VMware 5V0-41.21 Exam Practice Test Instant Access

Question 1

An NSX administrator has been tasked with deploying a NSX Edge Virtual machine through an ISO image.

Which virtual network interface card (vNIC) type must be selected while creating the NSX Edge VM allow participation in overlay and VLAN transport zones?

Ae1000

BVMXNET2

CVMXNET3

DFlexible

Answer : C

When deploying an NSX Edge Virtual Machine through an ISO image, the virtual network interface card (vNIC) type that must be selected is VMXNET3 in order to allow participation in overlay and VLAN transport zones. VMXNET3 is a high-performance and feature-rich paravirtualized NIC that provides a significant performance boost over other vNIC types, as well as support for both overlay and VLAN transport zones.

For more information on deploying an NSX Edge Virtual Machine through an ISO image, please refer to the NSX-T Data Center documentation:https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/nsx-t-3.0-deploy-config/GUID-A782558B-A72B-4848-B6DB-7A8A9E71FFD6.html

Question 2

Which two statements are true about NSX Intelligence? (Choose two.)

ANSX Intelligence assists to build service insertion with Partner SVM.

BNSX Intelligence supports planning of distributed firewall rules and policy.

CNSX Intelligence can help to visualize network physical infrastructure.

DNSX Intelligence can be used in conjunction with vRealize Network Insight.

ENSX Intelligence supports planning of NSX-T Edge Firewall rules and policy.

Answer : A, E

The two statements that are true about NSX Intelligence are that it assists to build service insertion with Partner SVM and that it supports planning of NSX-T Edge Firewall rules and policy. NSX Intelligence can be used in conjunction with vRealize Network Insight to provide visibility and insights into the network, but it cannot be used to visualize the physical infrastructure. Additionally, while it can help to plan firewall rules and policy, it does not support planning of distributed firewall rules and policy.

Question 3

How does N5X Distributed IDS/IPS keep up to date with signatures?

ANSX Edge uses manually uploaded signatures by the security administrator.

BNSX-T Data Center is using a cloud based database to download the IDS/IPS signatures.

CNSX Manager has a local IDS/IPS signatures database that does not need to be updated.

DNSX Distributed IDS/IPS signatures are retrieved from updates.vmware.com.

Answer : D

Question 4

An administrator has enabled the "logging" option on a specific firewall rule. The administrator does not see messages on the Logging Server related to this firewall rule. What could be causing the issue?

AThe logging on the firewall policy needs to be enabled.

BFirewall Rule Logging is only supported in Gateway Firewalls.

CNSX Manager must have Firewall Logging enabled.

DThe logging server on the transport nodes is not configured.

Answer : A

Question 5

Which two Guest OS drivers are required for the Identity Firewall to operate? (Choose two.)

ANSX Network Introspection

Bvmxnet3

CNSX File Introspection

DGuest Introspection

Ee1000e

Answer : A, D

The two Guest OS drivers that are required for the Identity Firewall to operate are NSX Network Introspection and Guest Introspection. NSX Network Introspection provides network-level visibility and control, while Guest Introspection provides kernel-level visibility and control. The other drivers listed, vmxnet3, NSX File Introspection, and e1000e, are not required for the Identity Firewall to operate.

Question 6

To which network operations does a user with the Security Engineer role have full access permission?

ANetworking IP Address Pools, Networking NAT, Networking DHCP

BNetworking Forwarding Policies, Networking NAT, Networking VPN

CNetworking Load Balancing, Networking DNS, Networking Forwarding Policies

DNetworking DHCP, Networking NAT, Networking Segments

Answer : B

Question 7

Where is a partner security virtual machine (Partner SVM) deployed to process the redirected North-South traffic in an efficient manner?

ADeployed close to the Partner Manager.

BDeployed close to the NSX Edge nodes.

CDeployed close to the VMware vCenter Server.

DDeployed close to the compute nodes.

Answer : B

This allows for the Partner SVM to be close to the compute nodes, allowing for faster processing of the traffic and improved security. Additionally, the Partner SVM is also deployed close to the Partner Manager for added security and ease of management.

VMware 5V0-41.21 VMware NSX-T Data Center 3.1 Security Exam Practice Test