VCPN610 VMware Certified Professional Network Virtual Test Set 3

Your data center is made up of two VMware vCenter Server instances. Each vCenter Servermanages three clusters with 16 hosts per cluster.In preparing for your VMware NSX deployment, how many vShield Endpoint instances will youhave?


Options are :

  • 6
  • 48
  • 96 (Correct)
  • 2

Answer : 96

VMware Certified Professional VCP6-DCV Practice Test Set 1

A vSphere administrator wants to add a VLAN LIF to a Distributed Router. What must the vSphereadministrator do for the VLAN LIF to be added successfully?


Options are :

  • The vSphere administrator must assign a VLAN number to the Logical Switch that the Distributed Router connects to.
  • The vSphere administrator must assign a VLAN number to the Distributed Router that the Logical Switch connects to.
  • The vSphere administrator must assign a VLAN number to the uplink on the distributed switch that the VLAN LIF connects to.
  • The vSphere administrator must assign a VLAN number to the distributed portgroup that the VLAN LIF connects to. (Correct)

Answer : The vSphere administrator must assign a VLAN number to the distributed portgroup that the VLAN LIF connects to.

A vSphere administrator wants to setup an NSX Edge Service Gateway to provide travelingemployees secure access to company servers located in specific network segments within thecorporate Data Centers. The solution has to be as scalable as possible.Which Virtual Private Network solution will satisfy the administrator's requirements?


Options are :

  • Layer 2 VPN
  • IPSec VPN
  • SSL VPN (Correct)
  • MPLS VPN

Answer : SSL VPN

How is the Bridge Instance chosen?


Options are :

  • The VTEP configured with the highest VXLAN Network Identifier (VNI) is selected.
  • It is manually assigned by the vSphere administrator when the distributed portgroup is configured.
  • During an election process among all ESXi hosts. The host with the highest MAC address is selected.
  • It is chosen based on the ESXi host where the Logical Router Control VM is running. (Correct)

Answer : It is chosen based on the ESXi host where the Logical Router Control VM is running.

VCPN610 VMware Certified Professional Network Virtual Test Set 1

A company wants to deploy VMware NSX for vSphere with no PIM and no IGMP configured in theunderlying physical network. This company also must ensure that non-ESXi hosts do not receivebroadcast, unknown unicast or multicast (BUM) traffic.Which replication mode should the logical switches be deployed with?


Options are :

  • Transport Zone Mode
  • Hybrid Replication Mode
  • Multicast Replication Mode
  • Unicast Replication Mode (Correct)

Answer : Unicast Replication Mode

Which statement is true regarding an NSX Edge gateway device configured with a DNS Server?


Options are :

  • The NSX Edge configuration will override the DNS Server configured by the NSX Manager
  • The NSX Edge will forward all DNS requests from virtual machines sent to it to the DNS Server. (Correct)
  • The NSX Edge periodically synchronizes its DNS tables with the primary DNS Server.
  • The NSX Edge registers the DNS Server with the NSX Controller.

Answer : The NSX Edge will forward all DNS requests from virtual machines sent to it to the DNS Server.

A vSphere administrator added a new interface to a Distributed Router with a subnet of172.16.10.0/24 and wants to make this subnet reachable to the rest of the network. How can thevSphere administrator achieve this?


Options are :

  • Enable OSPF in the Distributed Router. Configure the uplink interface in the normal area and the new interface with the subnet 172.16.10.0/24 in a Backbone area.
  • Enable OSPF on the Distributed Router. Configure the uplink interface in the Backbone area and the new interface with the subnet 172.16.10.0/24 in a normal area. (Correct)
  • Enable OSPF on the Distributed Router. Configure the uplink interface in the Backbone area and redistribute into OSPF the 172.16.10.0/24 subnet.
  • Enable OSPF on the Distributed Router. Configure the uplink interface in the Backbone area and redistribute from OSPF the 172.16.10.0/24 subnet.

Answer : Enable OSPF on the Distributed Router. Configure the uplink interface in the Backbone area and the new interface with the subnet 172.16.10.0/24 in a normal area.

VMware Certified Professional VCP6-DCV Practice Test Set 2

What is determined when an NSX Administrator creates a Segment ID Pool?


Options are :

  • The range of VXLAN Network Identifiers (VNIs) that can be assigned to Logical Switches. (Correct)
  • The total number of Logical Switches that can be deployed in a single Compute Cluster.
  • The total number of addresses that can be used to assign VTEP IP addresses to ESXi hosts during host preparation.
  • The range of VLAN segments that can be assigned to Transport Zones.

Answer : The range of VXLAN Network Identifiers (VNIs) that can be assigned to Logical Switches.

A new ESXi 5.5 host is deployed in a vSphere environment with VMware NSX for vSphere. Howcan the host be prepared for VMware NSX for vSphere?


Options are :

  • By creating a new VMkernel port in the host from the Host and Clusters inventory view in vSphere Web Client.
  • By leveraging VMware Update Manager to install the new NSX for vSphere VIBs into each of the hosts.
  • By entering the ESXi 5.5 management IP address in the NSX Controllers so the VIBs can be installed.
  • By using Image Builder to pre-load the NSX for vSphere VIBs in the ESXi image in an Auto Deploy solution. (Correct)

Answer : By using Image Builder to pre-load the NSX for vSphere VIBs in the ESXi image in an Auto Deploy solution.

An administrator consults with the network team and decides that Transport Zones will beconfigured with Hybrid Replication Mode for a new NSX for vSphere deployment.Which statement is true?


Options are :

  • The ESXi hosts in the Transport Zone are running on different server hardware.
  • The physical network is configured to support multicast.
  • The Ethernet segments where the VTEPs are connected have some level of multicast support. (Correct)
  • NONE
  • A multicast range has been configured in the NSX Manager as part of the Logical Network Preparation.

Answer : The Ethernet segments where the VTEPs are connected have some level of multicast support.

VMware Certified Professional VCP6-DCV Practice Test Set 5

An administrator wishes to control traffic flow between two virtual machines. The virtual machinesare in the same subnet, but are located on separate ESXi hosts. The administrator deploys anEdge Firewall to one of the hosts and verifies the default firewall rule is set to deny, but the twovirtual machines can still communicate with each other.What task will correct this issue?


Options are :

  • Configure both ESXi host firewalls to deny traffic from the virtual machine on the other host.
  • Remove any other firewall appliances that may exist on either of the ESXi hosts.
  • Deploy another Edge Firewall on the host running the second virtual machine.
  • Deploy a Distributed Firewall with firewall rules to prevent traffic between the virtual machines. (Correct)

Answer : Deploy a Distributed Firewall with firewall rules to prevent traffic between the virtual machines.

Which two options are valid distribution methods used by the NSX Edge Load Balancer? (Choosetwo.)A. Destination IP HashB. Least LoadC. URID. Round Robin


Options are :

  • C,B
  • C,D (Correct)
  • C,A
  • A,D

Answer : C,D

An administrator manages a TFTP server virtual machine that is connected to a Logical Switchwith a VNI of 7321. The TFTP server has been configured to use port 1069. An NSX Edge ServiceGateway is connected to VNI 7321 and has an uplink interface with access to the physicalnetwork. Assume external users can reach the Service Gateway.What should the administrator configure to ensure external connections to the TFTP server aresuccessful?


Options are :

  • Create a SNAT rule with the original port of 69 and translated port of 1069.
  • Create a SNAT rule with the original port of 1069 and translated port of 69.
  • Create a DNAT rule with the original port of 69 and translated port of 1069. (Correct)
  • Create a DNAT rule with the original port of 1069 and translated port of 69.

Answer : Create a DNAT rule with the original port of 69 and translated port of 1069.

VMware Certified Professional VCP6-DCV Practice Test Set 2

Which components are required to enable layer 2 bridging? (Choose two.)A. Distributed firewall rule to allow layer 2 traffic in the bridge.B. Deployed Logical Switch.C. Deployed Logical Router.D. VLAN trunk configured on logical switch.


Options are :

  • A,C (Correct)
  • D,C
  • A,B
  • A,D

Answer : A,C

How are Logical Firewall rules applied to affected virtual machines?


Options are :

  • They are pushed by the NSX Manager to the ESXi hosts running the source and/or destination virtual machines. (Correct)
  • They are pushed by the NSX Manager to all the ESXi hosts in the NSX environment.
  • They are pushed by the NSX Controllers to the ESXi hosts running the destination virtual machines.
  • They are pushed by the NSX Controllers into all the ESXi hosts in the same Transport Zone.

Answer : They are pushed by the NSX Manager to the ESXi hosts running the source and/or destination virtual machines.

Which two options are use cases of Layer 2 bridging in NSX for vSphere? (Choose two.)A. Extend the network security to physical devices in the physical network by use of theDistributed Firewall.B. Extend physical services to Virtual Machines in virtual network.C. Allow clustering of multiple NSX Managers in a single vCenter Server instance.D. Allow physical devices in the physical network to use the NSX Edge Gateway as a defaultrouter.


Options are :

  • B,C
  • C,D
  • B,A
  • B,D (Correct)

Answer : B,D

VMware Certified Professional VCP6-DCV Practice Test Set 5

A company has augmented its Data Center infrastructure by using vCloud Hybrid Service duringpeak hours. The company wants to extend their existing subnets into the cloud while workloadsretain their existing IP addresses. The virtual machines in these subnets use an NSX EdgeGateway as their default gateway.Which solution should this company use?


Options are :

  • SSL VPN
  • MPLS VPN
  • IPSec VPN
  • Layer 2 VPN (Correct)

Answer : Layer 2 VPN

An administrator wants to perform Activity Monitoring on a large group of virtual machines in anNSX environment. How would this task be accomplished with minimal administrative effort?


Options are :

  • Add the virtual machines to the pre-defined Activity Monitoring security group in Service Composer. (Correct)
  • Create a security group in Service Composer and add the virtual machines to the security group.
  • Create a PowerCLI script to enable virtual machine data collection on each virtual machine.
  • Add the virtual machines to a VM folder in vCenter Server and enable data collection.

Answer : Add the virtual machines to the pre-defined Activity Monitoring security group in Service Composer.

After deploying NSX, an administrator does not see the Networking & Security tab whenconnecting to the vCenter Server using the vSphere Web Client.What should the administrator do?


Options are :

  • Register the NSX Manager with the vCenter Server. (Correct)
  • The NSX Manager must be configured to use Single Sign-On before it will be available
  • The NSX Controllers must be deployed before NSX Manager is available.
  • Register the NSX Manager with the Inventory Service.

Answer : Register the NSX Manager with the vCenter Server.

VMware Certified Professional VCP6-DCV Practice Test Set 3

Which two are valid types of authentication for an OSPF area? (Choose two.)A. Password authenticationB. MD5 authenticationC. SHA1 authenticationD. LDAP authentication


Options are :

  • A,D
  • A,B (Correct)
  • A,C
  • C,B

Answer : A,B

An administrator has deployed NSX in an environment containing a mix of vSphere 5 hosts. Theimplementation includes the Distributed Firewall Service, but the administrator finds that rules arenot being applied to all affected virtual machines.What two conditions would cause this behavior? (Choose two.)A. Some hosts have not been prepared for NSX.B. Only ESXi 5.5 and later hosts can push the rules to the virtual machines.C. Only ESXi 5.1 and later hosts can push the rules to the virtual machines.D. Some hosts are blocking the port used for rule distribution.


Options are :

  • A,C (Correct)
  • A,D
  • B,C
  • A,B

Answer : A,C

Which statement is correct when upgrading vShield Data Security to NSX Data Security?


Options are :

  • NSX Data Security does not support a direct upgrade. (Correct)
  • The vCloud Network and Security Virtual Wires must have been upgraded.
  • NSX Controller must be deployed before the upgrade.
  • vCould Network and Security must be at least version 5.1 before starting the upgrade.

Answer : NSX Data Security does not support a direct upgrade.

VMware Certified Professional VCP6-DCV Practice Test Set 2

A company hosts an internal website on multiple virtual machines attached to a Logical Switchwith VNI 7321. A Distributed Router serves as the virtual machines' default gateway.When an user resolves the URL for the website, the internal DNS server responds with the IPaddress of one of the virtual machine's IP addresses in a round robin fashion. This approachresults in some virtual machines having a much higher number of user sessions than others.The company wants to deploy a NSX Edge Service Load Balancer to improve on this situation.Which distribution method can be configured on the NSX Edge Load Balancer to meet thecompany's needs?


Options are :

  • LEAST_CONN (Correct)
  • URI
  • LEAST_LOAD
  • IP_HASH

Answer : LEAST_CONN

Which two statements are true regarding Layer 2 VPNs? (Choose two.)A. Layer 2 VPNs are used to securely extend Ethernet segments over an untrusted medium.B. The NSX Edge Service Gateway can form a Layer 2 VPN with a standards-compliant physicalappliance.C. The Distributed Router can form a Layer 2 VPN to another Distributed Router or NSX EdgeService Gateway.D. Layer 2 VPNs require the two VPN endpoints be in the same Layer 2 segment.


Options are :

  • A,C
  • A,D
  • C,B
  • A,B (Correct)

Answer : A,B

Which two actions take place when an active NSX Edge instance fails? (Choose two.)A. Once the original NSX Edge instance is recovered, it preempts the other NSX Edge instanceand takes over the active role.B. The standby NSX Edge instance becomes the active instance and requests routing updatesfrom the routing neighbors.C. Once the original NSX Edge instance is recovered, the NSX Manager attempts to place it on adifferent host from the other NSX Edge instance.D. The standby NSX Edge instance becomes the active instance and retains any routing neighboradjacencies.


Options are :

  • C,B
  • B,D
  • C,D (Correct)
  • C,A

Answer : C,D

VCPC550 VMware Certified Professional Cloud Practice Test Set 2

Which two statements are true regarding NSX High Availability? (Choose two.)A. NSX HA is configured as Active-Active.B. NSX HA is configured as Active-Standby.C. If an Active node fails, there is no service interruption during failover.D. If an Active node fails, there is a 15 second service interruption during failover.


Options are :

  • B,A
  • B,C (Correct)
  • D,C
  • B,D

Answer : B,C

Where does the Distributed Logical Firewall enforce firewall rules?


Options are :

  • At the ESXi host vmnic used by the vSphere Distributed Switch.
  • At the Logical Switch virtual port that the Virtual Machine connects to.
  • At the NSX Controller's firewall kernel module.
  • At the Virtual Machine's virtual Network Interface Card (vNIC). (Correct)

Answer : At the Virtual Machine's virtual Network Interface Card (vNIC).

An NSX Edge Service Gateway has two interfaces: Internal interface named Internal Access-- IP address = 10.10.10.1-- Network mask = 255.255.255.0 Uplink interface named Physical Uplink-- IP address = 20.20.20.1-- Network mask = 255.255.255.0A vSphere administrator wants to add a SNAT rule to allow traffic from the internal networksegment to access external resources via the uplink interface.Which three steps should the vSphere administrator do to add the SNAT rule? (Choose three)A. Apply the SNAT rule to the Internal Access interface.B. Select 10.10.10.1 as the translated source IP.C. Apply the SNAT rule on the Physical Uplink interface.D. Select 10.10.10.0/24 as the original subnet.E. Choose 20.20.20.2 as the translated source IP.


Options are :

  • C,A,E
  • C,D,E (Correct)
  • C,D,B
  • B,D,E

Answer : C,D,E

VCPC550 VMware Certified Professional Cloud Practice Test Set 11

A vSphere administrator wants to setup an NSX Edge Service Gateway to provide travelingemployees secure access to company servers located in specific network segments within thecorporate Data Center. The remote access solution must provide a method to authenticate theusers.Which two methods can be used with the NSX Edge Service Gateway? (Choose two.)A. TACACS+B. MS-CHAPC. RSA Secure IDD. Active Directory


Options are :

  • C,D (Correct)
  • C,A
  • B,D
  • C,B

Answer : C,D

A vSphere administrator deployed an NSX Edge Load Balancer in HA mode. What happens in theevent the Load Balancer has a failure?


Options are :

  • The secondary NSX Edge Load Balancer assumes the role of primary. Existing Flows will need to have their connections reestablished. (Correct)
  • HA will start the NSX Edge Load Balancer on another ESXi host in the cluster. The NSX Controller caches existing flows and hands them to the Load Balancer when it is back up.
  • The secondary NSX Edge Load Balancer assumes the role of primary. The NSX Controller caches existing flows and hands them to the Load Balancer when it is back up.
  • HA will start the NSX Edge Load Balancer on another ESXi host in the cluster. All existing flows will need to have their connections reestablished.

Answer : The secondary NSX Edge Load Balancer assumes the role of primary. Existing Flows will need to have their connections reestablished.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions