ExamGecko
Login
Home / VMware / 5V0-41.21 / List of questions
Ask Question

VMware 5V0-41.21 Practice Test - Questions Answers, Page 4

Add to Whishlist

List of questions

Question 31

Report Export Collapse

An organization wants to add security controls for contractor virtual desktops. Which statement Is true when configuring an NSX Identity firewall rule?

User Identity can be used in the both the Source and the Destination sections of the firewall rule.
User Identity can be used in the both the Source and the Destination sections of the firewall rule.
User Identity can only be used in the Source section of the firewall rule.
User Identity can only be used in the Source section of the firewall rule.
User Identity cannot be used in Source or Destination sections of the firewall rule.
User Identity cannot be used in Source or Destination sections of the firewall rule.
User Identity can only be used in the Destination Section of the firewall rule.
User Identity can only be used in the Destination Section of the firewall rule.
Suggested answer: B
Explanation:

In NSX-T, Identity firewall rules allow you to specify security controls based on the identity of the user, rather than the IP address or other network-based attributes. User identity can be used as a source in the firewall rule.

asked 16/09/2024
Misael E
43 questions

Question 32

Report Export Collapse

Refer to the exhibit.

VMware 5V0-41.21 image Question 32 10731 09162024012854000000

An administrator needs to configure a security policy with a firewall rule allowing a group of applications to retrieve the correct time from an NTP server. Which is the category to configure thissecurity policy and firewall rule?

Emergency
Emergency
Application
Application
Infrastructure
Infrastructure
Environment
Environment
Suggested answer: C
Explanation:

For further reading, see the VMware NSX-T Data Center Administration Guide

(https://pubs.vmware.com/NSX-T-Data-Center/index.html#com.vmware.nsxt.admin.doc/GUIDD12A8AE7-B9E9-4C79-8FE4-7F4BECD4F71B.html) for more information on configuring firewall rules.

asked 16/09/2024
Daniel Vong
46 questions

Question 33

Report Export Collapse

Which two statements are true about IDS/IPS signatures? (Choose two.)

Users can upload their own IDS signature definitions from the NSX UI.
Users can upload their own IDS signature definitions from the NSX UI.
IDS Signatures can be High Risk, Suspicious, Low Risk and Trustworthy.
IDS Signatures can be High Risk, Suspicious, Low Risk and Trustworthy.
Users can create their own IDS signature definitions from the NSX UI.
Users can create their own IDS signature definitions from the NSX UI.
An IDS signature contains data used to identify known exploits and vulnerabilities.
An IDS signature contains data used to identify known exploits and vulnerabilities.
An IDS signature contains a set of instructions that determine which traffic is analyzed.
An IDS signature contains a set of instructions that determine which traffic is analyzed.
Suggested answer: D, E
Explanation:

(https://pubs.vmware.com/NSX-T-Data-Center/index.html#com.vmware.nsxt.admin.doc/GUIDAFAF58DB-E661-4A7D-A8C9-70A3F3A3A3D3.html)

asked 16/09/2024
Tu Nguyen
46 questions

Question 34

Report Export Collapse

What is the NSX feature that allows a user to block ICMP between 192.168.1.100 and 192.168.1.101?

NSX Distributed Switch Agent
NSX Distributed Switch Agent
NSX Distributed IDS/IPS
NSX Distributed IDS/IPS
NSX Distributed Routing
NSX Distributed Routing
NSX Distributed Firewall
NSX Distributed Firewall
Suggested answer: D
Explanation:

NSX Distributed Firewall is used to create firewall rules to control traffic between networks.

For further reading, see the VMware NSX-T Data Center Administration Guide

(https://pubs.vmware.com/NSX-T-Data-Center/index.html#com.vmware.nsxt.admin.doc/GUID-4B6A4A87-F9C7-4AAB-923F-C6B84C33AF7D.html) for more information on configuring firewall rules.

asked 16/09/2024
Corey Workman
39 questions

Question 35

Report Export Collapse

Which three criteria help to determine the severity for a Distributed IDS/IPS? (Choose three.)

The type-rating associated with the classification type.
The type-rating associated with the classification type.
The Common Vulnerability Scoring System score specified in the signature.
The Common Vulnerability Scoring System score specified in the signature.
The load balancer deployment type.
The load balancer deployment type.
The Distributed Intrusion Detection and Intrusion Prevention rules.
The Distributed Intrusion Detection and Intrusion Prevention rules.
The severity specified in the signature itself
The severity specified in the signature itself
Suggested answer: A, B, E
Explanation:

For further reading, see the VMware NSX-T Data Center Administration Guide

(https://pubs.vmware.com/NSX-T-Data-Center/index.html#com.vmware.nsxt.admin.doc/GUIDE6B25C6F-1F25-4B0F-B8AF-6B8C00F9C3A3.html) for more information on configuring the Distributed IDS/IPS.

asked 16/09/2024
Sumit Sengupta
46 questions

Question 36

Report Export Collapse

Which is the port number used by transport nodes to export firewall statistics to NSX Manager?

1235
1235
4789
4789
6081
6081
1234
1234
Suggested answer: B
Explanation:

The port number used by transport nodes to export firewall statistics to NSX Manager is 4789.

For further reading, see the VMware NSX-T Data Center Administration Guide

(https://pubs.vmware.com/NSX-T-Data-Center/index.html#com.vmware.nsxt.admin.doc/GUID-15A2EBC2-C39D-45F3-B847-DC18F7B1E9B9.html) for more information on transport nodes and firewall statistics.

asked 16/09/2024
Edwin Lebron
43 questions

Question 37

Report Export Collapse

Where is a partner security virtual machine (Partner SVM) deployed to process the redirected North- South traffic in an efficient manner?

Deployed close to the Partner Manager.
Deployed close to the Partner Manager.
Deployed close to the NSX Edge nodes.
Deployed close to the NSX Edge nodes.
Deployed close to the VMware vCenter Server.
Deployed close to the VMware vCenter Server.
Deployed close to the compute nodes.
Deployed close to the compute nodes.
Suggested answer: B
Explanation:

Reference:

[1] https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/vmwarensx-data-center-for-vsphere-partner-svm-security-deploymentguide.pdf [2] https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-A2A6B7F6-9020-4D4F-AFC6-7E6D2E6194DF.html

This allows for the Partner SVM to be close to the compute nodes, allowing for faster processing of the traffic and improved security. Additionally, the Partner SVM is also deployed close to the Partner Manager for added security and ease of management.

asked 16/09/2024
John Doe
43 questions

Question 38

Report Export Collapse

To which network operations does a user with the Security Engineer role have full access permission?

Networking IP Address Pools, Networking NAT, Networking DHCP
Networking IP Address Pools, Networking NAT, Networking DHCP
Networking Forwarding Policies, Networking NAT, Networking VPN
Networking Forwarding Policies, Networking NAT, Networking VPN
Networking Load Balancing, Networking DNS, Networking Forwarding Policies
Networking Load Balancing, Networking DNS, Networking Forwarding Policies
Networking DHCP, Networking NAT, Networking Segments
Networking DHCP, Networking NAT, Networking Segments
Suggested answer: A
Explanation:

A user with the Security Engineer role has full access permission to Networking IP Address Pools, Networking NAT, Networking DHCP, Networking Forwarding Policies, Networking VPN, Networking Load Balancing, Networking DNS, and Networking Segments. These operations allow the Security Engineer to configure and manage the necessary networking components to ensure a secure network environment. For example, Networking IP Address Pools allows the Security Engineer to create and manage IP address pools for assigning IP addresses to nodes on the network, Networking NAT allows the Security Engineer to configure Network Address Translation to improve security and privacy, and Networking Forwarding Policies allows the Security Engineer to configure policies for routing traffic between different networks. Reference: [1] https://docs.vmware.com/en/VMware- NSX-T/3.0/vmware-nsx-t-30-administration-guide/GUID-ACA9C0F2-2F2E-43E3-A3C3- DEEECB7CFE8F.html [2] https://docs.vmware.com/en/VMware-NSX-T/2.5/vmware-nsx-t-25

asked 16/09/2024
Lucie Loisel
48 questions

Question 39

Report Export Collapse

Which two Guest OS drivers are required for the Identity Firewall to operate? (Choose two.)

NSX Network Introspection
NSX Network Introspection
vmxnet3
vmxnet3
NSX File Introspection
NSX File Introspection
Guest Introspection
Guest Introspection
e1000e
e1000e
Suggested answer: A, D
Explanation:

The two Guest OS drivers that are required for the Identity Firewall to operate are NSX Network Introspection and Guest Introspection. NSX Network Introspection provides network-level visibility and control, while Guest Introspection provides kernel-level visibility and control. The other drivers listed, vmxnet3, NSX File Introspection, and e1000e, are not required for the Identity Firewall to operate.

asked 16/09/2024
Ali Reza Azmi
51 questions

Question 40

Report Export Collapse

An administrator has enabled the "logging" option on a specific firewall rule. The administrator does not see messages on the Logging Server related to this firewall rule. What could be causing the issue?

The logging on the firewall policy needs to be enabled.
The logging on the firewall policy needs to be enabled.
Firewall Rule Logging is only supported in Gateway Firewalls.
Firewall Rule Logging is only supported in Gateway Firewalls.
NSX Manager must have Firewall Logging enabled.
NSX Manager must have Firewall Logging enabled.
The logging server on the transport nodes is not configured.
The logging server on the transport nodes is not configured.
Suggested answer: A
asked 16/09/2024
Kazi Basit
45 questions
Total 70 questions
Go to page: of 7
Open VPLUS File
Convert VPLUS to PDF

Related questions

An organization is using VMware Identity Manager (vIDM) to authenticate NSX-T Data Center users Which two selections are prerequisites before configuring the service? (Choose two.)
Refer to the exhibit. Referencing the exhibit, what is the VMware recommended number of NSX Manager Nodes to additionally deploy to form an NSX-T Manager Cluster?
Which 3 CU commands ant required to configure remote logging on an ESXI host? (Choose three.)
Which three are required by URL Analysis? (Choose three.)
An administrator is creating the first distributed firewall rules for a company's salts department. What is the first object that must be created in the distributed firewall'
An administrator needs to configure their NSX-T logging to audit changes on firewall security policy. The administrator Is using the following command from NSX-T3.1 documentation : Which Message ID from the following list will allow the administrator to track changes on firewall security rules?
When using URL Analysis In NSX-T, which two services must be set in the URL rule to capture traffic over TCP and UDP? (Choose two.)
Refer to the exhibit. A security administrator is configuring a time window to create a time-based distributed firewall rule. While configuring the time window, an error displayed as shown in the exhibit. Which action will resolve the problem?
An NSX administrator is trying to find the dvfilter name of the sa-web-01 virtual machine to capture the sa-web-01 VM traffic. What could be a reason the sa-web-01 VM dvfilter name is missing from the command output?
A company's CTO has requested that all logging should be enabled for all NSX-T Data Center Distributed Firewall rules. What should be considered prior to executing this request?