Archive for November 2016

Which action is not an option for adding Virtual Machines to a Security Group?

Add Comment

Which action is not an option for adding Virtual Machines to a Security Group? 







A. Adding Virtual Machines to a Security Group and nesting it within another Security Group.
B. Defining Dynamic Membership in the Security Group.
C. Adding Virtual Machines to a Security Policy and associating it with a Security Group.
D. Selecting objects to include within a Security Group.







Answer: C

An administrator wants to perform Activity Monitoring on a large group of virtual machines in an NSX environment. How would this task be accomplished with minimal administrative effort?

Add Comment

An administrator wants to perform Activity Monitoring on a large group of virtual machines in an NSX environment. How would this task be accomplished with minimal administrative effort? 







A. Create a PowerCLI script to enable virtual machine data collection on each virtual machine.
B. Create a security group in Service Composer and add the virtual machines to the security group.
C. Add the virtual machines to the pre-defined Activity Monitoring security group in Service Composer.
D. Add the virtual machines to a VM folder in vCenter Server and enable data collection.







Answer: C

An administrator has deployed NSX in an environment containing a mix of vSphere 5 hosts. The implementation includes the Distributed Firewall Service, but the administrator finds that rules are not being applied to all affected virtual machines. What two conditions would cause this behavior?

Add Comment

An administrator has deployed NSX in an environment containing a mix of vSphere 5 hosts. The implementation includes the Distributed Firewall Service, but the administrator finds that rules are not being applied to all affected virtual machines.
What two conditions would cause this behavior?  






A. Some hosts have not been prepared for NSX.
B. Only ESXi 5.5 and later hosts can push the rules to the virtual machines.
C. Only ESXi 5.1 and later hosts can push the rules to the virtual machines.
D. Some hosts are blocking the port used for rule distribution.






Answer: A,C

An administrator wishes to control traffic flow between two virtual machines. The virtual machines are in the same subnet, but are located on separate ESXi hosts. The administrator deploys an Edge Firewall to one of the hosts and verifies the default firewall rule is set to deny, but the two virtual machines can still communicate with each other. What task will correct this issue?

Add Comment

An administrator wishes to control traffic flow between two virtual machines. The virtual machines are in the same subnet, but are located on separate ESXi hosts. The administrator deploys an Edge Firewall to one of the hosts and verifies the default firewall rule is set to deny, but the two virtual machines can still communicate with each other.
What task will correct this issue? 







A. Configure both ESXi host firewalls to deny traffic from the virtual machine on the other host.
B. Deploy another Edge Firewall on the host running the second virtual machine.
C. Remove any other firewall appliances that may exist on either of the ESXi hosts.
D. Deploy a Distributed Firewall with firewall rules to prevent traffic between the virtual machines.






Answer: D

How are Logical Firewall rules applied to affected virtual machines?

Add Comment

How are Logical Firewall rules applied to affected virtual machines?





A. They are pushed by the NSX Controllers into all the ESXi hosts in the same Transport Zone.
B. They are pushed by the NSX Manager to the ESXi hosts running the source and/or destination virtual machines.
C. They are pushed by the NSX Controllers to the ESXi hosts running the destination virtual machines.
D. They are pushed by the NSX Manager to all the ESXi hosts in the NSX environment.








Answer: B

Where does the Distributed Logical Firewall enforce firewall rules?

Add Comment

Where does the Distributed Logical Firewall enforce firewall rules? 








A. At the Virtual Machine's virtual Network Interface Card (vNIC).
B. At the Logical Switch virtual port that the Virtual Machine connects to.
C. At the NSX Controller's firewall kernel module.
D. At the ESXi host vmnic used by the vSphere Distributed Switch.








Answer: A

Which two statements are true regarding NSX High Availability?

Add Comment

Which two statements are true regarding NSX High Availability?  







A. NSX HA is configured as Active-Active.
B. NSX HA is configured as Active-Standby.
C. If an Active node fails, there is no service interruption during failover.
D. If an Active node fails, there is a 15 second service interruption during failover.








Answer: B,C

Which two actions take place when an active NSX Edge instance fails?

Add Comment

Which two actions take place when an active NSX Edge instance fails?  






A. Once the original NSX Edge instance is recovered, it preempts the other NSX Edge instance and takes over the active role.
B. The standby NSX Edge instance becomes the active instance and requests routing updates from the routing neighbors.
C. Once the original NSX Edge instance is recovered, the NSX Manager attempts to place it on a different host from the other NSX Edge instance.
D. The standby NSX Edge instance becomes the active instance and retains any routing neighbor adjacencies.








Answer: C,D

An administrator manages a TFTP server virtual machine that is connected to a Logical Switch with a VNI of 7321. The TFTP server has been configured to use port 1069. An NSX Edge Service Gateway is connected to VNI 7321 and has an uplink interface with access to the physical network. Assume external users can reach the Service Gateway. What should the administrator configure to ensure external connections to the TFTP server are successful?

Add Comment

An administrator manages a TFTP server virtual machine that is connected to a Logical Switch with a VNI of 7321. The TFTP server has been configured to use port 1069. An NSX Edge Service Gateway is connected to VNI 7321 and has an uplink interface with access to the physical network. Assume external users can reach the Service Gateway.
What should the administrator configure to ensure external connections to the TFTP server are successful? 







A. Create a DNAT rule with the original port of 69 and translated port of 1069.
B. Create a SNAT rule with the original port of 1069 and translated port of 69.
C. Create a SNAT rule with the original port of 69 and translated port of 1069.
D. Create a DNAT rule with the original port of 1069 and translated port of 69.









Answer: A

Which statement is true regarding an NSX Edge gateway device configured with a DNS Server?

Add Comment

Which statement is true regarding an NSX Edge gateway device configured with a DNS Server? 






A. The NSX Edge will forward all DNS requests from virtual machines sent to it to the DNS Server.
B. The NSX Edge configuration will override the DNS Server configured by the NSX Manager.
C. The NSX Edge registers the DNS Server with the NSX Controller.
D. The NSX Edge periodically synchronizes its DNS tables with the primary DNS Server.









Answer: A

A vSphere administrator wants to setup an NSX Edge Service Gateway to provide traveling employees secure access to company servers located in specific network segments within the corporate Data Centers. The solution has to be as scalable as possible. Which Virtual Private Network solution will satisfy the administrator's requirements?

Add Comment

A vSphere administrator wants to setup an NSX Edge Service Gateway to provide traveling employees secure access to company servers located in specific network segments within the corporate Data Centers. The solution has to be as scalable as possible.
Which Virtual Private Network solution will satisfy the administrator's requirements? 







A. SSL VPN
B. MPLS VPN
C. Layer 2 VPN
D. IPSec VPN








Answer: A

A company has augmented its Data Center infrastructure by using vCloud Hybrid Service during peak hours. The company wants to extend their existing subnets into the cloud while workloads retain their existing IP addresses. The virtual machines in these subnets use an NSX Edge Gateway as their default gateway. Which solution should this company use?

Add Comment

A company has augmented its Data Center infrastructure by using vCloud Hybrid Service during peak hours. The company wants to extend their existing subnets into the cloud while workloads retain their existing IP addresses. The virtual machines in these subnets use an NSX Edge Gateway as their default gateway.
Which solution should this company use? 







A. Layer 2 VPN
B. MPLS VPN
C. IPSec VPN
D. SSL VPN









Answer: A

A vSphere administrator wants to setup an NSX Edge Service Gateway to provide traveling employees secure access to company servers located in specific network segments within the corporate Data Center. The remote access solution must provide a method to authenticate the users. Which two methods can be used with the NSX Edge Service Gateway?

Add Comment

A vSphere administrator wants to setup an NSX Edge Service Gateway to provide traveling employees secure access to company servers located in specific network segments within the corporate Data Center. The remote access solution must provide a method to authenticate the users.
Which two methods can be used with the NSX Edge Service Gateway?  







A. TACACS+
B. MS-CHAP
C. RSA Secure ID
D. Active Directory









Answer: C,D

Which two statements are true regarding Layer 2 VPNs?

Add Comment

Which two statements are true regarding Layer 2 VPNs?  









A. Layer 2 VPNs are used to securely extend Ethernet segments over an untrusted medium.
B. The NSX Edge Service Gateway can form a Layer 2 VPN with a standards-compliant physical appliance.
C. The Distributed Router can form a Layer 2 VPN to another Distributed Router or NSX Edge Service Gateway.
D. Layer 2 VPNs require the two VPN endpoints be in the same Layer 2 segment.










Answer: A,B

A company hosts an internal website on multiple virtual machines attached to a Logical Switch with VNI 7321. A Distributed Router serves as the virtual machines' default gateway. When an user resolves the URL for the website, the internal DNS server responds with the IP address of one of the virtual machine's IP addresses in a round robin fashion. This approach results in some virtual machines having a much higher number of user sessions than others. The company wants to deploy a NSX Edge Service Load Balancer to improve on this situation. Which distribution method can be configured on the NSX Edge Load Balancer to meet the company's needs?

Add Comment

A company hosts an internal website on multiple virtual machines attached to a Logical Switch with VNI 7321. A Distributed Router serves as the virtual machines' default gateway. When an user resolves the URL for the website, the internal DNS server responds with the IP address of one of the virtual machine's IP addresses in a round robin fashion. This approach results in some virtual machines having a much higher number of user sessions than others.
The company wants to deploy a NSX Edge Service Load Balancer to improve on this situation. Which distribution method can be configured on the NSX Edge Load Balancer to meet the company's needs? 







A. LEAST_CONN
B. IP_HASH
C. LEAST_LOAD
D. URI






Answer: A

A vSphere administrator deployed an NSX Edge Load Balancer in HP mode. What happens in the event the Load Balancer has a failure?

Add Comment

A vSphere administrator deployed an NSX Edge Load Balancer in HP mode. What happens in the event the Load Balancer has a failure? 








A. The secondary NSX Edge Load Balancer assumes the role of primary. Existing Flows will need to have their connections reestablished.
B. He will start the NSX Edge Load Balancer on another ESXi host in the cluster. All existing flows will need to have their connections reestablished.
C. He will start the NSX Edge Load Balancer on another ESXi host in the cluster. The NSX Controller caches existing flows and hands them to the Load Balancer when it is back up.
D. The secondary NSX Edge Load Balancer assumes the role of primary. The NSX Controller caches existing flows and hands them to the Load Balancer when it is back up.







Answer: A

You are tasked with designing a data center architecture that should maximize the use of vMotion within your environment. You must use these VMware best practices: - The network must utilize widely offered layer 2 switching and layer 3 switching services - Purchase of new equipment should be minimized Which two network design architectures will provide the requirements for vMotion in your data center?

Add Comment

You are tasked with designing a data center architecture that should maximize the use of vMotion within your environment. You must use these VMware best practices:
- The network must utilize widely offered layer 2 switching and layer 3 switching services
- Purchase of new equipment should be minimized
Which two network design architectures will provide the requirements for vMotion in your data center?  






A. Utilize layer 3 switching from the access layer through the core.
B. Employ layer 2 multipathing using a standardized protocol.
C. Deploy a flat, traditional layer 2 switched network.
D. Deploy an overlay technology for the deployment of your virtual network.






Answer: A,D

A vSphere administrator added a new interface to a Distributed Router with a subnet of 172.16.10.0/24 and wants to make this subnet reachable to the rest of the network. How can the vSphere administrator achieve this?

Add Comment

A vSphere administrator added a new interface to a Distributed Router with a subnet of 172.16.10.0/24 and wants to make this subnet reachable to the rest of the network. How can the vSphere administrator achieve this? 







A. Enable OSPF on the Distributed Router. Configure the uplink interface in the Backbone area and redistribute into OSPF the 172.16.10.0/24 subnet.
B. Enable OSPF in the Distributed Router. Configure the uplink interface in the normal area and the new interface with the subnet 172.16.10.0/24 in a Backbone area.
C. Enable OSPF on the Distributed Router. Configure the uplink interface in the Backbone area and redistribute from OSPF the 172.16.10.0/24 subnet.
D. Enable OSPF on the Distributed Router. Configure the uplink interface in the Backbone area and the new interface with the subnet 172.16.10.0/24 in a normal area.







Answer: D

A vSphere administrator wants to add a VLAN LIF to a Distributed Router. What must the vSphere administrator do for the VLAN LIF to be added successfully?

Add Comment

A vSphere administrator wants to add a VLAN LIF to a Distributed Router. What must the vSphere administrator do for the VLAN LIF to be added successfully? 







A. The vSphere administrator must assign a VLAN number to the distributed portgroup that the VLAN LIF connects to.
B. The vSphere administrator must assign a VLAN number to the Distributed Router that the Logical Switch connects to.
C. The vSphere administrator must assign a VLAN number to the Logical Switch that the Distributed Router connects to.
D. The vSphere administrator must assign a VLAN number to the uplink on the distributed switch that the VLAN LIF connects to.







Answer: A

Which components are required to enable layer 2 bridging?

Add Comment

Which components are required to enable layer 2 bridging?





 
A. Distributed firewall rule to allow layer 2 traffic in the bridge.
B. Deployed Logical Switch.
C. Deployed Logical Router.
D. VLAN trunk configured on logical switch.






Answer: A,C

Which two options are use cases of Layer 2 bridging in NSX for vSphere?

Add Comment

Which two options are use cases of Layer 2 bridging in NSX for vSphere?  







A. Extend the network security to physical devices in the physical network by use of the Distributed Firewall.
B. Extend physical services to Virtual Machines in virtual network.
C. Allow clustering of multiple NSX Managers in a single vCenter Server instance.
D. Allow physical devices in the physical network to use the NSX Edge Gateway as a default router.








Answer: B,D

How is the Bridge Instance chosen?

Add Comment

How is the Bridge Instance chosen? 







A. It is chosen based on the ESXi host where the Logical Router Control VM is running.
B. It is manually assigned by the vSphere administrator when the distributed portgroup is configured.
C. During an election process among all ESXi hosts. The host with the highest MAC address is selected.
D. The VTEP configured with the highest VXLAN Network Identifier (VNI) is selected.








Answer: A

An administrator consults with the network team and decides that Transport Zones will be configured with Hybrid Replication Mode for a new NSX for vSphere deployment. Which statement is true?

Add Comment

An administrator consults with the network team and decides that Transport Zones will be configured with Hybrid Replication Mode for a new NSX for vSphere deployment.
Which statement is true? 









A. The Ethernet segments where the VTEPs are connected have some level of multicast support.
B. The physical network is configured to support multicast.
C. The ESXi hosts in the Transport Zone are running on different server hardware.
D. A multicast range has been configured in the NSX Manager as part of the Logical Network Preparation.







Answer: A

What is determined when an NSX Administrator creates a Segment ID Pool?

Add Comment

What is determined when an NSX Administrator creates a Segment ID Pool?







A. The range of VXLAN Network Identifiers (VNIs) that can be assigned to Logical Switches.
B. The total number of Logical Switches that can be deployed in a single Compute Cluster.
C. The range of VLAN segments that can be assigned to Transport Zones.
D. The total number of addresses that can be used to assign VTEP IP addresses to ESXi hosts during host preparation.








Answer: A

A new ESXi 5.5 host is deployed in a vSphere environment with VMware NSX for vSphere. How can the host be prepared for VMware NSX for vSphere?

Add Comment

A new ESXi 5.5 host is deployed in a vSphere environment with VMware NSX for vSphere. How can the host be prepared for VMware NSX for vSphere? 







A. By using Image Builder to pre-load the NSX for vSphere VIBs in the ESXi image in an Auto Deploy solution.
B. By leveraging VMware Update Manager to install the new NSX for vSphere VIBs into each of the hosts.
C. By creating a new VMkernel port in the host from the Host and Clusters inventory view in vSphere Web Client.
D. By entering the ESXi 5.5 management IP address in the NSX Controllers so the VIBs can be installed.







Answer: A

Which statement is correct when upgrading vShield Data Security to NSX Data Security?

Add Comment

Which statement is correct when upgrading vShield Data Security to NSX Data Security? 







A. NSX Data Security does not support a direct upgrade.
B. NSX Controller must be deployed before the upgrade.
C. The vCloud Network and Security Virtual Wires must have been upgraded.
D. vCould Network and Security must be at least version 5.1 before starting the upgrade.







Answer: A

After deploying NSX, an administrator does not see the Networking & Security tab when connecting to the vCenter Server using the vSphere Web Client. What should the administrator do?

Add Comment

After deploying NSX, an administrator does not see the Networking & Security tab when connecting to the vCenter Server using the vSphere Web Client.
What should the administrator do? 







A. Register the NSX Manager with the vCenter Server.
B. Register the NSX Manager with the Inventory Service.
C. The NSX Controllers must be deployed before NSX Manager is available.
D. The NSX Manager must be configured to use Single Sign-On before it will be available.









Answer: A

In a data center using a leaf and spine architecture, which two statements define the connectivity between the leaf and spine tiers required to provide optimal network connectivity for NSX?

Add Comment

In a data center using a leaf and spine architecture, which two statements define the connectivity between the leaf and spine tiers required to provide optimal network connectivity for NSX? 








A. Links are required between leaf and spine switches, and from each spine switch to other spine switches in the architecture.
B. Links are required between leaf and spine switches in the architecture to form a point-to-point connection between the two tiers.
C. High availalability and scalability should be achieved using NSX High Availability.
D. High availability and scalability should be achieved using Equal Cost Multipathing (ECMP).








Answer: B,D

Which two characteristics of the underlying physical network does VMware NSX require for robust IP transport?

Add Comment

Which two characteristics of the underlying physical network does VMware NSX require for robust IP transport?  






A. The physical network should provide scalable network I/O using Layer 2 Multipathing (L2MP) and Multichassis Link Aggregation (MLAG).
B. The physical network should provide scalable network I/O using Equal Cost Multipathing (ECMP).
C. QoS is not necessary since classification and marking will be done in the overlay.
D. QoS classification and marking is required to provide end-to-end flow control.








Answer: B,D

Your data center is made up of two VMware vCenter Server instances. Each vCenter Server manages three clusters with 16 hosts per cluster. In preparing for your VMware NSX deployment, how many vShield Endpoint instances will you have?

Add Comment

Your data center is made up of two VMware vCenter Server instances. Each vCenter Server manages three clusters with 16 hosts per cluster.
In preparing for your VMware NSX deployment, how many vShield Endpoint instances will you have? 









A. 2
B. 6
C. 48
D. 96





Answer: D

If unicast mode is configured for the overlay transport in an NSX deployment, which two statements correctly define the network support that is required?

Add Comment

If unicast mode is configured for the overlay transport in an NSX deployment, which two statements correctly define the network support that is required?  








A. Configure NSX High Availability
B. Layer 2 switching support in theaccess and distribution layers
C. Layer 3 switching support in theaccess and distribution layers
D. Configure Jumbo Frame support








Answer: C,D

A company wants to deploy VMware NSX for vSphere with no PIM and no IGMP configured in the underlying physical network. This company also must ensure that non-ESXi hosts do not receive broadcast, unknown unicast or multicast (BUM) traffic. Which replication mode should the logical switches be deployed with?

Add Comment

A company wants to deploy VMware NSX for vSphere with no PIM and no IGMP configured in the underlying physical network. This company also must ensure that non-ESXi hosts do not receive broadcast, unknown unicast or multicast (BUM) traffic.
Which replication mode should the logical switches be deployed with? 







A. Unicast Replication Mode
B. Multicast Replication Mode
C. Hybrid Replication Mode
D. Transport Zone Mode








Answer: A

You have deployed a two-tiered application using four virtual machines: - Two virtual machines are web application servers - Two virtual machines providing a clustered database service What feature can you configure to provide the most accurate account for only the traffic between the web servers and the clustered database?

Add Comment

You have deployed a two-tiered application using four virtual machines:
- Two virtual machines are web application servers
- Two virtual machines providing a clustered database service
What feature can you configure to provide the most accurate account for only the traffic between the web servers and the clustered database? 






A. On the vSphere Distributed Switch, configure the use of a port mirroring session using the Encapsulated Remote Mirroring (L3) Source session type.
B. On the vSphere Distributed Switch, configure the use of a port mirroring session using the Remote Mirroring Destination session type.
C. On the vSphere Distributed Switch, configure the use of an Isolated Private VLAN for the ports of the four virtual machines.
D. On the vSphere Distributed Switch, configure Netflow for the distributed virtual port group and enable Process internal flows only for the distributed switch.







Answer: D

A network security administrator wants to monitor traffic on several VLANs configured on a vSphere Distributed Switch. The traffic will be sent to another distributed port. What type of port mirroring session must be configured to meet these requirements?

Add Comment

A network security administrator wants to monitor traffic on several VLANs configured on a vSphere Distributed Switch. The traffic will be sent to another distributed port.
What type of port mirroring session must be configured to meet these requirements? 







A. Select the session type Distributed Port Mirroring when configuring the Port Mirroring session.
B. Select the session type Remote Mirroring Source when configuring the Port Mirroring session.
C. Select the session type Remote Mirroring Destination when configuring the Port Mirroring session.
D. Select the session type Distributed Port Mirroring (legacy) when configuring the Port Mirroring session.










Answer: C

What are two valid methods of configuring virtual machines to use a vSphere Distributed Switch (vDS) that are currently using a vSphere Standard Switch (vSS)?

Add Comment

What are two valid methods of configuring virtual machines to use a vSphere Distributed Switch (vDS) that are currently using a vSphere Standard Switch (vSS)?  








A. Select each virtual machine and drag it to the vSphere Distributed Switch.
B. Select the vSS in use by the virtual machines and select the Move to option on the right-click menu.
C. Select each virtual machine and edit the virtual network adapter's connection settings.
D. Use the Migrate Virtual Machine Networking option from the right-click menu of the vDS.







Answer: C,D

On a vSS, how does teaming two or more physical network adapters provide load balancing when using the Load Balancing feature Route based on the originating virtual port ID?

Add Comment

On a vSS, how does teaming two or more physical network adapters provide load balancing when using the Load Balancing feature Route based on the originating virtual port ID? 







A. They physical network adapter is chosen by use of a round robin based algorithm for each additional virtual port in the port group that becomes active.
B. The physical network adapter is chosen by using the source IP address of the virtual machine and the destination IP address as variables in an algorithm.
C. The physical network adapter is chosen by using the source MAC address as a variable in an algorithm.
D. The physical network adapter is chosen based on the workloads from each port and the number of physical adapters.







Answer: A

Which two statements describe the network connectivity provided by a vSphere Standard Switch (vSS)?

Add Comment

Which two statements describe the network connectivity provided by a vSphere Standard Switch (vSS)?  








A. A vSS provides a direct and logical connection between a virtual machine NIC and a physical NIC.
B. A vSS provides a direct and logical connection between two vSphere Distributed Switches.
C. A vSS connects the vNIC of a virtual machine to the physical network based on the bandwidth of the VM's configured network adapter.
D. A vSS connects the vNIC of a virtual machine to the physical network and is not restricted to a specific bandwidth allocation based on the VM's configured network adapter.






Answer: A,D

How does NSX simplify the underlying physical network?

Add Comment

How does NSX simplify the underlying physical network? 






A. All configuration and state information is available via the REST APIs to automate the configuration of the physical network.
B. All configuration and state information are readily accessible, as is the mapping between virtual network topologies and the physical network.
C. All configuration and state information is stored in the local NSX BPDU database, eliminating the need for Spanning Tree Protocol (STP) on the physical network.
D. All configuration and state information is cached by the NSX controllers, reducing the number of MAC/ARP table entries on the physical network.







Answer: B

Which two statements are true regarding NSX?

Add Comment

Which two statements are true regarding NSX?  







A. Workloads can be placed and moved independently of physical topology.
B. Operational efficiency can be achieved through automation of the physical network.
C. Workload deployments are non-disruptive over the existing physical network.
D. NSX implementation requires a VMware vSphere environment.








Answer: A,C
Subscribe to: Posts (Atom)