Which two commands are used to query the arp-table of a logical switch? (Choose two.)
- A . get logical-switch arp-table <logical-switch-uuid>
- B . get logical-switch <logical-switch-uuid> arp-table
- C . get logical-switch <vni> arp-table
- D . get logical-switch arp-table <vni>
- E . get logical-switch arp-table
BC
Explanation:
Reference: https://vdc-download.vmware.com/vmwb-repository/dcr-public/c3fd9cef-6b2b-4772-93be3fe60ce064a1/1f67b9e1-b111-4de7-9ea1-39931d28f560/NSX-T%20Command-Line%20Interface% 20Reference.html
When a stateful service is enabled for the first time on a Tier-0 Gateway, what happens on the NSX Edge node?
- A . SR and DR doesn’t need to be connected to provide any stateful services.
- B . SR is instantiated and automatically connected with DR.
- C . SR and DR is instantiated but requires manual connection.
- D . DR is instantiated and automatically connected with SR.
Which NAT type must the NSX-T Data Center administrator create on the Tier-0 or Tier-1 Gateway to allow Web VM to initiate communication with public networks?
- A . Reverse NAT
- B . SNAT
- C . 1:1 NAT
- D . DNAT
A security administrator needs to configure a firewall rule based on the domain name of a specific application.
Which field in a distributed firewall rule does the administrator configure?
- A . Policy
- B . Profile
- C . Service
- D . Source
B
Explanation:
On the Profile page, choose which profiles to apply the rule to. For most servers, you should apply the rule to all three profiles, because servers are usually continually connected to a single network. For mobile computers in domain environments, you typically need to apply firewall rules only to the Domain profile.
Reference: https://www.microsoftpressstore.com/articles/article.aspx?p=2224362&seqNum=2
What are two supported VPN configuration types in a NSX-Y Data Center? (Choose two.)
- A . OpenVPN
- B . MPLS
- C . L3VPN
- D . L2VPN
- E . SSLVPN+
An NSX administrator is applying QoS to guarantee bandwidth for critical production workloads.
Which three actions must be taken? (Choose three.)
- A . Edit the exported JSON file.
- B . Export transport node NIOC profile.
- C . Create a QoS segment profile.
- D . Specify QoS parameters.
- E . Change Segment QoS profile.
- F . Upload the JSON file and apply configuration.
A customer is planning deployment of a third-party OpenStack application.
Which is used to grant permissions to the application on NSX Manager?
- A . Guest Identity
- B . Cloud Identity
- C . Principal Identity
- D . API Identity
D
Explanation:
The Enterprise Administrator role gets the same access to the NSX Manager appliance and the API as the NSX Manager admin user. The other NSX roles get read-only access to the NSX Manager appliance and the API.
Reference: https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/ com.vmware.nsx.admin.doc/GUID-A8808B7C-799B-4F9A-AA53-270D1AD89247.html
What are three functions of a Tier-0 Gateway in a multi-tenant service provider environment? (Choose three.)
- A . acts as a default gateway for the tenant workloads
- B . enables east-west connectivity to the tenant workloads
- C . interconnects the Tier-1 gateways of multiple tenants
- D . provides isolation between the tenants
- E . provides first-hop routing for the tenant workloads
- F . enables north-south connectivity to the tenant workloads
Which CLI command is used to start the NSX Manager virtual machine in the KVM environment?
- A . virsh start <NSX-Manager-Name>
- B . virsh poweron <nsx-manager-name>
- C . virsh poweron <nsx-manager-ID>
- D . virsh start <NSX-Manager-ID>
A
Explanation:
Reference: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.1/com.vmware.nsxt.install.doc/ GUID-928BAF6E-4684-43A0-8766-8FE191FE1FA7.html
What are the supported N-VDS modes?
- A . DPDK Datapath
- B . Enhanced Datapath
- C . Overlay Datapath
- D . Standard Datapath
- E . Secure Datapath
BD
Explanation:
N-VDS Mode: There are 2 modes for N-VDS: Standard or Enhanced Datapath.
Reference: http://www.vstellar.com/2018/08/03/learning-nsx-t-part-8configuring-transport-zone-andtransport-nodes/
A NSX-T Data Center administrator wants to ensure that any machine on a public network can communicate with a Web VM running in a NSX-T Data Center environment.
Which NAT type must be created on the Tier-0 or Tier-1 Gateway to achieve this?
- A . 1:1 NAT
- B . Reverse NAT
- C . DNAT
- D . SNAT
An NSX administrator created a Segment from the Simplified UI and wants to find the Replication Mode configured on the Segment.
Which NSX CLI command lists the Replication mode?
- A . get logical-switches
- B . get logical-switch <Logical-switch-UUID>
- C . get logical-switch <Local-Switch-UUID> status
- D . get logical-switch status
B
Explanation:
Reference: https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.3/nsx_63_cli.pdf
What is the most restrictive NSX-T built-in role which will allow a user to apply configuration changes on a NSX Edge?
- A . Network Operator
- B . Network Engineer
- C . Cloud Service Administrator
- D . NSX Administrator
B
Explanation:
Reference:
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.4/administration/GUID-26C44DE8-1854-4B06B6DA-A2FD426CDF44.html
What is the maximum supported ECMP paths in NSX-T 2.4 Data Center?
- A . 6
- B . 8
- C . 9
- D . 7
B
Explanation:
A maximum of eight ECMP paths are supported.
Reference: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.4/administration/GUID-443B6B0DF179-429E-83F3-E136038332E0.html
Refer to the exhibit.
An administrator Is trying to configure a medium load balancer in a production environment, but is getting the error message shown in the exhibit.
Which step must the administrator perform to remediate the problem?
- A . Reduce the size of the virtual pool.
- B . Restart the NSX Manager.
- C . Power-off the existing load balancer and change its size.
- D . Place the Tier-1 Gateway in a large edge cluster and redeploy the load balancer.
An NSX administrator has deployed an NSX Edge on a bare-metal server.
Which command registers the NSX Edge with the NSX Manager?
- A . join cluster <NSX-Cluster-IP> username root password <root-password> thumbprint <NSX Manager-thumbprint>
- B . join management-plane <nsx-manager-ip> username admin password <admin-password> thumbprint <nsx-manager-thumbprint>
- C . join policy-manager <nsx-manager-ip> username root password <root-password> thumbprint <nsxmanager-thumbprint>
- D . join management-cluster <NSX-Cluster-IP> username admin password <admin-password> thumbprint <NSX Manager-thumbprint>
B
Explanation:
Reference: http://virtualbrigade.com/register-nsx-t-edge/
An NSX administrator would like to export syslog events that capture messages related to NSX host preparation events.
Which message ID (msgid) should be used in the syslog export configuration command as a filter?
- A . SYSTEM
- B . FABRIC
- C . MONITORING
- D . GROUPING
What are three NSX Manager roles? (Choose three.)
- A . zookeeper
- B . manager
- C . policy
- D . controller
- E . cloud
- F . master
BCD
Explanation:
In NSX-T 2.4 the NSX-T Manager is a Converged Appliance where Policy, Management and Control Roles are available
Reference: http://www.cloudxtreme.info/nsx-t-manager-clustering/
Which network tool cloud an administrator use on an ESXi 6.7 host to capture packets when troubleshooting connectivity issues?
- A . Wireshark
- B . pktcap-uw
- C . net-stats
- D . tcpdump
B
Explanation:
If you do when troubleshooting connectivity issues on your Virtualization environment. This post will help you to capture Network traffic on ESXi host using pktcap-uw tool.
Reference: http://www.vmwarearena.com/how-to-capture-network-trafficpacket-on-esxi-hosts/
Which three hardware-based offloads provide maximum performance for physical network interface cards? (Choose three.)
- A . Netfilter Flow Offload (NFO)
- B . Priority Flow Control (PFC)
- C . Receive Side Scaling (RSS)
- D . TCP Segmentation Offload (TSO)
- E . Source Route Bridging (SRB)
- F . Large Receive Offload (LRO)
Which two commands could be used on an ESXI transport node to validate connectivity to the NSX Manager? (Choose two.)
- A . nsxcli –cmd get manager status
- B . esxcli network ip connection list I grep rabbitmq
- C . nsxcli –cmd get managers
- D . nsxcli –cmd get manager connectivity status
- E . esxcli network ip connection list I grep 5671
Which two statements describe the characteristics of the Services Router (SR) component of a Tier-0 Gateway? (Choose two.)
- A . Edge cluster is mandatory for SR to be created.
- B . SR can exist on both hypervisor transport nodes and Edge transport nodes.
- C . SR is automatically created when stateful services are enabled.
- D . Edge transport nodes are required for SR to be created.
- E . SR can be created from the NSX Advanced Networking & Security tab in the UI.
Which statement Is true regarding the audit user account? (Choose two.)
- A . The admin user must set the password for the audit account to log in to NSX Manager.
- B . The administrator must run the set audit user password <password> command.
- C . The audit user has read-write access to the NSX Manager.
- D . The audit user is disabled by default and must be enabled to log in to the NSX Manager.
- E . The administrator must run the set user audit password <password> command.
An NSX administrator is migrating vSphere port groups configured in vSphere to N-VDS.
What are two migration options? (Choose two.)
- A . Migrate vSphere port groups using the esxcli command line.
- B . Migrate vSphere port group through the NSX Manager API Calls.
- C . Migrate Networking from the vCenter Server.
- D . Migrate from the NSX Manager UI, go to Fabric -> Profile -> Uplink Profiles path.
- E . Migrate from the NSX Simplified UI> Click Transport Node > Configure NSX > PNIC OnlyMigration path.
What is the function of a domain in a NSX-T Data Center?
- A . defines the scope of transport zones
- B . defines the scope of security policies and groups
- C . defines the scope of physical networks
- D . defines the scope of transport nodes
D
Explanation:
Reference: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.4.0/rn/VMware-NSX-T-DataCenter-240-Release-Notes.html
Which port is used by a transport node to communicate with NSX Manager in NSX-T Data Center 2.4?
- A . 5671
- B . 1234
- C . 1235
- D . 5678
A
Explanation:
Reference: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.4/nsxt_24_install.pdf
Which three teaming policy modes are supported by NSX-T Data Center? (Choose three.)
- A . Destination MAC
- B . Failover Order
- C . Load Balanced Source
- D . Load Balanced Source IP
- E . Destination Port
- F . Load Balanced Source MAC
Which two logical router components span across all transport nodes? (Choose two.)
- A . SERVICE_ROUTER_TIER0
- B . DISTRIBUTED_ROUTER_TIER0
- C . SERVICE_ROUTER_TIER1
- D . DISTRIBUTED_ROUTER_TIER1
- E . TIER0_DISTRIBUTED_ROUTER
BD
Explanation:
Reference: https://theoverlays.com/2018/12/19/nsx-t-logical-routers/
What is VMware’s recommendation for the minimum MTU requirements when planning a NSX-T Data Center deployment?
- A . MTU should be set to 1550 or less across the data center network including inter-data center connections.
- B . MTU should be set to 1500 or less only on inter-data center connections.
- C . Configure Path MTU Discovery and rely on fragmentation.
- D . MTU should be set to 1600 or greater across the data center network including inter-data center connections.
An NSX administrator wants to create a Tier-0 Gateway to support equal cost multi-path (ECMP) routing.
Which failover detection protocol must be used to meet this requirement?
- A . Host Standby Router Protocol (HSRP)
- B . Beacon Probing (BP)
- C . Virtual Router Redundancy Protocol (VRRP)
- D . Bidirectional Forwarding Detection (BFD)
An NSX administrator is reviewing syslog and notices that Distributed Firewall Rules hit counts are not being logged.
What could cause this issue?
- A . Syslog Is not configured on the NSX Manager
- B . Distributed Firewall Rule Logging is not enabled
- C . Zero Trust Security Is not enabled
- D . Syslog is not configured on the ESXI transport node
A company is deploying a NSX-T Data Center micro-segmentation in their vSphere environment to allow simple 3-tier app forms through web, app, and database.
The naming convention will be:
• WKS-WEB-SRV-XXX
• WKY-APP-SRR-XXX
• WKI-DB-SRR-XXX
What is the optimal way to group them in order to enforce security policies from NSX-T Data Center?
- A . Use Edge as a firewall between tiers.
- B . Create an Ethernet based security policy.
- C . Do a service Insertion to accomplish the task.
- D . Group all by means of tags membership.
The NSX Control Plane is responsible for which two functions? (Choose two.)
- A . push stateless configurations to forwarding engines
- B . propagate topology information
- C . receive and validate configuration from NSX Policy
- D . host API services
- E . maintain packet-level statistics
The security administrator turns on logging for a firewall rule.
Where is the log stored on ESXi and KVM transport nodes?
- A . /var/log/vmware/nsx/fIrewall.log
- B . /var/log/fw.log
- C . /var/log/messages.log
- D . /var/log/dfwpktlogs.log
Which visual tool within the NSX User Interface should an administrator use to monitor hop-by-hop connectivity between two virtual machines or logical ports?
- A . IPFIX
- B . Port Connection
- C . Port Mirroring
- D . Port Status
B
Explanation:
Port connection tool C this tool is a visualization of connectivity between two container logical ports. As the topology is built, realized state data like machine information, logical port status, and tunnel health status, gets represented as hop by hop connectivity between various points in the path.
Reference: https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/nsx/vmwarecontainers-and-container-networking-whitepaper.pdf