vmware vcp6-nv 2v0-642 - gratisexam.com...... // ... topic=%2fcom.vmware.nsx.install.doc

https://www.gratisexam.com/

VMware VCP6-NV 2V0-642

Number: 2V0-642Passing Score: 800Time Limit: 120 minFile Version: 14.75



Exam A

QUESTION 1An administrator needs to perform a configuration backup of NSX. From which two locations can this task be performed? (Choose two.)

A. Directly on the NSX Manager

B. From the vSphere Web Client

C. Using the NSX API

D. Directly on each NSX Controller

Correct Answer: ACSection: (none)Explanation

Explanation/Reference:

QUESTION 2Where does an administrator configure logging for the NSX Manager?


A. In the vSphere Web Client

B. In the NSX Manager GUI

C. In the NSX Manager command line interface (CLI)

D. In the vSphere Syslog Collector

Correct Answer: BSection: (none)Explanation


QUESTION 3


Which term describes a situation where a bottleneck is created when traffic is sent to a single device for security enforcement?

A. security event queuing

B. hairpinning

C. security looping

D. enforcement degradation

Correct Answer: ASection: (none)Explanation


QUESTION 4Two virtual machines are unable to communicate with one another. The virtual machines are in the same distributed port group, but reside on different ESXi hosts.What are two possible causes for the communications issue? (Choose two )

A. Basic multicast filtering mode has been disabled on the ESXi hosts.

B. No physical NICs are assigned as active or standby uplinks in a NIC team.

C. The standby links are configured on different VLANs, preventing heartbeats from reaching each VM.

D. The physical NICs assigned as active or standby uplinks reside on different VLANs on the physical switch.

Correct Answer: BDSection: (none)Explanation

Explanation/Reference:https://docs.vmware.com/en/VMwarevSphere/6.5/com.vmware.vsphere.troubleshooting.doc/GUID-5324A0E4-AA7B-40CC-A975-D45328B5C434.html

QUESTION 5An NSX environment requires physical NIC redundancy for all dvPortGroups when connecting hosts to the physical network. There are two 10Gb NIC's per host.Which two teaming methods should be used to ensure both links are utilized simultaneously?

A. Virtual Port Channel

B. LACP Port-Channel

C. Static Port-Channel

D. Explicit Failover Order


Correct Answer: ABSection: (none)Explanation


QUESTION 6When creating a new security policy how is the default weight determined?

A. The default weight is equal to the highest defined weight plus 1000.

B. The default weight is incremented by 100, starting at 0.

C. The default weight is equal to the highest defined weight minus 1000.

D. The default weight is equal to the highest defined weight


Explanation/Reference:Explanation: https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-607C399F-0D11-4B95-90DAA6E17E8C906E.html

QUESTION 7What is required before running an Activity Monitoring report?

A. Enable data collection on the NSX Controller.

B. Enable data collection on the vCenter Server.

C. Enable data collection on the NSX Manager.

D. Enable data collection on the virtual machine.

Correct Answer: DSection: (none)Explanation


QUESTION 8An administrator wants to perform Activity Monitoring on a large group of virtual machines in an NSX environment. How would this task be accomplished with


minimal administrative effort?

A. Create a PowerCLI script to enable virtual machine data collection on each virtual machine.

B. Create a security group in Service Composer and add the virtual machines to the security group.

C. Add the virtual machines to the pre-defined Activity Monitoring security group in Service Composer.

D. Add the virtual machines to a VM folder in vCenter Server and enable data collection.

Correct Answer: CSection: (none)Explanation


QUESTION 9When configuring BGP routing in NSX, what is the purpose of the Graceful Restart check box?

A. Allow packet forwarding to be paused during restart of BGP services

B. Allow packet forwarding to be uninterrupted during restart of BGP services

C. Automatically restart the local router when BGP session is established

D. Automatically restart the peer router when BGP session is established


Explanation/Reference:https://docs.vmware.com/en/VMware-NSX-forvSphere/6.3/com.vmware.nsx.admin.doc/GUID-EF251ED4-5BCA-43D5-9C01-975601EACF1E.html

QUESTION 10Which vSphere network object obstructs the physical network, provides access-level switching in the hypervisor and enables support tot overlay networking?


A. Standard Switch


B. Distributed Port Group

C. Distributed Switch

D. Logical Switch


Explanation/Reference:https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/nsx/vmw-nsx-network-virtualization-design-guide.pdf

QUESTION 11Which three statements ore valid methods of Link Aggregation Control Protocol negotiation? (Choose three.)

A. Switches activate one of the blocked paths and negotiate the forwarding path upon failure.

B. Every other switch on the LAN negotiates only one data path back to the root bridge.

C. Switches wait until they receive an aggregation request,negotiate the status of the links, and proceed.

D. One switch sends repeated requests to the other switch that is requesting the port aggregation status. The two switches negotiate the status of the links andproceed.

E. Switches with links enabled for port aggregation do the port aggregation themselves and must be manually configured to be compatible at each end of that link

Correct Answer: ABCSection: (none)Explanation


QUESTION 12What is the effect on NSX Edge virtual machines when NSX Edge high availability is configured but vSphere HA is NOT configured?

A. The active-standby NSX Edge pair will survive one failure. However, the virtual machines must reside on the same host to prevent NSX Edge availability frombeing compromised.

B. The active-standby NSX Edge HA pair will survive multiple failures.

C. The active-standby NSX Edge HA pair will survive one failure. However, if another failure happens before the second Edge appliance is restored, NSX Edgeavailability can be compromised.

D. The active-standby NSX Edge HA pair will survive two failures. However, the virtual machines must reside on two different hosts.

Correct Answer: C


Section: (none)Explanation


QUESTION 13What are two roles of vmnics? (Choose two)

A. ESXi hosts reach the physical network through vmnics.

B. Virtual machines require vmnics to communicate with their host

C. ESXi hosts are segmented using vmnics, also called virtual trunk ports

D. Virtual machines require vmnics to communicate with physical networks



QUESTION 14Which two statements are true about NSX Data Security support? (Choose two )

A. It supports HIPAA and PCI-DSS compliance policies as well as U.S. Driver License and Social Security numbers.

B. It supports both Windows and Linux-based virtual machines.

C. It only supports HIPAA and PCI-DSS compliance policies.

D. It only supports Windows-based virtual machines.

Correct Answer: BCSection: (none)Explanation

Explanation/Reference:https://www.vmware.com/products/nsx.html

QUESTION 15A virtualized application needs access to a physical database. Both servers are on the 172.168.3.0/24 subnet. NSX has been deployed across the entire virtualenvironment. What method can be used to allow access between the servers?


A. Configure a DLR with an L2 bridge instance for 172.168.3.0/24 VXLAN to VLAN traffic.

B. Route 172.168.3.0/24 to the NSX Edge where the logical switch of the applicationexists.

C. Configure a NAT rule for 172.177.13/024 for the database physical router.

D. Configure the logical switch to bridge 172.168.3.0/24 to the physical router of the database.



QUESTION 16What is the purpose of a DHCP Relay Agent in an NSX Edge configuration?

A. Configures virtual machine interfaces to which DHCP messages are relayed.

B. Configures Edge interfaces from which DHCP messages are relayed.

C. Configures Edge interfaces to which DHCP messages are relayed.

D. Configures virtual machine interfaces from which DHCP messages are relayed.


Explanation/Reference:http://pubs.vmware.com/NSX-61/index.jsp#com.vmware.nsx.admin.doc/GUIDC655D21F-C800-4C7F-A887-F5733810DF34.html

QUESTION 17A user needs to be given the ability to make configuration changes on a specific NSX Edge device. What role and scope could be used to meet this requirement?

A. NSX Administrator role and Limit Access scope

B. Security Administrator role and Limit Access scope

C. NSX Administrator role and No restriction scope

D. Security Administrator role and No restriction scope

Correct Answer: BSection: (none)


Explanation


QUESTION 18An administrator needs to verify which port the switch manager is using. Which command should be used?

A. show controller-cluster status

B. show controller-cluster core stats

C. show controller-cluster connections

D. show controller-cluster logical-switches



QUESTION 19If the Applied To scope is set to Distributed Firewall, which virtual machines with have the firewall rule applied?

A. Only the virtual machines defined in the Source field.

B. Only virtual machines defined in the Destination field.

C. All virtual machines in a Datacenter.

D. All virtual machines on prepared hosts.


Explanation/Reference:http://www.routetocloud.com/2015/04/nsx-distributed-firewall-deep-dive/

QUESTION 20Which two NSX rotes could be used to create security policies? (Choose two.)

A. Enterprise Administrator



B. Security Administrator

C. NSX Administrator

D. Auditor


Explanation/Reference:https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-79F9067D-2F29-45DA-85C7-09EFC31549EA.html

QUESTION 21Which load balancing algorithm is only available on a vSphere Distributed Switch?

A. Route Based on Source MAC Hash

B. Route Based on Originating Virtual Port

C. Route Based on IP Hash

D. Route Based on Physical NIC Load


Explanation/Reference:https://docs.vmware.com/en/VMwarevSphere/6.5/com.vmware.vsphere.networking.doc/GUID-959E1CFE-2AE4-4A67-B4D4-2D2E13765715.html

QUESTION 22Which action is not an option for adding Virtual Machines to a Security Group?

A. Adding Virtual Machines to a Security Group and nesting it within another Security Group.

B. Defining Dynamic Membership in the Security Group.

C. Adding Virtual Machines to a Security Policy and associating it with a Security Group.


D. Selecting objects to include within a Security Group.



QUESTION 23When running the NSX Control Plane in Hybrid Mode what are the minimum physical network requirements? (Choose three.)

A. MTU 1500

B. NSX Controller connectivity

C. IGMP Snooping

D. Multicast Routing with PIM

E. Unicast L3 Routing

Correct Answer: BCESection: (none)Explanation


QUESTION 24What is a requirement of NSX Data Security?

A. NSX manager must be configured for Active Directory integration

B. The Global Flow Collection Status must be set to Enabled

C. Guest Introspection must be installed on the cluster

D. AN IP Pool must be created.


Explanation/Reference:http://pubs.vmware.com/NSX-61/index.jsp?topic=%2Fcom.vmware.nsx.install.doc%2FGUID-62B22E0C-ABAC-42D8-93AA-BDFCD0A43FEA.html


QUESTION 25From the NSX Edge CLI, which command would show VIP statistics?

A. show service loadbalancer pool

B. show service loadbalancer virtual

C. show service loadbalancer monitor

D. show service loadbalancer


Explanation/Reference:https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2122708

QUESTION 26What is the best practice workflow for a NSX installation to support logical switching?

A. Deploy NSX Manager, Configure Logical Switches, Register with vCenter, Deploy Controllers, Prepare hosts

B. Deploy NSX Manager, Deploy Controllers, Configure Logical Switches, Register with vCenter, Prepare hosts

C. Deploy NSX Manager, Register with vCenter, Prepare hosts, Deploy Controllers, Configure Logical Switches

D. Deploy NSX Manager, Register with vCenter, Deploy Controllers, Prepare hosts, Configure Logical Switches



QUESTION 27A group of users' needs secured access to a set of web-based applications in a SDDC. Which VPN option is best suited for this?

A. SSL VPN-Plus

B. L2VPN

C. IPSec VPN

D. Application VPN




QUESTION 28Which is a prerequisite for deploying an Edge Service Gateway?

A. Firewall Default Policy

B. An interface

C. Default Gateway

D. High Availability


Explanation/Reference:http://buildvirtual.net/vcp-nv-deploying-an-edge-services-gateway/

QUESTION 29An administrator is deploying NSX in a Cross-vCenter configuration across three data centers located 100 miles apart Datacenter-1 and Datacenter-3 already haveNSX deployed locally and Datacenter-2 does not have NSX deployed yet. What is the correct order of steps to configure all three data centers for this solution?

A. 1 Remove the NSX manager from Datacenter-1 and Datacenter-32 Reinstall all three NSX managers at the same time3 Deploy a universal transport zone4 Deploy a universal distributed logical router

B. 1 Deploy an NSX manager at Dataeenter-22 Change the roles of the NSX managers in Datacentar-1 and Datacenter-3 to Transit Mode3 Deploy a universal transport zone4 Configure the Primary and Secondary roles on all three NSX managers

C. 1 Deploy an NSX manager in Datacenter 22 Update the NSX manager role in Datacenter-1 to Primary3 Update the roles in Dafacenter-2 and Datacentar-3 to Secondary4 Deploy a universal transport zone

D. 1 Deploy the NSX manager at Datacenter-22 Update the NSX manager role in Datacenter-1 to Primary


3 Deploy a universal transport zone4 Deploy a universal distributed logical router



QUESTION 30Which two functions are provided by VMkernel ports? (Choose two)

A. VXLAN Port Configuration

B. vSphere vMotion

C. ESXi Host Management

D. 802.1Q VLAN tagging

Correct Answer: BCSection: (none)Explanation

Explanation/Reference:http://www.pearsonitcertification.com/articles/article.aspx?p=2190191&seqNum=10

QUESTION 31When deploying a standalone NSX Edge as a Layer 2 VPN client, which port needs to be configured on the client vSphere Distributed Switch?


A. Trunk port

B. Span port

C. Sink port

D. Mirror port



Explanation/Reference:https://pubs.vmware.com/NSX-62/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-C9E2B0E4-F1C1-44A7-B142-F814F801FA42.html

QUESTION 32A security administrator needs to create a Security Group based on an Active Directory group. However, AD Groups are not available as an option. What must theadministrator configure before AD Groups are available?

A. Guest Introspection virtual machines must be joined to the domain

B. Inventory Service must be registered with a domain account

C. NSX Manager must be registered with Active Directory

D. NSX Controller must be registered with Active Directory



QUESTION 33What is one of the benefits of a spine-leaf network topology?

A. A loop prevention protocol is not required

B. Automatic propagation of security policies to all nodes

C. Allows for VXl ANs to be defined in h traditional network topology

D. Network virtualization relies on spine leaf topologies to create logical switches



QUESTION 34


What is the most restrictive NSX role that can be used to create and publish security policies and install virtual appliances?

A. Security Administrator

B. NSX Administrator

C. Auditor

D. Enterprise Administrator



QUESTION 35In a Cross-vCenter implementation, where is the Universal Control Cluster deployed and configured?

A. In each vCenter instance associated with the Cross-vCenter implementation.

B. In each prepared NSX cluster associated with the Cross-vCenter implementation.

C. In every vCenter instance associated with an NSX Manager.

D. In the vCenter instance associated with the Primary NSX Manager.


Explanation/Reference:https://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_cross_vc_install.pdf(page 16)

QUESTION 36An NSX administrator is validating the setup for a new NSX implementation and inputs this command:

A. It helps verify that VXLAN segments are functional and the transport network supports the proper MTU size for NSX.

B. It helps verify that the source virtual machine is configured with the proper MTU size for NSX.


C. It helps verify that the NSX Controller is communicating with the destination VTEP.

D. It helps verify that the NSX Logical Switch is routing packets to the destination host.


Explanation/Reference:https://www.viktorious.nl/2014/12/02/nsx-basics-creating-logical-switch/

QUESTION 37Which type of VPN should be configured to ensure application mobility data centers?

A. Application VPN

B. L2VPN

C. IPSec VPN

D. SSL VPN-Plus


Explanation/Reference:https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/nsx/vmw-nsx-network-virtualization-design-guide.pdf(page 23)

QUESTION 38In a Cross-vCenter NSX deployment, what are two requirements that must be met in order for an administrator to deploy both universal logical switches and locallogical switches within the same vCenter instance? (Choose two )

A. A universal distributed logical router must be created

B. A logical distributed router must be created

C. A universal transport zone must be created.

D. A local transport zone must be created

Correct Answer: CDSection: (none)Explanation



https://docs.vmware.com/en/VMware-NSX-forvSphere/6.3/com.vmware.nsx.cross-vcenter-install.doc/GUID-7F76BB1E-7E36-4E9DB8C2-798100E62192.html

QUESTION 39What is one of the benefits of using logical switches in an NSX environment?

A. IP subnet definitions can be migrated into logical switches using the NSX Manager.

B. Quality of Service parameters are automatically configured in a logical switch

C. The physical infrastructure is responsible for maintaining the logical switch broadcast tables

D. The physical infrastructure is not constrained by MAC/FIB table limits.


Explanation/Reference:https://pubs.vmware.com/NSX-6/topic/com.vmware.nsx.admin.doc/GUIDDF57C441-CE9A-4138-9639-1658DBE65D48.html

QUESTION 40The fact that NSX Data Security has visibility into sensitive data provides which two benefits? (Choose two )

A. It helps address compliance and risk management requirements.

B. It acts as a forensic tool to analyze TCP and UDP connections between virtual machines

C. It is able to trace packets between a source and destination without requiring access to the guestOS

D. It eliminates the typical agent footprint that exists with legacy software agents



QUESTION 41Which is a best practice to secure system traffic, ensure optimal performance and satisfy prerequisites for NSX?

A. Configure a single VMkernel and a single distributed port group for all the system traffic.

B. Configure a single distributed port group with a single VMkernel for Management and iSCSI traffic, a separate VMkernel for vMotion and VSAN traffic.

C. Dedicate separate VMkernel adapters for each type of system traffic. Dedicate separate distributed port groups for each VMkernel adapter and isolate theVLANs for each type of system traffic.


D. Dedicate separate VMkernel adapters for each type ofsystem traffic and dedicate separate standard switches for each type of system traffic connected to asingle physical network.



QUESTION 42Which port is used for NSX REST API Requests?

A. 80

B. 443

C. 5480

D. 8443



QUESTION 43An administrator is attempting to troubleshoot a routing issue between the Edge Services Gateway (ESG) and the Distributed Logical Router (DLR).


Based on the exhibit, which method CANNOT be used to troubleshoot the issue?

A. SSH session into 192.168.100.3 on the ESG.

B. Console session into the ESG.

C. Console session into the DLR.

D. SSH session into 192.168.10.5 on the DLR.



QUESTION 44


When specifying a source for a security rule, what is the purpose of the Negates Source check box?

A. If Negate Source is selected, the rule is sent to only the objects identified under object type.

B. If Negate Source is selected, the rule is applied to traffic coming from all sources except for the source identified under the object type.

C. If Negate Source is not selected, the rule is applied to traffic coming from all sources except for the source identified under the object type.

D. If Negate Source is not selected, the rule is sent to only the objects identified under the object type.


Explanation/Reference:https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-C7A0093A-4AFA-47EC-9187-778BDDAD1C65.html

QUESTION 45What are two benefits of the NSX Distributed Firewall? (Choose two )

A. VMs are protected even as they are vMotioned


B. Each VM is individually protected by a L2-L4 stateful firewall

C. ESXi hosts are automatically protected by a distributed firewall

D. VXLANs are automatically protected by the Transport Zone definition



QUESTION 46How many vCenter Server environments can a single NSX Manager serve at one time?


A. 2000 vCenter Servers

B. 10 vCenier Servers

C. 1 vCenler Server

D. 2 vCenter Servers


Explanation/Reference:https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.install.doc%2FGUID-CFB0DC96-C329-490EB2A9-D92C5704E853.html

QUESTION 47A new ESXi host was added to an existing cluster, prepared for NSX and enabled for Distributed Firewall, logical switching and Logical Routing. The MostPreparation page in the NSX Web Ul shows this new host is in Ready state and the Logical Network Preparation tab displays the VXLAN VTEPs are correctlyconfigured. Virtual machines on the new host can communicate with each other but CANNOT communicate with VMs running on other hosts and connected to thesame Logical Switch. Which condition below will result in the described behavior on the new host?

A. NSX Edge is powered off


B. Host Agent (vpxa) to vCenter is disconnected

C. Rabbitmq message bus connection (vsfwd) to NSX Manager is down

D. Network Control Plane Agent (netcpa) connection to the controller is down



QUESTION 48What resource must a partner security service be registered with before the service is available to a policy?

A. NSX Manager

B. ESXi host

C. Service Composer

D. vCenter Server


Explanation/Reference:https://blogs.vmware.com/consulting/2015/01/automating-security-policy- enforcement-nsx-service-composer.html

QUESTION 49


What configuration change do you need to make to allow this connection?

A. Change Applied On to "Uplink"

B. Change the Translated Port/Range to "rdp"

C. Swap the Original IP/Range and Translated IP/Range IP Addresses

D. Change the Protocol to "any"



QUESTION 50An administrator is deploying NSX to secure the virtual environment. NSX Manager has been deployed and register with it, Which additional step is required before


the distributed firewall is functional?

A. Configure VTEPs on each host

B. Perform host preparation on the cluster

C. Deploy the NSX Controller cluster

D. Enable Guest Introspection



QUESTION 51Which two options are correct regarding vSphere Distributed Switches? (Choose two )

A. A single vDS can span multiple vCenter Servers

B. A single host can be attached to multiple vDS

C. A single vDS can span multiple hosts across multiple clusters

D. A vDS is automatically created when a new 802.1Q trunk is configured



QUESTION 52What are the correct steps for connecting a virtual machine to a logical switch?

A. Select the logical switch, click the Add Virtual Machine Icon, select the VM, select the vNIC to connect

B. Select the Add Virtual Machine icon, select the logical switch, vNIC to connect

C. Select the logical switch, select the virtual machine, click the Add Virtual Machine .con. select the vNIC to connect

D. Select the vNIC, click the Add Virtual Machine Icon, select the logical switch

Correct Answer: A


Section: (none)Explanation

Explanation/Reference:https://docs.vmware.com/en/VMware-NSX-forvSphere/6.2/com.vmware.nsx.admin.doc/GUID-571237B3-1665-4B92-A3A9-51C078EC601D.html

QUESTION 53Which virtual machine does VMware recommend be manually excluded from the Distributed Firewall?

A. NSX Manager

B. vCenter Server

C. Microsoft SQL Server

D. vRealize Automation Appliance


Explanation/Reference:https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-C3DDFBCE-A51A-40B2-BFE1-E549F2B770F7.html

QUESTION 54Which two statements are true regarding L2 Bridges and Distributed Logical Routers? (Choose two )

A. Each L2 bridge instance can only map to a single VLAN

B. There can only be one instance of an L2 bridge on a DLR

C. There can be multiple instances of an L2 bridge on a DLR

D. Each L2 bridge instance can map to multiple VLANs.


Explanation/Reference:https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-ECE2893A-A1A6-4D43-93DA-AE4A97ABBF44.html

QUESTION 55An administrator enables the NSX Ticket Logger to track infrastructure changes. The administrator logs out for lunch, returns and logs back in to complete the task.What is the status of ticket logger when the administrator logs back in?


A. The ticket logger still tracks changes until it is turned off by the administrator.

B. The ticket logger is turned off.

C. The ticket logger will prompt the user if they still want to continue tracking changes.

D. The ticket logger will display an error.



QUESTION 56Which three ways can membership be defined in a dynamic security group? (Choose three)

A. Distributed Firewall Rules

B. Locale ID

C. Security Tags

D. Security Groups

E. Regular Expressions

Correct Answer: BCDSection: (none)Explanation

Explanation/Reference:https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-B9FC0D05-BE96-4D83-8C58-98B0F96DB342.html

QUESTION 57A Service Provider is using VMware vCloud Director with VMware vCloud Networking and Security (VCNS) on vSphere. Which two products will be impacted by theupgrade of VCNS to VMware NSX? (Choose two)

A. ESXi hosts

B. NSX Controller Cluster

C. vShield Manager

D. vCenter Server



Explanation/Reference:https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.2/nsx_62_upgrade.pdf

QUESTION 58What are two requirements of the network infrastructure to the access layer? (Choose two )

A. IPv4 connectivity among ESXi hosts provided by a spine-leaf network design.

B. IPv4 connectivity among ESXi hosts.

C. Increased MTU if the virtual machines are using the default MTU size of 1500.

D. A Redundant, Layer 3, Top-of-Rack network design to provide high availability to ESX hosts.



QUESTION 59In a vSphere Distributed Switch architecture, which plane handles packet switching?


A. Data Plane

B. Forwarding Plane

C. Management Plane

D. Control Plan



Explanation/Reference:https://www.slideshare.net/VMworld/vmworld-2013-vsphere-distributed-switch- design-and-best-practices(slide 7)

QUESTION 60Which details can an administrator verify from the Summary tab of the VMware NSX Manager? (Choose three)

A. Current time

B. Average MTBF

C. Version

D. Storage utilization

E. Health Score

Correct Answer: ACDSection: (none)Explanation


QUESTION 61How is high availability of the NSX Edge Gateway accomplished?

A. HA Application Monitoring on the Edge Gateway sends a heartbeat to the ESXi host.

B. VMware Tools on the Edge Gateway sends a heartbeat to the ESXi host.

C. The Edge appliance sends a heartbeat through an uplink interface.

D. The Edge appliance sends a heartbeat through an internal interface.


Explanation/Reference:https://www.zettagrid.com/faqs/nsx-charging/

QUESTION 62An NSX administrator notices an error during the initial configuration of the SSO lookup service, as shown:


The administrator pulls up the lookup service status, which displays Disconnected.


What step should be performed to resolve this issue?

A. Change the Port number from 7444 to 443

B. Change the SSO Administrator User Name

C. Regenerate the SSL Certificate and reboot the NSX Manager

D. Use IP address versus the DNS name in the Lookup Service



QUESTION 63An application requires load balancing with minimal impact to network performance. An NSX administrator is deploying a load balancer to meet the statedrequirements. Which load balancing engine should be deployed?

A. Layer 5

B. Layer 6

C. Layer 7

D. Layer 4




https://www.icc-usa.com/resources/vmw-nsx-network-virtualization-design-guide.pdf

QUESTION 64A user has configured a specific distributed firewall rule preventing VM-A (172.16.10.11) on the Web-Logical Switch to communicate to VM-B (172.16.20.11),running on the same switch. After the changes, the user is still able to communicated to VM-A from VM-B. To debug this anomaly, the user will need to obtain logsfrom which component?

A. The Distributed Logical Router

B. The Edge Services Gateway

C. The appropriate ESXi Hosts(s)

D. The appropriate NSX Controller(s)



QUESTION 65Which tool is used to detect rogue services?

A. NSX Logical Firewall

B. NSX Logical Router

C. Activity Monitoring

D. Flow Monitoring



QUESTION 66Which are two uses of the NSX DLR protocol address? (Choose two.)

A. When configuring BGP the protocol address is used to forward traffic to peers.

B. When configuring BGP the protocol address is used by the protocol to form adjacencies with peers.


C. When configuring OSPF the protocol address is used to forward traffic to peers.

D. When configuring OSPF the protocol address is used by the protocol to form adjacencies with peers.


Explanation/Reference:For a logical routeraClick Edit at the top right corner of the window.bClick Enable OSPF.cIn Forwarding Address, type an IP address that is to be used by the router datapath module in thehosts to forward datapath packets.dIn Protocol Address, type a unique IP address within the same subnet as the

Forwarding Address. Protocol address is used by the protocol to form adjacencies with the peers

From <https://pubs.vmware.com/NSX-6/topic/com.vmware.nsx.admin.doc/GUID-6E985577-3629-42FE-AC22-C4B56EFA8C9B.html>

QUESTION 67Which two NSX Data Security roles could be assigned to view configured policies and violation reports? (Choose two.)

A. Security Administrator


C. Auditor

D. Enterprise Administrator



QUESTION 68When defining membership for a security group, which three identifiers can be used for dynamic inclusion? (Choose Three)


A. VM folder

B. Computer OS Name

C. ESXi host

D. VM Name

E. Security Tag

Correct Answer: BDESection: (none)Explanation

Explanation/Reference:https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-B9FC0D05-BE96-4D83-8C58-98B0F96DB342.html

QUESTION 69With which Application Profile types would the Insert X-Forwarded-for HTTP header option be used?

A. TCP, UDP

B. HTTP, UDP

C. HTTP, HTTPS

D. HTTP, TCP



QUESTION 70A network administrator is troubleshooting an issue and needs to observe an injected packet as it passes through the physical and logical network. Which tool willaccomplish this?

A. Traceflow

B. NetFlow

C. Flow Monitoring

D. Activity Monitoring



Explanation/Reference:https://pubs.vmware.com/NSX-62/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-05647D5E-B669-40A8-8B84-02C18781186F.html

QUESTION 71Which two are accurate statements with regards to Guest Introspection installation? (Chose two )

A. The service virtual machine performs data security and activity monitoring.


B. The installation deploys a virtual machine to hosts prepared for VMware NSX.

C. A security policy weight of 4300 is assigned to hosts prepared to Guest Introspection.

D. Guest Introspection is deployed with NSX Data Security by default.


Explanation/Reference:Installing Guest Introspection automatically installs a new VIB and a service virtual machine on each host in the cluster. Guest Introspection is required for NSXData Security, Activity Monitoring, and several third-party security solutions.

From <https://docs.vmware.com/en/VMware-NSX-forvSphere/6.2/com.vmware.nsx.install.doc/GUID-62B22E0C-ABAC-42D8-93AA-BDFCD0A43FEA.html>

QUESTION 72Which two network services are abstracted from the underlying hardware by NSX? (Choose two.)

A. Virtual Private Networks

B. Multiprotocol Label Switching

C. Load Balancing

D. Overlay Transport Virtualizations



Explanation/Reference:http://www.altaro.com/vmware/vmware-nsx-abstracting-the-network-layer/

QUESTION 73What is the minimum NSX role necessary for a user to edit the firewall on an Edge Services Gateway (ESG)?

A. Auditor


C. Enterprise Administrator

D. Security Administrator



QUESTION 74In a Cross-vCenter environment where is information about local logical switches and local logical routers maintained?

A. Platform Services Controller

B. Local transport /one

C. Local Controller Cluster

D. Universal Controller Cluster



QUESTION 75You have deployed an Edge Services Gateway with the following interface configuration:


Your customer has requested that you provide the ability to use Remote Desktop Protocol to log into a virtual machine that has a tenant IP address of 192.168.7.21using the provider IP address 192.168.100.4. You have performed the following configuration however, you cannot RDP into the virtual machine.


What configuration change do you need to make to allow this connection?

A. Change Applied Onto "Uplink"

B. Change the Protocol to "any".

C. Change the Translated Port/Range to "rdp".

D. Swap the Original IP/Range and Translated IP/Range IP Addresses.




QUESTION 76Activity Monitoring has been enabled for a host with several virtual machines. However, only one virtual machine appears in the list.

Which two additional configuration steps are required to allow the other virtual machines on the host to be selected? (Choose two.)


A. Guest Introspection driver must be installed.

B. Virtual Machine Data Collection must be enabled on the other VMs.

C. NSX Manager must be linked to Active Directory

D. Guest Introspection appliance must be deployed on the host.


Explanation/Reference:As it shows one VM on the mentioned ESXi host, so C and D working correctly, it shout be A and B

To protect VMs using a Guest Introspection security solution, you must install Guest Introspection thin agent, also called Guest Introspection drivers,From <https://docs.vmware.com/en/VMware-NSX-forvSphere/6.3/com.vmware.nsx.admin.doc/GUID-D04D1521-8EBC-449F-AD57-EF829075A25D.html>

Guest Introspection supports File Introspection in Linux for anti-virus only. To protect Linux VMs using a Guest Introspection security solution, you must install theGuest Introspection thin agent.From <https://docs.vmware.com/en/VMware-NSX-forvSphere/6.3/com.vmware.nsx.admin.doc/GUID-636788A7-BB64-483A-A48D-4E62B3AFC0C8.html>

QUESTION 77The user at 192.168.150.10 can reach the physical router but CANNOT reach edge-2 or any virtual machines.


What routing change would resolve the issue?

A. Enable Default Originate on edge-2 for OSPF.

B. Configure static routes on the physical router.

C. Enable route redistribution on edge-2 between both routing protocols.

D. Enable Default Originate on edge-2 for BGP



QUESTION 78Which tool is used to display VXLAN connection information?


A. pktcap-uw

B. NSX Controller CLI

C. esxtop

D. VDS Health Check



QUESTION 79Internet access is required from virtual machines located on any logical switch Direct access from the internet to these virtual machines is NOT permitted

Which perimeter NSX Edge feature would achieve this with the least configuration?

A. LB

B. VPN

C. SNAT

D. DNAT




QUESTION 80You are creating a Unrversal Segment ID Pool for a three site Cross-vCenter environment. The three sites are designated as Site A, Site B and Site C,* Site A has a local Segment ID pool of 5000-5999* Site B has a local Segment ID pool of 6000-6999* Site C has a local Segment ID pool of 7000-7999Which of the following ranges would be valid for the Universal Segment ID pool?

A. 5000-7999

B. 7000-8999

C. 4000-4999

D. 2000000-2000999


Explanation/Reference:https://thewificable.com/2017/04/27/cross-vcenter-multi-site-nsx-guide/

QUESTION 81A customer has Cisco Nexus 1000V switches in their environment and is looking at deploying NSXWhich statement is correct?

A. The environment must be migrated from the Nexus 1000V to vSphere Distributed Switches.

B. The environment must be configured for VXLAN over the Nexus 1000V.

C. The environment can use the Nexus 1000V switches for the NSX deployment.

D. The environment must be migrated from the Nexus 1000V to vSphere Standard Switches.




QUESTION 82Your environment has two sites designated as Site A and Site B. Each site has its own vCenler Server instance with NSX installed and configured in standalonemode. You are migrating the environment to Cross vCenter and have already promoted Site A to the Primary role. What action must be taken before the NSXManager at Site B can be changed to Secondary?

A. Migrate the Site B Controllers to Site A

B. Convert the Site B Controllers to Universal Controllers

C. Remove any logical switches from the Site B NSX Controller.

D. Delete the Controllers at Site B



QUESTION 83Which is required to support unicast mode in NSX?

A. Hardware VTEP

B. Distributed Logical Router

C. NSX Controller

D. NSX Edge


Explanation/Reference:http://www.virtually-limitless.com/vcix-nv-study-guide/create-transport-zones-in-nsx/

QUESTION 84An administrator has implemented VMware NSX on a leaf-spine underlay. They have deployed the following in the data center:* Two racks for a management cluster that is not prepared for VMware NSX* Six racks for compute clusters* Two racks for an Edge cluster which holds a DLR control VM for bridging, and North/South Edge Service GatewaysWhich three of the following are true regarding the physical and logical networking of the environment? (Choose three )


A. At least one VXLAN segment spans across all the racks

B. VXLAN segments span the compute and Edge racks

C. At least one VLAN spans the compute racks

D. At least one VLAN spans across the two management racks

E. At least 2 VLANs span across the two Edge racks.

Correct Answer: BCDSection: (none)Explanation


QUESTION 85An administrator has been asked to provide single failure redundancy. What is the minimum supported number of NSX Controllers needed to meet thisrequirement?

A. 2

B. 3

C. 1

D. 5


Explanation/Reference:http://www.vmwarearena.com/vmware-nsx-installation-part-4-deploying-nsx-controller/

QUESTION 86An NSX Administrator is examining traffic on the network shown below.


What is the packet flow when VM1 communicates to VM5?


A. Host A will perform a destination lookup, route the packet, switch the packet onto segment 5002, then encapsulate and send the packet to Host C.

B. Host A will perform a destination lookup, switch the packet onto segment 5002, route the packet, then encapsulate the packet and send it to the DLR controlVM.

C. Host A will encapsulate thepacket, send the encapsulated packet to host C, Host C will perform a destination lookup and switch the packet onto segment 5002.

D. Host A will encapsulate the packet, perform a destination lookup, route the packet to the DLR control VM, the control DLR will bridge the packet onto segment5002.

Correct Answer: DSection: (none)


Explanation


QUESTION 87Which NSX component can validate that security policies at your organization are being enforced correctly?

A. Activity Monitoring

B. Flow Monitoring

C. ERSPAN

D. Distributed firewalls



QUESTION 88In which VMware NSX use case would VXLAN NOT be required?

A. L2 Bridging physical to virtual

B. NSX micro-segmentation

C. Active/Active Datacenter

D. Distributed Logical Routing



QUESTION 89Which three methods can be used by the NSX Distributed Firewall to discover IP addresses? (Choose three )

A. DHCP Snooping


B. IP Sets

C. Spoofguard configured for Trust on First Use.

D. VMware Tools installed on every guest virtual machine.

E. ARP Spoofing

Correct Answer: ACDSection: (none)Explanation

Explanation/Reference:https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2125437

QUESTION 90Which highly available Edge design would provide high bandwidth and isolation to four application networks?

A. Four Distributed Routers (standalone mode) with one Edge Services Gateway in Active/Standby mode.

B. One Edge Services Gateway in ECMP mode.

C. One distributed Router (in HA mode) with two Edge Services Gateways in ECMP mode.

D. Four Distributed Routers (in HA mode) with one Edge Services Gateway in Active/Standby mode.



QUESTION 91An NSX Administrator is examining a broken set of firewall rules and discovers that the Block Telnet rule was created in the wrong section.


Based on the exhibit, which option would correct the issue with the least amount of effort?

A. Use the Merge Section functionality to correct this.

B. Use the Move rule Up icon to move rules between sections.

C. Add a new rule called Block Telnet to the correct section and then remove the existing rule.

D. Delete the rule and then re-add the rule to the correct section.



QUESTION 92Which three objects are supported for universal synchronization in a Cross-vCenter NSX deployment? (Choose three)


A. IP Pools

B. IP Sets

C. L2 bridges

D. MAC Sets

E. Transport Zones

Correct Answer: BDESection: (none)Explanation

Explanation/Reference:https://docs.vmware.com/en/VMware-NSX-forvSphere/6.3/com.vmware.nsx.admin.doc/GUID-229D0501-836E-4788-A72E-4D3DEBF2B26D.html

QUESTION 93Which two methods does VMware NSX offer to integrate with third-party partners? (Choose two )

A. Integration Manager

B. Service Chaining

C. VMware NSX APIs

D. Universal Synchronization Service


Explanation/Reference:https://docs.vmware.com/en/VMware-NSX-forvSphere/6.3/com.vmware.nsx.admin.doc/GUID-EA477D96-E2D3-488B-90AA-2F19B4AE327D.html#GUID-EA477D96-E2D3-488B-90AA-2F19B4AE327D

QUESTION 94Which two NSX Data Security roles could be used to create security policies? (Choose two)

A. Auditor


C. Enterprise Administrator

D. Security Administrator



Explanation/Reference:https://pubs.vmware.com/NSX-6/index.jsp#com.vmware.nsx.admin.doc/GUID-66DA0370-C241-40BD-A987-98597564EEDF.html

QUESTION 95A network administrator has been tasked with deploying a 3-tier application across two data centers. Tier-1 and tier-2 will be located in Datacenter-A and tier-3 willbe located in Datacenter-B. Which NSX components are needed to make this deployment functional?

A. A universal transport zone deployed with a universal distributedlogical router (UDLR), a universal logical switch and two local logical switches connected to theUDLR.

B. A universal transport zone deployed with a universal distributed logical router (UDLR), two universal logical switches and a single logical switch connected to theUDLR.

C. A universal transport zone deployed with a universal distributed logical router (UDLR) and three universal logical switches connected to the UDLR.

D. A universal transport zone, a universal distributed logical router (UDLR) and three local switches in each data center connected to the UDLR



QUESTION 96Which two networking and security components are contained m the backup configuration data of an NSX Manager backup file? (Choose two )

A. vSphere Distributed Switch

B. Resource Pools

C. Edge Services Gateway

D. Grouping Objects




QUESTION 97Which component automates the consumption of third-party services and provides mapping to virtual machines using a logical policy?

A. NSX Manager

B. Cloud Management Platform (CMP)

C. Service Composer

D. NSX Data Security



QUESTION 98Which three options are true about NSX logical bridges? (Choose three)

A. A logical bridge configured for HA uses a 15 second heartbeat by default to detect failure.

B. A logical bridge configured for HA uses (BFD) Bi-Directional Forwarding to detect a failure in a minimum of one second

C. A logical bridge on the DLR supports VXLAN to VLAN bridging.

D. A logical bridge forwards traffic through the control VM.

E. A logical bridge forwards traffic through the hypervisor.

Correct Answer: ACESection: (none)Explanation

Explanation/Reference:From <http://www.routetocloud.com/2014/10/nsx-l2-bridging/>All NSX Edge services run on the active appliance. The primary appliance maintains a heartbeat with the standby appliance and sends service updates through aninternal interface. If a heartbeat is not received from the primary appliance within the specified time (default value is 15 seconds), the primary appliance is declareddeadhttps://pubs.vmware.com/NSX-61/topic/com.vmware.ICbase/PDF/nsx_61_admin.pdf Page 197

QUESTION 99An organization has PCI compliant application deployed as part of a larger NSX environment.Every year a team of contractors evaluates the security of the


environment and recommends changes.What NSX Role and Scope should the contractors be given to minimize access but still allow them to fulfill the staled requirement?

A. Security Administrator, No restrictions

B. Auditor. Limit access scope

C. NSX Administrator, Limit access scope

D. Enterprise Administrator, Limit access scope


Explanation/Reference:https://c368768.ssl.cf1.rackcdn.com/product_files/28022/original/VMware_SDDC_Validated_Reference_Architecture_for_PCI_v3.0_June_2014b1844892b9e7e4c6aa280f5fd9df5a0f.pdfPage 3VMware NSX VMware NSX Edge, VMware NSX Firewall, VMware NSX Router,VMware NSX LoadBalancer, and, VMware NSX Service Composer

QUESTION 100A workload was attached to a logical switch port group in Compute Cluster 1. Users are complaining that I hey can communicate with other workloads on that portgroup in the cluster, but not with other workloads on different networks.

What is the most probable cause?

A. The distributed firewall has a default rule set to deny all

B. The Distributed Logical Router was not configured on Compute Cluster 1

C. Compute Cluster 1 is NOT a member of the Transport Zone

D. An NSX Edge has NOT been deployed into Compute Cluster 1




QUESTION 101An NSX Edge Service Gateway has two interfaces:* Internal interface named Internal Access-- IP address = 10.10.10.1-- Network mask = 255.255.255.0* Uplink interface named Physical Uplink-- IP address = 20.20.20.1-- Network mask = 255.255.255.0A vSphere administrator wants to add a SNAT rule to allow traffic from the internal network segment to access external resources via the uplink interface.Which three steps should the vSphere administrator do to add the SNAT rule? (Choose three.)

A. Apply the SNAT rule to the Internal Access interface.

B. Select 10.10.10.1 as the translated source IP.

C. Apply the SNAT rule on the Physical Uplink interface.

D. Select 10.10.10.0/24 as the original subnet.

E. Choose 20.20.20.2 as the translated source IP address.

Correct Answer: CDESection: (none)Explanation


QUESTION 102What are two things that should be done before upgrading from vCloud Networking and Security to NSX? (Choose two.)

A. Power off vShield Manager

B. Deploy NSX Manager virtual appliance

C. Uninstall vShield Data Security

D. Ensure that forward and reverse DNS is functional



Explanation/Reference:https://pubs.vmware.com/NSX-62/index.jsp?topic=%2Fcom.vmware.nsx.upgrade.endpoint.doc%2FGUID-0D1B18B1-B5CC-483B-8BC0-95A2E8C025B9.html


vmware vcp6-nv 2v0-642 - gratisexam.com...... // ... topic=%2fcom.vmware.nsx.install.doc

Documents