ExamGecko
Search Search Login
Home Home / VMware / 5V0-41.21

VMware 5V0-41.21 Practice Test - Questions Answers, Page 5

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibit. Referencing the exhibit, what is the VMware recommended number of NSX Manager Nodes to additionally deploy to form an NSX-T Manager Cluster?
An organization is using VMware Identity Manager (vIDM) to authenticate NSX-T Data Center users Which two selections are prerequisites before configuring the service? (Choose two.)
An NSX administrator is trying to find the dvfilter name of the sa-web-01 virtual machine to capture the sa-web-01 VM traffic. What could be a reason the sa-web-01 VM dvfilter name is missing from the command output?
Which three are required by URL Analysis? (Choose three.)
Which 3 CU commands ant required to configure remote logging on an ESXI host? (Choose three.)
An administrator is creating the first distributed firewall rules for a company's salts department. What is the first object that must be created in the distributed firewall'
A company's CTO has requested that all logging should be enabled for all NSX-T Data Center Distributed Firewall rules. What should be considered prior to executing this request?
A security administrator is required to protect East-West virtual machine traffic with the NSX Distributed Firewall. What must be completed with the virtual machine's vNIC before applying the rules?
Refer to the exhibit. A security administrator is configuring a time window to create a time-based distributed firewall rule. While configuring the time window, an error displayed as shown in the exhibit. Which action will resolve the problem?
Which esxcli command lists the firewall configuration on ESXi hosts?

Question 41

Report
Export
Collapse

How does N5X Distributed IDS/IPS keep up to date with signatures?

A.
NSX Edge uses manually uploaded signatures by the security administrator.
A.
NSX Edge uses manually uploaded signatures by the security administrator.
Answers
B.
NSX-T Data Center is using a cloud based database to download the IDS/IPS signatures.
B.
NSX-T Data Center is using a cloud based database to download the IDS/IPS signatures.
Answers
C.
NSX Manager has a local IDS/IPS signatures database that does not need to be updated.
C.
NSX Manager has a local IDS/IPS signatures database that does not need to be updated.
Answers
D.
NSX Distributed IDS/IPS signatures are retrieved from updates.vmware.com.
D.
NSX Distributed IDS/IPS signatures are retrieved from updates.vmware.com.
Answers
Suggested answer: D

Question 42

Report
Export
Collapse

Which two statements are true about NSX Intelligence? (Choose two.)

A.
NSX Intelligence assists to build service insertion with Partner SVM.
A.
NSX Intelligence assists to build service insertion with Partner SVM.
Answers
B.
NSX Intelligence supports planning of distributed firewall rules and policy.
B.
NSX Intelligence supports planning of distributed firewall rules and policy.
Answers
C.
NSX Intelligence can help to visualize network physical infrastructure.
C.
NSX Intelligence can help to visualize network physical infrastructure.
Answers
D.
NSX Intelligence can be used in conjunction with vRealize Network Insight.
D.
NSX Intelligence can be used in conjunction with vRealize Network Insight.
Answers
E.
NSX Intelligence supports planning of NSX-T Edge Firewall rules and policy.
E.
NSX Intelligence supports planning of NSX-T Edge Firewall rules and policy.
Answers
Suggested answer: A, E

Explanation:

The two statements that are true about NSX Intelligence are that it assists to build service insertion with Partner SVM and that it supports planning of NSX-T Edge Firewall rules and policy. NSX Intelligence can be used in conjunction with vRealize Network Insight to provide visibility and insights into the network, but it cannot be used to visualize the physical infrastructure. Additionally, while it can help to plan firewall rules and policy, it does not support planning of distributed firewall rules and policy.

Question 43

Report
Export
Collapse

An administrator wants to use Distributed Intrusion Detection. How is this implemented in an NSX-T Data Center?

A.
As a distributed solution across multiple ESXi hosts.
A.
As a distributed solution across multiple ESXi hosts.
Answers
B.
As a distributed solution across multiple KVM hosts.
B.
As a distributed solution across multiple KVM hosts.
Answers
C.
As a distributed solution across multiple NSX Managers.
C.
As a distributed solution across multiple NSX Managers.
Answers
D.
As a distributed solution across multiple NSX Edge nodes.
D.
As a distributed solution across multiple NSX Edge nodes.
Answers
Suggested answer: D

Explanation:

An administrator can implement Distributed Intrusion Detection as a distributed solution across multiple NSX Edge nodes in an NSX-T Data Center. This allows for real-time monitoring of network traffic, as well as detection and prevention of malicious activity. Additionally, it can be used to identify, investigate, and respond to potential security threats. Reference:

[1] https://docs.vmware.com/en/VMware-NSX-T/3.0/vmware-nsx-t-30-administration-guide/GUID-1F8741C0-D1CD-4EA3-A2BB-98CEF7F8D1DA.html [2] https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/vmware-nsx-data-center-for-vsphere-distributed-intrusion-detection-deploymentguide.pdf

Question 44

Report
Export
Collapse

Reference the CLI output.

What is the source IP address in the distributed firewall rule to accept HTTP traffic?

A.
172.16.30.11
A.
172.16.30.11
Answers
B.
172.16.10.12
B.
172.16.10.12
Answers
C.
172.16.10.11
C.
172.16.10.11
Answers
D.
172.16.20.11
D.
172.16.20.11
Answers
Suggested answer: C

Question 45

Report
Export
Collapse

What component in a transport node receives the firewall configuration from the central control plane?

A.
nsx-ccp
A.
nsx-ccp
Answers
B.
nsx-appl-proxy
B.
nsx-appl-proxy
Answers
C.
nsx-mpa
C.
nsx-mpa
Answers
D.
nsx-proxy
D.
nsx-proxy
Answers
Suggested answer: C

Explanation:

The component in a transport node that receives the firewall configuration from the central control plane is the NSX-MPA (Management Plane Agent). The NSX-MPA runs on each transport node and is responsible for connecting to the NSX-T central control plane and receiving the configuration for the transport node. It is also responsible for pushing the configuration down to the other components on the transport node, such as the NSX-Proxy, NSX-Appl-Proxy, and NSX-CCP. Reference:

[1] https://docs.vmware.com/en/VMware-NSX-T/3.0/vmware-nsx-t-30-administration-guide/GUID-8C33F5B5-1B98-4A5F-B5B1-D70BE45F9FAD.html [2] https://docs.vmware.com/en/VMware-NSXT/3.0/com.vmware.nsxt.install.doc/GUID-C129F7F0-E6F8-4A14-B2B0-9D6F3A7A3F62.

Question 46

Report
Export
Collapse

What needs to be configured on each transport node prior to using NSX-T Data Center Distributed Firewall time-based rule publishing?

A.
DNS
A.
DNS
Answers
B.
NTP
B.
NTP
Answers
C.
PAT
C.
PAT
Answers
D.
NAT
D.
NAT
Answers
Suggested answer: B

Explanation:

In order to use NSX-T Data Center Distributed Firewall time-based rule publishing, the NTP (Network Time Protocol) needs to be configured on each transport node. This ensures that the transport nodes have accurate time synchronization, which is required for time-based rule publishing. Additionally,

DNS (Domain Name System) and PAT (Port Address Translation) may also need to be configured oneach transport node, depending on the desired configuration. Reference:

[1] https://docs.vmware.com/en/VMware-NSX-T/2.5/com.vmware.nsxt.admin.doc/GUID-E9F8D8AD-7AF1-4F09-B62C-6A17A6F39A6C.html [2] https://docs.vmware.com/en/VMware-NSXT/2.4/com.vmware.nsxt.admin.doc/GUID-E9F8D8AD-7AF1-4F09-B62C-6A17A6F39A6C.html

Question 47

Report
Export
Collapse

Which are the four use cases for NSX Tags?

A.
Accountability, Third-party sharing/context sharing. Security, and Logging
A.
Accountability, Third-party sharing/context sharing. Security, and Logging
Answers
B.
Manageability, Third-party sharing/context sharing, Security, and Troubleshooting (Traceability)
B.
Manageability, Third-party sharing/context sharing, Security, and Troubleshooting (Traceability)
Answers
C.
Accountability, Third-party sharing/context sharing, Security, and Troubleshooting (Traceability)
C.
Accountability, Third-party sharing/context sharing, Security, and Troubleshooting (Traceability)
Answers
D.
Manageability, Third-party sharing/context sharing. Security, and Logging
D.
Manageability, Third-party sharing/context sharing. Security, and Logging
Answers
Suggested answer: C

Explanation:

The four use cases for NSX Tags are Manageability, Third-party sharing/context sharing, Security, and Troubleshooting (Traceability). NSX Tags provide an easy way to organize, document, and manage virtual networks and can be used to track changes and enforce security policies. They can also be used to share context between third-party providers, such as cloud service providers, to ensure that security policies are adhered to. Additionally, NSX Tags can be used for logging and troubleshooting by providing traceability and making it easier to debug network issues. Reference:

[1] https://docs.vmware.com/en/VMware-NSX-T/3.0/vmware-nsx-t-30-administration-guide/GUID-2F3E7A3F-3C85-48E1-8F7E-2A2F7C2F8FCC.html [2] https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/nsx/vmware-nsx-data-center-for-vsphere-tag-based-security-guide.pdf

Question 48

Report
Export
Collapse

Refer to the exhibit.

An administrator configured a firewall rule on their Edge Gateway to allow access to web servers.

What is missing in the Gateway Firewall policy to have the firewall rule applied?

A.
Firewall service needs to be enabled on gateway.
A.
Firewall service needs to be enabled on gateway.
Answers
B.
Firewall rule needs to be moved to Default category.
B.
Firewall rule needs to be moved to Default category.
Answers
C.
Firewall rule needs to be enabled.
C.
Firewall rule needs to be enabled.
Answers
D.
Firewall rule needs to be published
D.
Firewall rule needs to be published
Answers
Suggested answer: B

Question 49

Report
Export
Collapse

An administrator is creating the first distributed firewall rules for a company's salts department.

What is the first object that must be created in the distributed firewall'

A.
firewall policy
A.
firewall policy
Answers
B.
firewall file
B.
firewall file
Answers
C.
firewall folder
C.
firewall folder
Answers
D.
firewall service
D.
firewall service
Answers
Suggested answer: A

Explanation:

The first object that must be created in the distributed firewall is a firewall policy. A firewall policy is a set of rules that define what traffic is allowed or blocked on a given network. When creating a policy, the administrator must specify the source and destination address and port, as well as the type of traffic that is allowed or blocked. The policy will then be applied to the distributed firewall, allowing it to enforce the rules specified in the policy. Reference: [1] https://docs.vmware.com/en/VMware- NSX-T/3.0/vmware-nsx-t-30-administration-guide/GUID-4CAF59C8-13F3-4F3E-B53ED8F1E03FBE7B. html [2] https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/t echpaper/vmware-nsx-data-center-for-vsphere-distributed-firewall-deployment-guide.pdf

Question 50

Report
Export
Collapse

An organization is using VMware Identity Manager (vIDM) to authenticate NSX-T Data Center users Which two selections are prerequisites before configuring the service? (Choose two.)

A.
Validate vIDM functionality
A.
Validate vIDM functionality
Answers
B.
Assign a role to users
B.
Assign a role to users
Answers
C.
Time Synchronization
C.
Time Synchronization
Answers
D.
Configure vIDM Integration
D.
Configure vIDM Integration
Answers
E.
Certificate Thumbprint from vIDM
E.
Certificate Thumbprint from vIDM
Answers
Suggested answer: D, E

Explanation:

The two prerequisites before configuring the VMware Identity Manager (vIDM) service for NSX-T Data Center are Configure vIDM Integration and Certificate Thumbprint from vIDM. In order to use vIDM for authentication, it must be integrated with NSX-T Data Center, which will involve configuring the vIDM integration service. Additionally, a certificate thumbprint from vIDM must be provided to

NSX-T Data Center to enable secure communication between the two services. Time synchronizationand assigning roles to users are not necessary prerequisites for configuring the vIDM service.

Reference: [1] https://docs.vmware.com/en/VMware-NSX-T/3.0/vmware-nsx-t-30-administrationguide/GUID-1B4EA3C9-8F43-4C4F-A86ABFB0DB6D1A6C.html [2] https://docs.vmware.com/en/VMware-Identity-Manager/3.3/com.vmware.identity.install.doc/GUID-D56A0C0A-52F

Total 70 questions
Go to page: of 7
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms