VMware 2V0-641 Professional Network Virtualization Exam Set 2

Which two components are valid minimum prerequisites for installing NSX in a vSphere environment? (Choose two.)


Options are :

  • Virtual Machine hardware version 8.0 or later
  • VMware vCenter Server 5.5 or later
  • ESXi 4.1 or later
  • VMware Tools 8.6 or later

Answer :VMware vCenter Server 5.5 or later VMware Tools 8.6 or later

2V0-641 VMware Certified Professional 6 Network Exam Set 4

High Availability (HA) was not initially configured when an administrator deployed an NSX Edge Service Gateway. What should the administrator do to configure the NSX Edge with HA?


Options are :

  • Delete the NSX Edge instance and redeploy it with HA. The existing NSX Edge configuration data will be lost.
  • Select the NSX Edge appliance from the Virtual Machines and Templates view. Go to Actions> All vCenter Actions> Enable HA to configure High Availability.
  • Delete the NSX Edge instance and redeploy it with HA. The configuration data is retained by NSX Manager and pushed to the new NSX Edge instance.
  • Select the NSX Edge instance from the NSX Edges view in Networking & Security. Go to Manage> Settings> Configuration and add a NSX Edge appliance.

Answer :Select the NSX Edge instance from the NSX Edges view in Networking & Security. Go to Manage> Settings> Configuration and add a NSX Edge appliance.

Which two statements are true regarding NSX High Availability (HA)? (Choose two.)


Options are :

  • If an Active node fails, there is no service interruption during failover
  • NSX HA is configured as Active-Active.
  • If an Active node fails, there is a 15 second service interruption during failover.
  • NSX HA is configured as Active-Standby

Answer :If an Active node fails, there is no service interruption during failover NSX HA is configured as Active-Standby

Which two actions take place when an active NSX Edge instance fails? (Choose two.)


Options are :

  • Once the original NSX Edge instance is recovered, it preempts the other NSX Edge instance and takes over the active role.
  • Once the original NSX Edge instance is recovered, the NSX Manager attempts to place it on a different host from the other NSX Edge instance.
  • The standby NSX Edge instance becomes the active instance and requests routing updates from the routing neighbors.
  • The standby NSX Edge instance becomes the active instance and retains any routing neighbor adjacencies.

Answer :Once the original NSX Edge instance is recovered, the NSX Manager attempts to place it on a different host from the other NSX Edge instance. The standby NSX Edge instance becomes the active instance and retains any routing neighbor adjacencies.

VCP550D VMware Certified Professional 5 Data Center Exam Set 4

Which tool is used to detect rogue services?


Options are :

  • NSX Logical Firewall
  • Flow Monitoring
  • NSX Logical Router
  • Activity Monitoring

Answer :Flow Monitoring

An administrator wants to perform Activity Monitoring on a large group of virtual machines in an NSX environment. How would this task be accomplished with minimal administrative effort?


Options are :

  • Add the virtual machines to a VM folder in vCenter Server and enable data collection.
  • Create a PowerCLI script to enable virtual machine data collection on each virtual machine.
  • Create a security group in Service Composer and add the virtual machines to the security group.
  • Add the virtual machines to the pre-defined Activity Monitoring security group in Service Composer.

Answer :Add the virtual machines to the pre-defined Activity Monitoring security group in Service Composer.

Which two options are valid SpoofGuard operational modes? (Choose two.)


Options are :

  • Allow and Approve DHCP Requests Regardless of Enabled Mode
  • Manually Inspect and Approve All IP Assignments Before Use
  • Allow Local Address as Valid Address in This Namespace
  • Automatically Trust IP Assignments on Their First Use

Answer :Manually Inspect and Approve All IP Assignments Before Use Automatically Trust IP Assignments on Their First Use

VCP550D VMware Certified Professional 5 Data Center Exam Set 8

An administrator enables the NSX Ticket Logger to track infrastructure changes. The administrator logs out for lunch, returns and logs back in to complete the task. What is the status of ticket logger when the administrator logs back in?


Options are :

  • The ticket logger will prompt the user if they still want to continue tracking changes.
  • The ticket logger still tracks changes until it is turned off by the administrator.
  • The ticket logger is turned off.
  • The ticket logger will display an error.

Answer :The ticket logger is turned off.

Which is not a valid Destination option for a General Logical Firewall rule?


Options are :

  • Datacenter
  • MAC Set
  • Virtual App
  • Network

Answer :MAC Set

Which port is used for NSX REST API Requests?


Options are :

  • 80
  • 5480
  • 8443
  • 443

Answer :443

VMware VDCD510 Advanced Professional Data Center Design Exam Set 3

How are Logical Firewall rules applied to affected virtual machines?


Options are :

  • They are pushed by the NSX Controllers into all the ESXi hosts in the same Transport Zone
  • They are pushed by the NSX Manager to all the ESXi hosts in the NSX environment.
  • They are pushed by the NSX Controllers to the ESXi hosts running the destination virtual machines.
  • They are pushed by the NSX Manager to the ESXi hosts running the source and/or destination virtual machines

Answer :They are pushed by the NSX Manager to the ESXi hosts running the source and/or destination virtual machines

An administrator manages a TFTP server virtual machine that is connected to a Logical Switch with a VNI of 7321. The TFTP server has been configured to use port 1069. An NSX Edge Service Gateway is connected to VNI 7321 and has an uplink interface with access to the physical network. Assume external users can reach the Service Gateway. What should the administrator configure to ensure external connections to the TFTP server are successful?


Options are :

  • Create a DNAT rule with the original port of 1069 and translated port of 69.
  • Create a SNAT rule with the original port of 1069 and translated port of 69.
  • Create a SNAT rule with the original port of 69 and translated port of 1069.
  • Create a DNAT rule with the original port of 69 and translated port of 1069.

Answer :Create a DNAT rule with the original port of 69 and translated port of 1069.

Which two NSX Data Security roles could be assigned to view configured policies and violation reports? (Choose two.)


Options are :

  • Auditor
  • NSX Administrator
  • Enterprise Administrator
  • Security Administrator

Answer :Auditor Security Administrator

VCP-410 VMware Certified Professional on VSphere 4 Exam Set 19

What is the most restrictive NSX role that can be used to create and publish security policies?


Options are :

  • Enterprise Administrator
  • Auditor
  • Security Administrator
  • NSX Administrator

Answer :Enterprise Administrator

A user needs to be given the ability to make configuration changes on a specific NSX Edge device. What role and scope could be used to meet this requirement?


Options are :

  • NSX Administrator role and Limit Access scope
  • Security Administrator role and No restriction scope
  • Security Administrator role and Limit Access scope
  • NSX Administrator role and No restriction scope

Answer :Security Administrator role and Limit Access scope

What is required before running an Activity Monitoring report?


Options are :

  • Enable data collection on the vCenter Server.
  • Enable data collection on the NSX Manager.
  • Enable data collection on the virtual machine.
  • Enable data collection on the NSX Controller.

Answer :Enable data collection on the virtual machine.

VMware 6 Data Center Virtualiation(2V0-621) Practice test Set 7

Which option is valid when configuring a VLAN on a port group of a vSphere Standard Switch (vSS)?


Options are :

  • A single VLAN identifier may be configured within the VLAN range of 1-4094
  • A VLAN identifier value of "0" (zero) configured for a port group provides the port group with access to the entire VLAN range
  • Multiple VLAN identifiers may be configured for a port group on a vSS.
  • A VLAN identifier within the range of 0-4095 must be configured for every port group on a vSS.

Answer :A single VLAN identifier may be configured within the VLAN range of 1-4094

Which statement is not a benefit of NSX?


Options are :

  • NSX speeds up network provisioning
  • NSX reduces oversubscription.
  • NSX streamlines DMZ changes.
  • NSX is vendor independent.

Answer :NSX reduces oversubscription.

An NSX Edge Service Gateway has two interfaces: Internal interface named Internal Access -- IP address = 10.10.10.1 -- Network mask = 255.255.255.0 Uplink interface named Physical Uplink -- IP address = 20.20.20.1 --Network mask = 255.255.255.0 A vSphere administrator wants to add a SNAT rule to allow traffic from the internal network segment to access external resources via the uplink interface. Which three steps should the vSphere administrator do to add the SNAT rule? (Choose three.)


Options are :

  • Select 10.10.10.0/24 as the original subnet
  • Select 10.10.10.1 as the translated source IP.
  • Apply the SNAT rule to the Internal Access interface
  • Choose 20.20.20.2 as the translated source IP address.
  • Apply the SNAT rule on the Physical Uplink interface.

Answer :Select 10.10.10.0/24 as the original subnet Choose 20.20.20.2 as the translated source IP address. Apply the SNAT rule on the Physical Uplink interface.

VCP-410 VMware Certified Professional on VSphere 4 Exam Set 8

Which Virtual Machine cannot be protected by the Distributed Firewall?


Options are :

  • A Virtual Machine connected to a vDS Portgroup running on an ESXi 5.1 host.
  • A Virtual Machine connected to a vDS Portgroup running on an ESXi 5.5 host.
  • A Virtual Machine connected to a logical switch running on an ESXi 5.1 host.
  • A Virtual Machine connected to a vSS Portgroup running on an ESXi 5.5 host.

Answer :A Virtual Machine connected to a vSS Portgroup running on an ESXi 5.5 host.

An administrator has deployed NSX in an environment containing a mix of vSphere 5 hosts. The implementation includes the Distributed Firewall Service, but the administrator finds that rules are not being applied to all affected virtual machines. What two conditions would cause this behavior? (Choose two.)


Options are :

  • Some hosts are blocking the port used for rule distribution.
  • Only ESXi 5.1 and later hosts can push the rules to the virtual machines.
  • Some hosts have not been prepared for NSX.
  • Only ESXi 5.5 and later hosts can push the rules to the virtual machines.

Answer :Only ESXi 5.1 and later hosts can push the rules to the virtual machines. Some hosts have not been prepared for NSX.

If a Security Group is the Source for a General Logical Firewall Rule, which Virtual Machines will be affected by the rule?


Options are :

  • Each Virtual Machine defined in the Source and Destination fields of the Logical Firewall Rule
  • Each Virtual Machine identified in the Destination field of the Logical Firewall Rule.
  • Each Virtual Machine defined in the Security Group.
  • Each Virtual Machine identified in the Applied To field of the Logical Firewall Rule.

Answer :Each Virtual Machine identified in the Applied To field of the Logical Firewall Rule.

2V0-620 VMware VSphere 6 Foundations Practice Exam Set 3

An administrator wishes to control traffic flow between two virtual machines. The virtual machines are in the same subnet, but are located on separate ESXi hosts. The administrator deploys an Edge Firewall to one of the hosts and verifies the default firewall rule is set to deny, but the two virtual machines can still communicate with each other. What task will correct this issue?


Options are :

  • Configure both ESXi host firewalls to deny traffic from the virtual machine on the other host
  • Deploy a Distributed Firewall with firewall rules to prevent traffic between the virtual machines.
  • Remove any other firewall appliances that may exist on either of the ESXi hosts.
  • Deploy another Edge Firewall on the host running the second virtual machine.

Answer :Deploy a Distributed Firewall with firewall rules to prevent traffic between the virtual machines.

Where does the Distributed Logical Firewall enforce firewall rules?


Options are :

  • At the Logical Switch virtual port that the Virtual Machine connects to
  • At the NSX Controller's firewall kernel module.
  • At the ESXi host vmnic used by the vSphere Distributed Switch.
  • At the Virtual Machine's virtual Network Interface Card (vNIC).

Answer :At the Virtual Machine's virtual Network Interface Card (vNIC).

Which action is not an option for adding Virtual Machines to a Security Group?


Options are :

  • Adding Virtual Machines to a Security Policy and associating it with a Security Group.
  • Defining Dynamic Membership in the Security Group
  • Selecting objects to include within a Security Group.
  • Adding Virtual Machines to a Security Group and nesting it within another Security Group.

Answer :Adding Virtual Machines to a Security Policy and associating it with a Security Group.

VMware 2V0-641 Professional Network Virtualization Exam Set 4

Which NSX component can validate that security policies at your organization are being enforced correctly?


Options are :

  • ERSPAN
  • Flow Monitoring
  • Activity Monitoring
  • Distributed firewalls

Answer :Activity Monitoring

What is the function of NSX Data Security?


Options are :

  • Prevents sensitive data in your virtualized environment from being modified
  • Identifies sensitive data in your virtualized environment based upon regulation violation reports
  • Identifies sensitive data in your virtualized environment based upon regulation security policies
  • Prevents sensitive data in your virtualized environment from being copied

Answer :Identifies sensitive data in your virtualized environment based upon regulation violation reports

Which component automates the consumption of third-party services and provides mapping to virtual machines using a logical policy?


Options are :

  • Cloud Management Platform (CMP)
  • NSX Manager
  • NSX Data Security
  • Service Composer

Answer :Service Composer

VCPN610 VMware Certified Professional Network Virtual Test Set 5

Which service cannot be included in a Security Policy using Service Composer?


Options are :

  • Virtual Private Network Services
  • Endpoint Services
  • Network Introspection Services
  • Firewall Rules

Answer :Virtual Private Network Services

What is the maximum number of audit logs retained by the NSX Manager?


Options are :

  • 1,000,000
  • 10,000
  • 100,000
  • Unlimited

Answer :1,000,000

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions