ExamGecko
Search Search Login
Home Home / Nutanix / NCP-CI-AWS
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

When selecting the NC2 subscription plan from the Nutanix Billing portal, which options are available.
When creating an NC2 cluster in AWS, what are the required permissions for the account used to run the CloudFormation script?
A company has just adopted Nutanix as their technology of choice and is preparing to deploy Nutanix Cloud Clusters (NC2). Which step must be taken first to again access to the CN2 console?
An administrator has been tasked with deploying an NC2 cluster on AWS with the requirement to protect workloads. Which two options are valid to protect the workloads on this cluster? (Choose two.)
An administrator has recently deployed an NC2 on AWS cluster in the North Virginia region in availability zone us-east-1z. The clusters UUID is 0005F487-4962-91EA-4C98-C4284D123835. The cluster is consuming IPs from a 10.78.2.0/24 range. The AWS VPC has these available CIDR ranges: * 70.73.0.0/16 * 10.79.107.0/24 * 10.0.0.0/22 The following subnets have been configured in the NC2 AWS VPC: The following tags have been applied to a Custom Network Security Group: The Custom Network Security Group is allowing all inbound traffic from the 10.0.0.0/22 network. Which two subnets would be able to receive inbound traffic from AWS instances on a 10.0.0.0/22 network segment'? (Choose two.)
Which statement is true regarding AWS account requirements?
An administrator seeks to ensure that the newly created NC2 organization named Finance can only deploy clusters into certain cloud regions. What action should the administrator take to do this?
Which two statements are the most accurate regarding Cluster Protect? (Choose two.)
An administrator is planning to leverage NC2 on AWS for an elastic DR scenario where the initial cluster is using 13en.metal. Which two additional node types are supported for cluster expansion? (Choose two.)
An administrator has been asked to create a cluster to support new workloads. What are the maximum number of nodes supported in AWS?

Question 21 - NCP-CI-AWS discussion

Report
Export

An administrator has deployed an NC2 on AWS cluster and doesn't have connectivity back to the on-premises environment yet. The administrator wants to SSH into a CVM to edit a security setting and has deployed a Jump Host into an existing public subnet.

What action must the administrator still take to gain access to the CVM?

A.
Edit the CVM iptables to allow SSH.
Answers
A.
Edit the CVM iptables to allow SSH.
B.
Edit the User Management Network Security Group to allow SSH from the Jump Host IP.
Answers
B.
Edit the User Management Network Security Group to allow SSH from the Jump Host IP.
C.
Edit the UVM security group to allow SSH from the Jump Host IP and remove Cluster Lockdown.
Answers
C.
Edit the UVM security group to allow SSH from the Jump Host IP and remove Cluster Lockdown.
D.
Create Custom Network Security Group at the subnet level and add the IP address of the Jump Host
Answers
D.
Create Custom Network Security Group at the subnet level and add the IP address of the Jump Host
Suggested answer: B

Explanation:

To SSH into a Controller VM (CVM) in an NC2 on AWS cluster without on-premises connectivity, the administrator needs to ensure that the security settings allow SSH access from the Jump Host. This involves editing the User Management Network Security Group to permit SSH traffic from the Jump Host IP.

Deploy Jump Host:

Ensure the Jump Host is deployed in a public subnet with an Elastic IP (EIP) assigned for external access.

Edit User Management Network Security Group:

Locate the security group associated with the user management network.

Modify the inbound rules to allow SSH (port 22) from the Jump Host's IP address. This ensures that the Jump Host can establish an SSH connection to the CVM.

Steps to Edit Security Group:

Navigate to the EC2 dashboard in the AWS Management Console.

Select 'Security Groups' under the 'Network & Security' section.

Find and select the appropriate security group.

Edit the inbound rules to add a new rule:

Type: SSH

Protocol: TCP

Port Range: 22

Source: Custom IP (enter the Jump Host's public IP address)

Additional Configuration:

Ensure that the CVM itself allows SSH connections and that no internal firewall rules block the traffic.

Nutanix Cloud Clusters on AWS Administration Guide

AWS Security Group Documentation

Nutanix Best Practices for Secure Access

Show Answer
asked 23/09/2024
matias alvarez
29 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms