ExamGecko
Search Search Login
Home Home / VMware / 5V0-41.21

VMware 5V0-41.21 Practice Test - Questions Answers, Page 6

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibit. Referencing the exhibit, what is the VMware recommended number of NSX Manager Nodes to additionally deploy to form an NSX-T Manager Cluster?
An NSX administrator is trying to find the dvfilter name of the sa-web-01 virtual machine to capture the sa-web-01 VM traffic. What could be a reason the sa-web-01 VM dvfilter name is missing from the command output?
An organization is using VMware Identity Manager (vIDM) to authenticate NSX-T Data Center users Which two selections are prerequisites before configuring the service? (Choose two.)
Which three are required by URL Analysis? (Choose three.)
Which 3 CU commands ant required to configure remote logging on an ESXI host? (Choose three.)
An administrator is creating the first distributed firewall rules for a company's salts department. What is the first object that must be created in the distributed firewall'
Refer to the exhibit. A security administrator is configuring a time window to create a time-based distributed firewall rule. While configuring the time window, an error displayed as shown in the exhibit. Which action will resolve the problem?
A company's CTO has requested that all logging should be enabled for all NSX-T Data Center Distributed Firewall rules. What should be considered prior to executing this request?
Which esxcli command lists the firewall configuration on ESXi hosts?
A security administrator is required to protect East-West virtual machine traffic with the NSX Distributed Firewall. What must be completed with the virtual machine's vNIC before applying the rules?

Question 51

Report
Export
Collapse

Information Security Management (ISM) describes a set of controls that organizations employ to protect which properties?

A.
confidentiality, integrity, and availability
A.
confidentiality, integrity, and availability
Answers
B.
confidentiality, interoperability, and availability
B.
confidentiality, interoperability, and availability
Answers
C.
configuration. Integrity, and availability
C.
configuration. Integrity, and availability
Answers
D.
confidentiality. Integrity, and accessibility
D.
confidentiality. Integrity, and accessibility
Answers
Suggested answer: A

Explanation:

Information Security Management (ISM) describes a set of controls that organizations employ to protect confidentiality, integrity, and availability. Confidentiality ensures that data is protected from unauthorized access or disclosure, integrity ensures that data is not modified without authorization, and availability ensures that data is accessible when it is needed. ISM is a crucial component of any organization's security strategy and is used to protect against threats such as data theft, data loss, and system outages. Reference: [1] https://searchsecurity.techtarget.com/definition/informationsecuritymanagement [2] https://www.iso.org/standard/45170.html [3] https://www.bsigroup.com/en- GB/iso-27001-information-security/

Question 52

Report
Export
Collapse

An NSX administrator is trying to find the dvfilter name of the sa-web-01 virtual machine to capture the sa-web-01 VM traffic. What could be a reason the sa-web-01 VM dvfilter name is missing from the command output?

A.
sa-web-01 VM has the no firewall rules configured.
A.
sa-web-01 VM has the no firewall rules configured.
Answers
B.
ESXi host has 5SH disabled.
B.
ESXi host has 5SH disabled.
Answers
C.
sa-web-01 is powered Off on ESXi host.
C.
sa-web-01 is powered Off on ESXi host.
Answers
D.
ESXi host has the firewall turned off.
D.
ESXi host has the firewall turned off.
Answers
Suggested answer: C

Explanation:

The most likely reason the sa-web-01 VM dvfilter name is missing from the command output is that the sa-web-01 VM is powered off on the ESXi host. The dvfilter name is associated with the VM when it is powered on, and is removed when the VM is powered off. Therefore, if the VM is powered off,

then the dvfilter name will not be visible in the command output. Other possible reasons could bethat the ESXi host has the firewall turned off, the ESXi host has 5SH disabled, or that the sa-web-01VM has no firewall rules configured. Reference:

[1] https://kb.vmware.com/s/article/2143718 [2] https://docs.vmware.com/en/VMware-NSXT/3.0/vmware-nsx-t-30-administration-guide/GUID-AC3CC8A3-B2DE-4A53-8F09-B8EEE3E3C7D1.html

Question 53

Report
Export
Collapse

What is an unprotected traffic flow in NSX Intelligence?

A.
A traffic flow that matches the default distributed firewall rule.
A.
A traffic flow that matches the default distributed firewall rule.
Answers
B.
A traffic flow that matches an allow rule more granular than the default.
B.
A traffic flow that matches an allow rule more granular than the default.
Answers
C.
A traffic flow that matches a drop rule more granular than the default.
C.
A traffic flow that matches a drop rule more granular than the default.
Answers
D.
A traffic flow that matches a reject rule more granular than the default.
D.
A traffic flow that matches a reject rule more granular than the default.
Answers
Suggested answer: A

Explanation:

An unprotected traffic flow in NSX Intelligence is a traffic flow that matches the default distributed firewall rule. The default rule is a catch-all rule which allows all traffic to pass through the distributed firewall, and any traffic flows that match this rule will be marked as unprotected. NSX Intelligence will then generate an alert for any unprotected traffic flows, allowing the administrator to take action to secure the traffic flow. Reference: [1] https://docs.vmware.com/en/VMware-NSX-T/3.0/vmwarensx- t-30-administration-guide/GUID-D43B9C85-7F4C-4504-8D2BBC1D7CADB4CD. html [2] https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/vmware-nsx-data-center-for-vsphere-distributed-firewall-deployment-guide.pdf

Question 54

Report
Export
Collapse

Refer to the exhibit.

A security administrator is configuring a time window to create a time-based distributed firewall rule.

While configuring the time window, an error displayed as shown in the exhibit. Which action will resolve the problem?

A.
Change the time window interval.
A.
Change the time window interval.
Answers
B.
Restart me NTP service on the ESXl host.
B.
Restart me NTP service on the ESXl host.
Answers
C.
Configure the ESXl host to use a remote NTP server.
C.
Configure the ESXl host to use a remote NTP server.
Answers
D.
Change the time windows frequency
D.
Change the time windows frequency
Answers
Suggested answer: C

Explanation:

The most likely action to resolve the problem is to configure the ESXi host to use a remote NTP server. The time window requires the ESXi host to be synchronized to a time source in order to properly calculate the time window, and the error is likely due to the ESXi host not being synchronized. Configuring the ESXi host to use a remote NTP server should ensure that the host is properly synchronized, and allow the time window to be configured correctly. Reference:

[1] https://docs.vmware.com/en/VMware-NSX-T/3.0/vmware-nsx-t-30-administration-guide/GUIDDD7F38A3-3D3B-47F1-92D7-9A4D4F3C44E1.html [2] https://www.vmware.com/support/vsphere/doc/vsphere-esxi-vcenterserver-601-configuration-maximums.html

Question 55

Report
Export
Collapse

When using URL Analysis In NSX-T, which two services must be set in the URL rule to capture traffic over TCP and UDP? (Choose two.)

A.
DNS
A.
DNS
Answers
B.
DNS-TSIG
B.
DNS-TSIG
Answers
C.
DHCPv6
C.
DHCPv6
Answers
D.
DHCP
D.
DHCP
Answers
E.
DNS-UDP
E.
DNS-UDP
Answers
Suggested answer: A, D

Question 56

Report
Export
Collapse

Which 3 CU commands ant required to configure remote logging on an ESXI host? (Choose three.)

A.
esxcl; systex syslcg -sx firewall enable
A.
esxcl; systex syslcg -sx firewall enable
Answers
B.
esxcli network services restart --firewall
B.
esxcli network services restart --firewall
Answers
C.
esxcli systex syslcg reload
C.
esxcli systex syslcg reload
Answers
D.
esxcli systex syslog config set "loghost-udp://<log server IP>:<port>
D.
esxcli systex syslog config set "loghost-udp://<log server IP>:<port>
Answers
E.
esxcli network firewall ruleset set -r syslog -e true
E.
esxcli network firewall ruleset set -r syslog -e true
Answers
Suggested answer: C, D, E

Explanation:

The three CU commands required to configure remote logging on an ESXi host are esxcli syslog config set "loghost-udp://<log server IP>:<port>", esxcli network firewall ruleset set -r syslog -e true, and esxcli system syslog reload. The first command sets the remote log server IP address and port for the ESXi host, the second command enables the syslog ruleset, and the third command reloads the syslog configuration. This will ensure that all syslog messages generated by the ESXi host will be sent to the remote log server. Reference: [1] https://docs.vmware.com/en/VMwarevSphere/ 7.0/com.vmware.vsphere.security.doc/GUID-CFE0E8FC-7C27-4F45-A037- CACCD8A1E9A2.html [2] https://docs.vmware.com/en/VMwarevSphere/ 7.0/com.vmware.vsphere.security.doc/GUID-A2F2A3D2-076A-4FE6-

Question 57

Report
Export
Collapse

An administrator needs to configure their NSX-T logging to audit changes on firewall security policy.

The administrator Is using the following command from NSX-T3.1 documentation :

Which Message ID from the following list will allow the administrator to track changes on firewall security rules?

A.
FABRIC
A.
FABRIC
Answers
B.
MONITOR
B.
MONITOR
Answers
C.
SYSTEM
C.
SYSTEM
Answers
D.
FIREWALL
D.
FIREWALL
Answers
Suggested answer: D

Explanation:

The message ID that will allow the administrator to track changes on firewall security rules is "FIREWALL". This message ID is part of the NSX-T3.1 documentation and will be used to log any changes made to the firewall security policy. This will allow the administrator to easily audit and track any changes made to the policy. Reference: [1] https://docs.vmware.com/en/VMware-NSXT/ 3.1/nsx_31_logging_guide/GUID-ADEDE32F-0606-4C2F-81B2- 71914EEDA11F.html [2] https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/p roducts/nsx/vmware-nsx-data-center-logging-guide.pdf

Question 58

Report
Export
Collapse

A customer has deployed NSX Intelligence appliance with an incorrect IP address.

What should the customer do to correct the IP address?

A.
Add a new network interface to the appliance and replace the old one.
A.
Add a new network interface to the appliance and replace the old one.
Answers
B.
Shutdown the appliance and change the vApp IP properties.
B.
Shutdown the appliance and change the vApp IP properties.
Answers
C.
In the CU, update intelligence manager node host-ip-addr.
C.
In the CU, update intelligence manager node host-ip-addr.
Answers
D.
Redeploy the appliance with the correct parameters.
D.
Redeploy the appliance with the correct parameters.
Answers
Suggested answer: C

Explanation:

In the Cloud Director UI (CU), the customer should update the intelligence manager node's host-ipaddr parameter with the correct IP address. This can be done from the NSX Intelligence Settings page in the CU.

For more information on updating the IP address of the NSX Intelligence appliance, please refer to the NSX Intelligence documentation: https://docs.vmware.com/en/VMware-NSXIntelligence/ 1.2/nsx-intelligence-1.2-administration-guide/GUID-9FA9D0E0-E8D6-4B2F-A1D3- 3E8E3F9B9CC2.html

Question 59

Report
Export
Collapse

A security administrator recently enabled Guest Introspection on NSX-T Data Center.

Which would be a reason none of the Microsoft Windows based VMs are reporting any information?

A.
Windows VMs require a reboot.
A.
Windows VMs require a reboot.
Answers
B.
VMware Tools need to be reconfigured.
B.
VMware Tools need to be reconfigured.
Answers
C.
NSX Manager require a reboot.
C.
NSX Manager require a reboot.
Answers
D.
NSX Manager needs to be reconfigured.
D.
NSX Manager needs to be reconfigured.
Answers
Suggested answer: D

Explanation:

NSX Manager needs to be reconfigured. Guest Introspection requires additional configuration of the NSX Manager in order to collect information from the Windows based VMs. This configuration includes setting up the Guest Introspection service with the appropriate credentials and configuring the rules to allow the traffic through the firewall. Once this is done, the Windows VMs will start reporting information to the NSX Manager.

For more information on setting up Guest Introspection, please refer to the NSX-T Data Center documentation: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/nsx-t-3.0- installing/GUID-3B7F12AD-D8F7-44B9-A56B-E71F64C2F6A0.html

Question 60

Report
Export
Collapse

What is the default action of the Default Layer 3 distributed firewall rule?

A.
Drop
A.
Drop
Answers
B.
Allow
B.
Allow
Answers
C.
Forward
C.
Forward
Answers
D.
Reject
D.
Reject
Answers
Suggested answer: A

Explanation:

The Default Layer 3 distributed firewall rule is a system-defined rule in NSX-T Data Center that

applies to all distributed firewall sections. By default, this rule is set to drop all traffic, meaning thatany traffic that does not match a specific rule will be dropped.

For more information on the Default Layer 3 distributed firewall rule and how to configure it, please refer to the NSX-T Data Center documentation: https://docs.vmware.com/en/VMware-NSX-T-Data- Center/3.0/nsx-t-3.0-firewall/GUID-B6B835F2-B6F2-4468-8F8E-6F7B9B9D6E91.html

Total 70 questions
Go to page: of 7
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms