Q1. Exhibit:
Which would best describe a workload in Compute Cluster 1 attached to a logical switch port group?
A. Within Compute Cluster 1, Layer 2 would function, but Layer 3 would fail.
B. Within Compute Cluster 1, Layer 2 would fail, and Layer 3 would fail.
C. Within ComputeCluster 1, Layer 2 would fail, but Layer 3 would function.
D. Within Compute Cluster 1, Layer 2 would function, and Layer 3 would function.
Answer: A
Explanation:
This has an interesting side effect: if you didn’t add all clusters of a given DVS to the TZ, those clusters you haven’t added will still have access to that Logical Switch. Let’s have a look at the following diagram:
From <https://telecomoccasionally.wordpress.com/2014/12/27/nsx-for-vsphere- understanding-transport-zone-scoping/>
his means that in out hypothetical case, if we were to create a DLR and connect to it that
LS we’ve created earlier, DLR instance would get created on hosts in clusters Comp B and
Mgmt / Edge, but not on hosts in clusteCr omp A:
From <https://telecomoccasionally.wordpress.com/2014/12/27/nsx-for-vsphere-understanding-transport-zone-scoping/
Q2. An administrator has been asked to provide single failure redundancy. What is the minimum supported number of NSX Controllers needed to meet this requirement?
A. 2
B. 3
C. 1
D. 5
Answer: B
Explanation:
Referencehttp://www.vmwarearena.com/vmware-nsx-installation-part-4-deploying-nsx- controller/
Q3. An administrator is attempting to troubleshoot a routing issue between the Edge Services Gateway (ESG) and the Distributed Logical Router (DLR).
Based on the exhibit, which method CANNOT be used to troubleshoot the issue?
A. SSH session into 192.168.100.3 on the ESG.
B. Console session into the ESG.
C. Console session into the DLR.
D. SSH session into 192.168.10.5 on the DLR.
Answer: A
Q4. What are the correct steps for connecting a virtual machine to a logical switch?
A. Select the logical switch, click the Add Virtual Machine Icon, select the VM, select the
vNIC to connect B. Select the Add Virtual Machine icon, select the logical switch, vNIC to connect
B. Select the logical switch, select the virtual machine, click the Add Virtual Machine .con. select the vNIC to connect
C. Select the vNIC, click the Add Virtual Machine Icon, select the logical switch
Answer: A
Explanation: https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.2/com.vmware.nsx.admin.doc/GUID-571237B3-1665-4B92-A3A9- 51C078EC601D.html
Q5. What are two things that should be done before upgrading from vCloud Networking and Security to NSX? (Choose two.)
A. Power off vShield Manager
B. Deploy NSX Manager virtualappliance
C. Uninstall vShield Data Security
D. Ensure that forward and reverse DNS is functional
Answer: C,D
Explanation:
Referencehttps://pubs.vmware.com/NSX- 62/index.jsp?topic=%2Fcom.vmware.nsx.upgrade.endpoint.doc%2FGUID-0D1B18B1-B5CC-483B-8BC0-95A2E8C025B9.html
Q6. Which two networking and security components are contained m the backup configuration data of an NSX Manager backup file? (Choose two )
A. vSphere Distributed Switch
B. Resource Pools
C. Edge Services Gateway
D. Grouping Objects
Answer: C,D
Q7. What is one of the benefits of a spine-leaf network topology?
A. A loop prevention protocol is not required
B. Automatic propagation of security policies to all nodes
C. Allows for VXl ANs to be defined in h traditional network topology
D. Network virtualization relies on spine leaf topologies to create logical switches
Answer: D
Q8. Which three methods can be used by the NSX Distributed Firewall to discover IP addresses? (Choose three )
A. DHCP Snooping
B. IP Sets
C. Spoofguard configured forTrust on First Use.
D. VMware Tools installed on every guest virtual machine.
E. ARP Spoofing
Answer: A,C,D
Explanation:
Referencehttps://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2125437
Q9. Which is a best practice to secure system traffic, ensure optimal performance and satisfy prerequisites for NSX?
A. Configure a single VMkernel and a single distributed port group for all the system traffic.
B. Configure a single distributed port group with a single VMkernel for Management and iSCSI traffic, a separate VMkernel for vMotion and VSAN traffic.
C. Dedicate separate VMkernel adapters for each type of system traffic. Dedicate separate distributed port groups for each VMkernel adapter and isolate the VLANs for each type of system traffic.
D. Dedicate separate VMkernel adapters for each type ofsystem traffic and dedicate separate standard switches for each type of system traffic connected to a single physical network.
Answer: B
Q10. The fact that NSX Data Security has visibility into sensitive data provides which two benefits? (Choose two )
A. It helps address compliance and risk management requirements.
B. It acts as a forensic tool to analyze TCP and UDP connections between virtual machines
C. It is able to trace packets between a source and destination without requiring access to the guest OS
D. It eliminates the typical agent footprint that exists with legacy software agents
Answer: A,B