Exam4Training

VMware 2V0-41.20 Professional VMware NSX-T Data Center Online Training

Question #1

Which three functions require a Services Router (SR) component on an Edge node? (Choose three.)

  • A . Service Insertion
  • B . Distributed Routing
  • C . Packet Forwarding
  • D . Gateway Firewall
  • E . Distributed Firewall
  • F . Virtual Private Network

Reveal Solution Hide Solution

Correct Answer: A,D,F
Question #2

What are two valid options when configuring the scope of a distributed firewall rule? (Choose two.)

  • A . Segment Port
  • B . Group
  • C . Segment
  • D . DFW
  • E . Tier-1 Gateway

Reveal Solution Hide Solution

Correct Answer: B,D
Question #3

A user is assigned these two roles in NSX Manager:

✑ LB Admin

✑ Network Engineer

What privileges does this user have in the system?

  • A . read permissions on all networking services and full access permissions on load balancing features
  • B . full access permissions on all networking services and full access permissions on load balancing features
  • C . full access permissions on all networking services and read permissions on load balancing features
  • D . read permissions on all networking services and read permissions on load balancing features

Reveal Solution Hide Solution

Correct Answer: B
Question #4

Which command is used to set the NSX Manager’s logging-level to debug mode for troubleshooting?

  • A . set service nsx-manager logging-level debug
  • B . set service nsx-manager log-level debug
  • C . set service manager log-level debug
  • D . set service manager logging-level debug

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

https://vdc-download.vmware.com/vmwb-repository/dcr-public/cc42e3c1-eb34-4567-a916-147e79798957/8264605c-a5e1-49a8-b603-cc78621eeeab/cli.html

Question #5

Refer to the exhibit.

Which NAT type must the NSX-T Data Center administrator create on the Tier-0 or Tier-1 Gateway to allow Web VM to initiate communication with public networks?

  • A . SNAT
  • B . Reverse NAT
  • C . DNAT
  • D . 1:1 NAT

Reveal Solution Hide Solution

Correct Answer: A
Question #6

An NSX administrator would like to configure syslog for a KVM transport node.

Which host log files could be exported to a remote syslog server?

  • A . /var/log/vmware/nsx-syslog
  • B . /var/log/cfgAgent.log
  • C . /var/log/nsx-audit.log
  • D . /var/log/cloudnet/nsx-ccp.log

Reveal Solution Hide Solution

Correct Answer: A
Question #7

Which two ports are used by a transport node to communicate with the management and control planes in NSX-T Data Center 3.0? (Choose two.)

  • A . 5685
  • B . 1235
  • C . 5671
  • D . 5678
  • E . 1234

Reveal Solution Hide Solution

Correct Answer: B,E
B,E

Explanation:

The NSX Manager management plane communicates with the transport nodes by using APH Server over NSX-RPC/TCP through port 1234. CCP communicates with the transport nodes by using APH Server over NSX-RPC/TCP through port 1235. Taken from NSX-T ICM 3.0 Lecture manual

Question #8

An NSX administrator is using ping to check connectivity between VM1 running on ESXi1 to VM2 running on ESXi2. The ping tests fails. The administrator knows the maximum transmission unit size on the physical switch is 1600.

Which command does the administrator use to check the VMware kernel ports for tunnel end point communication?

  • A . esxcli network diag ping -H <destination IP address>
  • B . vmkping ++netstack=geneve -d -s 1572 <destination IP address>
  • C . vmkping ++netstack=vxlan-d -s 1572 <destination IP address>
  • D . esxcli network diag ping -I vmk0 -H <destination IP address>

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

https://kb.vmware.com/s/article/1003728

Question #9

An NSX administrator noticed that the nsxcli command times out after 600 secs of idle time.

Which CLI command disables the nsxcli time out value on NSX Manager?

  • A . set cli-timeout 0
  • B . set cli-timeout enabled
  • C . set cli-timeout disabled
  • D . set cli-timeout 1

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

" https://vdc-download.vmware.com/vmwb-repository/dcr-public/cc42e3c1-eb34-4567-a916-147e79798957/8264605c-a5e1-49a8-b603-cc78621eeeab/cli.html#set%20cli-timeout%20%3Ctimeout%3E

https://www.virten.net/2020/06/quick-tip-remove-nsx-t-ssh-and-http-session-timeout/

Question #10

Which is correct when deploying a NSX Edge in a KVM only environment?

  • A . deploy NSX Edge VM with QCOW2 image
  • B . deploy NSX Edge VM with ISO image
  • C . deploy NSX Edge on a bare-metal server
  • D . deploy NSX Edge VM with OVF template

Reveal Solution Hide Solution

Correct Answer: C

Question #11

How does Traceflow tool identify issues in a network?

  • A . Compares intended network state in the control plane with Tunnel End Point (TEP) keepalives in the data plane.
  • B . Compares the management plane configuration states containing control plane traffic and error reporting from transport node agents.
  • C . Injects synthetic traffic into the data plane and observes the results in the control plane.
  • D . Injects ICMP traffic into the data plane and observes the results in the control plane.

Reveal Solution Hide Solution

Correct Answer: C
Question #12

What are the advantages of using a Tier-0 Gateway in ECMP mode? (Choose two.)

  • A . stateful services leveraged
  • B . Failover of services
  • C . traffic predictability
  • D . traffic load balancing
  • E . increased north/south bandwidth

Reveal Solution Hide Solution

Correct Answer: D,E
D,E

Explanation:

From ICM manual:

Equal-cost multipath (ECMP) routing has several features and functions:

• ECMP routing increases the north-south communication bandwidth by combining multiple uplinks.

• ECMP routing performs traffic load balancing.

• ECMP routing provides fault tolerance for failed paths.

• A maximum of eight ECMP paths are supported.

• Hashing is based on 2-tuple IP source and destination addresses.

• ECMP routing is only available on Tier-0 gateways.

Question #13

Which tool could be used to inspect the path of a packet in the data plane?

  • A . Port Connection
  • B . Port Mirroring Session
  • C . Netflow
  • D . Traceflow

Reveal Solution Hide Solution

Correct Answer: D
Question #14

Where are Distributed Firewall logs containing access decisions stored?

  • A . NSX API
  • B . NSX Edge
  • C . NSX Manager
  • D . Hypervisor transport node

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.logging.doc/GUID-6F9DC53E-222D-464B-8613-

AB2D517CE5E3.html

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/administration/GUID-

D57429A1-A0A9-42BE-A299-0C3C3546ABF3.html

Question #15

An NSX Administrator has created a segment named WEB-LS from the NSX UI and noticed the segment is not realized on the KVM Transport node.

What are two possible causes for this issue? (Choose two.)

  • A . The KVM Transport node has hardware issues and will not realize the WEB-LS Segment.
  • B . Since the Compute Manager is disconnected in NSX UI, the WEB-LS segment will not be realized on the KVM Transport Node.
  • C . The virtual machines running on the KVM Transport Node are connected to the WEB-LS segment, but are in Powered Off state.
  • D . The virtual machines running on the KVM Transport Node are not connected to the VDS.
  • E . The virtual machines running on the KVM Transport Node are not connected to the WEB-LS Segment.

Reveal Solution Hide Solution

Correct Answer: B,E
Question #16

A DevOps user has deployed a Kubernetes Pod in vSphere.

What does the term ClusterIP represent within NSX-T?

  • A . Deployment of T1 with NLB service.
  • B . Deployment of Distributed Router.
  • C . Deployment of Distributed Load Balancing service.
  • D . Deployment of T0 and T1

Reveal Solution Hide Solution

Correct Answer: C
Question #17

Which log is used to see a failed NSX-T installation of a VIB package on ESXi transport nodes?

  • A . /var/l og/hostd. log
  • B . /var/log/vmware/eam/eam.log
  • C . /var/log/esxupdate.log
  • D . /var/log/syslog.log

Reveal Solution Hide Solution

Correct Answer: D
Question #18

When a stateful service is enabled for the first time on a Tier-0 Gateway, what happens on the NSX Edge node?

  • A . SR and DR doesn’t need to be connected to provide any stateful services.
  • B . DR is instantiated and automatically connected with SR.
  • C . SR is instantiated and automatically connected with DR.
  • D . SR and DR is instantiated but requires manual connection.

Reveal Solution Hide Solution

Correct Answer: C
Question #19

A customer is preparing to deploy VMware Kubernetes on an NSX-T Data Center.

What is the minimum MTU size for the UPLINK profile?

  • A . 1500
  • B . 1650
  • C . 1550
  • D . 1600

Reveal Solution Hide Solution

Correct Answer: D
Question #20

Which three services are compatible with VRF Lite? (Choose three.)

  • A . VPN
  • B . Intrusion Detection
  • C . NAT
  • D . Load Balancer
  • E . DHCP

Reveal Solution Hide Solution

Correct Answer: B,C,E
B,C,E

Explanation:

VRF Lite is not compatible with the following services:

-VPN

-Load Balancer

Taken from NSX-T ICM 3.0 Lecture Manual.

Question #21

Which statement describes the VMware Virtual Cloud Network Vision?

  • A . Virtual Cloud Network connects and protects virtual machines running in KVM environments.
  • B . Virtual Cloud Network connects and protects virtual machines running in vSphere environments.
  • C . Virtual Cloud Network connects and protects applications, regardless of their physical locations.
  • D . Virtual Cloud Network connects and protects applications and data, regardless of their physical locations.

Reveal Solution Hide Solution

Correct Answer: D
Question #22

Which CLI command is used to start the NSX Manager virtual machine in the KVM environment?

  • A . virsh start <NSX-Manager-ID>
  • B . virsh poweron <nsx-manager-ID>
  • C . virsh start <NSX-Manager-Name>
  • D . virsh poweron <nsx-manager-name>

Reveal Solution Hide Solution

Correct Answer: C
Question #23

An NSX administrator is creating a NAT rule on a Tier-0 Gateway configured in active-standby high availability mode.

Which two NAT rule types are supported for this configuration? (Choose two.)

  • A . Port NAT
  • B . Source NAT
  • C . Destination NAT
  • D . 1:1 NAT
  • E . Reflexive NAT

Reveal Solution Hide Solution

Correct Answer: B,C
Question #24

Which two BGP configuration parameters can be configured in the VRF Lite gateways? (Choose two.)

  • A . Route Aggregation
  • B . Route Distribution
  • C . Graceful Restart
  • D . BGP Neighbors
  • E . Local AS

Reveal Solution Hide Solution

Correct Answer: A,D
A,D

Explanation:

The following parameters are inherited from the default Tier-0 gateway and cannot be modified at the VRF level:

• Local AS

• Graceful restart

• Graceful restart timer

• Graceful restart stale timer

• Multipath relax

Inter-SR iBGP is not supported in VRF gateways.

BGP can be enabled or disabled per VRF gateway.

Route aggregation and BGP neighbors are local configurations per VRF.

Question #25

Which three can an administrator define in a transport node profile? (Choose three.)

  • A . Logical Router
  • B . Segment Profile
  • C . Segment
  • D . Uplink Profile
  • E . VDS switch configuration
  • F . N-VDS switch configuration

Reveal Solution Hide Solution

Correct Answer: D,E,F
Question #26

Which two statements describe the characteristics of an Edge Cluster in NSX-T 3.0 Data Center? (Choose two.)

  • A . can have a maximum of 8 edge nodes
  • B . must have only active-active edge nodes
  • C . can have a maximum of 10 edge nodes
  • D . can contain multiple types of edge nodes (VM or bare metal)
  • E . must contain only one type of edge nodes (VM or bare metal)

Reveal Solution Hide Solution

Correct Answer: C,D
C,D

Explanation:

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/installation/GUID-14183A62-8E8D-43CC-92E0-E8D72E198D5A.html

Question #27

A customer has a network where BGP has been enabled and the BGP neighbor is configured on the Tier-0 Gateway.

A NSX-T Data Center administrator used the get logical-routers command to retrieve this information:

Which two commands must be executed to check BGP neighbor status? (Choose two.)

  • A . vrf 3
  • B . vrf 1
  • C . vrf 4
  • D . sa-nsxedge-01(tier1_sr)> get bgp neighbor
  • E . sa-nsxedge-01(tier0_sr)> get bgp neighbor
  • F . sa-nsxedge-01(tier0_dr)> get bgp neighbor

Reveal Solution Hide Solution

Correct Answer: A,E
Question #28

Which tool injects packets and provides various observation points along the packet’s path between two NSX-T managed objects?

  • A . SPAN mirrors
  • B . Port Mirroring
  • C . Traceflow
  • D . IPFIX

Reveal Solution Hide Solution

Correct Answer: C
C

Reference:

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=7&ved=2ahUKEwjw0duct_nmAhUJ1BoKHVrgACcQFjAGegQIBxAC&url=ftp%3A%2F%2Fftp.inwinstack.com%2FOther%2FAI-NSX-T%2FVMware%2FVMWare%2520NSX-T%2FDocuments%2Fnsxt_21_admin.pdf&usg=AOvVaw2DqQfqPkhzWQfiJP2SgNbO (213)

Question #29

Which three teaming policy modes are supported by NSX-T Data Center? (Choose three.)

  • A . Destination MAC
  • B . Load Balanced Source IP
  • C . Failover Order
  • D . Destination Port
  • E . Load Balanced Source MAC
  • F . Load Balanced Source

Reveal Solution Hide Solution

Correct Answer: C,E,F
Question #30

Which CLI command does an NSX administrator run on the NSX Manager to generate support bundle logs if the NSX UI is inaccessible?

  • A . get support-bundle file vcpnv.tgz
  • B . set support-bundle file vcpnv.tgz
  • C . vm-support
  • D . esxcli system syslog config logger set –id=nsxmanager

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

https://vdc-download.vmware.com/vmwb-repository/dcr-public/cc42e3c1-eb34-4567-a916-147e79798957/8264605c-a5e1-49a8-b603-cc78621eeeab/cli.html

Exit mobile version