT64 requires the Tier-1 gateway to be configured in active-standby mode.

E.

NAT64 requires the Tier-1 gateway to be configured in active-active mode.

Question 25

Which command is used to display the network configuration of the Tunnel Endpoint (TEP) IP on a bare metal transport node?

Options:

A.

tepconfig

B.

ifconfig

C.

tcpdump

D.

debug

Question 26

When configuring OSPF on a Tler-0 Gateway, which three of the following must match in order to establish a neighbor relationship with an upstream router? (Choose three.)

Options:

A.

Naming convention

B.

MTU of the Uplink

C.

Subnet mask

D.

Address of the neighbor

E.

Protocol and Port

F.

Area ID

Question 27

Which VMware GUI tool is used to identify problems in a physical network?

Options:

A.

VMware Aria Automation

B.

VMware Aria Orchestrator

C.

VMware Site Recovery Manager

D.

VMware Aria Operations Networks

Question 28

What is the VMware recommended way to deploy a virtual NSX Edge Node?

Options:

A.

Through the OVF command line tool

B.

Through the vSphere Web Client

C.

Through automated or Interactive mode using an ISO

D.

Through the NSXUI

Question 29

An administrator has been tasked with implementing the SSL certificates for the NSX Manager Cluster VIP.

Which is the correct way to implement this change?

Options:

A.

Send an API call to https:// /api/v1/cluster/api-certificate? action=set_cluster_certificate&certificate_id=

B.

Send an API call to https:// /api/v1/node/services/http? action=apply_certificate&certificate_id=

C.

SSH as admin into the NSX manager with the cluster VIP IP and run nsxcli cluster certificate vip install

D.

SSH as admin into the NSX manager with the cluster VIP IP and run nsxcli cluster certificate node install

Question 30

As part of an organization's IT security compliance requirement, NSX Manager must be configured for 2FA (two-factor authentication).

What should an NSX administrator have ready before the integration can be configured? O

Options:

A.

Active Directory LDAP integration with OAuth Client added

B.

VMware Identity Manager with an OAuth Client added

C.

Active Directory LDAP integration with ADFS

D.

VMware Identity Manager with NSX added as a Web Application

Question 31

A customer has a network where BGP has been enabled and the BGP neighbor is configured on the Tier-0 Gateway. An NSX administrator used the get gateways command to retrieve this Information:

Question # 31

Which two commands must be executed to check BGP neighbor status? (Choose two.)

Options:

A.

vrf 1

B.

vrf 4

C.

sa-nexedge-01(tier1_sr> get bgp neighbor

D.

sa-nexedge-01(tier0_sr> get bgp neighbor

E.

sa-nexedge-01(tier1_dr)> get bgp neighbor

F.

vrf 3

Question 32

Which troubleshooting step will resolve an error with code 1001 during the configuration of a time-based firewall rule?

Options:

A.

Reinstalling the NSX VIBs on the ESXi host.

B.

Restarting the NTPservice on the ESXi host.

C.

Changing the lime zone on the ESXi host.

D.

Reconfiguring the ESXI host with a local NTP server.

Page: 1 / 11
Total 107 questions