ExamGecko
Search Search Login
Home Home / VMware / 2V0-41.23

VMware 2V0-41.23 Practice Test - Questions Answers, Page 10

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which two are requirements for FQDN Analysis? (Choose two.)
Which three of the following describe the Border Gateway Routing Protocol (BGP) configuration on a Tier-0 Gateway? (Choose three.)
An NSX administrator wants to create a Tler-0 Gateway to support equal cost multi-path (ECMP) routing. Which failover detection protocol must be used to meet this requirement?
An NSX administrator Is treating a NAT rule on a Tler-0 Gateway configured In active-standby high availability mode. Which two NAT rule types are supported for this configuration? (Choose two.)
Which TraceFlow traffic type should an NSX administrator use tor validating connectivity between App and DB virtual machines that reside on different segments?
Which CLI command would an administrator use to allow syslog on an ESXi transport node when using the esxcli utility?
An administrator has connected two virtual machines on the same overlay segment. Ping between both virtual machines is successful. What type of network boundary does this represent?
Which three DHCP Services are supported by NSX? (Choose three.)
A company Is deploying NSX micro-segmentation in their vSphere environment to secure a simple application composed of web. app, and database tiers. The naming convention will be: * WKS-WEB-SRV-XXX * WKY-APP-SRR-XXX * WKI-DB-SRR-XXX What is the optimal way to group them to enforce security policies from NSX?
Which two statements describe the characteristics of an Edge Cluster in NSX? (Choose two.)

Question 91

Report
Export
Collapse

Which two of the following will be used for Ingress traffic on the Edge node supporting a Single Tier topology? (Choose two.)

A.
Inter-Tier interface on the Tier-0 gateway
A.
Inter-Tier interface on the Tier-0 gateway
Answers
B.
Tier-0 Uplink interface
B.
Tier-0 Uplink interface
Answers
C.
Downlink Interface for the Tier-0 DR
C.
Downlink Interface for the Tier-0 DR
Answers
D.
Tier-1 SR Router Port
D.
Tier-1 SR Router Port
Answers
E.
Downlink Interface for the Tier-1 DR
E.
Downlink Interface for the Tier-1 DR
Answers
Suggested answer: B, C

Explanation:

The two interfaces that will be used for ingress traffic on the Edge node supporting a Single Tier topology are:

B) Tier-0 Uplink interface

C) Downlink Interface for the Tier-0 DR

The Tier-0 Uplink interface is the interface that connects the Tier-0 gateway to the external network. It is used to receive traffic from the physical router or switch that is the next hop for the Tier-0 gateway. The Tier-0 Uplink interface can be configured with a static IP address or use BGP to exchange routes with the external network.

The Downlink Interface for the Tier-0 DR is the interface that connects the Tier-0 gateway to the workload segments. It is used to receive traffic from the VMs or containers that are attached to the segments. The Downlink Interface for the Tier-0 DR is a logical interface (LIF) that is distributed across all transport nodes that host the segments. The Downlink Interface for the Tier-0 DR has an IP address that acts as the default gateway for the VMs or containers on the segments.

Question 92

Report
Export
Collapse

Which Is the only supported mode In NSX Global Manager when using Federation?

A.
Controller
A.
Controller
Answers
B.
Policy
B.
Policy
Answers
C.
Proxy
C.
Proxy
Answers
D.
Proton
D.
Proton
Answers
Suggested answer: B

Explanation:

NSX Global Manager is a feature of NSX that allows managing multiple NSX domains across different sites or clouds from a single pane of glass. NSX Global Manager supports Federation, which is a capability that enables synchronizing configuration and policy across multiple NSX domains. Federation has many benefits such as simplifying operations, improving resiliency, and enabling disaster recovery.

The only supported mode in NSX Global Manager when using Federation is Policy mode. Policy mode means that NSX Global Manager acts as a policy manager that defines and distributes global policies to local NSX managers in different domains. Policy mode also allows local NSX managers to have their own local policies that can override or merge with global policies.

https://docs.vmware.com/en/VMware-NSX/4.0/administration/GUID-29998FC5-C1AB-40BC-B669-6E8E9937F345.html

Question 93

Report
Export
Collapse

HOTSPOT

Refer to the exhibit.

An administrator configured NSX Advanced Load Balancer to load balance the production web server traffic, but the end users are unable to access the production website by using the VIP address.

Which of the following Tier-1 gateway route advertisement settings needs to be enabled to resolve the problem? Mark the correct answer by clicking on the image.



Question 93
Correct answer: Question 93

Question 94

Report
Export
Collapse

HOTSPOT

Refer to the exhibit.

Which two items must be configured to enable OSPF for the Tler-0 Gateway in the Image? Mark your answers by clicking twice on the image.


Question 94
Correct answer: Question 94

Question 95

Report
Export
Collapse

The security administrator turns on logging for a firewall rule.

Where is the log stored on an ESXi transport node?

A.
/var/log/vmware/nsx/firewall.log
A.
/var/log/vmware/nsx/firewall.log
Answers
B.
/var/log/messages.log
B.
/var/log/messages.log
Answers
C.
/var/log/dfwpktlogs.log
C.
/var/log/dfwpktlogs.log
Answers
D.
/var/log/fw.log
D.
/var/log/fw.log
Answers
Suggested answer: C

Explanation:

The log for a firewall rule on an ESXi transport node is stored in the /var/log/dfwpktlogs.log file. This file contains information about the packets that match or do not match the firewall rules, such as the source and destination IP addresses, ports, protocols, actions, and rule IDs. The log file can be viewed using the esxcli network firewall get command or the vSphere Client.

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-D57429A1-A0A9-42BE-A299-0C3C3546ABF3.html

Question 96

Report
Export
Collapse

An architect receives a request to apply distributed firewall in a customer environment without making changes to the network and vSphere environment. The architect decides to use Distributed Firewall on VDS.

Which two of the following requirements must be met in the environment? (Choose two.)

A.
vCenter 8.0 and later
A.
vCenter 8.0 and later
Answers
B.
NSX version must be 3.2 and later
B.
NSX version must be 3.2 and later
Answers
C.
NSX version must be 3.0 and later
C.
NSX version must be 3.0 and later
Answers
D.
VDS version 6.6.0 and later
D.
VDS version 6.6.0 and later
Answers
Suggested answer: B, D

Explanation:

Distributed Firewall on VDS is a feature of NSX-T Data Center that allows users to install Distributed Security for vSphere Distributed Switch (VDS) without the need to deploy an NSX Virtual Distributed Switch (N-VDS). This feature provides NSX security capabilities such as Distributed Firewall (DFW), Distributed IDS/IPS, Identity Firewall, L7 App ID, FQDN Filtering, NSX Intelligence, and NSX Malware Prevention. To enable this feature, the following requirements must be met in the environment:

The NSX version must be3.2 and later1. This is the minimum version that supports Distributed Security for VDS.

The VDS version must be6.6.0 and later1. This is the minimum version that supports the NSX host preparation operation that activates the DFW with the default rule set to allow.

References:

Overview of NSX IDS/IPS and NSX Malware Prevention

Question 97

Report
Export
Collapse

Which command is used to display the network configuration of the Tunnel Endpoint (TEP) IP on a bare metal transport node?

A.
tepconfig
A.
tepconfig
Answers
B.
ifconfig
B.
ifconfig
Answers
C.
tcpdump
C.
tcpdump
Answers
D.
debug
D.
debug
Answers
Suggested answer: B

Explanation:

The commandifconfigis used to display the network configuration of the Tunnel Endpoint (TEP) IP on a bare metal transport node2. The TEP IP is assigned to a network interface on the bare metal server that is used for overlay traffic. Theifconfigcommand can show the IP address, netmask, broadcast address, and other information of the network interface. For example, the following command shows the network configuration of the TEP IP on a bare metal transport node with interface name ens192:

ifconfig ens192

The output of the command would look something like this:

ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.10.10.10 netmask 255.255.255.0 broadcast 10.10.10.255 inet6 fe80::250:56ff:fe9a:1b8c prefixlen 64 scopeid 0x20<link> ether 00:50:56:9a:1b:8c txqueuelen 1000 (Ethernet) RX packets 123456 bytes 123456789 (123.4 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 234567 bytes 234567890 (234.5 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

The TEP IP in this example is10.10.10.10.

References:

IBM Cloud Docs

Question 98

Report
Export
Collapse

An NSX administrator would like to create an L2 segment with the following requirements:

* L2 domain should not exist on the physical switches.

* East/West communication must be maximized as much as possible.

Which type of segment must the administrator choose?

A.
VLAN
A.
VLAN
Answers
B.
Overlay
B.
Overlay
Answers
C.
Bridge
C.
Bridge
Answers
D.
Hybrid
D.
Hybrid
Answers
Suggested answer: B

Explanation:

An overlay segment is a layer 2 broadcast domain that is implemented as a logical construct in the NSX-T Data Center software. Overlay segments do not require any configuration on the physical switches, and they allow for optimal east/west communication between workloads on different ESXi hosts. Overlay segments use the Geneve protocol to encapsulate and decapsulate traffic between the hosts. Overlay segments are created and managed by the NSX Manager.

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-316E5027-E588-455C-88AD-A7DA930A4F0B.html

Question 99

Report
Export
Collapse

Which table on an ESXi host is used to determine the location of a particular workload for a frame-forwarding decision?

A.
TEP Table
A.
TEP Table
Answers
B.
MAC Table
B.
MAC Table
Answers
C.
ARP Table
C.
ARP Table
Answers
D.
Routing Table
D.
Routing Table
Answers
Suggested answer: B

Explanation:

The MAC table on an ESXi host is used to determine the location of a particular workload for a frame-forwarding decision. The MAC table maps the MAC addresses of the workloads to their corresponding tunnel endpoint (TEP) IP addresses. The TEP IP address identifies the ESXi host where the workload resides. The MAC table is populated by learning the source MAC addresses of the incoming frames from the workloads. The MAC table is also synchronized with other ESXi hosts in the same transport zone by using the NSX Controller.

https://nsx.techzone.vmware.com/resource/nsx-reference-design-guide

Question 100

Report
Export
Collapse

An NSX administrator is using ping to check connectivity between VM1 running on ESXi1 to VM2 running on ESXi2. The ping tests fails. The administrator knows the maximum transmission unit size on the physical switch is 1600.

Which command does the administrator use to check the VMware kernel ports for tunnel end point communication?

A.
esxcli network diag ping -I vmk0O -H <destination IP address>
A.
esxcli network diag ping -I vmk0O -H <destination IP address>
Answers
B.
vmkping ++netstack=geneve -d -s 1572 <destination IP address>
B.
vmkping ++netstack=geneve -d -s 1572 <destination IP address>
Answers
C.
esxcli network diag ping -H <destination IP address>
C.
esxcli network diag ping -H <destination IP address>
Answers
D.
vmkping ++netstack=vxlan -d -s 1572 <destination IP address>
D.
vmkping ++netstack=vxlan -d -s 1572 <destination IP address>
Answers
Suggested answer: B

Explanation:

The commandvmkping ++netstack=geneve -d -s 1572 <destination IP address>is used to check the VMware kernel ports for tunnel end point communication. This command uses the geneve netstack, which is the default netstack for NSX-T. The-doption sets the DF (Don't Fragment) bit in the IP header, which prevents the packet from being fragmented by intermediate routers. The-s 1572option sets the packet size to 1572 bytes, which is the maximum payload size for a geneve encapsulated packet with an MTU of 1600 bytes. The<destination IP address>is the IP address of the remote ESXi host or VM.References: : VMware NSX-T Data Center Installation Guide, page 19. : VMware Knowledge Base: Testing MTU with the vmkping command (1003728). : VMware NSX-T Data Center Administration Guide, page 102.

Total 107 questions
Go to page: of 11
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms