2V0-41.19 Flashcards

1
Q

Which tool injects packets and provides various observation points along the packet’s path between two NSX-T managed objects?

A

A. SPAN mirrors
B. Port Mirroring
C. Traceflow
D. IPFIX

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which two steps must an NSX administrator take to integrate VMware Identity Manager in NSX-T to support role-based access control?

A

A. Add NSX Manager as a Service Provider (SP) in VMware Identity Manager.
B. Create an OAuth 2.0 client in VMware Identity Manager.
C. Enter the service URL, Client Secret, and SSL thumbprint in NSX Manager.
D. Create a SAML authentication in VMware Identity Manager using the NSX Manager FQDN.
E. Enter the Identity Provider (IdP) metadata URL in NSX Manager.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which CLI command is used for packet capture on the KVM Transport Node?

A

A. tcpdump
B. debug
C. set capture
D. tcpdump-uw

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An NSX Administrator has disabled VMware Identity manager (vIDM) integration with NSX Manager. The administrator is no longer able to log in to VMware NSX manager and receives the error shown in the exhibit. Which NSX CLI command on the NSX Manager would fix this issue?

A

A. clear auth-policy vidm disabled
B. clear auth-policy vidm stop
C. clear auth-policy vidm enabled
D. clear auth-policy vidm start

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are three characteristics of a transport zone?

A

A. defines the potential reach of transport nodes
B. configured with a Single N-VDS
C. defines the scope and reachability of a Segment
D. configured with multiple N-VDS
E. optional for creating a segment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which security feature on Tier-1 Gateways helps limit malicious traffic?

A

A. Unicast Reverse Path Forwarding (URPF)
B. Centralized Service Port (CSP)
C. Promiscuous Mode
D. Reverse Path Forwarding (RPF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What needs to be configured on a Tier-0 Gateway to make NSX Edge Services available to a VM on a VLAN-backed logical switch?

A

A. Loopback Router Port
B. Centralized Service Port
C. VLAN Uplink
D. Downlink

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which command is used to verify the application of Distributed Firewall Rules applied to a VM on a KVM transport node?

A

A. esxcli network firewall get
B. esxcli network ip connection list
C. ovs-vsctl add-br br-int
D. ovs-appctl -t /var/run/openvswitch/nsxa-ctl dfw/rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which three different transport nodes could be configured in the data plane?

A
A. vShield Edge VM
B. ESXi and KVM
C. Linux-based Bare Metal server
D. NSX Edge VM on KVM
E. ESXi and Hyper-V
F. VM or Bare Metal NSX Edge
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An NSX administrator has deployed a single NSX Manager node and will be adding two additional nodes to form a 3-node NSX Management Cluster for a production environment. The administrator will deploy these two additional nodes and Cluster VIP using the NSX Simplified UI.
What are the pre-requisites for this configuration?

A

A. All nodes must be in the same subnet.
B. A compute manager must be configured.
C. All nodes must be in separate subnets.
D. NSX Manager must reside on a Windows Server.
E. The cluster configuration must be completed using API.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Considering Transport Zone limitations, how many NSX managed virtual distributed switches (N-VDSs) are needed on each ESXi to join all the Transport Zones?

A

A. 4
B. 3
C. 2
D. 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which two statements describe the characteristics of an Edge Cluster in NSX-T 2.4 Data Center?

A

A. must contain only one type of edge nodes (VM or bare metal)
B. can contain multiple types of edge nodes (VM or bare metal)
C. must have only active-active edge nodes
D. can have a maximum of 10 edge nodes
E. can have a maximum of 8 edge nodes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which path is used to view the NSX Controller log file?

A

A. /var/log/cloudnet/nsx-ccp.log
B. /var/log/controller.log
C. /var/log/cloud/nsx-Icp.log
D. /var/log/ccp.log

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which CLI command is used to restart the Syslog service on a KVM transport node?

A

A. service.sh stop | start syslog
B. systemctl restart syslog
C. systemctl restart rsyslog
D. yum restart syslog

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which profile must be attached to the ESXi cluster to prepare the host for NSX-T Data Center?

A

A. Host Profile
B. Switching Profile
C. Uplink Profile
D. Transport Node Profile

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which two tools are used to configure centralized logging in NSX-T Data Center? (Choose two.)

A
A. vRealize Network Insight
B. vRealize Automation
C. vRealize Log Insight
D. Syslog Server
E. vRealize Operations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which protocol uses the 6081 UDP port?

A

A. Network Virtualization using Generic Routing Encapsulation (NVGRE)
B. Generic Network Virtualization Encapsulation (GENEVE)
C. Stateless Transport Tunneling (STT)
D. Virtual Extensible LAN (VXLAN)

18
Q

Which three CLI commands will list the TEP IPs configured on an ESXi transport node? (Choose three.)

A
A. esxcfg-vswitch -1
B. esxcfg-vmknic -1
C. esxcli network ip address list
D. esxcli network ip netstack list
E. esxcli network ip interface ipv4 get
F. esxcli network ip interface list
19
Q

Which TraceFlow traffic type should an NSX administrator use for validating connectivity between App and DB virtual machines that reside on different segments?

A

A. Multicast
B. Anycast
C. Broadcast
D. Unicast

20
Q

An NSX administrator Is planning to deploy a multi-tier routing topology in their NSX-T Data Center environment to provide north-south connectivity for the VMs.
Which routing component must be deployed?

A

A. Tier-0 Gateway
B. Edge Node
C. Tier-1 Gateway
D. Edge Cluster

21
Q

Which two CLI commands could be used to see if vmnic link status is down? (Choose two.)

A
A. esxcli network vswitch dvs vmware list
B. esxcfg-nics -1
C. esxcfg-vmsvc/get.networks
D. esxcfg-vmknic -1
E. esxcli network nic list
22
Q

What is the correct prioritization for gateway policy categories?

A

A. Shared Pre-rules > Emergency > System > Local Gateway > Auto Service > Default
B. Shared Pre-rules > Emergency > Local Gateway > System > Auto Service > Default
C. Emergency > System > Shared Pre-rules > Auto Service > Local Gateway > Default
D. Emergency > System > Shared Pre-rules > Local Gateway > Auto Service > Default

23
Q

Which three functions require a Services Router (SR) component on an Edge node? (Choose three.)

A
A. Distributed Firewall
B. Service Insertion
C. Gateway Firewall
D. Virtual Private Network
E. Distributed Routing
F. Packet Forwarding
24
Q

An NSX administrator has observed connectivity issues between the NSX Manager and the KVM Transport Node.
Which two log files could be used to troubleshoot the issue on the KVM Transport Node? (Choose two.)

A
A. /var/log/vmware/nsx-syslog
B. /usr/vmware/log/syslog
C. /var/log/nsx/syslog
D. /usr/vmware/nsx-syslog
E. /var/log/syslog
25
Q

What are three possible installation options for NSX Edge?

A

A. Install NSX Edge on a bare-metal server.
B. Deploy NSX Edge using a QCOW2 image.
C. Install NSX Edge VM on KVM using an ISO image.
D. Deploy NSX Edge on KVM using ovftool.
E. Deploy NSX Edge VM on ESXi using OVA.
F. Install NSX Edge VM on ESXi using an ISO image.

26
Q

Which three steps are required to create an IPSEC VPN tunnel? (Choose three.)

A
A. Create an IPSec service.
B. Configure a distributed firewall policy.
C. Configure a Tier-1 Gateway.
D. Add a local endpoint.
E. Configure an IPSec session.
F. Add a logical switch.
27
Q

An NSX administrator is retrieving a log bundle at the request of VMware Global Support. It is taking a long time to get the log bundle. The administrator reviews the configuration.
Which two changes to the configuration must be made to speed up the creation of the bundle. (Choose two.)

A

A. Disable upload bundle to remote file server
B. Change transfer protocol
C. Do not use ssh fingerprint
D. Create the support bundle from vCenterE. Disable Include core files and audit logs

28
Q

How is the intra-tier transit link connection created between SR and DR for a Tier-0 Gateway?

A

A. Manually create a gateway interface and mark it as transit.
B. Automatically created when DR is created.
C. Automatically created when SR is initialized.
D. Manually create external uplink interface and mark it as transit.

29
Q

Which two components are involved in the logical switching and N-VDS configuration during ESXi transport node installation? (Choose two.)

A
A. etherswitch
B. Open vSwitch
C. nsx-opsAgent
D. vdl2
E. nsx-vswitch
30
Q

A company is planning to implement NSX-T Data Center and will be using load balancing for 50 unique production workloads.
Which is the minimum NSX-T Edge size configuration required to support the production load balancer?

A

A. Large (8 vCPU 16GB RAM)
B. Medium (4 vCPU 8GB RAM)
C. Extra Large (12 vCPU 24GB RAM)
D. Small (2 vCPU 4GB RAM)

31
Q

What are the advantages of using a Tier-0 Gateway in ECMP mode? (Choose two.)

A
A. stateful services leveraged
B. increased north/south bandwidth
C. traffic load balancing
D. Failover of services
E. traffic predictability
32
Q

A user is assigned these two roles in NSX Manager:
• Load Balancer Administrator
• Network Engineer
What privileges does this user have in the system?

A

A. full access permissions on all networking services and full access permissions on load balancing features
B. read permissions on all networking services and read permissions on load balancing features
C. read permissions on all networking services and full access permissions on load balancing features
D. full access permissions on all networking services and read permissions on load balancing features

33
Q

What are two valid options when configuring the scope of a distributed firewall rule? (Choose two.)

A
A. Group
B. Tier-1 Gateway
C. Segment Port
D. Segment
E. DFW
34
Q
An NSX administrator has configured a KVM hypervisor as a transport node.
Which kemel module on KVM implements a N VDS?
A

A. dvswitch
B. nsx-vswitch
C. openvswitch
D. etherswitch

35
Q
An NSX administrator has configured a KVM hypervisor as a transport node.
Which kemel module on KVM implements a N VDS?
A

A. dvswitch
B. nsx-vswitch
C. openvswitch
D. etherswitch

36
Q

A customer is preparing to deploy VMware Kubernetes on an NSX-T Data Center.
What is the minimum MTU size for the UPLINK profile?

A

A. 1600
B. 1650
C. 1550
D. 1500

37
Q

Which component does the hyperbus interface (vmk50) provide network connectivity to?

A

A. virtual machines and containers running across transport nodes
B. virtual machines running on the same hypervisor
C. containers running on ESXi/KVM transport nodes
D. virtual machines running in the same segment

38
Q

An administrator wants to validate the BGP connection status between the Tier-0 Gateway and the upstream physical router.
What sequence of commands could be used to check this status on NSX Edge node?

A
A. – set vrf 
– show logical-routers- show  bgp
B. – show logical-routers- get vrf
– show ip route bgp
C. – enable 
– get vrf 
– show bgp neighbor
D. – get logical-routers
– vrf 
– get bgp neighbor
39
Q

An NSX administrator is troubleshooting a connectivity issue with virtual machines running on an ESXi transport node.
Which feature in the NSX Manager Simplified UI shows the mapping between the virtual NIC and the host’s physical adapter?

A

A. N-VDS Visualization
B. Activity Monitoring
C. IPFIX
D. Port Mirroring

40
Q

Which CLI command should be executed on a KVM hypervisor to retrieve the VM interface UUID?

A

A. virsh list-interface
B. virsh get-interface
C. virsh dumpxml | grep interfaceid
D. virsh show | grep interfaceid