ExamGecko
Search Search Login
Home Home / VMware / 5V0-41.21

VMware 5V0-41.21 Practice Test - Questions Answers, Page 4

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibit. Referencing the exhibit, what is the VMware recommended number of NSX Manager Nodes to additionally deploy to form an NSX-T Manager Cluster?
An organization is using VMware Identity Manager (vIDM) to authenticate NSX-T Data Center users Which two selections are prerequisites before configuring the service? (Choose two.)
An NSX administrator is trying to find the dvfilter name of the sa-web-01 virtual machine to capture the sa-web-01 VM traffic. What could be a reason the sa-web-01 VM dvfilter name is missing from the command output?
Which three are required by URL Analysis? (Choose three.)
Which 3 CU commands ant required to configure remote logging on an ESXI host? (Choose three.)
An administrator is creating the first distributed firewall rules for a company's salts department. What is the first object that must be created in the distributed firewall'
A company's CTO has requested that all logging should be enabled for all NSX-T Data Center Distributed Firewall rules. What should be considered prior to executing this request?
A security administrator is required to protect East-West virtual machine traffic with the NSX Distributed Firewall. What must be completed with the virtual machine's vNIC before applying the rules?
Refer to the exhibit. A security administrator is configuring a time window to create a time-based distributed firewall rule. While configuring the time window, an error displayed as shown in the exhibit. Which action will resolve the problem?
Which esxcli command lists the firewall configuration on ESXi hosts?

Question 31

Report
Export
Collapse

An organization wants to add security controls for contractor virtual desktops. Which statement Is true when configuring an NSX Identity firewall rule?

A.
User Identity can be used in the both the Source and the Destination sections of the firewall rule.
A.
User Identity can be used in the both the Source and the Destination sections of the firewall rule.
Answers
B.
User Identity can only be used in the Source section of the firewall rule.
B.
User Identity can only be used in the Source section of the firewall rule.
Answers
C.
User Identity cannot be used in Source or Destination sections of the firewall rule.
C.
User Identity cannot be used in Source or Destination sections of the firewall rule.
Answers
D.
User Identity can only be used in the Destination Section of the firewall rule.
D.
User Identity can only be used in the Destination Section of the firewall rule.
Answers
Suggested answer: B

Explanation:

In NSX-T, Identity firewall rules allow you to specify security controls based on the identity of the user, rather than the IP address or other network-based attributes. User identity can be used as a source in the firewall rule.

Question 32

Report
Export
Collapse

Refer to the exhibit.

An administrator needs to configure a security policy with a firewall rule allowing a group of applications to retrieve the correct time from an NTP server. Which is the category to configure thissecurity policy and firewall rule?

A.
Emergency
A.
Emergency
Answers
B.
Application
B.
Application
Answers
C.
Infrastructure
C.
Infrastructure
Answers
D.
Environment
D.
Environment
Answers
Suggested answer: C

Explanation:

For further reading, see the VMware NSX-T Data Center Administration Guide

(https://pubs.vmware.com/NSX-T-Data-Center/index.html#com.vmware.nsxt.admin.doc/GUIDD12A8AE7-B9E9-4C79-8FE4-7F4BECD4F71B.html) for more information on configuring firewall rules.

Question 33

Report
Export
Collapse

Which two statements are true about IDS/IPS signatures? (Choose two.)

A.
Users can upload their own IDS signature definitions from the NSX UI.
A.
Users can upload their own IDS signature definitions from the NSX UI.
Answers
B.
IDS Signatures can be High Risk, Suspicious, Low Risk and Trustworthy.
B.
IDS Signatures can be High Risk, Suspicious, Low Risk and Trustworthy.
Answers
C.
Users can create their own IDS signature definitions from the NSX UI.
C.
Users can create their own IDS signature definitions from the NSX UI.
Answers
D.
An IDS signature contains data used to identify known exploits and vulnerabilities.
D.
An IDS signature contains data used to identify known exploits and vulnerabilities.
Answers
E.
An IDS signature contains a set of instructions that determine which traffic is analyzed.
E.
An IDS signature contains a set of instructions that determine which traffic is analyzed.
Answers
Suggested answer: D, E

Explanation:

(https://pubs.vmware.com/NSX-T-Data-Center/index.html#com.vmware.nsxt.admin.doc/GUIDAFAF58DB-E661-4A7D-A8C9-70A3F3A3A3D3.html)

Question 34

Report
Export
Collapse

What is the NSX feature that allows a user to block ICMP between 192.168.1.100 and 192.168.1.101?

A.
NSX Distributed Switch Agent
A.
NSX Distributed Switch Agent
Answers
B.
NSX Distributed IDS/IPS
B.
NSX Distributed IDS/IPS
Answers
C.
NSX Distributed Routing
C.
NSX Distributed Routing
Answers
D.
NSX Distributed Firewall
D.
NSX Distributed Firewall
Answers
Suggested answer: D

Explanation:

NSX Distributed Firewall is used to create firewall rules to control traffic between networks.

For further reading, see the VMware NSX-T Data Center Administration Guide

(https://pubs.vmware.com/NSX-T-Data-Center/index.html#com.vmware.nsxt.admin.doc/GUID-4B6A4A87-F9C7-4AAB-923F-C6B84C33AF7D.html) for more information on configuring firewall rules.

Question 35

Report
Export
Collapse

Which three criteria help to determine the severity for a Distributed IDS/IPS? (Choose three.)

A.
The type-rating associated with the classification type.
A.
The type-rating associated with the classification type.
Answers
B.
The Common Vulnerability Scoring System score specified in the signature.
B.
The Common Vulnerability Scoring System score specified in the signature.
Answers
C.
The load balancer deployment type.
C.
The load balancer deployment type.
Answers
D.
The Distributed Intrusion Detection and Intrusion Prevention rules.
D.
The Distributed Intrusion Detection and Intrusion Prevention rules.
Answers
E.
The severity specified in the signature itself
E.
The severity specified in the signature itself
Answers
Suggested answer: A, B, E

Explanation:

For further reading, see the VMware NSX-T Data Center Administration Guide

(https://pubs.vmware.com/NSX-T-Data-Center/index.html#com.vmware.nsxt.admin.doc/GUIDE6B25C6F-1F25-4B0F-B8AF-6B8C00F9C3A3.html) for more information on configuring the Distributed IDS/IPS.

Question 36

Report
Export
Collapse

Which is the port number used by transport nodes to export firewall statistics to NSX Manager?

A.
1235
A.
1235
Answers
B.
4789
B.
4789
Answers
C.
6081
C.
6081
Answers
D.
1234
D.
1234
Answers
Suggested answer: B

Explanation:

The port number used by transport nodes to export firewall statistics to NSX Manager is 4789.

For further reading, see the VMware NSX-T Data Center Administration Guide

(https://pubs.vmware.com/NSX-T-Data-Center/index.html#com.vmware.nsxt.admin.doc/GUID-15A2EBC2-C39D-45F3-B847-DC18F7B1E9B9.html) for more information on transport nodes and firewall statistics.

Question 37

Report
Export
Collapse

Where is a partner security virtual machine (Partner SVM) deployed to process the redirected North- South traffic in an efficient manner?

A.
Deployed close to the Partner Manager.
A.
Deployed close to the Partner Manager.
Answers
B.
Deployed close to the NSX Edge nodes.
B.
Deployed close to the NSX Edge nodes.
Answers
C.
Deployed close to the VMware vCenter Server.
C.
Deployed close to the VMware vCenter Server.
Answers
D.
Deployed close to the compute nodes.
D.
Deployed close to the compute nodes.
Answers
Suggested answer: B

Explanation:

Reference:

[1] https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/vmwarensx-data-center-for-vsphere-partner-svm-security-deploymentguide.pdf [2] https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-A2A6B7F6-9020-4D4F-AFC6-7E6D2E6194DF.html

This allows for the Partner SVM to be close to the compute nodes, allowing for faster processing of the traffic and improved security. Additionally, the Partner SVM is also deployed close to the Partner Manager for added security and ease of management.

Question 38

Report
Export
Collapse

To which network operations does a user with the Security Engineer role have full access permission?

A.
Networking IP Address Pools, Networking NAT, Networking DHCP
A.
Networking IP Address Pools, Networking NAT, Networking DHCP
Answers
B.
Networking Forwarding Policies, Networking NAT, Networking VPN
B.
Networking Forwarding Policies, Networking NAT, Networking VPN
Answers
C.
Networking Load Balancing, Networking DNS, Networking Forwarding Policies
C.
Networking Load Balancing, Networking DNS, Networking Forwarding Policies
Answers
D.
Networking DHCP, Networking NAT, Networking Segments
D.
Networking DHCP, Networking NAT, Networking Segments
Answers
Suggested answer: A

Explanation:

A user with the Security Engineer role has full access permission to Networking IP Address Pools, Networking NAT, Networking DHCP, Networking Forwarding Policies, Networking VPN, Networking Load Balancing, Networking DNS, and Networking Segments. These operations allow the Security Engineer to configure and manage the necessary networking components to ensure a secure network environment. For example, Networking IP Address Pools allows the Security Engineer to create and manage IP address pools for assigning IP addresses to nodes on the network, Networking NAT allows the Security Engineer to configure Network Address Translation to improve security and privacy, and Networking Forwarding Policies allows the Security Engineer to configure policies for routing traffic between different networks. Reference: [1] https://docs.vmware.com/en/VMware- NSX-T/3.0/vmware-nsx-t-30-administration-guide/GUID-ACA9C0F2-2F2E-43E3-A3C3- DEEECB7CFE8F.html [2] https://docs.vmware.com/en/VMware-NSX-T/2.5/vmware-nsx-t-25

Question 39

Report
Export
Collapse

Which two Guest OS drivers are required for the Identity Firewall to operate? (Choose two.)

A.
NSX Network Introspection
A.
NSX Network Introspection
Answers
B.
vmxnet3
B.
vmxnet3
Answers
C.
NSX File Introspection
C.
NSX File Introspection
Answers
D.
Guest Introspection
D.
Guest Introspection
Answers
E.
e1000e
E.
e1000e
Answers
Suggested answer: A, D

Explanation:

The two Guest OS drivers that are required for the Identity Firewall to operate are NSX Network Introspection and Guest Introspection. NSX Network Introspection provides network-level visibility and control, while Guest Introspection provides kernel-level visibility and control. The other drivers listed, vmxnet3, NSX File Introspection, and e1000e, are not required for the Identity Firewall to operate.

Question 40

Report
Export
Collapse

An administrator has enabled the "logging" option on a specific firewall rule. The administrator does not see messages on the Logging Server related to this firewall rule. What could be causing the issue?

A.
The logging on the firewall policy needs to be enabled.
A.
The logging on the firewall policy needs to be enabled.
Answers
B.
Firewall Rule Logging is only supported in Gateway Firewalls.
B.
Firewall Rule Logging is only supported in Gateway Firewalls.
Answers
C.
NSX Manager must have Firewall Logging enabled.
C.
NSX Manager must have Firewall Logging enabled.
Answers
D.
The logging server on the transport nodes is not configured.
D.
The logging server on the transport nodes is not configured.
Answers
Suggested answer: A
Total 70 questions
Go to page: of 7
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms