VMware 2V0-41.23 VMware NSX 4.x Professional Exam Practice Test

Page: 1 / 14
Total 107 questions
Question 1

Which table on an ESXi host is used to determine the location of a particular workload for a frame-forwarding decision?



Answer : B

The MAC table on an ESXi host is used to determine the location of a particular workload for a frame-forwarding decision. The MAC table maps the MAC addresses of the workloads to their corresponding tunnel endpoint (TEP) IP addresses. The TEP IP address identifies the ESXi host where the workload resides. The MAC table is populated by learning the source MAC addresses of the incoming frames from the workloads. The MAC table is also synchronized with other ESXi hosts in the same transport zone by using the NSX Controller.

https://nsx.techzone.vmware.com/resource/nsx-reference-design-guide


Question 2

Which CLI command would an administrator use to allow syslog on an ESXi transport node when using the esxcli utility?



Answer : A

To allow syslog on an ESXi transport node, the administrator needs to use the esxcli utility to enable the syslog ruleset in the ESXi firewall. The correct syntax for this command isesxcli network firewall ruleset set -r syslog -e true, where-rspecifies the ruleset name and-especifies whether to enable or disable it. The other options are incorrect because they either use an invalid syntax, such as omitting the ruleset name or using-ainstead of-r, or they disable the syslog ruleset instead of enabling it, which is the opposite of what the question asks.Reference: [ESXi Firewall Command-Line Interface], [Configure Syslog on ESXi Hosts]


Question 3

An administrator is configuring service insertion for Network Introspection.

Which two places can the Network Introspection be configured? (Choose two.)



Answer : A, B

Network Introspection is a service insertion feature that allows third-party network security services to monitor and analyze the traffic between virtual machines. Network Introspection can be configured on the host pNIC or on the partner SVM, depending on the type of service and the deployment model. The host pNIC configuration is used for services that require traffic redirection from the physical network to the service virtual machine. The partner SVM configuration is used for services that require traffic redirection from the virtual network to the service virtual machine. Network Introspection cannot be configured on the Tier-0 or Tier-1 gateways, as they are not part of the data plane where the service insertion occurs. Network Introspection also cannot be configured on the edge node, as it is a logical construct that hosts the Tier-0 and Tier-1 gateways.Reference:Distributed Service Insertion,NSX Securing ''Anywhere'' Part IV


Question 4

When running nsxcli on an ESXi host, which command will show the Replication mode?



Answer : C

https://vdc-download.vmware.com/vmwb-repository/dcr-public/c3fd9cef-6b2b-4772-93be-3fe60ce064a1/1f67b9e1-b111-4de7-9ea1-39931d28f560/NSX-T%20Command-Line%20Interface%20Reference.html#get%20logical-switch%20%3Clogical-switch-id%3E


Question 5

An NSX administrator is reviewing syslog and notices that Distributed Firewall Rules hit counts are not being logged.

What could cause this issue?



Answer : D

https://docs.vmware.com/en/VMware-NSX/4.0/administration/GUID-D57429A1-A0A9-42BE-A299-0C3C3546ABF3.html


Question 6

Which field in a Tier-1 Gateway Firewall would be used to allow access for a collection of trustworthy web sites?



Answer : D

The field in a Tier-1 Gateway Firewall that would be used to allow access for a collection of trustworthy web sites isProfiles -> L7 Access Profile.This field allows the user to create a Layer 7 access profile that defines a list of allowed or blocked URLs based on categories, reputation, or custom entries1.The user can then apply the L7 access profile to a firewall rule to control the traffic based on the URL filtering criteria1. The other options are incorrect because they are not related to URL filtering.The Source field specifies the source IP address or group of the firewall rule1.The Destination field specifies the destination IP address or group of the firewall rule1.The Profiles -> Context Profiles field allows the user to create a context profile that defines a list of application signatures or attributes that can be used to identify and classify network traffic1.Reference:Gateway Firewall


Question 7

An administrator wants to validate the BGP connection status between the Tier-O Gateway and the upstream physical router.

What sequence of commands could be used to check this status on NSX Edge node?



Answer : C

The sequence of commands that could be used to check the BGP connection status between the Tier-O Gateway and the upstream physical router on NSX Edge node isget gateways, vrf <number>, get bgp neighbor.These commands can be executed on the NSX Edge node CLI after logging in as admin6.The first command,get gateways, displays the list of logical routers (gateways) configured on the Edge node, along with their IDs and VRF numbers7.The second command,vrf <number>, switches to the VRF context of the desired Tier-O Gateway, where <number> is the VRF number obtained from the previous command7.The third command,get bgp neighbor, displays the BGP neighbor summary for the selected VRF, including the neighbor IP address, AS number, state, uptime, and prefixes received8. The other options are incorrect because they either use invalid or incomplete commands or do not switch to the correct VRF context.Reference:NSX-T Command-Line Interface Reference,NSX Edge Node CLI Commands,Troubleshooting BGP on NSX-T Edge Nodes


Page:    1 / 14   
Total 107 questions