Which three functions require a Services Router (SR) component on an Edge node? (Choose three.)
- A . Service Insertion
- B . Distributed Routing
- C . Packet Forwarding
- D . Gateway Firewall
- E . Distributed Firewall
- F . Virtual Private Network
What are two valid options when configuring the scope of a distributed firewall rule? (Choose two.)
- A . Segment Port
- B . Group
- C . Segment
- D . DFW
- E . Tier-1 Gateway
A user is assigned these two roles in NSX Manager:
✑ LB Admin
✑ Network Engineer
What privileges does this user have in the system?
- A . read permissions on all networking services and full access permissions on load balancing features
- B . full access permissions on all networking services and full access permissions on load balancing features
- C . full access permissions on all networking services and read permissions on load balancing features
- D . read permissions on all networking services and read permissions on load balancing features
Which command is used to set the NSX Manager’s logging-level to debug mode for troubleshooting?
- A . set service nsx-manager logging-level debug
- B . set service nsx-manager log-level debug
- C . set service manager log-level debug
- D . set service manager logging-level debug
D
Explanation:
https://vdc-download.vmware.com/vmwb-repository/dcr-public/cc42e3c1-eb34-4567-a916-147e79798957/8264605c-a5e1-49a8-b603-cc78621eeeab/cli.html
Refer to the exhibit.
Which NAT type must the NSX-T Data Center administrator create on the Tier-0 or Tier-1 Gateway to allow Web VM to initiate communication with public networks?
- A . SNAT
- B . Reverse NAT
- C . DNAT
- D . 1:1 NAT
An NSX administrator would like to configure syslog for a KVM transport node.
Which host log files could be exported to a remote syslog server?
- A . /var/log/vmware/nsx-syslog
- B . /var/log/cfgAgent.log
- C . /var/log/nsx-audit.log
- D . /var/log/cloudnet/nsx-ccp.log
Which two ports are used by a transport node to communicate with the management and control planes in NSX-T Data Center 3.0? (Choose two.)
- A . 5685
- B . 1235
- C . 5671
- D . 5678
- E . 1234
B,E
Explanation:
The NSX Manager management plane communicates with the transport nodes by using APH Server over NSX-RPC/TCP through port 1234. CCP communicates with the transport nodes by using APH Server over NSX-RPC/TCP through port 1235. Taken from NSX-T ICM 3.0 Lecture manual
An NSX administrator is using ping to check connectivity between VM1 running on ESXi1 to VM2 running on ESXi2. The ping tests fails. The administrator knows the maximum transmission unit size on the physical switch is 1600.
Which command does the administrator use to check the VMware kernel ports for tunnel end point communication?
- A . esxcli network diag ping -H <destination IP address>
- B . vmkping ++netstack=geneve -d -s 1572 <destination IP address>
- C . vmkping ++netstack=vxlan-d -s 1572 <destination IP address>
- D . esxcli network diag ping -I vmk0 -H <destination IP address>
C
Explanation:
https://kb.vmware.com/s/article/1003728
An NSX administrator noticed that the nsxcli command times out after 600 secs of idle time.
Which CLI command disables the nsxcli time out value on NSX Manager?
- A . set cli-timeout 0
- B . set cli-timeout enabled
- C . set cli-timeout disabled
- D . set cli-timeout 1
A
Explanation:
" https://vdc-download.vmware.com/vmwb-repository/dcr-public/cc42e3c1-eb34-4567-a916-147e79798957/8264605c-a5e1-49a8-b603-cc78621eeeab/cli.html#set%20cli-timeout%20%3Ctimeout%3E
https://www.virten.net/2020/06/quick-tip-remove-nsx-t-ssh-and-http-session-timeout/
Which is correct when deploying a NSX Edge in a KVM only environment?
- A . deploy NSX Edge VM with QCOW2 image
- B . deploy NSX Edge VM with ISO image
- C . deploy NSX Edge on a bare-metal server
- D . deploy NSX Edge VM with OVF template
How does Traceflow tool identify issues in a network?
- A . Compares intended network state in the control plane with Tunnel End Point (TEP) keepalives in the data plane.
- B . Compares the management plane configuration states containing control plane traffic and error reporting from transport node agents.
- C . Injects synthetic traffic into the data plane and observes the results in the control plane.
- D . Injects ICMP traffic into the data plane and observes the results in the control plane.
What are the advantages of using a Tier-0 Gateway in ECMP mode? (Choose two.)
- A . stateful services leveraged
- B . Failover of services
- C . traffic predictability
- D . traffic load balancing
- E . increased north/south bandwidth
D,E
Explanation:
From ICM manual:
Equal-cost multipath (ECMP) routing has several features and functions:
• ECMP routing increases the north-south communication bandwidth by combining multiple uplinks.
• ECMP routing performs traffic load balancing.
• ECMP routing provides fault tolerance for failed paths.
• A maximum of eight ECMP paths are supported.
• Hashing is based on 2-tuple IP source and destination addresses.
• ECMP routing is only available on Tier-0 gateways.
Which tool could be used to inspect the path of a packet in the data plane?
- A . Port Connection
- B . Port Mirroring Session
- C . Netflow
- D . Traceflow
Where are Distributed Firewall logs containing access decisions stored?
- A . NSX API
- B . NSX Edge
- C . NSX Manager
- D . Hypervisor transport node
D
Explanation:
https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.logging.doc/GUID-6F9DC53E-222D-464B-8613-
AB2D517CE5E3.html
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/administration/GUID-
D57429A1-A0A9-42BE-A299-0C3C3546ABF3.html
An NSX Administrator has created a segment named WEB-LS from the NSX UI and noticed the segment is not realized on the KVM Transport node.
What are two possible causes for this issue? (Choose two.)
- A . The KVM Transport node has hardware issues and will not realize the WEB-LS Segment.
- B . Since the Compute Manager is disconnected in NSX UI, the WEB-LS segment will not be realized on the KVM Transport Node.
- C . The virtual machines running on the KVM Transport Node are connected to the WEB-LS segment, but are in Powered Off state.
- D . The virtual machines running on the KVM Transport Node are not connected to the VDS.
- E . The virtual machines running on the KVM Transport Node are not connected to the WEB-LS Segment.
A DevOps user has deployed a Kubernetes Pod in vSphere.
What does the term ClusterIP represent within NSX-T?
- A . Deployment of T1 with NLB service.
- B . Deployment of Distributed Router.
- C . Deployment of Distributed Load Balancing service.
- D . Deployment of T0 and T1
Which log is used to see a failed NSX-T installation of a VIB package on ESXi transport nodes?
- A . /var/l og/hostd. log
- B . /var/log/vmware/eam/eam.log
- C . /var/log/esxupdate.log
- D . /var/log/syslog.log
When a stateful service is enabled for the first time on a Tier-0 Gateway, what happens on the NSX Edge node?
- A . SR and DR doesn’t need to be connected to provide any stateful services.
- B . DR is instantiated and automatically connected with SR.
- C . SR is instantiated and automatically connected with DR.
- D . SR and DR is instantiated but requires manual connection.
A customer is preparing to deploy VMware Kubernetes on an NSX-T Data Center.
What is the minimum MTU size for the UPLINK profile?
- A . 1500
- B . 1650
- C . 1550
- D . 1600
Which three services are compatible with VRF Lite? (Choose three.)
- A . VPN
- B . Intrusion Detection
- C . NAT
- D . Load Balancer
- E . DHCP
B,C,E
Explanation:
VRF Lite is not compatible with the following services:
-VPN
-Load Balancer
Taken from NSX-T ICM 3.0 Lecture Manual.
Which statement describes the VMware Virtual Cloud Network Vision?
- A . Virtual Cloud Network connects and protects virtual machines running in KVM environments.
- B . Virtual Cloud Network connects and protects virtual machines running in vSphere environments.
- C . Virtual Cloud Network connects and protects applications, regardless of their physical locations.
- D . Virtual Cloud Network connects and protects applications and data, regardless of their physical locations.
Which CLI command is used to start the NSX Manager virtual machine in the KVM environment?
- A . virsh start <NSX-Manager-ID>
- B . virsh poweron <nsx-manager-ID>
- C . virsh start <NSX-Manager-Name>
- D . virsh poweron <nsx-manager-name>
An NSX administrator is creating a NAT rule on a Tier-0 Gateway configured in active-standby high availability mode.
Which two NAT rule types are supported for this configuration? (Choose two.)
- A . Port NAT
- B . Source NAT
- C . Destination NAT
- D . 1:1 NAT
- E . Reflexive NAT
Which two BGP configuration parameters can be configured in the VRF Lite gateways? (Choose two.)
- A . Route Aggregation
- B . Route Distribution
- C . Graceful Restart
- D . BGP Neighbors
- E . Local AS
A,D
Explanation:
The following parameters are inherited from the default Tier-0 gateway and cannot be modified at the VRF level:
• Local AS
• Graceful restart
• Graceful restart timer
• Graceful restart stale timer
• Multipath relax
Inter-SR iBGP is not supported in VRF gateways.
BGP can be enabled or disabled per VRF gateway.
Route aggregation and BGP neighbors are local configurations per VRF.
Which three can an administrator define in a transport node profile? (Choose three.)
- A . Logical Router
- B . Segment Profile
- C . Segment
- D . Uplink Profile
- E . VDS switch configuration
- F . N-VDS switch configuration
Which two statements describe the characteristics of an Edge Cluster in NSX-T 3.0 Data Center? (Choose two.)
- A . can have a maximum of 8 edge nodes
- B . must have only active-active edge nodes
- C . can have a maximum of 10 edge nodes
- D . can contain multiple types of edge nodes (VM or bare metal)
- E . must contain only one type of edge nodes (VM or bare metal)
C,D
Explanation:
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/installation/GUID-14183A62-8E8D-43CC-92E0-E8D72E198D5A.html
A customer has a network where BGP has been enabled and the BGP neighbor is configured on the Tier-0 Gateway.
A NSX-T Data Center administrator used the get logical-routers command to retrieve this information:
Which two commands must be executed to check BGP neighbor status? (Choose two.)
- A . vrf 3
- B . vrf 1
- C . vrf 4
- D . sa-nsxedge-01(tier1_sr)> get bgp neighbor
- E . sa-nsxedge-01(tier0_sr)> get bgp neighbor
- F . sa-nsxedge-01(tier0_dr)> get bgp neighbor
Which tool injects packets and provides various observation points along the packet’s path between two NSX-T managed objects?
- A . SPAN mirrors
- B . Port Mirroring
- C . Traceflow
- D . IPFIX
C
Reference:
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=7&ved=2ahUKEwjw0duct_nmAhUJ1BoKHVrgACcQFjAGegQIBxAC&url=ftp%3A%2F%2Fftp.inwinstack.com%2FOther%2FAI-NSX-T%2FVMware%2FVMWare%2520NSX-T%2FDocuments%2Fnsxt_21_admin.pdf&usg=AOvVaw2DqQfqPkhzWQfiJP2SgNbO (213)
Which three teaming policy modes are supported by NSX-T Data Center? (Choose three.)
- A . Destination MAC
- B . Load Balanced Source IP
- C . Failover Order
- D . Destination Port
- E . Load Balanced Source MAC
- F . Load Balanced Source
Which CLI command does an NSX administrator run on the NSX Manager to generate support bundle logs if the NSX UI is inaccessible?
- A . get support-bundle file vcpnv.tgz
- B . set support-bundle file vcpnv.tgz
- C . vm-support
- D . esxcli system syslog config logger set –id=nsxmanager
A
Explanation:
https://vdc-download.vmware.com/vmwb-repository/dcr-public/cc42e3c1-eb34-4567-a916-147e79798957/8264605c-a5e1-49a8-b603-cc78621eeeab/cli.html