Independence Day Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > VMware > Vmware Certification > 2V0-41.23

2V0-41.23 VMware NSX 4.x Professional Question and Answers

Question # 4

In which VPN type are the Virtual Tunnel interfaces (VTI) used?

A.

Route & SSL based VPNs

B.

Route-based VPN

C.

Policy & Route based VPNs

D.

SSL-based VPN

Full Access
Question # 5

An administrator has deployed 10 Edge Transport Nodes in their NSX Environment, but has forgotten to specify an NTP server during the deployment.

What is the efficient way to add an NTP server to all 10 Edge Transport Nodes?

A.

Use Transport Node Profile

B.

Use the CU on each Edge Node

C.

Use a Node Profile

D.

Use a PowerCU script

Full Access
Question # 6

An NSX administrator would like to create an L2 segment with the following requirements:

• L2 domain should not exist on the physical switches.

• East/West communication must be maximized as much as possible.

Which type of segment must the administrator choose?

A.

VLAN

B.

Overlay

C.

Bridge

D.

Hybrid

Full Access
Question # 7

Which choice is a valid insertion point for North-South network introspection?

A.

Guest VM vNIC

B.

Partner SVM

C.

Tier-0 gateway

D.

Host Physical NIC

Full Access
Question # 8

An NSX administrator wants to create a Tler-0 Gateway to support equal cost multi-path (ECMP) routing. Which failover detection protocol must be used to meet this requirement?

A.

Bidirectional Forwarding Detection (BFD)

B.

Virtual Router Redundancy Protocol (VRRP)

C.

Beacon Probing (BP)

D.

Host Standby Router Protocol (HSRP)

Full Access
Question # 9

Which two of the following features are supported for the Standard NSX Application Platform Deployment? (Choose two.)

A.

NSX Intrusion Detection and Prevention

B.

NSX Intelligence

C.

NSX Network Detection and Response

D.

NSX Malware Prevention Metrics

E.

NSX Intrinsic Security

Full Access
Question # 10

A security administrator needs to configure a firewall rule based on the domain name of a specific application.

Which field in a distributed firewall rule does the administrator configure?

A.

Profile

B.

Service

C.

Policy

D.

Source

Full Access
Question # 11

What must be configured on Transport Nodes for encapsulation and decapsulation of Geneve protocol?

A.

VXIAN

B.

UDP

C.

STT

D.

TEP

Full Access
Question # 12

What are two supported host switch modes? (Choose two.)

A.

DPDK Datapath

B.

Enhanced Datapath

C.

Overlay Datapath

D.

Secure Datapath

E.

Standard Datapath

Full Access
Question # 13

Which three security features are dependent on the NSX Application Platform? (Choose three.)

A.

NSX Intelligence

B.

NSX Firewall

C.

NSX Network Detection and Response

D.

NSX TLS Inspection

E.

NSX Distributed IDS/IPS

F.

NSX Malware Prevention

Full Access
Question # 14

Which two statements are true about IDS Signatures? (Choose two.)

A.

Users can upload their own IDS signature definitions.

B.

An IDS signature contains data used to identify known exploits and vulnerabilities.

C.

An IDS signature contains data used to identify the creator of known exploits and vulnerabilities.

D.

IDS signatures can be High Risk, Suspicious, Low Risk and Trustworthy.

E.

An IDS signature contains a set of instructions that determine which traffic is analyzed.

Full Access
Question # 15

Which of the following exist only on Tler-1 Gateway firewall configurations and not on Tier-0?

A.

Applied To

B.

Actions

C.

Profiles

D.

Sources

Full Access
Question # 16

Which three NSX Edge components are used for North-South Malware Prevention? (Choose three.)

A.

Thin Agent

B.

RAPID

C.

Security Hub

D.

IDS/IPS

E.

Security Analyzer

F.

Reputation Service

Full Access
Question # 17

What are two valid BGP Attributes that can be used to influence the route path traffic will take? (Choose two.)

A.

AS-Path Prepend

B.

BFD

C.

Cost

D.

MED

Full Access
Question # 18

Which two statements describe the characteristics of an Edge Cluster in NSX? (Choose two.)

A.

Can have a maximum of 10 edge nodes

B.

Can have a maximum of 8 edge nodes

C.

Can contain multiple types of edge nodes (VM or bare metal)

D.

Must contain only one type of edge nodes (VM or bare metal)

E.

Must have only active-active edge nodes

Full Access
Question # 19

Which command is used to set the NSX Manager's logging-level to debug mode for troubleshooting?

A.

Set service manager log-level debug

B.

Set service manager logging-level debug

C.

Set service nsx-manager log-level debug

D.

Set service nsx-manager logging-level debug

Full Access
Question # 20

Which VPN type must be configured before enabling a L2VPN?

A.

Route-based IPSec VPN

B.

Policy based IPSec VPN

C.

SSL-bosed IPSec VPN

D.

Port-based IPSec VPN

Full Access
Question # 21

An administrator has been tasked with implementing the SSL certificates for the NSX Manager Cluster VIP.

Which is the correct way to implement this change?

A.

Send an API call to https:// /api/v1/cluster/api-certificate? action=set_cluster_certificate&certificate_id=

B.

Send an API call to https:// /api/v1/node/services/http? action=apply_certificate&certificate_id=

C.

SSH as admin into the NSX manager with the cluster VIP IP and run nsxcli cluster certificate vip install

D.

SSH as admin into the NSX manager with the cluster VIP IP and run nsxcli cluster certificate node install

Full Access
Question # 22

When deploying an NSX Edge Transport Node, what two valid IP address assignment options should be specified for the TEP IP addresses? (Choose two.)

A.

Use an IP Pool

B.

Use a DHCP Server

C.

Use RADIUS

D.

Use a Static IP List

E.

Use BootP

Full Access
Question # 23

A company security policy requires all users to log Into applications using a centralized authentication system.

Which two authentication, authorization, and accounting (AAA) systems are available when Integrating NSX with VMware Identity Manager? (Choose two.)

A.

RADII 2.0

B.

Keyoen Enterprise

C.

RSA SecurelD

D.

LDAP and OpenLDAP based on Active Directory (AD)

E.

SecureDAP

Full Access
Question # 24

In an NSX environment, an administrator is observing low throughput and congestion between the Tier-O Gateway and the upstream physical routers.

Which two actions could address low throughput and congestion? (Choose two.)

A.

Configure NAT on the Tier-0 gateway.

B.

Configure ECMP on the Tier-0 gateway.

C.

Deploy Large size Edge node/s.

D.

Add an additional vNIC to the NSX Edge node.

E.

Configure a Tier-1 gateway and connect it directly to the physical routers.

Full Access
Question # 25

Which two statements are correct about East-West Malware Prevention? (Choose two.)

A.

A SVM is deployed on every ESXi host.

B.

NSX Application Platform must have Internet access.

C.

An agent must be installed on every ESXi host.

D.

An agent must be installed on every NSX Edge node.

E.

NSX Edge nodes must have Internet access.

Full Access
Question # 26

When configuring OSPF on a Tler-0 Gateway, which three of the following must match in order to establish a neighbor relationship with an upstream router? (Choose three.)

A.

Naming convention

B.

MTU of the Uplink

C.

Subnet mask

D.

Address of the neighbor

E.

Protocol and Port

F.

Area ID

Full Access
Question # 27

What are the four types of role-based access control (RBAC) permissions? (Choose four.)

A.

Read

B.

None

C.

Auditor

D.

Full access

E.

Enterprise Admin

F.

Execute

G.

Network Admin

Full Access
Question # 28

Which troubleshooting step will resolve an error with code 1001 during the configuration of a time-based firewall rule?

A.

Reinstalling the NSX VIBs on the ESXi host.

B.

Restarting the NTPservice on the ESXi host.

C.

Changing the lime zone on the ESXi host.

D.

Reconfiguring the ESXI host with a local NTP server.

Full Access
Question # 29

A company Is deploying NSX micro-segmentation in their vSphere environment to secure a simple application composed of web. app, and database tiers.

The naming convention will be:

• WKS-WEB-SRV-XXX

• WKY-APP-SRR-XXX

• WKI-DB-SRR-XXX

What is the optimal way to group them to enforce security policies from NSX?

A.

Use Edge as a firewall between tiers.

B.

Do a service insertion to accomplish the task.

C.

Group all by means of tags membership.

D.

Create an Ethernet based security policy.

Full Access
Question # 30

Which NSX feature can be leveraged to achieve consistent policy configuration and simplicity across sites?

A.

VRF Lite

B.

Ethernet VPN

C.

NSX MTML5 UI

D.

NSX Federation

Full Access
Question # 31

An NSX administrator Is treating a NAT rule on a Tler-0 Gateway configured In active-standby high availability mode. Which two NAT rule types are supported for this configuration? (Choose two.)

A.

Reflexive NAT

B.

Destination NAT

C.

1:1 NAT

D.

Port NAT

E.

Source NAT

Full Access
Question # 32

An administrator needs to download the support bundle for NSX Manager. Where does the administrator download the log bundle from?

A.

System > Utilities > Tools

B.

System > Support Bundle

C.

System > Settings > Support Bundle

D.

System > Settings

Full Access