VMware 3V0-42.20 Exam Practice Test Instant Access

Question 1

An architect is helping an organization with the Physical Design of an NSX-T Data Center solution.

This information was gathered during a workshop:

Migrating existing data center to KVM hosts.

Redundancy and high availability are required.

No component can be a single point of failure.

Which selection should the architect recommend? (Choose the best answer.)

ALinux Bridge redundancy with Active/Active Mode and multiple pNICs with necessary binding

BLinux Bridge redundancy with Active/Active Mode and single pNIC with static binding

CvSS/vDS in Active/Standby Mode with necessary binding

DvSS/vDS in Active/Active Mode with necessary pNICS and required binding modes

Answer : A

Question 2

Which three assessment findings are part of a Conceptual Design? (Choose three.)

Arisks

Bhost names

Cjustifications

Dconstraints

Eassumptions

Fvendor model

Answer : A, D, E

Question 3

A customer has a requirement to implement a next generation firewall (NGFW) to improve security network introspection. The customer wants to apply the NGFW to all workloads exposed both internally and externally. The customer wants the NGFW to work seamlessly with NSX-T Data Center and vSphere.

Which solution should be recommended to the customer? (Choose the best answer.)

AUse network introspection only on the external workloads and use NSX DFW for internal workloads.

BApply the NGFW on bare metal hosts which will offer better performance of inline network introspection.

CApply the NGFW to internal and external workloads for increased protection and use NSX-T Data Center with Federation to set network policies.

DUse NSX-T Data Center leveraged with NSX Intelligence to protect all workloads at the network inspection level.

Answer : A

Question 4

A customer deploying NSX-T Data Center requires role based access controls be enforced in NSX Manager with these requirements:

identity platform must be highly available

authentication must be performed by customer's existing SAML identity provider

MFA must be performed by administrator to gain access to NSX Manager

Which identity deployments would meet the customer's requirements? (Choose the best answer.)

ANSX Manager OAuth 2.0 registered to a 3-node Active Directory Federation Services cluster.

BNSX Manager OAuth 2.0 registered to a 2-node VMware Identity Manager cluster.

CNSX Manager OAuth 2.0 registered to a 2-node Active Directory Federation Services cluster

DNSX Manager OAuth 2.0 registered to a 3-node VMware Identity Manager cluster.

Answer : D

https://docs.vmware.com/en/VMware-Workspace-ONE-Access/19.03/vidm-install/GUID-3BFB1D4D-D5C2-480D-94E0-31ED6B0CAA63.html

Question 5

A Solutions Architect is assisting a service provider with designing an NSX-T Data Center solution for these environments:

Virtual Data Center to Virtual Data Center connectivity

Tenant workload on-boarding to Virtual Data Centers.

These requirements must be met:

scalability across 5 data centers

all sites have a latency of 180ms

MTU between sites is 1800

bandwidth is 100Mbps between sites

multi-tenancy

Which two selections should the Solutions Architect propose to the service provider? (Choose two.)

AConfigure Remote TEPs for stretching network services between Virtual Data Centers.

BUtilize SSL VPN for workloads on-boarding from on-premises to Virtual Data Centers.

CConfigure IPSec VPN for Tenant T0 gateways for Virtual Data Centers connectivity

DConfigure IPSec VPN for Tenant T1 gateways for Virtual Data Centers connectivity.

EUtilize L2 VPN for workloads on-boarding from on-premises to Virtual Data Centers.

Answer : D, E

As mentioned, using Federation for five sites is not possible yet. Therefore, we have to setup L2VPN. IPSec (needed by L2VPN) can be established from T0 as well as T1 (the same rule applies to L2VPN). However, L2VPN is limited (server or client) to one service per gateway, therefore it's not possible to utilize five L2VPN tunnels from the same T0 and we have to deploy five T1s.

Question 6

An architect is helping an organization with the Physical Design of an NSX-T Data Center solution.

This information was gathered during a workshop:

Some workloads should be moved to a Cloud Provider.

Extend network's VLAN or VNI across sites on the same broadcast domain.

Enable VM mobility use cases such as migration and disaster recovery without IP address changes.

Support 1500 byte MTU between sites.

Which selection should the architect include in their design? (Choose the best answer.)

ALoad Balancer

BReflexive NAT

CSSL VPN

DL2 VPN

Answer : D

Question 7

An architect is helping an organization with the Logical Design of an NSX-T Data Center solution.

This information was gathered during the Assessment Phase:

Data between two networks connected over a public network needs to be encrypted.

Certificate authentication is required.

Dynamic route learning is preferred.

Which selection should the architect include in their design? (Choose the best answer.)

ADeploy a Tier-0 gateway in Active/Standby mode. Configure policy-based IPSec VPN with SHA512 with RSA as the hash algorithm.

BDeploy a Tier-0 gateway in Active/Active mode. Configure route-based IPSec VPN with SHA512 with RSA as the hash algorithm.

CDeploy a Tier-0 gateway in Active/Standby mode. Configure route-based IPSec VPN with SHA512 with RSA as the hash algorithm.

DDeploy a Tier-0 gateway in Active/Active mode. Configure policy-based IPSec VPN with SHA512 with RSA as the hash algorithm.

Answer : C

Route-based IPSec VPN provides tunneling on traffic based on the static routes or routes learned dynamically.

Tier-0 gateway in the active-standby state supports the following services:

NAT

Load balancing

Stateful firewall

VPN

Reference Docs:

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/administration/GUID-C0E5AF10-576D-493A-A079-C4C95D8F5373.html

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/administration/GUID-7B0CD287-C5EB-493C-A57F-EEA8782A741A.html#GUID-7B0CD287-C5EB-493C-A57F-EEA8782A741A

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/administration/GUID-DF689847-252E-451E-84B5-DB507CC010AC.html

VMware Advanced Design VMware NSX-T Data Center 3V0-42.20 Exam Practice Test