2V0-641 VMware Certified Professional 6 Network Virtual Exam Set 4

Which statement describes proper packet processing of layer 3 traffic in an NSX for vSphere topology?   


Options are :

  • Only packets requiring routing to another VM on a different host are processed by the distributed router. Other packets are processed by the Logical Router Control VM.
  • Only packets requiring routing to another VM on the same host are processed by the distributed router. Other packets are processed by the Logical Router Control VM.
  • All packets requiring routing are processed by performing a lookup in the Logical Router Control VM and then forwarded.
  • All packets are processed by the distributed router. No packets are processed by the Logical Router Control VM.

Answer : All packets are processed by the distributed router. No packets are processed by the Logical Router Control VM.

What is the minimum MTU size recommended by VMware for the physical network when deploying NSX for vSphere? 


Options are :

  • 1550
  • 1600
  • 2148
  • 9000

Answer : 1600

2V0-641 VMware Certified Professional 6 Network Exam Set 4

Which NSX service or feature provides optimized management of virtual machine broadcast (ARP) traffic? 


Options are :

  • VTEP
  • Edge Services Gateway
  • NSX Manager
  • NSX Controller

Answer : NSX Controller

What are two valid methods of configuring virtual machines to use a vSphere Distributed Switch (vDS) that are currently using a vSphere Standard Switch (vSS)? (Choose two.) A. Select each virtual machine and drag it to the vSphere Distributed Switch. B. Select the vSS in use by the virtual machines and select the Move to option on the right-click menu. C. Select each virtual machine and edit the virtual network adapter's connection settings. D. Use the Migrate Virtual Machine Networking option from the right-click menu of the vDS. 


Options are :

  • A,C
  • C,D
  • A,B
  • B,D

Answer : C,D

Which statement is correct when upgrading vShield Data Security to NSX Data Security? 


Options are :

  • NSX Controller must be deployed before the upgrade.
  • vCould Network and Security must be at least version 5.1 before starting the upgrade.
  • The vCloud Network and Security Virtual Wires must have been upgraded.
  • NSX Data Security does not support a direct upgrade.

Answer : NSX Data Security does not support a direct upgrade.

VMware VDCD510 Advanced Professional Data Center Design Exam Set 7

You are tasked with designing a data center architecture that should maximize the use of vMotion within your environment. You must use these VMware best practices:  The network must utilize widely offered layer 2 switching and layer 3 switching services  Purchase of new equipment should be minimized Which two network design architectures will provide the requirements for vMotion in your data center? (Choose two.) A. Utilize layer 3 switching from the access layer through the core. B. Employ layer 2 multipathing using a standardized protocol. C. Deploy a flat, traditional layer 2 switched network. D. Deploy an overlay technology for the deployment of your virtual network 


Options are :

  • A,B
  • C,D
  • A,D
  • B,C

Answer : A,D

Which option is VMware's best practice for the deployment of NSX Manager and NSX Controller components? 


Options are :

  • Deploy the NSX Controller components to a management cluster and the NSX Manager component to a resource cluster.
  • Deploy the NSX Manager component to a management cluster and the NSX Controller components to a resource cluster.
  • Deploy the NSX Manager and NSX Controller components to a management cluster.
  • Deploy the NSX Manager and NSX Controller components to a resource cluster.

Answer : Deploy the NSX Manager and NSX Controller components to a management cluster.

Which two characteristics of the underlying physical network does VMware NSX require for robust IP transport? (Choose two.) A. The physical network should provide scalable network I/O using Layer 2 Multipathing (L2MP) and Multichassis Link Aggregation (MLAG). B. The physical network should provide scalable network I/O using Equal Cost Multipathing (ECMP).  C. QoS is not necessary since classification and marking will be done in the overlay. D. QoS classification and marking is required to provide end-to-end flow control 


Options are :

  • A,C
  • B,D
  • C,D
  • A,B

Answer : B,D

VMware VDCD510 Advanced Professional Data Center Design Exam Set 4

Which statement is true regarding deploying NSX over a physical network? 


Options are :

  • VLANs are not required to separate traffic between virtual machines.
  • OSPF can be used for Management traffic in a Layer 3 fabric design.
  • NSX can implement IPv6 on an IPv4 physical network.
  • Routing is supported on bridged interfaces.

Answer : NSX can implement IPv6 on an IPv4 physical network.

What are three switch features found only on vSphere Distributed Switches? (Choose three.) A. Network I/O Control B. CDP C. LLDP D. SR-IOV E. Port Mirroring 


Options are :

  • A,B,C
  • A,C,E
  • B,C,D
  • A,D,E

Answer : A,C,E

On a vSphere Standard Switch, how does teaming two or more physical network adapters provide load balancing when using the Load Balancing feature Route based on the originating virtual port ID? 


Options are :

  • The physical network adapter is chosen by using the source MAC address as a variable in an algorithm.
  • The physical network adapter is chosen based on the workloads from each port and the number of physical adapters.
  • The physical network adapter is chosen by using the source IP address of the virtual machine and the destination IP address as variables in an algorithm.
  • They physical network adapter is chosen by use of a round robin based algorithm for each additional virtual port in the port group that becomes active.

Answer : They physical network adapter is chosen by use of a round robin based algorithm for each additional virtual port in the port group that becomes active.

2V0-641 VMware Certified Professional 6 Network Exam Set 1

Which two NSX Data Security roles could be assigned to view configured policies and violation reports? (Choose two.) A. Security Administrator B. NSX Administrator C. Auditor D. Enterprise Administrator 


Options are :

  • C,D
  • B,D
  • A,B
  • A,C

Answer : A,C

2V0-620 VMware VSphere 6 Foundations Practice Exam Set 5

How are Logical Firewall rules applied to affected virtual machines? 


Options are :

  • They are pushed by the NSX Controllers into all the ESXi hosts in the same Transport Zone.
  • They are pushed by the NSX Controllers to the ESXi hosts running the destination virtual machines.
  • They are pushed by the NSX Manager to all the ESXi hosts in the NSX environment.
  • They are pushed by the NSX Manager to the ESXi hosts running the source and/or destination virtual machines.

Answer : They are pushed by the NSX Manager to the ESXi hosts running the source and/or destination virtual machines.

Which service cannot be included in a Security Policy using Service Composer?   


Options are :

  • Endpoint Services
  • Firewall Rules
  • Network Introspection Services
  • Virtual Private Network Services

Answer : Virtual Private Network Services

An administrator has deployed NSX in an environment containing a mix of vSphere 5 hosts. The implementation includes the Distributed Firewall Service, but the administrator finds that rules are not being applied to all affected virtual machines. What two conditions would cause this behavior? (Choose two.)  A. Some hosts have not been prepared for NSX. B. Only ESXi 5.5 and later hosts can push the rules to the virtual machines. C. Only ESXi 5.1 and later hosts can push the rules to the virtual machines. D. Some hosts are blocking the port used for rule distribution. 


Options are :

  • B,D
  • C,D
  • A,C
  • A,B

Answer : A,C

VCPN610 VMware Certified Professional Network Virtual Test Set 4

Which two statements are true regarding Layer 2 VPNs? (Choose two.) A. Layer 2 VPNs are used to securely extend Ethernet segments over an untrusted medium. B. The NSX Edge Service Gateway can form a Layer 2 VPN with a standards-compliant physical appliance. C. The Distributed Router can form a Layer 2 VPN to another Distributed Router or NSX Edge Service Gateway. D. Layer 2 VPNs require the two VPN endpoints be in the same Layer 2 segment.   


Options are :

  • C,D
  • A,B
  • A,C
  • B,D

Answer : A,B

Which two actions take place when an active NSX Edge instance fails? (Choose two.) A. Once the original NSX Edge instance is recovered, it preempts the other NSX Edge instance and takes over the active role. B. The standby NSX Edge instance becomes the active instance and requests routing updates from the routing neighbors. C. Once the original NSX Edge instance is recovered, the NSX Manager attempts to place it on a different host from the other NSX Edge instance. D. The standby NSX Edge instance becomes the active instance and retains any routing neighbor adjacencies. 


Options are :

  • B,D
  • A,C
  • A,B
  • C,D

Answer : C,D

After consulting with the network team, it is decided that Transport Zones will be configured with Unicast Replication Mode for a new NSX for vSphere deployment. Which statement is true regarding the function of the VXLAN Tunnel End Points (VTEPs)? 


Options are :

  • The VTEPs will send unicast frames to all local VTEPs and remote proxies in the Transport Zone when the VTEPs do not have a MAC address in the MAC table.
  • None of the Above
  • The VTEPs will send multicast frames to all other VTEPs in the Transport Zone when the VTEPs do not have a MAC address in the MAC table.
  • The VTEPs will switch to Multicast Replication Mode for those VTEPs to which multicast path discovery is successful.
  • The VTEPs will send unicast frames to the NSX Controllers when the VTEPs do not have a MAC address in the MAC table.

Answer : The VTEPs will send unicast frames to all local VTEPs and remote proxies in the Transport Zone when the VTEPs do not have a MAC address in the MAC table.

2V0-621D VMware Certified Professional 6 Data Center Exam Set 6

Which action is not an option for adding Virtual Machines to a Security Group? 


Options are :

  • Selecting objects to include within a Security Group.
  • Defining Dynamic Membership in the Security Group.
  • Adding Virtual Machines to a Security Group and nesting it within another Security Group.
  • Adding Virtual Machines to a Security Policy and associating it with a Security Group.

Answer : Adding Virtual Machines to a Security Policy and associating it with a Security Group.

A vSphere administrator added a new interface to a Distributed Router with a subnet of 172.16.10.0/24 and wants to make this subnet reachable to the rest of the network. How can the vSphere administrator achieve this? 


Options are :

  • Enable OSPF on the Distributed Router. Configure the uplink interface in the normal area and the new interface with the subnet 172.16.10.0/24 in a Backbone area.
  • Enable OSPF on the Distributed Router. Configure the uplink interface in the Backbone area and redistribute into OSPF the 172.16.10.0/24 subnet.
  • Enable OSPF on the Distributed Router. Configure the uplink interface in the Backbone area and redistribute from OSPF the 172.16.10.0/24 subnet.
  • Enable OSPF on the Distributed Router. Configure the uplink interface in the Backbone area and the new interface with the subnet 172.16.10.0/24 in a normal area.

Answer : Enable OSPF on the Distributed Router. Configure the uplink interface in the Backbone area and the new interface with the subnet 172.16.10.0/24 in a normal area.

High Availability (HA) was not initially configured when an administrator deployed an NSX Edge Service Gateway. What should the administrator do to configure the NSX Edge with HA? 


Options are :

  • Delete the NSX Edge instance and redeploy it with HA. The configuration data is retained by NSX Manager and pushed to the new NSX Edge instance.
  • Delete the NSX Edge instance and redeploy it with HA. The existing NSX Edge configuration data will be lost.
  • Select the NSX Edge appliance from the Virtual Machines and Templates view. Go to Actions> All vCenter Actions> Enable HA to configure High Availability.
  • Select the NSX Edge instance from the NSX Edges view in Networking & Security. Go to Manage> Settings> Configuration and add a NSX Edge appliance.

Answer : Select the NSX Edge instance from the NSX Edges view in Networking & Security. Go to Manage> Settings> Configuration and add a NSX Edge appliance.

VCAD510 VMware Certified Associate Data Center Virtual Test Set 1

Which two components are required to enable layer 2 bridging? (Choose two.) A. Distributed firewall rule to allow layer 2 traffic in the bridge. B. Deployed Logical Switch. C. Deployed Logical Router. D. VLAN trunk configured on logical switch. 


Options are :

  • B,D
  • A,B
  • A,C
  • C,D

Answer : A,C

An administrator wants to perform Activity Monitoring on a large group of virtual machines in an NSX environment. How would this task be accomplished with minimal administrative effort?


Options are :

  • Create a security group in Service Composer and add the virtual machines to the security group.
  • Add the virtual machines to a VM folder in vCenter Server and enable data collection.
  • Add the virtual machines to the pre-defined Activity Monitoring security group in Service Composer.
  • Create a PowerCLI script to enable virtual machine data collection on each virtual machine.

Answer : Add the virtual machines to the pre-defined Activity Monitoring security group in Service Composer.

A new ESXi 5.5 host is deployed in a vSphere environment with VMware NSX for vSphere. How can the host be prepared for VMware NSX for vSphere? 


Options are :

  • By using Image Builder to pre-load the NSX for vSphere VIBs in the ESXi image in an Auto Deploy solution.
  • By creating a new VMkernel port in the host from the Host and Clusters inventory view in vSphere Web Client
  • By leveraging VMware Update Manager to install the new NSX for vSphere VIBs into each of the hosts.
  • By entering the ESXi 5.5 management IP address in the NSX Controllers so the VIBs can be installed.

Answer : By using Image Builder to pre-load the NSX for vSphere VIBs in the ESXi image in an Auto Deploy solution.

VCP-410 VMware Certified Professional on VSphere 4 Exam Set 6

A vSphere administrator deploys the NSX Edge Load Balancer in Inline mode. Which is not a requirement for the Load Balancer to operate correctly? 


Options are :

  • Connect the Load Balancer directly to the same subnet as the VMs that are part of the Server Pool.
  • Point the virtual machines in the Server Pool to the Load Balancer as their default gateway.
  • Perform Destination NAT on the traffic from the clients
  • Perform Source NAT on the traffic from the clients.

Answer : Perform Source NAT on the traffic from the clients.

If a Security Group is the Source for a General Logical Firewall Rule, which Virtual Machines will be affected by the rule?   


Options are :

  • Each Virtual Machine defined in the Source and Destination fields of the Logical Firewall Rule.
  • Each Virtual Machine identified in the Destination field of the Logical Firewall Rule.
  • Each Virtual Machine identified in the Applied To field of the Logical Firewall Rule.
  • Each Virtual Machine defined in the Security Group.

Answer : Each Virtual Machine identified in the Applied To field of the Logical Firewall Rule.

What is a prerequisite to deploying a Logical Switch? 


Options are :

  • Add the ESXi hosts to the same vSphere Distributed Switch.
  • Prepare and configure VTEPs on the ESXi hosts using the vSphere Web Client.
  • Create a port group on the vSphere Distributed Switch
  • Configure the VXLAN Tunnel Endpoint's (VTEP) VLAN on the trunk in the physical switches.

Answer : Configure the VXLAN Tunnel Endpoint's (VTEP) VLAN on the trunk in the physical switches.

2V0-641 VMware Certified Professional 6 Network Exam Set 5

A vSphere administrator wants to add a VLAN LIF to a Distributed Router. What must the vSphere administrator do for the VLAN LIF to be added successfully? 


Options are :

  • The vSphere administrator must assign a VLAN number to the distributed portgroup that the VLAN LIF connects to.
  • The vSphere administrator must assign a VLAN number to the uplink on the distributed switch that the VLAN LIF connects to.
  • The vSphere administrator must assign a VLAN number to the Distributed Router that the Logical Switch connects to.
  • The vSphere administrator must assign a VLAN number to the Logical Switch that the Distributed Router connects to.

Answer : The vSphere administrator must assign a VLAN number to the distributed portgroup that the VLAN LIF connects to.

An NSX Edge Service Gateway has two interfaces:  Internal interface named Internal Access -- IP address = 10.10.10.1 -- Network mask = 255.255.255.0  Uplink interface named Physical Uplink   -- IP address = 20.20.20.1 -- Network mask = 255.255.255.0 A vSphere administrator wants to add a SNAT rule to allow traffic from the internal network segment to access external resources via the uplink interface. Which three steps should the vSphere administrator do to add the SNAT rule? (Choose three.) A. Apply the SNAT rule to the Internal Access interface. B. Select 10.10.10.1 as the translated source IP. C. Apply the SNAT rule on the Physical Uplink interface. D. Select 10.10.10.0/24 as the original subnet. E. Choose 20.20.20.2 as the translated source IP address.   


Options are :

  • C,D,E
  • A,B,E
  • B,C,D
  • A,B,C

Answer : C,D,E

Which is not a valid Destination option for a General Logical Firewall rule? 


Options are :

  • Datacenter
  • Virtual App
  • Network
  • MAC Set

Answer : MAC Set

VMware VDCD510 Advanced Professional Data Center Design Exam Set 4

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now