ExamGecko
Search Search Login
Home Home / VMware / 5V0-41.21

VMware 5V0-41.21 Practice Test - Questions Answers, Page 7

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibit. Referencing the exhibit, what is the VMware recommended number of NSX Manager Nodes to additionally deploy to form an NSX-T Manager Cluster?
An organization is using VMware Identity Manager (vIDM) to authenticate NSX-T Data Center users Which two selections are prerequisites before configuring the service? (Choose two.)
An NSX administrator is trying to find the dvfilter name of the sa-web-01 virtual machine to capture the sa-web-01 VM traffic. What could be a reason the sa-web-01 VM dvfilter name is missing from the command output?
Which three are required by URL Analysis? (Choose three.)
Which 3 CU commands ant required to configure remote logging on an ESXI host? (Choose three.)
An administrator is creating the first distributed firewall rules for a company's salts department. What is the first object that must be created in the distributed firewall'
A company's CTO has requested that all logging should be enabled for all NSX-T Data Center Distributed Firewall rules. What should be considered prior to executing this request?
A security administrator is required to protect East-West virtual machine traffic with the NSX Distributed Firewall. What must be completed with the virtual machine's vNIC before applying the rules?
Refer to the exhibit. A security administrator is configuring a time window to create a time-based distributed firewall rule. While configuring the time window, an error displayed as shown in the exhibit. Which action will resolve the problem?
An administrator wants to configure NSX-T Security Groups inside a distributed firewall rule. Which menu item would the administrator select to configure the Security Groups?

Question 61

Report
Export
Collapse

What is one of the main use-cases of NSX-T Endpoint Protection?

A.
Use Network Security Services of a third party vendor
A.
Use Network Security Services of a third party vendor
Answers
B.
Agentless Antivirus
B.
Agentless Antivirus
Answers
C.
East-West Firewalling
C.
East-West Firewalling
Answers
D.
North-South Firewalling
D.
North-South Firewalling
Answers
Suggested answer: B

Explanation:

NSX-T Endpoint Protection provides agentless antivirus protection for virtual machines running on VMware ESXi hosts. It uses the VMware vShield Endpoint API to scan the virtual machines without requiring the installation of antivirus agents. The service is integrated with third-party antivirus solutions, such as McAfee and Symantec, to provide real-time protection against malware and other threats.

For more information on NSX-T Endpoint Protection, please refer to the NSX-T Data Center documentation: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/nsx-t-3.0-endpointprotection/ GUID-25C22F02-4B30-47D4-8F0C-3BC9F9C3AFD3.html

Question 62

Report
Export
Collapse

A security administrator is required to protect East-West virtual machine traffic with the NSX Distributed Firewall. What must be completed with the virtual machine's vNIC before applying the rules?

A.
It is connected to the underlay.
A.
It is connected to the underlay.
Answers
B.
It must be connected to a vSphere Standard Switch.
B.
It must be connected to a vSphere Standard Switch.
Answers
C.
It is connected to an NSX managed segment.
C.
It is connected to an NSX managed segment.
Answers
D.
It is connected to a transport zone.
D.
It is connected to a transport zone.
Answers
Suggested answer: C

Explanation:

In order to apply the rules, the vNIC of the virtual machine must be connected to an NSX managed segment. The NSX managed segment is a logical representation of the virtual network, and all rules are applied at this level.

For more information on NSX Distributed Firewall and how to configure it, please refer to the NSX-T Data Center documentation: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/nsx-t- 3.0-firewall/GUID-B6B835F2-B6F2-4468-8F8E-6F7B9B9D6E91.html

Question 63

Report
Export
Collapse

Which two criteria would an administrator use to filter firewall connection logs on NSX?

A.
FIREWALL MONITORING
A.
FIREWALL MONITORING
Answers
B.
FIREWALL-PKTLOG
B.
FIREWALL-PKTLOG
Answers
C.
FIREWALL RULE TAG
C.
FIREWALL RULE TAG
Answers
D.
FIREWALL CONNECTION
D.
FIREWALL CONNECTION
Answers
E.
FIREWALL SYSTEM
E.
FIREWALL SYSTEM
Answers
Suggested answer: C, D

Explanation:

An administrator can use the FIREWALL RULE TAG and FIREWALL CONNECTION criteria to filter the logs on NSX. The FIREWALL RULE TAG criteria allows the administrator to filter the logs based on the tag assigned to each rule, while the FIREWALL CONNECTION criteria allows the administrator to filter the logs based on the connection status (e.g. accepted or denied).

For more information on how to filter firewall connection logs on NSX, please refer to the NSX-T Data Center documentation: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/nsx-t-3.0- firewall/GUID-B6B835F2-B6F2-4468-8F8E-6F7B9B9D6E91.html

Question 64

Report
Export
Collapse

A security administrator is verifying why users are blocked from sports sites but are able to access gambling websites from the corporate network. What needs to be updated In nsx-T to block the gambling websites?

A.
vSphere Firewall Policy
A.
vSphere Firewall Policy
Answers
B.
Endpoint Protection Rules
B.
Endpoint Protection Rules
Answers
C.
Network Introspection Policy
C.
Network Introspection Policy
Answers
D.
URL Analysis Attributes
D.
URL Analysis Attributes
Answers
Suggested answer: D

Explanation:

In order to block the gambling websites, the security administrator needs to update the URL Analysis Attributes in NSX-T. URL Analysis Attributes are used to control access to web content, and can be configured to deny access to certain web destinations based on domain names or categories.

For more information on URL Analysis Attributes and how to configure them, please refer to the NSXT Data Center documentation [1]: https://docs.vmware.com/en/VMware-NSX-T-Data- Center/3.0/nsx-t-3.0-url-profile/GUID-F8BA3F3F-4A27-4B4F-8D2A-A013F68E1619.html

https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-703-releasenotes.html

1. VMware vCenter Server 7.0 Update 3 Release Notes

https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-703-releasenotes.html

Question 65

Report
Export
Collapse

Refer to the exhibit.

An administrator is reviewing NSX Intelligence information as shown in the exhibit.

What does the red dashed line for the UDP:137 flow represent?

A.
Discovered communication
A.
Discovered communication
Answers
B.
Allowed communication
B.
Allowed communication
Answers
C.
Blocked communication
C.
Blocked communication
Answers
D.
Unprotected communication
D.
Unprotected communication
Answers
Suggested answer: C

Explanation:

The red dashed line for the UDP:137 flow in the NSX Intelligence information represents blocked communication. This indicates that the NSX Distributed Firewall has blocked the communication between the source and destination IP addresses on port 137.

For more information on NSX Intelligence and how to use it, please refer to the NSX-T Data Center documentation: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/nsx-t-3.0- intelligence/GUID-C2B2AF2E-A76A-46B8-A67A-42D7A9E924A9.html

Question 66

Report
Export
Collapse

When configuring members of a Security Group, which membership criteria art permitted?

A.
Virtual Machine, Physical Machine, Cloud Native Service Instance, and IP Set
A.
Virtual Machine, Physical Machine, Cloud Native Service Instance, and IP Set
Answers
B.
Segment Port, Segment, Virtual Machine, and IP Set
B.
Segment Port, Segment, Virtual Machine, and IP Set
Answers
C.
Virtual Interface, Segment, Cloud Native Service Instance, and IP Set.
C.
Virtual Interface, Segment, Cloud Native Service Instance, and IP Set.
Answers
D.
Virtual Interface, Segment, Physical Machine, and IP Set
D.
Virtual Interface, Segment, Physical Machine, and IP Set
Answers
Suggested answer: A

Explanation:

When configuring members of a Security Group, the permitted membership criteria are Virtual Machine, Physical Machine, Cloud Native Service Instance, and IP Set.

For more information on configuring members of a Security Group, please refer to the NSX-T Data Center documentation: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/nsx-t-3.0- security/GUID-C0F9A9A7-9A1E-41D9-A237-FED7A6F20A0A.html

Question 67

Report
Export
Collapse

At which OSI Layer do Next Generation Firewalls capable of analyzing application traffic operate?

A.
Layer 4
A.
Layer 4
Answers
B.
Layer 3
B.
Layer 3
Answers
C.
Layer 7
C.
Layer 7
Answers
D.
Layer 2
D.
Layer 2
Answers
Suggested answer: C

Explanation:

Next Generation Firewalls are capable of analyzing application traffic at Layer 7 of the OSI model.

Layer 7 is the Application Layer, which is where the application-level protocols, such as HTTP and FTP,are implemented. Next Generation Firewalls are able to inspect the application traffic and apply rulesbased on the content of the application-level packets.

For more information on the OSI model and Next Generation Firewalls, please refer to the following resources:

• OSI Model: https://en.wikipedia.org/wiki/OSI_model • Next GenerationFirewalls: https://en.wikipedia.org/wiki/Next-generation_firewall

Question 68

Report
Export
Collapse

Which three are required to configure a firewall rule on a getaway to allow traffic from the internal to web servers? (Choose three.)

A.
Create a URL analysis profile for web hosting category.
A.
Create a URL analysis profile for web hosting category.
Answers
B.
Create a firewall rule in System category.
B.
Create a firewall rule in System category.
Answers
C.
Enable Firewall Service for gateway.
C.
Enable Firewall Service for gateway.
Answers
D.
Create a firewall policy in Local Gateway category.
D.
Create a firewall policy in Local Gateway category.
Answers
E.
Add a firewall rule in Local Gateway category.
E.
Add a firewall rule in Local Gateway category.
Answers
F.
Disable the firewall rule in Default category.
F.
Disable the firewall rule in Default category.
Answers
Suggested answer: C, D, E

Explanation:

In order to configure a firewall rule on a gateway to allow traffic from the internal to web servers, the administrator needs to enable the Firewall Service for the gateway, create a firewall policy in the Local Gateway category, and add a firewall rule in the Local Gateway category. This firewall rule should specify the web servers as the destination and the internal network as the source.

For more information on how to configure firewall rules on a gateway, please refer to the NSX-T Data Center documentation: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/nsx-t-3.0-firewall/GUID-3A79CA7A-9D5E-4F2B-8F75-4EA298E4A4D5.html

Question 69

Report
Export
Collapse

A customer has a requirement to achieve Zero-Trust Security and minimize operational overhead.

Which VMware solution can be used by the customer to achieve the requirement?

A.
NSX Manager
A.
NSX Manager
Answers
B.
Tanzu Kubernetes Grid
B.
Tanzu Kubernetes Grid
Answers
C.
Carbon Black Anti-Virus
C.
Carbon Black Anti-Virus
Answers
D.
NSX Intelligence
D.
NSX Intelligence
Answers
Suggested answer: D

Explanation:

NSX Intelligence is a security analytics solution from VMware that can be used to achieve Zero-Trust Security and minimize operational overhead. It provides an AI-driven security analytics platform that can detect and respond to threats in real-time, allowing organizations to quickly identify threats and respond to them before they can cause damage. Additionally, it also provides automated security operations and orchestration capabilities that can help reduce manual overhead and free up resources for more important tasks.

For more information on NSX Intelligence and how it can help achieve Zero-Trust Security and minimize operational overhead, please refer to the NSX-T Data Center documentation: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/nsx-t-3.0- intelligence/GUID-C2B2AF2E-A76A-46B8-A67A-42D7A9E924A9.html

Question 70

Report
Export
Collapse

An NSX administrator has been tasked with deploying a NSX Edge Virtual machine through an ISO image.

Which virtual network interface card (vNIC) type must be selected while creating the NSX Edge VM allow participation in overlay and VLAN transport zones?

A.
e1000
A.
e1000
Answers
B.
VMXNET2
B.
VMXNET2
Answers
C.
VMXNET3
C.
VMXNET3
Answers
D.
Flexible
D.
Flexible
Answers
Suggested answer: C

Explanation:

When deploying an NSX Edge Virtual Machine through an ISO image, the virtual network interface card (vNIC) type that must be selected is VMXNET3 in order to allow participation in overlay and VLAN transport zones. VMXNET3 is a high-performance and feature-rich paravirtualized NIC that provides a significant performance boost over other vNIC types, as well as support for both overlay and VLAN transport zones.

For more information on deploying an NSX Edge Virtual Machine through an ISO image, please refer to the NSX-T Data Center documentation: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/nsx-t-3.0-deploy-config/GUID-A782558B-A72B-4848-B6DB-7A8A9E71FFD6.html

Total 70 questions
Go to page: of 7
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms