ExamGecko
Search Search Login
Home Home / VMware / 2V0-41.23

VMware 2V0-41.23 Practice Test - Questions Answers, Page 4

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which three of the following describe the Border Gateway Routing Protocol (BGP) configuration on a Tier-0 Gateway? (Choose three.)
Which two are requirements for FQDN Analysis? (Choose two.)
Which TraceFlow traffic type should an NSX administrator use tor validating connectivity between App and DB virtual machines that reside on different segments?
An NSX administrator wants to create a Tler-0 Gateway to support equal cost multi-path (ECMP) routing. Which failover detection protocol must be used to meet this requirement?
An NSX administrator Is treating a NAT rule on a Tler-0 Gateway configured In active-standby high availability mode. Which two NAT rule types are supported for this configuration? (Choose two.)
Which two statements describe the characteristics of an Edge Cluster in NSX? (Choose two.)
Which CLI command would an administrator use to allow syslog on an ESXi transport node when using the esxcli utility?
An administrator has connected two virtual machines on the same overlay segment. Ping between both virtual machines is successful. What type of network boundary does this represent?
Which three DHCP Services are supported by NSX? (Choose three.)
Which two are supported by L2 VPN clients? (Choose two.)

Question 31

Report
Export
Collapse

Which three data collection sources are used by NSX Network Detection and Response to create correlations/Intrusion campaigns? (Choose three.)

A.
Files and anti-malware (lie events from the NSX Edge nodes and the Security Analyzer
A.
Files and anti-malware (lie events from the NSX Edge nodes and the Security Analyzer
Answers
B.
East-West anti-malware events from the ESXi hosts
B.
East-West anti-malware events from the ESXi hosts
Answers
C.
Distributed Firewall flow data from the ESXi hosts
C.
Distributed Firewall flow data from the ESXi hosts
Answers
D.
IDS/IPS events from the ESXi hosts and NSX Edge nodes
D.
IDS/IPS events from the ESXi hosts and NSX Edge nodes
Answers
E.
Suspicious Traffic Detection events from NSX Intelligence
E.
Suspicious Traffic Detection events from NSX Intelligence
Answers
Suggested answer: A, D, E

Explanation:

The correct answers are A. Files and anti-malware (file) events from the NSX Edge nodes and the Security Analyzer, D. IDS/IPS events from the ESXi hosts and NSX Edge nodes, and E. Suspicious Traffic Detection events from NSX Intelligence.According to the VMware NSX Documentation3, these are the three data collection sources that are used by NSX Network Detection and Response to create correlations/intrusion campaigns.

The other options are incorrect or not supported by NSX Network Detection and Response.East-West anti-malware events from the ESXi hosts are not collected by NSX Network Detection and Response3.Distributed Firewall flow data from the ESXi hosts are not used for correlation/intrusion campaigns by NSX Network Detection and Response3.

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-14BBE50D-9931-4719-8FA7-884539C0D277.html

Question 32

Report
Export
Collapse

Which VMware GUI tool is used to identify problems in a physical network?

A.
VMware Aria Automation
A.
VMware Aria Automation
Answers
B.
VMware Aria Orchestrator
B.
VMware Aria Orchestrator
Answers
C.
VMware Site Recovery Manager
C.
VMware Site Recovery Manager
Answers
D.
VMware Aria Operations Networks
D.
VMware Aria Operations Networks
Answers
Suggested answer: D

Explanation:

According to the web search results, VMware Aria Operations Networks (formerly vRealize Network Insight) is a network monitoring tool that can help monitor, discover and analyze networks and applications across clouds1.It can also provide enhanced troubleshooting and visibility for physical and virtual networks2.

The other options are either incorrect or not relevant for identifying problems in a physical network. VMware Aria Automation is a cloud automation platform that can help automate the delivery of IT services. VMware Aria Orchestrator is a cloud orchestration tool that can help automate workflows and integrate with other systems. VMware Site Recovery Manager is a disaster recovery solution that can help protect and recover virtual machines from site failures.

Question 33

Report
Export
Collapse

An NSX administrator has deployed a single NSX Manager node and will be adding two additional nodes to form a 3-node NSX Management Cluster for a production environment. The administrator will deploy these two additional nodes and Cluster VIP using the NSX UI.

What two are the prerequisites for this configuration? (Choose two.)

A.
All nodes must be in separate subnets.
A.
All nodes must be in separate subnets.
Answers
B.
The cluster configuration must be completed using API.
B.
The cluster configuration must be completed using API.
Answers
C.
NSX Manager must reside on a Windows Server.
C.
NSX Manager must reside on a Windows Server.
Answers
D.
All nodes must be in the same subnet.
D.
All nodes must be in the same subnet.
Answers
E.
A compute manager must be configured.
E.
A compute manager must be configured.
Answers
Suggested answer: D, E

Explanation:

According to the VMware NSX Documentation, these are the prerequisites for adding nodes to an NSX Management Cluster using the NSX UI:

All nodes must be in the same subnet and have IP connectivity with each other.

A compute manager must be configured and associated with the NSX Manager node.

The NSX Manager node must have a valid license.

The NSX Manager node must have a valid certificate.

Question 34

Report
Export
Collapse

Which two choices are use cases for Distributed Intrusion Detection? (Choose two.)

A.
Use agentless antivirus with Guest Introspection.
A.
Use agentless antivirus with Guest Introspection.
Answers
B.
Quarantine workloads based on vulnerabilities.
B.
Quarantine workloads based on vulnerabilities.
Answers
C.
Identify risk and reputation of accessed websites.
C.
Identify risk and reputation of accessed websites.
Answers
D.
Gain Insight about micro-segmentation traffic flows.
D.
Gain Insight about micro-segmentation traffic flows.
Answers
E.
Identify security vulnerabilities in the workloads.
E.
Identify security vulnerabilities in the workloads.
Answers
Suggested answer: B, E

Explanation:

According to the VMware NSX Documentation, these are two of the use cases for Distributed Intrusion Detection, which is a feature of NSX Network Detection and Response:

Quarantine workloads based on vulnerabilities: You can use Distributed Intrusion Detection to detect vulnerabilities in your workloads and apply quarantine actions to isolate them from the network until they are remediated.

Identify security vulnerabilities in the workloads: You can use Distributed Intrusion Detection to scan your workloads for known vulnerabilities and generate reports that show the severity, impact, and remediation steps for each vulnerability.

Question 35

Report
Export
Collapse

When configuring OSPF on a Tler-0 Gateway, which three of the following must match in order to establish a neighbor relationship with an upstream router? (Choose three.)

A.
Naming convention
A.
Naming convention
Answers
B.
MTU of the Uplink
B.
MTU of the Uplink
Answers
C.
Subnet mask
C.
Subnet mask
Answers
D.
Address of the neighbor
D.
Address of the neighbor
Answers
E.
Protocol and Port
E.
Protocol and Port
Answers
F.
Area ID
F.
Area ID
Answers
Suggested answer: B, C, F

Explanation:

according to the VMware NSX Documentation, these are the three parameters that must match in order to establish an OSPF neighbor relationship with an upstream router on a tier-0 gateway:

MTU of the Uplink: The maximum transmission unit (MTU) of the uplink interface must match the MTU of the upstream router interface. Otherwise, OSPF packets may be fragmented or dropped, causing neighbor adjacency issues.

Subnet mask: The subnet mask of the uplink interface must match the subnet mask of the upstream router interface. Otherwise, OSPF packets may not reach the correct destination or be rejected by the upstream router.

Area ID: The area ID of the uplink interface must match the area ID of the upstream router interface. Otherwise, OSPF packets may be ignored or discarded by the upstream router.

https://www.computernetworkingnotes.com/ccna-study-guide/ospf-neighborship-condition-and-requirement.html

Question 36

Report
Export
Collapse

Which two of the following features are supported for the Standard NSX Application Platform Deployment? (Choose two.)

A.
NSX Intrusion Detection and Prevention
A.
NSX Intrusion Detection and Prevention
Answers
B.
NSX Intelligence
B.
NSX Intelligence
Answers
C.
NSX Network Detection and Response
C.
NSX Network Detection and Response
Answers
D.
NSX Malware Prevention Metrics
D.
NSX Malware Prevention Metrics
Answers
E.
NSX Intrinsic Security
E.
NSX Intrinsic Security
Answers
Suggested answer: C, D

Explanation:

The NSX Application Platform Deployment features are divided into three form factors: Evaluation, Standard, and Advanced.Each form factor determines which NSX features can be activated or installed on the platform1.The Evaluation form factor supports only NSX Intelligence, which provides network visibility and analytics for NSX-T environments2.The Standard form factor supports both NSX Intelligence and NSX Network Detection and Response, which provides network threat detection and response capabilities for NSX-T environments3.The Advanced form factor supports all four features: NSX Intelligence, NSX Network Detection and Response, NSX Malware Prevention, and NSX Metrics1.

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/nsx-application-platform/GUID-85CD2728-8081-45CE-9A4A-D72F49779D6A.html

Question 37

Report
Export
Collapse

What needs to be configured on a Tler-0 Gateway lo make NSX Edge Services available to a VM on a VLAN-backed logical switch?

A.
Downlink Interface
A.
Downlink Interface
Answers
B.
VLAN Uplink
B.
VLAN Uplink
Answers
C.
Loopback Router Port
C.
Loopback Router Port
Answers
D.
Service Interface
D.
Service Interface
Answers
Suggested answer: D

Explanation:

The service interface is a special-purpose port to enable services for mainly VLAN-based networks. North-south service insertion is another use case that requires a service interface to connect a partner appliance and redirect north-south traffic for partner services. Service interfaces are supported on both active-standby Tier-0 logical routers and Tier-1 routers. Firewall, NAT, and VPNs are supported on this interface. The service interface is also a downlink

Question 38

Report
Export
Collapse

Which troubleshooting step will resolve an error with code 1001 during the configuration of a time-based firewall rule?

A.
Reinstalling the NSX VIBs on the ESXi host.
A.
Reinstalling the NSX VIBs on the ESXi host.
Answers
B.
Restarting the NTPservice on the ESXi host.
B.
Restarting the NTPservice on the ESXi host.
Answers
C.
Changing the lime zone on the ESXi host.
C.
Changing the lime zone on the ESXi host.
Answers
D.
Reconfiguring the ESXI host with a local NTP server.
D.
Reconfiguring the ESXI host with a local NTP server.
Answers
Suggested answer: B

Explanation:

According to the web search results, error code 1001 is related to a time synchronization issue between the ESXi host and the NSX Manager. This can cause problems when configuring a time-based firewall rule, which requires the ESXi host and the NSX Manager to have the same time zone and NTP server settings . To resolve this error, you need to restart the NTP service on the ESXi host to synchronize the time with the NSX Manager. You can use the following command to restart the NTP service on the ESXi host:

/etc/init.d/ntpd restart

The other options are not valid solutions for this error. Reinstalling the NSX VIBs on the ESXi host will not fix the time synchronization issue. Changing the time zone on the ESXi host may cause more discrepancies with the NSX Manager. Reconfiguring the ESXi host with a local NTP server may not be compatible with the NSX Manager's NTP server.

Question 39

Report
Export
Collapse

NSX improves the security of today's modern workloads by preventing lateral movement, which feature of NSX can be used to achieve this?

A.
Network Segmentation
A.
Network Segmentation
Answers
B.
Virtual Security Zones
B.
Virtual Security Zones
Answers
C.
Edge Firewalling
C.
Edge Firewalling
Answers
D.
Dynamic Routing
D.
Dynamic Routing
Answers
Suggested answer: A

Explanation:

According to the web search results, network segmentation is a feature of NSX that improves the security of today's modern workloads by preventing lateral movement. Lateral movement is a technique used by attackers to move from one compromised system to another within a network, exploiting vulnerabilities or credentials . Network segmentation prevents lateral movement by dividing a network into smaller segments or zones, each with its own security policies and controls. This way, if one segment is compromised, the attacker cannot access other segments or resources . NSX enables network segmentation by using micro-segmentation, which applies granular firewall rules at the virtual machine level, regardless of the physical network topology .

Question 40

Report
Export
Collapse

A customer has a network where BGP has been enabled and the BGP neighbor is configured on the Tier-0 Gateway. An NSX administrator used the get gateways command to retrieve this Information:

Which two commands must be executed to check BGP neighbor status? (Choose two.)

A.
vrf 1
A.
vrf 1
Answers
B.
vrf 4
B.
vrf 4
Answers
C.
sa-nexedge-01(tier1_sr> get bgp neighbor
C.
sa-nexedge-01(tier1_sr> get bgp neighbor
Answers
D.
sa-nexedge-01(tier0_sr> get bgp neighbor
D.
sa-nexedge-01(tier0_sr> get bgp neighbor
Answers
E.
sa-nexedge-01(tier1_dr)> get bgp neighbor
E.
sa-nexedge-01(tier1_dr)> get bgp neighbor
Answers
F.
vrf 3
F.
vrf 3
Answers
Suggested answer: D, F

Explanation:

BGP will be configured on the T0 SR. Connect to the VRF for the T0 SR and run get bgp neighbor once connected to it. https://docs.vmware.com/en/VMware-Validated-Design/5.1/sddc-deployment-of-vmware-nsx-t-workload-domains-with-multiple-availability-zones/GUID-8BD4228A-75C6-4C60-80B4-538D4297E11A.html

For the BGP configuration on NSX-T, the Tier-0 Service Router (SR) is typically where BGP is configured. To check the BGP neighbor status:

Connect to the VRF for the T0 SR, which is VRF 3 based on the provided output.

Run the command to get BGP neighbor status once connected to it.

Total 107 questions
Go to page: of 11
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms