désert/VMware/VCP-NV

https://www.examtopics.com/exams/vmware/2v0-642/view/24/

An administrator has been asked to provide single failure redundancy. What is the minimum supported number of NSX Controllers needed to meet this requirements?

• B. 3

What vSphere Distributed Switch security policy allows virtual machines to send frames with a MAC Address that is different from the one specified in the vmx file?

• C. Forged Transmits

In a Cross-vCenter implementation, where is the Universal Control Cluster deployed and configured?

• D. In the vCenter instance associated with the Primary NSX Manager.

Which highly available Edge design would provide high bandwidth and isolation to four application networks?

• C. One distributed Router (in HA mode) with two Edge Services Gateways in ECMP mode.

An administrator is deploying NSX to secure the virtual environment. NSX Manager has been deployed and registered with the vCenter server. Which additional step is required before the distributed firewall is functional?

• C. Perform host preparation on the cluster

A customer has Cisco Nexus 1000V switches in their environment and is looking at deploying NSX. Which statement is correct?

• A. The environment must be migrated from the Nexus 1000V to vSphere Distributed Switches.

Which two networking and security components are contained in the backup configuration data of an NSX Manager backup file? (Choose two.)

• CD

C. Edge Services Gateway
D. Grouping Objects

If the Applied To scope is set to Distributed Firewall, which virtual machines will have the firewall rule applied?

• D. All virtual machines on prepared hosts.

A user has configured a specific distributed firewall rule preventing VM-A (172.16.10.11) on the Web-Logical Switch to communicate to VM-B (172.16.20.11), running on the same switch. After the changes, the user is still able to communicated to VM-A from VM-B! To debug this anomaly, the user will need to obtain logs from which component?

• C. The appropriate ESXi Hosts(s)

When deploying a standalone NSX Edge as a Layer 2 VPN client, which port needs to be configured on the client vSphere Distributed Switch?

• C. Sink port

https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.admin.doc/GUID-3CDA4346-E692-4592-8796-ACBEEC87C161.html

With which Application Profile types would the Insert X-Forwarded-For HTTP header option be used?

• A. HTTP, HTTPS

What is the minimum NSX role necessary for a user to edit the firewall on an Edge Services Gateway (ESG)?

• D. Security Administrator

A. Auditor
B. NSX Administrator
C. Enterprise Administrator
D. Security Administrator


There are 4 roles in 6.2

Enterprise Administrator: NSX operations and security.
NSX Administrator: NSX operations only
Security Administrator: NSX security only
Auditor: Read only.

The user at 192.168.150.10 can reach the physical router but CANNOT reach edge-2 or any virtual machines. What routing change would resolve the issue?

• D. Enable Default Originate on edge-2 for BGP

Which three options are true about NSX logical bridges? (Chose three.)

• A C E

    A. A logical bridge configured for HA uses a 15 second heartbeat by default to detect failure.
    C. A logical bridge on the DLR supports VXLAN to VLAN bridging.
    E. A logical bridge forwards traffic through the hypervisor.

Which two NSX roles could be used to create security policies? (Choose two.)

• AB

A. Enterprise Administrator
B. Security Administrator

https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-79F9067D-2F29-45DA-85C7-09EFC31549EA.html

In a vSphere Distributed Switch architecture, which plane handles packet switching?

• A. Data Plane

Which two additional configuration steps are required to allow the other virtual machines on the host to be selected? (Choose two.)

• AB

A. Guest Introspection driver must be installed.
B. Virtual Machine Data Collection must be enabled on the other VMs.

An NSX administrator notices an error during the initial configuration of the SSO lookup service, as shown: What step should be performed to resolve this issue?

• A

A. Change the Port number from 7444 to 443

When configuration BGP routing in NSX, what is the purpose of the Graceful Restart check box?

• B. Allow packet forwarding to be uninterrupted during restart of BGP services.

What is the purpose of a DHCP Relay Agent in an NSX Edge configuration?

• B. Configures Edge interfaces from which DHCP messages are relayed.

What are the correct steps for connecting a virtual machine to a logical switch?

• B. Select the logical switch, click the Add Virtual Machine Icon, select the VM, select the vNIC to connect.

Which term describes a situation where a bottleneck is created when traffic is sent to a single device for security enforcement?

• A. security event queueing

VMware NSX is a key component in enabling enterprises to realize the full potential of their investment in which technology?

• D. Software-defined data center.

A virtualized application needs access to a physical database. Both servers are on the 172.168.3.0/24 subnet. NSX has been deployed across the entire virtual environment. What method can be used to allow access between the servers?

• A. Configure a DLR with an L2 bridge instance for 172.168.3.0/24 VXLAN to VLAN traffic.

When running the NSX Control Plane in Hybrid Mode what are the minimum physical network requirements? (Choose three.)

• BCE

B. NSX Controller connectivity
C. IGMP Snooping
E. Unicast L3 Routing

Which three changes to a distributed switch configuration could trigger a rollback? (Choose three.)

• ADE

A. Blocking all ports in the distributed port group containing the management VMkernel network adapter.
D. Changing the MTU.
E. Changing the VLAN settings in the distributed port group of the management VMkernel adapter.

https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.networking.doc/GUID-88B9F893-9739-47DF-9F1B-BAF139E554D6.html

An application requires load balancing with minimal impact to network performance. An NSX administrator is deploying a load balancer to meet the stated requirements. Which load balancing engine should be deployed?

• D. Layer 4

An organization has a PCI compliant application deployed as part of a larger NSX environment. Every year a team of contractors evaluates the security of the environment and recommends changes. What NSX Role and Scope should the contractors be given to minimize access but still allow them to fulfill the stated requirement?

• C. Auditor, Limit access scope

In a Cross-vCenter environment, where is information about local logical switches and local logical routers maintained?

• C. Universal Controller Cluster.

When creating a new security policy how is the default weight determined?

• B. The default weight is equal to the highest defined weight plus 1000.

https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.2/com.vmware.nsx.admin.doc/GUID-607C399F-0D11-4B95-90DA-A6E17E8C906E.html

What is the effect on NSX Edge virtual machines when NSX Edge high availability is configured but vSphere HA is NOT configured?

• C. The active-standby NSX Edge HA pair will survive one failure. However, if another failure happens before the second Edge appliance is restored, NSX Edge availability can be compromised.

An administrator creates a SpoofGuard policy for specific networks. Which two modes are associated with this type of policy? (Choose two.)

• AB

A. Automatically trust IP assignments on their first use
B. Manually inspect and approve all IP assignments before use

https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.2/com.vmware.nsx.admin.doc/GUID-06047822-8572-4711-8401-BE16C274EFD3.html

Which would best describe a workload in Compute Cluster 1 attached to a logical switch port group?

• A. Within Compute Cluster 1, Layer 2 would function, but Layer 3 would fail.

Where can firewall rules be applied on the NSX Edge Services Gateway?

• B. Rules can be applied on either the uplink interface or internal interface.

https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.2/com.vmware.nsx.admin.doc/GUID-96BBB6D2-A4AB-4C88-B40B-781CFF00910F.html

Which is required to support unicast mode in NSX?

• C. NSX Controller

http://www.virtually-limitless.com/vcix-nv-study-guide/create-transport-zones-in-nsx/

Which type of VPN should be configured to ensure application mobility between data centers?

• B. L2VPN

How is high availability of the NSX Edge Gateway accomplished?

D. The Edge appliance sends a heartbeat through an internal interface.

Which three methods can be used by the NSX Distributed Firewall to discover IP addresses? (Choose three.)

• ADE

A. DHCP Snooping
D. VMware Tools installed on every guest virtual machine.
E. ARP Snooping

https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.2/com.vmware.nsx.admin.doc/GUID-B0CD973F-67DD-49D1-8B9E-8C404F92E528.html

• In NSX 6.2 you can configure clusters to detect virtual machine IP addresses with DHCP snooping, ARP snooping, or both.

Which two network services are abstracted from the underlying hardware by NSX? (Choose two.)

• AC

A. Virtual Private Networks
C. Load Balancing

When specifying a source for a security rule, what is the purpose of the Negate Source check box?

• B. If Negate Source is selected, the rule is applied to traffic coming from all sources except for the source identified under the object type.

What are two requirements of the network infrastructure to virtualize the access layer? (Choose two.)

• BC

B. IPv4 connectivity among ESXi hosts.
C. Increased MTU if the virtual machines are using the default MTU size of 1500.

https://books.google.com/books?id=iv3UDAAAQBAJ&pg=PT94&lpg=PT94&dq=What+are+two+requirements+of+the+network+infrastructure+to+virtualize+the+access+layer&source=bl&ots=ACrB9-IJXb&sig=anDKMCRimteVjHU4kKmfv8xX8do&hl=zh-CN&sa=X&ved=0ahUKEwiFxKvO1qTXAhWKso8KHRinDHUQ6AEISTAE#v=onepage&q=What%20are%20two%20requirements%20of%20the%20network%20infrastructure%20to%20virtualize%20the%20access%20layer&f=false

Which vSphere network object abstracts the physical network, provides access-level switching in the hypervisor and enables support for overlay networking?

• C

C. Distributed Switch

A network administrator has been tasked with deploying a 3-tier application across two data centers. Tier-1 and tier-2 will be located in Datacenter-A and tier-3 will be located in Datacenter-B. Which NSX components are needed to make this deployment functional?

• C. A universal transport zone deployed with a universal distributed logical router (UDLR) and three universal logical switches connected to the UDLR.

https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.2/com.vmware.nsx-cross-vcenter-install.doc/GUID-506B2DB6-37D8-4827-BB4B-55DBEEBFA2E7.html

You have deployed an Edge Services Gateway with the following interface configuration:

Your customer has requested that you provide the ability to use Remote Desktop Protocol to log into a virtual machine that has a tenant IP address of 192.168.7.21 using the provider IP address 192.168.100.4. You have performed the following configuration however, you cannot RDP into the virtual machine.

• What configuration change do you need to make to allow this connection?

A. Change Applied On to "Uplink"

Which two are accurate statements with regards to Guest Introspection installation? (Choose two.)

• AB

A. The service virtual machine performs data security and activity monitoring.
B. The installation deploys a virtual machine to hosts prepared for VMware NSX.

https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.2/com.vmware.nsx.install.doc/GUID-62B22E0C-ABAC-42D8-93AA-BDFCD0A43FEA.html

Which three objects are supported for universal synchronization in a Cross-vCenter NSX deployment? (Choose three.)

• BDE

B. IP Sets
D. MAC Sets
E. Transport Zones

https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.cross-vcenter-install.doc/GUID-35831055-57D8-4F2F-95BA-8EFE5362746C.html

Which virtual machine does VMware recommended be manually excluded from the Distributed Firewall?

• D. vCenter Server

https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.3/com.vmware.nsx.admin.doc/GUID-C3DDFBCE-A51A-40B2-BFE1-E549F2B770F7.html

What is one of the benefits of using logical switches in an NSX environment?

• C. The physical infrastructure is not constrained by MAC/FIB table limits.

https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUIDDF57C441-CE9A-4138-9639-1658DBE65D48.html

A group of users needs secured access to a set of web-based applications in a SDDC.Which VPN option is best suited for this?

• B. SSL VPN-Plus

What are two things that should be done before upgrading from vCloud Networking and Security to NSX? (Choose two.)

• CD

C. Uninstall vShield Data Security
D. Ensure that forward and reverse DNS is functional

https://kb.vmware.com/s/article/2144620

In which VMware NSX use case would VXLAN NOT be required?

• B. NSX micro-segmentation

Which NSX routing protocols offers the most flexible policy control when peering with the physical environment?

• A. BGP

What is the best practice workflow for a NSX installation to support logical switching???

• D. Deploy NSX Manager, Register with vCenter, Deploy Controllers, Prepare hosts, Configure Logical Switches

What can be enabled on the vSphere Distributed Switch to monitor IP packets that are passing through a distributed port group?

• D. NetFlow

https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.networking.doc%2FGUID-3CF9AEEB-08B0-47F5-A3B6-ADD8A919DFA0.html

Which two statements are true regarding L2 Bridges and Distributed Logical Routers? (Choose two.)

• CD

C. Each L2 bridge instance can only map to a single VLAN.
D. There can be multiple instances of an L2 bridge on a DLR

http://www.virtualizationblog.com/nsx-step-step-part-12-deploying-l2-bridge-using-distributed-logical-router/

Which is a best practice to secure system traffic, ensure optimal performance and satisfy prerequisites for NSX?

• C. Dedicate separate VMkernel adapters for each type of system traffic. Dedicate separate distributed port groups for each VMkernel adapter and isolate the VLANs for each type of system traffic.

Which three statements are valid methods of Link Aggregation Control Protocol negotiation? (Choose three.)

• CDE

C. Switches wait until they receive an aggregation request, negotiate the status of the links, and proceed.
D. One switch sends repeated requests to the other switch that is requesting the port aggregation status. The two switches negotiate the status of the links and proceed.
E. Switches with links enabled for port aggregation do the port aggregation themselves and must be manually configured to be compatible at each end of that link

What needs to be deployed before configuring the identity Firewall?

• D. Guest Introspection

An NSX administrator is creating a filter as shown below. What would be the purpose of creating a filter?

• D. To quickly identify rules.

https://pubs.vmware.com/NSX-61/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-2C99EBE9-225F-4EDB-99C2-1B1F2C4D79E5.html

When designing a multi-site NSX deployment, which capability requires Enhanced Linked Mode to function?

• C. Cross-vCenter vMotion

Which details can an administrator verify from the Summary tab of the VMware NSX Manager? (Choose three.)

• ACD

A. Current time
C. Version
D. Storage utilization

Which three ways can membership be defined in a dynamic security group? (Choose three.)

• CDE

C. Security Tags
D. Security Groups
E. Regular Expressions

https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-DBA0522E-92DC-48F4-8801-49C92E001AA1.html

Which two statements are true about NSX Data Security support? (Choose two.)

• AD

A. It supports HIPAA and PCI-DSS compliance policies as well as U.S. Driver License and Social Security numbers.
D. It only supports Windows-based virtual machines.

Which two functions are provided by VMkernel ports? (Choose two.)

• BC

B. vSphere vMotion
C. ESXi Host Management

A network administrator is troubleshooting an issue and needs to observe an injected packet as it passes through the physical and logical network. Which tool will accomplish this?

• A. Traceflow

https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.2/com.vmware.nsx.admin.doc/GUID-05647D5E-B669-40A8-8B84-02C18781186F.html

What is true when configuring vSphere Distributed Switches (vDS)?

• A. All configurations are done by the vCenter Server. Each ESXi host can be part of multiple vDS.

An administrator is attempting to troubleshoot a routing issue between the Edge Services Gateway (ESG) and the Distributed Logical Router (DLR). Based on the exhibit, which method CANNOT be used to troubleshoot the issue?

• D. SSH session into 192.168.10.5 on the DLR.

An NSX administrator is validating the setup for a new NSX implementation and inputs this command:

# ping ++netstack=vxlan -d -s1572 <destinationVTEPIP>

• A. It helps verify that VXLAN segments are functional and the transport network supports the proper MTU size for NSX.

https://kb.vmware.com/s/article/2124360

Which are two uses of the NSX DLR protocol address? (Choose two.)

• BD

B. When configuring BGP the protocol address is used by the protocol to form adjacencies with peers.
D. When configuring OSPF the protocol address is used by the protocol to form adjacencies with peers.

An NSX Administrator is examining a broken set of firewall rules and discovers that the Block Telnet rule was created in the wrong section.

• B. Use the Move rule Up icon to move rules between sections.

What is a requirement of NSX Data Security?

• C. Guest Introspection must be installed on the cluster

http://pubs.vmware.com/NSX-61/index.jsp?topic=%2Fcom.vmware.nsx.install.doc%2FGUID-62B22E0C-ABAC-42D8-93AA-BDFCD0A43FEA.html

Which is a prerequisite for deploying an Edge Service Gateway?

• B. An interface

http://buildvirtual.net/vcp-nv-deploying-an-edge-services-gateway/

What resource must a partner security service be registered with before the service is available to a security policy?

• A. NSX Manager

https://blogs.vmware.com/consulting/2015/01/automating-security-policy-enforcement-nsx-service-composer.html

An organization is planning to use NSX as part of a disaster recovery project to provide consistent networking between two sites. Each site has one vCenter server. The organization requires universal objects and requires components to function during a site outage. What is the minimum total instances of NSX Manager(s) and NSX Controller(s) that must be deployed across both sites to support the required functionality?

• C. Two NSX Managers and three NSX Controllers

An NSX Administrator is examining traffic on the network shown below. What is the packet flow when VM1 communicates to VM5?

• A. Host A will perform a destination lookup, route the packet, switch the packet onto segment 5002, then encapsulate and send the packet to Host C.

Which three NSX services are available for synchronization in a Cross-vCenter implementation? (Choose three.)

• BDE

B. Distributed Firewall
D. Logical Switch
E. Transport Zone

https://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_cross_vc_install.pdf p17

Two virtual machines are unable to communicate with one another. The virtual machines are in the same distributed portgroup, but reside on different ESXi hosts.What are two possible causes for the communications issue? (Choose two.)

• BD

B. No physical NICs are assigned as active or standby uplinks in a NIC team.
D. The physical NICs assigned as active or standby uplinks reside on different VLANs on the physical switch.

An administrator needs to perform a configuration backup of NSX. From which two locations can this task be performed? (Choose two.)

• AC

A. Directly on the NSX Manager
C. Using the NSX API

Where does an administrator configure logging for the NSX Manager?

• B. In the NSX Manager GUI

An NSX environment requires physical NIC redundancy for all dvPortGroups when connecting hosts to the physical network. There are two 10Gb NIC's per host. Which two teaming methods should be used to ensure both links are utilized simultaneously? (Choose two.)

• AB

A. Virtual Port Channel
B. LACP Port-Channel

What is required before running an Activity Monitoring report?

• D. Enable data collection on the virtual machine.

You must enable data collection for one or more virtual machines on a vCenter Server before running an Activity Monitoring report. Before running a report, ensure that the enabled virtual machines are active and are generating network traffic.”

An administrator wants to perform Activity Monitoring on a large group of virtual machines in an NSX environment. How would this task be accomplished with minimal administrative effort?

• C. Add the virtual machines to the pre-defined Activity Monitoring security group in Service Composer.

A workload was attached to a logical switch port group in Compute Cluster 1. Users are complaining that I hey can communicate with other workloads on that port group in the cluster, but not with other workloads on different networks.

• C. Compute Cluster 1 is NOT a member of the Transport Zone

The transport zone defines the range of the vSwitch communications. To reach out of a transport zone will require an uplink.A DLR routing between VXLANs will have it’s scope limited by the transport zone.

What command-line tool can be used to test the MTU between two hosts?

• C. vmkping

https://kb.vmware.com/s/article/1003728

An NSX administrator determines that routing adjacency a NSX Edge device and a Top Of Rack L3 switch CANNOT be established. Which two logs would be the most useful in resolving this issue? (choose two)

• BD

B. Edge Services Gateway logs
D. NSX Controller logs

https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.3/com.vmware.nsx.troubleshooting.doc/GUID-E7AED370-68CC-4174-A2D9-C62A5EC16084.html

What are two roles of vmnics? (Choose two)

• AD

A. ESXi hosts reach the physical network through vmnics.
D. Virtual machines require vmnics to communicate with physical networks

Which service cannot be included in a Security Policy using Service Composer?

• C. Virtual Private Network Services

A user needs to be given the ability to make configuration changes on a specific NSX Edge device. What role and scope could be used to meet this requirement?

• B. Security Administrator role and Limit Access scope

An administrator needs to verify which port the switch manager is using. Which command should be used?

• C. show controller-cluster connections

Which component automates the consumption of third-party services and provides mapping to virtual machines using a logical policy?

• C. Service Composer

Which two methods does VMware NSX offer to integrate with third-party partners? (Choose two)

• BC

B. Service Chaining
C. VMware NSX APIs

Which load balancing algorithm is only available on a vSphere Distributed Switch?

• D. Route Based on Physical NIC Load

https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.networking.doc/GUID-959E1CFE-2AE4-4A67-B4D4-2D2E13765715.html

Which action is not an option for adding Virtual Machines to a Security Group?

• C. Adding Virtual Machines to a Security Policy and associating it with a Security Group.

From the NSX Edge CLI, which command would show VIP statistics?

• B. show service loadbalancer virtual

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2122708

An NSX administrator notices that when configuring Flow Monitoring, the graphs do not include the IPFix flows. Where are these flows displayed?

• A. In the IPFix collector's interface

https://docs.vmware.com/en/VMware-NSX-forvSphere/6.3/com.vmware.nsx.admin.doc/GUID-4C085DAE-A671-44A3-B9D1-62BC7966B388.html

An administrator is deploying NSX in a Cross-vCenter configuration across three data centers located 100 miles apart Datacenter-1 and Datacenter-3 already have NSX deployed locally and Datacenter-2 does not have NSX deployed yet. What is the correct order of steps to configure all three data centers for this solution?

• C.

1 Deploy an NSX manager in Datacenter 2 
2 Update the NSX manager role in Datacenter-1 to Primary 
3 Update the roles in Dafacenter-2 and Datacentar-3 to Secondary 
4 Deploy a universal transport zone

A security administrator needs to create a Security Group based on an Active Directory group. However, AD Groups are not available as an option. What must the administrator configure before AD Groups are available?

• C. NSX Manager must be registered with Active Directory

What is one of the benefits of a spine-leaf network topology??? D but AorD

• A. A loop prevention protocol is not required
• D. Network virtualization relies on spine leaf topologies to create logical switches

https://blog.westmonroepartners.com/a-beginners-guide-to-understanding-the-leaf-spine-network-topology/

What is the most restrictive NSX role that can be used to create and publish security policies and install virtual appliances?

• D. Enterprise Administrator

In a Cross-vCenter NSX deployment, what are two requirements that must be met in order for an administrator to deploy both universal logical switches and local logical switches within the same vCenter instance? (Choose two.)

• CD

C. A universal transport zone must be created.
D. A local transport zone must be created

Reference: https://docs.vmware.com/en/VMware-NSX-forvSphere/6.3/com.vmware.nsx.cross-vcenter-install.doc/GUID-7F76BB1E-7E36-4E9DB8C2-798100E62192.html

The fact that NSX Data Security has visibility into sensitive data provides which two benefits? (Choose two)

• AB

A. It helps address compliance and risk management requirements.
B. It acts as a forensic tool to analyze TCP and UDP connections between virtual machines

Which port is used for NSX REST API Requests?

• B. 443

https://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_admin.pdf page 16

Which NSX component can validate that security policies at your organization are being enforced correctly?

• A. Activity Monitoring

What are two benefits of the NSX Distributed Firewall? (Choose two )

• AB

A. VMs are protected even as they are vMotioned
B. Each VM is individually protected by a L2-L4 stateful firewall

How many vCenter Server environments can a single NSX Manager serve at one time?

• C. 1 vCenter Server

NSX Manager and vCenter Server have a one-to-one relationship. For every instance of NSX Manager there is one vCenter Server, even in a cross-vCenter NSX environment.

https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.3/com.vmware.nsx.install.doc/GUID-D18A11DF-3D85-4B80-8713-D611648D43F4.html

A new ESXi host was added to an existing cluster, prepared for NSX and enabled for Distributed Firewall, logical switching and Logical Routing. The Most Preparation page in the NSX Web Ul shows this new host is in Ready state and the Logical Network Preparation tab displays the VXLAN VTEPs are correctly configured. Virtual machines on the new host can communicate with each other but CANNOT communicate with VMs running on other hosts and connected to the same Logical Switch. Which condition below will result in the described behavior on the new host?

• D. Network Control Plane Agent (netcpa) connection to the controller is down

https://kb.vmware.com/s/article/2137011

What is the function of NSX Data Security?

• D. Identifies sensitive data in your virtualized environment based upon regulation violation reports

Which two options are correct regarding vSphere Distributed Switches? (Choose two )

• BC

B. A single host can be attached to multiple vDS
C. A single vDS can span multiple hosts across multiple clusters

An NSX Edge Service Gateway has two interfaces:

* Internal interface named Internal Access
-- IP address = 10.10.10.1
-- Network mask = 255.255.255.0
* Uplink interface named Physical Uplink
-- IP address = 20.20.20.1
-- Network mask = 255.255.255.0
A vSphere administrator wants to add a SNAT rule to allow traffic from the internal network segment to access external resources via the uplink interface.
Which three steps should the vSphere administrator do to add the SNAT rule? (Choose three.)

• CDE

C. Apply the SNAT rule on the Physical Uplink interface.
D. Select 10.10.10.0/24 as the original subnet.
E. Choose 20.20.20.2 as the translated source IP address.

An administrator enables the NSX Ticket Logger to track infrastructure changes. The administrator logs out for lunch, returns and logs back in to complete the task. What is the status of ticket logger when the administrator logs back in?

• B. The ticket logger is turned off.

A Service Provider is using VMware vCloud Director with VMware vCloud Networking and Security (VCNS) on vSphere. Which two products will be impacted by the upgrade of VCNS to VMware NSX? (Choose two)

• AC

A. ESXi hosts
C. vShield Manager

What are two requirements of the network infrastructure to the access layer? (Choose two )

• BC

B. IPv4 connectivity among ESXi hosts.
C. Increased MTU if the virtual machines are using the default MTU size of 1500.

Which tool is used to detect rogue services?

• D. Flow Monitoring

Which two NSX Data Security roles could be assigned to view configured policies and violation reports? (Choose two.)

• AC

A. Security Administrator
C. Auditor

When defining membership for a security group, which three identifiers can be used for dynamic inclusion? (Choose three)

• BDE

B.Computer OS Name
D.VM Name
E.Security Tag

Reference: https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-B9FC0D05-BE96-4D83-8C58-98B0F96DB342.html

An administrator has implemented VMware NSX on a leaf-spine underlay. They have deployed the following in the data center:

* Two racks for a management cluster that is not prepared for VMware NSX
* Six racks for compute clusters
* Two racks for an Edge cluster which holds a DLR control VM for bridging, and North/South Edge Service Gateways
Which three of the following are true regarding the physical and logical networking of the environment? (Choose three) 

• BCD

B. VXLAN segments span the compute and Edge racks
C. At least one VLAN spans the compute racks
D. At least one VLAN spans across the two management racks

Your environment has two sites designated as Site A and Site B. Each site has its own vCenter Server instance with NSX installed and configured in standalone mode. You are migrating the environment to Cross vCenter and have already promoted Site A to the Primary role. What action must be taken before the NSX Manager at Site B can be changed to Secondary?

• D. Delete the Controllers at Site B

https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.2/com.vmware.nsx-cross-vcenter-install.doc/GUID-C9897C32-4EB7-4F67-9EAC-11B92AA23E38.html

Which tool is used to display VXLAN connection information?

• B. NSX Controller CLI

You are creating a Universal Segment ID Pool for a three site Cross-vCenter environment.

The three sites are designated as Site A, Site B and Site C,
* Site A has a local Segment ID pool of 5000-5999
* Site B has a local Segment ID pool of 6000-6999
* Site C has a local Segment ID pool of 7000-7999
Which of the following ranges would be valid for the Universal Segment ID pool?

• D. 2000000-2000999

https://thewificable.com/2017/04/27/cross-vcenter-multi-site-nsx-guide/

Which three services could be provided by an NSX Edge Service Gateway? (Choose three.)

• CDE

C. SSL VPN-Plus
D. L2 VPN
E. Firewall

https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-3F96DECE-33FB-43EE-88D7-124A730830A4.html

Internet access is required from virtual machines located on any logical switch. Direct access from the internet to these virtual machines is NOT permitted. Which Perimeter NSX Edge feature would achieve this with the least configuration?

• B. DNAT