Nutanix NCP-NS Exam Questions Instant Access

Question 1

Which statement accurately describes the behavior of a Flow Network Security policy operating in Monitor mode?

AAll matching traffic is discovered and denied, but not allowed.

BTraffic is blocked unless it matches an 'allow' rule in Enforce mode.

COnly East-West traffic is discovered, but North-South traffic is not.

DAll matching traffic is discovered and allowed, but not blocked.

Answer : D

Question 2

A customer wants to extend a VLAN subnet to a remote data center using VTEP. The administrator configures a Subnet Extension which shows UP in the Prism Interface, yet traffic fails to pass.

Which setting is most likely misconfigured?

ARoute Policy for VTEP has not been configured.

BVLAN ID does not match in the remote data center.

CRemote gateway IP address has not been configured.

DVXLAN UDP port is set to 4789.

Answer : B

Question 3

While configuring a new security policy in a Nutanix microsegmentation environment, an administrator wants the policy to remain flexible even if virtual machines change subnets or obtain new IP addresses.

Which configuration approach should the administrator use when defining the policy scope?

AConfigure the policy only on specific VLAN IDs.

BUse VM categories to define the secured and allowed entities.

CApply the policy after setting static routes for each VM.

DAssign IP addresses manually to all VMs included in the policy.

Answer : B

Question 4

Which policy mode blocks all traffic that is not explicitly allowed by the policy?

AMonitor Mode

BSave Mode

CBlock Mode

DEnforce Mode

Answer : D

Question 5

What entity is automatically created on the cluster hosting Prism Central when Microsegmentation is enabled?

AA storage container named flow_data is created.

BA Bucket named flow_data is created.

CA File Share named flow_data is created.

DA virtual machine named flow_data is created.

Answer : A

Question 6

Refer to the exhibit.

In the AD-VDI Departmental SecPol policy shown in the exhibit, ADGroup: Engineering is configured as a secured entity in a VDI Security Policy. Prism Central shows 2 / 2 active sessions under this group, but the administrator confirms that three Engineering users are currently logged in to persistent VDI desktops.

The third user's VM shows no ADGroup assignment in its VM details in Prism Central, even after the user has successfully logged in. All three users are members of the same AD group, and the Domain Controller event logs confirm a successful interactive login for the third user.

Which condition explains why the third user's VM is not being assigned the ADGroup: Engineering category?

AThe Active Directory Service account used by Prism Central is locked.

BThe third user's VM has been assigned an AppType category, preventing ID-Based categorization.

CThe Flow Identity Service has been disabled in Prism Central for the VM the third user is logging in to.

DThe Flow Network Security policy scope does not include the VLAN where the third user's VM resides.

Answer : B

Question 7

An administrator creates a VPC named AppVPC1 in Nutanix Cloud Infrastructure (NCI) with separate subnets for the web, app, and database tiers. The database subnet must remain isolated from external networks; however, all tiers need to communicate with each other internally.

What should the administrator configure to limit external access to only the web and app subnets?

AEnable NAT Gateway on the database subnet for outbound communication.

BConfigure a routing policy in the VPC to deny external traffic to and from the database subnet.

CAttach the web and app subnets to the external network through an AHV managed bridge.

DCreate Static Routes on the physical network to interconnect the VPC subnets.

Answer : B

Nutanix Certified Professional Network & Security v7.5 NCP-NS Exam Questions