Dive into the depths of NSX-T Data Center, mastering software-defined networking and gaining insights into VMware Certified Professional NSX. Explore NSX-T architecture, design best practices, and advanced features to elevate your skills in network virtualization. From deployment strategies to micro-segmentation and security, our expertly crafted content covers it all. Unlock the potential of NSX-T with troubleshooting tips, management insights, and automation strategies. Whether you’re aiming for certification or seeking in-depth knowledge, our NSX-T training resources offer the key to success.
Q16. What are the four types of role-based access control (RBAC) permissions? (Choose four.)
A. Network Admin
E. Full access
G. Enterprise Admin
Q17. Which of the two following characteristics about NAT64 are true? (Choose two.)
A. NAT64 is stateless and requires gateways to be deployed in active-standby mode.
B. NAT64 is supported on Tier-1 gateways only.
C. NAT64 is supported on Tier-0 and Tier-1 gateways.
D. NAT64 requires the Tier-1 gateway to be configured in active-standby mode.
E. NAT64 requires the Tier-1 gateway to be configured in active-active mode.
Q18. Which command on ESXi is used to verify the Local Control Plane connectivity with Central Control Plane?
A. esxcli network ip connection list | grep 1235
B. esxcli network ip connection list | grep ccpd
C. esxcli network ip connection list | grep netcpa
D. esxcli network ip connection list | grep 1234
Q19. Which two are supported by L2 VPN clients? (Choose two.)
A. 3rd party Hardware VPN Device
B. NSX Autonomous Edge
C. NSX for vSphere Edge
D. NSX Edge
Q20. An administrator wants to validate the BGP connection status between the Tier-0 Gateway and the upstream physical router. What sequence of commands could be used to check this status on NSX Edge node?
A. – enable
– get vrf
– show bgp neighbor
B. – set vrf
– show logical-routers
– show bgp
C. – get gateways
– get bgp neighbor
D. – show logical-routers
– get vrf
– show ip route bgp
Q21. Which two steps must an NSX administrator take to integrate VMware Identity Manager in NSX to support role-based access control? (Choose two.)
A. Create a SAML authentication in VMware Identity Manager using the NSX Manager FQDN.
B. Enter the Identity Provider (IdP) metadata URL in NSX Manager.
C. Create an OAuth 2.0 client in VMware Identity Manager.
D. Add NSX Manager as a Service Provider (SP) in VMware Identity Manager.
E. Enter the service URL, Client Secret, and SSL thumbprint in NSX Manager.
Q22. When a stateful service is enabled for the first time on a Tier-0 Gateway, what happens on the NSX Edge node?
A. SR and DR is instantiated but requires manual connection.
B. SR is instantiated and automatically connected with DR.
C. DR is instantiated and automatically connected with SR.
D. SR and DR doesn’t need to be connected to provide any stateful services.
Q23. Which two logical router components span across all transport nodes? (Choose two.)
Q24. Which two choices are use cases for Distributed Intrusion Detection? (Choose two.)
A. Identify risk and reputation of accessed websites.
B. Quarantine workloads based on vulnerabilities.
C. Gain insight about micro-segmentation traffic flows.
D. Identify security vulnerabilities in the workloads.
E. Use agentless antivirus with Guest Introspection.
Q25. A company security policy requires all users to log into applications using a centralized authentication system. Which two authentication, authorization, and accounting (AAA) systems are available when integrating NSX with VMware Identity Manager? (Choose two.)
A. LDAP and OpenLDAP based on Active Directory (AD)
B. RSA SecureID
C. Keygen Enterprise
E. RADII 2.0
Q26. Which three of the following describe the Border Gateway Routing Protocol (BGP) configuration on a Tier-0 Gateway? (Choose three.)
A. It supports a 4-byte autonomous system number.
B. The network is divided into areas that are logical groups.
C. Can be used as an Exterior Gateway Protocol.
D. BGP is enabled by default.
E. EIGRP is disabled by default.
Q27. Which is an advantages of a L2 VPN in an NSX 4.x environment?
A. Enables Multi-Cloud solutions
B. Enables VM mobility with re-IP
C. Achieve better performance
D. Use the same broadcast domain
Q28. Which NSX feature can be leveraged to achieve consistent policy configuration and simplicity across sites?
A. NSX HTML5 UI
B. Ethernet VPN
C. VRF Lite
D. NSX Federation
Q29. Which two statements are true about IDS Signatures? (Choose two.)
A. Users can upload their own IDS signature definitions.
B. An IDS signature contains data used to identify the creator of known exploits and vulnerabilities.
C. IDS signatures can be High Risk, Suspicious, Low Risk and Trustworthy.
D. An IDS signature contains data used to identify known exploits and vulnerabilities.
E. An JDS signature contains a set of instructions that determine which traffic is analyzed.
Q30. An NSX administrator is creating a Tier-1 Gateway configured in Active-Standby High Availability Mode. In the event of node failure, the failover policy should not allow the original failed node to become the Active node upon recovery. Which failover policy meets this requirement?
A. Enable Preemptive
D. Disable Preemptive