2V0-41.19

Question 1

Which tool injects packets and provides various observation points along the packet’s path between two NSX-T managed objects?

Answer 1

A. SPAN mirrors
B. Port Mirroring
C. Traceflow
D. IPFIX

Question 2

Which two steps must an NSX administrator take to integrate VMware Identity Manager in NSX-T to support role-based access control?

Answer 2

A. Add NSX Manager as a Service Provider (SP) in VMware Identity Manager.
B. Create an OAuth 2.0 client in VMware Identity Manager.
C. Enter the service URL, Client Secret, and SSL thumbprint in NSX Manager.
D. Create a SAML authentication in VMware Identity Manager using the NSX Manager FQDN.
E. Enter the Identity Provider (IdP) metadata URL in NSX Manager.

Question 3

Which CLI command is used for packet capture on the KVM Transport Node?

Answer 3

A. tcpdump
B. debug
C. set capture
D. tcpdump-uw

Question 4

An NSX Administrator has disabled VMware Identity manager (vIDM) integration with NSX Manager. The administrator is no longer able to log in to VMware NSX manager and receives the error shown in the exhibit. Which NSX CLI command on the NSX Manager would fix this issue?

Answer 4

A. clear auth-policy vidm disabled
B. clear auth-policy vidm stop
C. clear auth-policy vidm enabled
D. clear auth-policy vidm start

Question 5

What are three characteristics of a transport zone?

Answer 5

A. defines the potential reach of transport nodes
B. configured with a Single N-VDS
C. defines the scope and reachability of a Segment
D. configured with multiple N-VDS
E. optional for creating a segment

Question 6

Which security feature on Tier-1 Gateways helps limit malicious traffic?

Answer 6

A. Unicast Reverse Path Forwarding (URPF)
B. Centralized Service Port (CSP)
C. Promiscuous Mode
D. Reverse Path Forwarding (RPF)

Question 7

What needs to be configured on a Tier-0 Gateway to make NSX Edge Services available to a VM on a VLAN-backed logical switch?

Answer 7

A. Loopback Router Port
B. Centralized Service Port
C. VLAN Uplink
D. Downlink

Question 8

Which command is used to verify the application of Distributed Firewall Rules applied to a VM on a KVM transport node?

Answer 8

A. esxcli network firewall get
B. esxcli network ip connection list
C. ovs-vsctl add-br br-int
D. ovs-appctl -t /var/run/openvswitch/nsxa-ctl dfw/rules

Question 9

Which three different transport nodes could be configured in the data plane?

Answer 9

A. vShield Edge VM
B. ESXi and KVM
C. Linux-based Bare Metal server
D. NSX Edge VM on KVM
E. ESXi and Hyper-V
F. VM or Bare Metal NSX Edge

Question 10

An NSX administrator has deployed a single NSX Manager node and will be adding two additional nodes to form a 3-node NSX Management Cluster for a production environment. The administrator will deploy these two additional nodes and Cluster VIP using the NSX Simplified UI.
What are the pre-requisites for this configuration?

Answer 10

A. All nodes must be in the same subnet.
B. A compute manager must be configured.
C. All nodes must be in separate subnets.
D. NSX Manager must reside on a Windows Server.
E. The cluster configuration must be completed using API.

Question 11

Considering Transport Zone limitations, how many NSX managed virtual distributed switches (N-VDSs) are needed on each ESXi to join all the Transport Zones?

Answer 11

A. 4
B. 3
C. 2
D. 1

Question 12

Which two statements describe the characteristics of an Edge Cluster in NSX-T 2.4 Data Center?

Answer 12

A. must contain only one type of edge nodes (VM or bare metal)
B. can contain multiple types of edge nodes (VM or bare metal)
C. must have only active-active edge nodes
D. can have a maximum of 10 edge nodes
E. can have a maximum of 8 edge nodes

Question 13

Which path is used to view the NSX Controller log file?

Answer 13

A. /var/log/cloudnet/nsx-ccp.log
B. /var/log/controller.log
C. /var/log/cloud/nsx-Icp.log
D. /var/log/ccp.log

Question 14

Which CLI command is used to restart the Syslog service on a KVM transport node?

Answer 14

A. service.sh stop | start syslog
B. systemctl restart syslog
C. systemctl restart rsyslog
D. yum restart syslog

Question 15

Which profile must be attached to the ESXi cluster to prepare the host for NSX-T Data Center?

Answer 15

A. Host Profile
B. Switching Profile
C. Uplink Profile
D. Transport Node Profile

Question 16

Which two tools are used to configure centralized logging in NSX-T Data Center? (Choose two.)

Answer 16

A. vRealize Network Insight
B. vRealize Automation
C. vRealize Log Insight
D. Syslog Server
E. vRealize Operations

Question 17

Which protocol uses the 6081 UDP port?

Answer 17

A. Network Virtualization using Generic Routing Encapsulation (NVGRE)
B. Generic Network Virtualization Encapsulation (GENEVE)
C. Stateless Transport Tunneling (STT)
D. Virtual Extensible LAN (VXLAN)

Question 18

Which three CLI commands will list the TEP IPs configured on an ESXi transport node? (Choose three.)

Answer 18

A. esxcfg-vswitch -1
B. esxcfg-vmknic -1
C. esxcli network ip address list
D. esxcli network ip netstack list
E. esxcli network ip interface ipv4 get
F. esxcli network ip interface list

Question 19

Which TraceFlow traffic type should an NSX administrator use for validating connectivity between App and DB virtual machines that reside on different segments?

Answer 19

A. Multicast
B. Anycast
C. Broadcast
D. Unicast

Question 20

An NSX administrator Is planning to deploy a multi-tier routing topology in their NSX-T Data Center environment to provide north-south connectivity for the VMs.
Which routing component must be deployed?

Answer 20

A. Tier-0 Gateway
B. Edge Node
C. Tier-1 Gateway
D. Edge Cluster

Question 21

Which two CLI commands could be used to see if vmnic link status is down? (Choose two.)

Answer 21

A. esxcli network vswitch dvs vmware list
B. esxcfg-nics -1
C. esxcfg-vmsvc/get.networks
D. esxcfg-vmknic -1
E. esxcli network nic list

Question 22

What is the correct prioritization for gateway policy categories?

Answer 22

A. Shared Pre-rules > Emergency > System > Local Gateway > Auto Service > Default
B. Shared Pre-rules > Emergency > Local Gateway > System > Auto Service > Default
C. Emergency > System > Shared Pre-rules > Auto Service > Local Gateway > Default
D. Emergency > System > Shared Pre-rules > Local Gateway > Auto Service > Default

Question 23

Which three functions require a Services Router (SR) component on an Edge node? (Choose three.)

Answer 23

A. Distributed Firewall
B. Service Insertion
C. Gateway Firewall
D. Virtual Private Network
E. Distributed Routing
F. Packet Forwarding

Question 24

An NSX administrator has observed connectivity issues between the NSX Manager and the KVM Transport Node.
Which two log files could be used to troubleshoot the issue on the KVM Transport Node? (Choose two.)

Answer 24

A. /var/log/vmware/nsx-syslog
B. /usr/vmware/log/syslog
C. /var/log/nsx/syslog
D. /usr/vmware/nsx-syslog
E. /var/log/syslog

Question 25

What are three possible installation options for NSX Edge?

Answer 25

A. Install NSX Edge on a bare-metal server.
B. Deploy NSX Edge using a QCOW2 image.
C. Install NSX Edge VM on KVM using an ISO image.
D. Deploy NSX Edge on KVM using ovftool.
E. Deploy NSX Edge VM on ESXi using OVA.
F. Install NSX Edge VM on ESXi using an ISO image.

Question 26

Which three steps are required to create an IPSEC VPN tunnel? (Choose three.)

Answer 26

A. Create an IPSec service.
B. Configure a distributed firewall policy.
C. Configure a Tier-1 Gateway.
D. Add a local endpoint.
E. Configure an IPSec session.
F. Add a logical switch.

Question 27

An NSX administrator is retrieving a log bundle at the request of VMware Global Support. It is taking a long time to get the log bundle. The administrator reviews the configuration.
Which two changes to the configuration must be made to speed up the creation of the bundle. (Choose two.)

Answer 27

A. Disable upload bundle to remote file server
B. Change transfer protocol
C. Do not use ssh fingerprint
D. Create the support bundle from vCenterE. Disable Include core files and audit logs

Question 28

How is the intra-tier transit link connection created between SR and DR for a Tier-0 Gateway?

Answer 28

A. Manually create a gateway interface and mark it as transit.
B. Automatically created when DR is created.
C. Automatically created when SR is initialized.
D. Manually create external uplink interface and mark it as transit.

Question 29

Which two components are involved in the logical switching and N-VDS configuration during ESXi transport node installation? (Choose two.)

Answer 29

A. etherswitch
B. Open vSwitch
C. nsx-opsAgent
D. vdl2
E. nsx-vswitch

Question 30

A company is planning to implement NSX-T Data Center and will be using load balancing for 50 unique production workloads.
Which is the minimum NSX-T Edge size configuration required to support the production load balancer?

Answer 30

A. Large (8 vCPU 16GB RAM)
B. Medium (4 vCPU 8GB RAM)
C. Extra Large (12 vCPU 24GB RAM)
D. Small (2 vCPU 4GB RAM)

Question 31

What are the advantages of using a Tier-0 Gateway in ECMP mode? (Choose two.)

Answer 31

A. stateful services leveraged
B. increased north/south bandwidth
C. traffic load balancing
D. Failover of services
E. traffic predictability

Question 32

A user is assigned these two roles in NSX Manager:
• Load Balancer Administrator
• Network Engineer
What privileges does this user have in the system?

Answer 32

A. full access permissions on all networking services and full access permissions on load balancing features
B. read permissions on all networking services and read permissions on load balancing features
C. read permissions on all networking services and full access permissions on load balancing features
D. full access permissions on all networking services and read permissions on load balancing features

Question 33

What are two valid options when configuring the scope of a distributed firewall rule? (Choose two.)

Answer 33

A. Group
B. Tier-1 Gateway
C. Segment Port
D. Segment
E. DFW

Question 34

An NSX administrator has configured a KVM hypervisor as a transport node.
Which kemel module on KVM implements a N VDS?

Answer 34

A. dvswitch
B. nsx-vswitch
C. openvswitch
D. etherswitch

Question 35

An NSX administrator has configured a KVM hypervisor as a transport node.
Which kemel module on KVM implements a N VDS?

Answer 35

A. dvswitch
B. nsx-vswitch
C. openvswitch
D. etherswitch

Question 36

A customer is preparing to deploy VMware Kubernetes on an NSX-T Data Center.
What is the minimum MTU size for the UPLINK profile?

Answer 36

A. 1600
B. 1650
C. 1550
D. 1500

Question 37

Which component does the hyperbus interface (vmk50) provide network connectivity to?

Answer 37

A. virtual machines and containers running across transport nodes
B. virtual machines running on the same hypervisor
C. containers running on ESXi/KVM transport nodes
D. virtual machines running in the same segment

Question 38

An administrator wants to validate the BGP connection status between the Tier-0 Gateway and the upstream physical router.
What sequence of commands could be used to check this status on NSX Edge node?

Answer 38

A. – set vrf 
– show logical-routers- show  bgp
B. – show logical-routers- get vrf
– show ip route bgp
C. – enable 
– get vrf 
– show bgp neighbor
D. – get logical-routers
– vrf 
– get bgp neighbor

Question 39

An NSX administrator is troubleshooting a connectivity issue with virtual machines running on an ESXi transport node.
Which feature in the NSX Manager Simplified UI shows the mapping between the virtual NIC and the host’s physical adapter?

Answer 39

A. N-VDS Visualization
B. Activity Monitoring
C. IPFIX
D. Port Mirroring

Question 40

Which CLI command should be executed on a KVM hypervisor to retrieve the VM interface UUID?

Answer 40

A. virsh list-interface
B. virsh get-interface
C. virsh dumpxml | grep interfaceid
D. virsh show | grep interfaceid