VCP-NV Flashcards

1
Q
Which CLI command is used to start the NSX Manager virtual machine in the KVM environment?
A. virsh start 
B. virsh poweron 
C. virsh poweron 
D. virsh start
A

A. virsh start

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
What are the supported N-VDS modes?
A. DPDK Datapath
B. Enhanced Datapath
C. Overlay Datapath
D. Standard Datapath
E. Secure Datapath
A

B. Enhanced Datapath

D. Standard Datapath

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A NSX-T Data Center administrator wants to ensure that any machine on a public network can communicate with a Web VM running in a NSX-T Data Center
environment.
Which NAT type must be created on the Tier-0 or Tier-1 Gateway to achieve this?
A. 1:1 NAT
B. Reverse NAT
C. DNAT
D. SNAT

A

C. DNAT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
An NSX administrator created a Segment from the Simplified UI and wants to find the Replication Mode configured on the Segment. Which NSX CLI command
lists the Replication mode?
A. get logical-switches
B. get logical-switch 
C. get logical-switch  status
D. get logical-switch status
A

B. get logical-switch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
What is the most restrictive NSX-T built-in role which allow a user to apply configuration changes on a NSX Edge?
A. Network Operator
B. Network Engineer
C. Cloud Service Administrator
D. NSX Administrator
A

B. Network Engineer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
What are three NSX Manager roles? (Choose three.)
A. zookeeper
B. manager
C. policy
D. controller
E. cloud
F. master
A

B. manager
C. policy
D. controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
Which network tool cloud an administrator use on an ESXi 6.7 host to capture packets when troubleshooting connectivity issues?
A. Wireshark
B. pktcap-uw
C. net-stats
D. tcpdump
A

B. pktcap-uw

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
Which three hardware-based offloads provide maximum performance for physical network interface cards? (Choose three.)
A. Netfilter Flow Offload (NFO)
B. Priority Flow Control (PFC)
C. Receive Side Scaling (RSS)
D. TCP Segmentation Offload (TSO)
E. Source Route Bridging (SRB)
F. Large Receive Offload (LRO)
A

C. Receive Side Scaling (RSS)
D. TCP Segmentation Offload (TSO)
F. Large Receive Offload (LRO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which two commands could be used on an ESXI transport node to validate connectivity to the NSX Manager? (Choose two.)
A. nsxcli –cmd get manager status
B. esxcli network ip connection list I grep rabbitmq
C. nsxcli –cmd get managers
D. nsxcli –cmd get manager connectivity status
E. esxcli network ip connection list I grep 5671

A

C. nsxcli –cmd get managers

E. esxcli network ip connection list I grep 5671

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which two statements describe the characteristics of the Services Router (SR) component of a Tier-0 Gateway? (Choose two.)
A. Edge cluster is mandatory for SR to be created.
B. SR can exist on both hypervisor transport nodes and Edge transport nodes.
C. SR is automatically created when stateful services are enabled.
D. Edge transport nodes are required for SR to be created.
E. SR can be created from the NSX Advanced Networking & Security tab in the UI.

A

C. SR is automatically created when stateful services are enabled.
D. Edge transport nodes are required for SR to be created.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which statement Is true regarding the audit user account? (Choose two.)
A. The admin user must set the password for the audit account to log in to NSX Manager.
B. The administrator must run the set audit user password command.
C. The audit user has read-write access to the NSX Manager.
D. The audit user is disabled by default and must be enabled to log in to the NSX Manager.
E. The administrator must run the set user audit password command.

A

D. The audit user is disabled by default and must be enabled to log in to the NSX Manager.
E. The administrator must run the set user audit password command.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An NSX administrator is migrating vSphere port groups configured in vSphere to N-VDS.
What are two migration options? (Choose two.)
A. Migrate vSphere port groups using the esxcli command line.
B. Migrate vSphere port group through the NSX Manager API Calls.
C. Migrate Networking from the vCenter Server.
D. Migrate from the NSX Manager UI, go to Fabric -> Profile -> Uplink Profiles path.
E. Migrate from the NSX Simplified UI> Click Transport Node > Configure NSX > PNIC Only Migration path.

A

B. Migrate vSphere port group through the NSX Manager API Calls.
C. Migrate Networking from the vCenter Server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the function of a domain in a NSX-T Data Center?
A. defines the scope of transport zones
B. defines the scope of security policies and groups
C. defines the scope of physical networks
D. defines the scope of transport nodes

A

A. defines the scope of transport zones

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
Which port is used by a transport node to communicate with NSX Manager in NSX-T Data Center 2.4?
A. 5671
B. 1234
C. 1235
D. 5678
A

A. 5671

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The security administrator turns on logging for a firewall rule.
Where is the log stored on ESXi and KVM transport nodes?
A. /var/log/vmware/nsx/fIrewall.log
B. /var/log/fw.log
C. /var/log/messages.log
D. /var/log/dfwpktlogs.log

A

D. /var/log/dfwpktlogs.log

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
Which visual tool within the NSX User Interface should an administrator use to monitor hop-by-hop connectivity between two virtual machines or logical ports?
A. IPFIX
B. Port Connection
C. Port Mirroring
D. Port Status
A

B. Port Connection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

An NSX administrator would like to configure syslog for a KVM transport node.
Which host log files could be exported to a remote syslog server?
A. /var/log/vmware/nsx-syslog
B. /var/log/cfgAgent.log
C. /var/log/nsx-audit.log
D. /var/log/cloudnet/nsx-ccp.log

A

A. /var/log/vmware/nsx-syslog

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Refer to the exhibit.
A vSphere administrator is trying to connect T1-Web-01 virtual machine to a NSX-T logical switch and is receiving an error.
Which service must be restarted to connect the virtual machine to a NSX-T logical switch?
A. /etc/init.d/nsx-opsagent start
B. /etc/init.d/nsx-proxy start
C. /etc/init .d/nsxa start
D. /etc/init.d/nsx-datapath start

A

A. /etc/init.d/nsx-opsagent start

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which three steps must be taken to assign a new IP address to a member of a NSX Management Cluster that was deployed manually? (Choose three.)
A. Delete NSX Manager VM
B. Change IP address of NSX Manager in vApp Properties
C. Execute detach node from the NSX Manager CLI
D. Deploy new NSX Manager VM
E. Delete NSX Management cluster member from NSX Simplified UI

A

A. Delete NSX Manager VM
C. Execute detach node from the NSX Manager CLI
D. Deploy new NSX Manager VM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is required to configure a load balancer in inline mode?
A. DNAT
B. SNAT
C. Client and server connected to different Tier-1 Gateways
D. Client and server running on different transport nodes

A

C. Client and server connected to different Tier-1 Gateways

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

In a NSX-T Data Center environment, an administrator is observing low throughput and congestion between the Tier-0 Gateway and the upstream physical routers.
Which two actions could address low throughput and congestion? (Choose two.)
A. Configure a Tier-1 gateway and connect it directly to the physical routers.
B. Configure ECMP on the Tier-0 gateway.
C. Configure NAT on the Tier-0 gateway.
D. Deploy Large size Edge node/s.
E. Add an additional vNIC to the NSX Edge node.

A

B. Configure ECMP on the Tier-0 gateway.

C. Configure NAT on the Tier-0 gateway.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q
How many IPs are required when deploying a highly available NSX Management Cluster with VIP in a production environment?
A. 3
B. 5
C. 4
D. 6
A

C. 4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q
Which vmkernel module implements the N-VDS on an ESXi transport node?
A. openvswitch
B. enterswitch
C. nsx-vswitch
D. dvswitch
A

C. nsx-vswitch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q
Which two IP Discovery mechanisms are supports in KVM-environments? (Choose two.)
A. IGMP Snooping
B. Packet Snooping
C. DHCP Snooping
D. ARP Snooping
E. ND Snooping
A

C. DHCP Snooping

D. ARP Snooping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

An NSX administrator is creating a NAT rule on a Tier-0 Gateway configured in active-standby high availability mode.
Which two NAT rule types are supported for this configuration? (Choose two.)
A. Port NAT
B. Source NAT
C. Destination NAT
D. 1:1 NAT
E. Reflexive NAT

A

B. Source NAT

C. Destination NAT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q
An administrator wants to validate the BGP connection status between the Tier-0 Gateway and the upstream physical router.
What sequence of commands could be used to check this status on NSX Edge node?
A. - set vrf 
- show logical-routers
- show  bgp
B. - show logical-routers
- get vrf
- show ip route bgp
C. - enable 
- get vrf 
- show bgp neighbor
D. - get logical-routers
- vrf 
- get bgp neighbor
A

D. - get logical-routers

  • vrf
  • get bgp neighbor
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

An NSX administrator is troubleshooting a connectivity issue with virtual machines running on an ESXi transport node.
Which feature in the NSX Manager Simplified UI shows the mapping between the virtual NIC and the host’s physical adapter?
A. N-VDS Visualization
B. Activity Monitoring
C. IPFIX
D. Port Mirroring

A

A. N-VDS Visualization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q
What are the advantages of using a Tier-0 Gateway in ECMP mode? (Choose two.) I
A. stateful services leveraged
B. increased north/south bandwidth
C. traffic load balancing
D. Failover of services
E. traffic predictability
A

B. increased north/south bandwidth

C. traffic load balancing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

A user is assigned these two roles in NSX Manager:
• Load Balancer Administrator
• Network Engineer
What privileges does this user have in the system?
A. full access permissions on all networking services and full access permissions on load balancing features
B. read permissions on all networking services and read permissions on load balancing features
C. read permissions on all networking services and full access permissions on load balancing features
D. full access permissions on all networking services and read permissions on load balancing features

A

A. full access permissions on all networking services and full access permissions on load balancing features

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q
An NSX administrator has configured a KVM hypervisor as a transport node.
Which kemel module on KVM implements a N VDS?
A. dvswitch
B. nsx-vswitch
C. openvswitch
D. etherswitch
A

C. openvswitch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Refer to the exhibit.
An NSX administrator is retrieving a log bundle at the request of VMware Global Support. It is taking a long time to get the log bundle. The administrator reviews the configuration.
Which two changes to the configuration must be made to speed up the creation of the bundle. (Choose two.)
A. Disable upload bundle to remote file server
B. Change transfer protocol
C. Do not use ssh fingerprint
D. Create the support bundle from vCenter
E. Disable Include core files and audit logs

A

A. Disable upload bundle to remote file server

E. Disable Include core files and audit logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

How is the intra-tier transit link connection created between SR and DR for a Tier-0 Gateway?
A. Manually create a gateway interface and mark it as transit.
B. Automatically created when DR is created.
C. Automatically created when SR is initialized.
D. Manually create external uplink interface and mark it as transit.

A

C. Automatically created when SR is initialized.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q
Which two components are involved in the logical switching and N-VDS configuration during ESXi transport node installation? (Choose two.)
A. etherswitch
B. Open vSwitch
C. nsx-opsAgent
D. vdl2
E. nsx-vswitch
A

C. nsx-opsAgent

E. nsx-vswitch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

A security administrator needs to configure a firewall rule based on the domain name of a specific application.
Which field in a distributed firewall rule does the administrator configure?
A. Policy
B. Profile
C. Service
D. Source

A

B. Profile

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q
What are two supported VPN configuration types in a NSX-T Data Center? (Choose two.)
A. OpenVPN
B. MPLS
C. L3VPN
D. L2VPN
E. SSLVPN+
A

C. L3VPN

D. L2VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

An NSX administrator is applying QoS to guarantee bandwidth for critical production workloads.
Which three actions must be taken? (Choose three.)
A. Edit the exported JSON file.
B. Export transport node NIOC profile.
C. Create a QoS segment profile.
D. Specify QoS parameters.
E. Change Segment QoS profile.
F. Upload the JSON file and apply configuration.

A

C. Create a QoS segment profile.
D. Specify QoS parameters.
E. Change Segment QoS profile.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q
What is the maximum supported ECMP paths in NSX-T 2.4 Data Center?
A. 6
B. 8
C. 9
D. 7
A

B. 8

38
Q

An NSX administrator has deployed an NSX Edge on a bare-metal server.
Which command registers the NSX Edge with the NSX Manager?
A. join cluster username root password thumbprint
B. join management-plane username admin password thumbprint
C. join policy-manager username root password thumbprint
D. join management-cluster username admin password thumbprint

A

B. join management-plane username admin password thumbprint

39
Q

An NSX administrator would like to export syslog events that capture messages related to NSX host preparation events.
Which message ID (msgid) should be used in the syslog export configuration command as a filter?
A. SYSTEM
B. FABRIC
C. MONITORING
D. GROUPING

A

B. FABRIC

40
Q

An NSX administrator is migrating vSphere port groups configured in vSphere to N-VDS.
What are two migration options? (Choose two.)
A. Migrate vSphere port groups using the esxcli command line.
B. Migrate vSphere port group through the NSX Manager API Calls.
C. Migrate Networking from the vCenter Server.
D. Migrate from the NSX Manager UI, go to Fabric -> Profile -> Uplink Profiles path.

A

B. Migrate vSphere port group through the NSX Manager API Calls.
C. Migrate Networking from the vCenter Server.

41
Q
Which three teaming policy modes are supported by NSX-T Data Center? (Choose three.)
A. Destination MAC
B. Failover Order
C. Load Balanced Source
D. Load Balanced Source IP
E. Destination Port
F. Load Balanced Source MAC
A

B. Failover Order
C. Load Balanced Source
F. Load Balanced Source MAC

42
Q

An NSX administrator wants to create a Tier-0 Gateway to support equal cost multi-path (ECMP) routing.
Which failover detection protocol must be used to meet this requirement?
A. Host Standby Router Protocol (HSRP)
B. Beacon Probing (BP)
C. Virtual Router Redundancy Protocol (VRRP)
D. Bidirectional Forwarding Detection (BFD)

A

D. Bidirectional Forwarding Detection (BFD)

43
Q

An NSX administrator is reviewing syslog and notices that Distributed Firewall Rules hit counts are not being logged.
What could cause this issue?
A. Syslog is not configured on the NSX Manager
B. Distributed Firewall Rule logging is not enabled
C. Zero Trust Security is not enabled
D. Syslog is not configured on the ESXi transport node

A

D. Syslog is not configured on the ESXi transport node

44
Q

The NSX Control Plane is responsible for which two functions? (Choose two.)
A. push stateless configurations to forwarding engines
B. propagate topology information
C. receive and validate configuration from NSX Policy
D. host API services
E. maintain packet-level statistics

A

A. push stateless configurations to forwarding engines

B. propagate topology information

45
Q
Which NSX CLI command is used to check the GENEVE tunnel status on ESXi transport node?
A. get host-switch  tunnels
B. get host-switch  tunnel status
C. get transport-node tunnel state
D. get transport-node tunnel status
A

A. get host-switch tunnels

46
Q

In a NSX-T Data Center environment, an administrator is observing low throughput and congestion between the Tier-0 Gateway and the upstream physical routers.
Which two actions could address low throughput and congestion? (Choose two.)
A. Configure a Tier-1 gateway and connect it directly to the physical routers.
B. Configure ECMP on the Tier-0 gateway.
C. Configure NAT on the Tier-0 gateway.
D. Deploy Large size Edge node/s.
E. Add an additional vNIC to the NSX Edge node.

A

B. Configure ECMP on the Tier-0 gateway.

C. Configure NAT on the Tier-0 gateway.

47
Q

Which command on ESXi Is used to verify the Local Control Plane connectivity with Central Control Plane?
A. esxcli network ip connection list | grep ccpd
B. esxcli network ip connection list | grep 1234
C. esxcli network ip connection list | grep netcpa
D. esxcli network ip connection list | grep 1235

A

D. esxcli network ip connection list | grep 1235

48
Q

Which is correct when deploying a NSX Edge in a KVM only environment?
A. deploy NSX Edge VM with QCOW2 image
B. deploy NSX Edge VM with ISO image
C. deploy NSX Edge on a bare-metal server
D. deploy NSX Edge VM with OVF template

A

C. deploy NSX Edge on a bare-metal server

49
Q

Which component does the hyperbus interface (vmk50) provide network connectivity to?
A. virtual machines and containers running across transport nodes
B. virtual machines running on the same hypervisor
C. containers running on ESXi/KVM transport nodes
D. virtual machines running in the same segment

A

A. virtual machines and containers running across transport nodes

50
Q
What are two valid options when configuring the scope of a distributed firewall rule? (Choose two.)
A. Group
B. Tier-1 Gateway
C. Segment Port
D. Segment
E. DFW
A

A. Group

E. DFW

51
Q

What are three possible installation options for NSX Edge?
A. Install NSX Edge on a bare-metal server.
B. Deploy NSX Edge using a QCOW2 image.
C. Install NSX Edge VM on KVM using an ISO image.
D. Deploy NSX Edge on KVM using ovftool.
E. Deploy NSX Edge VM on ESXi using OVA.
F. Install NSX Edge VM on ESXi using an ISO image.

A

A. Install NSX Edge on a bare-metal server.
E. Deploy NSX Edge VM on ESXi using OVA.
F. Install NSX Edge VM on ESXi using an ISO image.

52
Q

Which three steps are required to create an IPSEC VPN tunnel? (Choose three.)
A. Create an IPSec service.
B. Configure a distributed firewall policy.
C. Configure a Tier-1 Gateway.
D. Add a local endpoint.
E. Configure an IPSec session.
F. Add a logical switch.

A

A. Create an IPSec service.
D. Add a local endpoint.
E. Configure an IPSec session.

53
Q

What is the correct prioritization for gateway policy categories?
A. Shared Pre-rules > Emergency > System > Local Gateway > Auto Service > Default
B. Shared Pre-rules > Emergency > Local Gateway > System > Auto Service > Default
C. Emergency > System > Shared Pre-rules > Auto Service > Local Gateway > Default
D. Emergency > System > Shared Pre-rules > Local Gateway > Auto Service > Default

A

D. Emergency > System > Shared Pre-rules > Local Gateway > Auto Service > Default

54
Q
Which three functions require a Services Router (SR) component on an Edge node? (Choose three.)
A. Distributed Firewall
B. Service Insertion
C. Gateway Firewall
D. Virtual Private Network
E. Distributed Routing
F. Packet Forwarding
A

B. Service Insertion
C. Gateway Firewall
D. Virtual Private Network

55
Q

An NSX administrator has observed connectivity issues between the NSX Manager and the KVM Transport Node.
Which two log files could be used to troubleshoot the issue on the KVM Transport Node? (Choose two.)
A. /var/log/vmware/nsx-syslog
B. /usr/vmware/log/syslog
C. /var/log/nsx/syslog
D. /usr/vmware/nsx-syslog
E. /var/log/syslog

A

A. /var/log/vmware/nsx-syslog

E. /var/log/syslog

56
Q
Which three CLI commands will list the TEP IPs configured on an ESXi transport node? (Choose three.)
A. esxcfg-vswitch -1
B. esxcfg-vmknic -1
C. esxcli network ip address list
D. esxcli network ip netstack list
E. esxcli network ip interface ipv4 get
F. esxcli network ip interface list
A

B. esxcfg-vmknic -1
D. esxcli network ip netstack list
E. esxcli network ip interface ipv4 get

57
Q
Which TraceFlow traffic type should an NSX administrator use for validating connectivity between App and DB virtual machines that reside on different segments?
A. Multicast
B. Anycast
C. Broadcast
D. Unicast
A

D. Unicast

58
Q
Which two tools are used to configure centralized logging in NSX-T Data Center? (Choose two.)
A. vRealize Network Insight
B. vRealize Automation
C. vRealize Log Insight
D. Syslog Server
E. vRealize Operations
A

C. vRealize Log Insight

D. Syslog Server

59
Q

Which protocol uses the 6081 UDP port?
A. Network Virtualization using Generic Routing Encapsulation (NVGRE)
B. Generic Network Virtualization Encapsulation (GENEVE)
C. Stateless Transport Tunneling (STT)
D. Virtual Extensible LAN (VXLAN)

A

B. Generic Network Virtualization Encapsulation (GENEVE)

60
Q
Which path is used to view the NSX Controller log file?
A. /var/log/cloudnet/nsx-ccp.log
B. /var/log/controller.log
C. /var/log/cloud/nsx-Icp.log
D. /var/log/ccp.log
A

A. /var/log/cloudnet/nsx-ccp.log

61
Q
Which CLI command is used to restart the Syslog service on a KVM transport node?
A. service.sh stop | start syslog
B. systemctl restart syslog
C. systemctl restart rsyslog
D. yum restart syslog
A

C. systemctl restart rsyslog

62
Q

Which two statements describe the characteristics of an Edge Cluster in NSX-T 2.4 Data Center? (Choose two.)
A. must contain only one type of edge nodes (VM or bare metal)
B. can contain multiple types of edge nodes (VM or bare metal)
C. must have only active-active edge nodes
D. can have a maximum of 10 edge nodes
E. can have a maximum of 8 edge nodes

A

A. must contain only one type of edge nodes (VM or bare metal)
D. can have a maximum of 10 edge nodes

63
Q

An NSX administrator has deployed a single NSX Manager node and will be adding two additional nodes to form a 3-node NSX Management Cluster for a
production environment. The administrator will deploy these two additional nodes and Cluster VIP using the NSX Simplified UI.
What are the pre-requisites for this configuration?
A. All nodes must be in the same subnet.
B. A compute manager must be configured.
C. All nodes must be in separate subnets.
D. NSX Manager must reside on a Windows Server.
E. The cluster configuration must be completed using API.

A

A. All nodes must be in the same subnet.

B. A compute manager must be configured.

64
Q

Which command is used to verify the application of Distributed Firewall Rules applied to a VM on a KVM transport node?
A. esxcli network firewall get
B. esxcli network ip connection list
C. ovs-vsctl add-br br-int
D. ovs-appctl -t /var/run/openvswitch/nsxa-ctl dfw/rules

A

D. ovs-appctl -t /var/run/openvswitch/nsxa-ctl dfw/rules

65
Q

An NSX administrator has disabled VMware Identity Manager (vIDM) integration with NSX Manager. The administrator is no longer able to log in to VMware NSX
Manager and receives the error shown in the exhibit.
Which NSX CLI command on the NSX Manager would fix this issue?
A. clear auth-policy vidm disabled
B. clear auth-policy vidm stop
C. clear auth-policy vidm enabled
D. clear auth-policy vidm start

A

C. clear auth-policy vidm enabled

66
Q
Considering Transport Zone limitations, how many NSX managed virtual distributed switches (N-VDSs) are needed on each ESXi to join all the Transport Zones?
A. 4
B. 3
C. 2
D. 1
A

C. 2

67
Q
Which CLI command is used for packet capture on the KVM Transport Node?
A. tcpdump
B. debug
C. set capture
D. tcpdump-uw
A

C. set capture

68
Q
Which tool injects packets and provides various observation points along the packet's path between two NSX-T managed objects?
A. SPAN mirrors
B. Port Mirroring
C. Traceflow
D. IPFIX
A

C. Traceflow

69
Q

Which two steps must an NSX administrator take to integrate VMware Identity Manager in NSX-T to support role-based access control? (Choose two.)
A. Add NSX Manager as a Service Provider (SP) in VMware Identity Manager.
B. Create an OAuth 2.0 client in VMware Identity Manager.
C. Enter the service URL, Client Secret, and SSL thumbprint in NSX Manager.
D. Create a SAML authentication in VMware Identity Manager using the NSX Manager FQDN.
E. Enter the Identity Provider (IdP) metadata URL in NSX Manager.

A

B. Create an OAuth 2.0 client in VMware Identity Manager.

C. Enter the service URL, Client Secret, and SSL thumbprint in NSX Manager.

70
Q

Which two are valid configurations when attempting to enable L2VPN services in a NSX-T Data Center? (Choose two.)
A. Connect the Segments to Edge Cluster.
B. Configure L2VPN on the Tier-1 Gateway.
C. Configure L2VPN on the Tier-0 Gateway.
D. Connect the Segments to Edge nodes.
E. Connect the Segments to Tier-0 or Tier-1 Gateway.

A

C. Configure L2VPN on the Tier-0 Gateway.

E. Connect the Segments to Tier-0 or Tier-1 Gateway.

71
Q

Which CLI command would an administrator use to allow syslog on an ESXi transport node when using the esxcli utility?
A. esxcli network firewall ruleset -e syslog
B. esxcli network firewall ruleset set -a -e false
C. esxcli network firewall ruleset set -r syslog -e true
D. esxcli network firewall ruleset set -r sysloq -e false

A

C. esxcli network firewall ruleset set -r syslog -e true

72
Q

Which technology is leveraged in the NSX Edge for fast packet processing?
A. Intel Data Plane Development Kit (DPDK)
B. Intel Speed Step
C. AMD Power Now
D. Non-Uniform Memory Access (NUMA)

A

A. Intel Data Plane Development Kit (DPDK)

73
Q

Which NSX CLI command is used to change the authentication policy for local users?
A. set cli-timeout
B. set hardening-policy
C. get auth-policy minimum-password-length
D. set auth-policy

A

D. set auth-policy

74
Q

An NSX administrator is creating a NAT rule on a Tier-0 Gateway configured in active-active high availability mode.
Which NAT rule type is supported for this configuration?
A. Destination NAT
B. 1:1 NAT
C. Reflexive NAT
D. Source NAT

A

D. Source NAT

75
Q

An organization with two data centers is planning an active-active multi-site deployment of NSX-T Data Center.
The two data centers have this network connectivity configuration:
Redundant 1Gbps links with 200 millisecond RTT
Global load balancing is not being utilized
1600 MTU
vSphere 6.5U2
Which configuration prevents the use of an active-active architecture?
A. vSphere 6.7 is the minimum supported version for active-active on vSphere
B. 9000 MTU is required for active-active state replication
C. global load-balancing is required to support NSX Manager DNS namespace
D. RTT must be under 150 ms

A

D. RTT must be under 150 ms

76
Q
Which NSX CLI command will enable the SSH service on the NSX Edge node?
A. set service ssh enabled
B. start service ssh
C. start service ssh start-on-boot
D. set service ssh start-on-boot enabled
A

C. start service ssh start-on-boot

77
Q

An NSX administrator is configuring the KVM hypervisor host as a transport node and wants to apply the Failover Order as a NIC teaming policy.
Which profile allows the administrator to configure the NIC Teaming policy as Failover Order?
A. N-VDS Profile
B. Uplink Profile
C. Host Switch Profile
D. Transport Node Profile

A

B. Uplink Profile

78
Q

An administrator Is trying to configure a medium load balancer in a production environment, but is getting the error message shown in the exhibit.
Which step must the administrator perform to remediate the problem?
A. Reduce the size of the virtual pool.
B. Restart the NSX Manager.
C. Power-off the existing load balancer and change its size.
D. Place the Tier-1 Gateway in a large edge cluster and redeploy the load balancer.

A

D. Place the Tier-1 Gateway in a large edge cluster and redeploy the load balancer.

79
Q
Which two logical router components span across all transport nodes? (Choose two.)
A. SERVICE_ROUTER_TIER0
B. DISTRIBUTED_ROUTER_TIER0
C. SERVICE_ROUTER_TIER1
D. DISTRIBUTED_ROUTER_TIER1
E. TIER0_DISTRIBUTED_ROUTER
A

B. DISTRIBUTED_ROUTER_TIER0

D. DISTRIBUTED_ROUTER_TIER1

80
Q

What is VMware’s recommendation for the minimum MTU requirements when planning a NSX-T Data Center deployment?
A. MTU should be set to 1550 or less across the data center network including inter-data center connections.
B. MTU should be set to 1500 or less only on inter-data center connections.
C. Configure Path MTU Discovery and rely on fragmentation.
D. MTU should be set to 1600 or greater across the data center network including inter-data center connections.

A

D. MTU should be set to 1600 or greater across the data center network including inter-data center connections.

81
Q

company is deploying a NSX-T Data Center micro-segmentation in their vSphere environment to allow simple 3-tier app forms through web, app, and database.
The naming convention will be:
• WKS-WEB-SRV-XXX
• WKY-APP-SRR-XXX
• WKI-DB-SRR-XXX
What is the optimal way to group them in order to enforce security policies from NSX-T Data Center?
A. Use Edge as a firewall between tiers.
B. Create an Ethernet based security policy.
C. Do a service Insertion to accomplish the task.
D. Group all by means of tags membership.

A

D. Group all by means of tags membership.

82
Q

The Node Status for all hosts in the SA-Compute-01 cluster Is shown as Not Configured. There are no VM connectivity issues reported on any of the ESXI
transport nodes.
Which service must be restarted to fix the issue?
A. nsx-mpa service on the ESXi transport nodes
B. nsx-policy-manager service on NSX Manager
C. nsx-mpa-api service on NSX Manager
D. cm-inventory service on NSX Manager

A

D. cm-inventory service on NSX Manager

83
Q

How is the RouterLink port created between a Tier-1 Gateway and Tier-0 Gateway?
A. Manually create a Segment and connect to both Tier-1 and Tier-0 Gateways.
B. Automatically created when Tier-1 is created.
C. Manually create a Logical Switch and connect to bother Tier-1 and Tier-0 Gateways.
D. Automatically created when Tier-1 is connected with Tier-0 from Simplified UI.

A

D. Automatically created when Tier-1 is connected with Tier-0 from Simplified UI.

84
Q
Which CLI command should be executed on a KVM hypervisor to retrieve the VM interface UUID?
A. virsh list-interface 
B. virsh get-interface 
C. virsh dumpxml  | grep interfaceid
D. virsh show  | grep interfaceid
A

C. virsh dumpxml | grep interfaceid

85
Q
Which two built-in VMware tools will help identify the cause of packet loss on VLAN Segments? (Choose two.)
A. Flow Monitoring
B. Traceflow
C. Activity Monitoring
D. Live Flow
E. Packet Capture
A

B. Traceflow

E. Packet Capture

86
Q

A customer is preparing to deploy VMware Kubernetes on an NSX-T Data Center.
What is the minimum MTU size for the UPLINK profile?
A. 1600
B. 1650
C. 1550
D. 1500

A

A. 1600

87
Q
Which three different transport nodes could be configured in the data plane? (Choose three.)
A. vShield Edge VM
B. ESXi and KVM
C. Linux-based Bare Metal server
D. NSX Edge VM on KVM
E. ESXi and Hyper-V
F. VM or Bare Metal NSX Edge
A

B. ESXi and KVM
C. Linux-based Bare Metal server
F. VM or Bare Metal NSX Edge

88
Q
Which two commands does an NSX administrator use to check the IP address of the VMkernel port for the GENEVE protocol on the ESXi transport node? (Choose
two.)
A. esxcfg-vmknic -1
B. esxcli network ip interface ipv4 get
C. esxcli network nic list
D. net-dvs
E. esxcfg-nics -1
A

A. esxcfg-vmknic -1

B. esxcli network ip interface ipv4 get

89
Q
Which denies all network traffic unless exclusively specified?
A. Blacklist
B. Whitelist
C. Default List
D. Trusted List
A

B. Whitelist

90
Q

While planning a NSX-T Data Center deployment with a network administrator, you are told the physical network uses Open Shortest Path First (OSPF) for the
Interior Gateway Protocol (IGP). The OSPF design is flat with the data center containing one OSPF area, area 0. The network administrator would like to extend
area 0 into NSX-T so that dynamic routing updates will be learned bidirectionally.
Which meets the requirement?
A. Utilize static routes between the NSX-T topology and the physical network.
B. Recommend creating a new area for NSX-T to protect NSX-T’s control plane from Link State Advertisement (LSA) floods from OSPF area 0.
C. Utilize the Border Gateway Protocol (BGP) on NSX-T and configure the physical network for route redistribution.
D. Utilize multi-protocol Border Gateway Protocol (BGP) in the NSX-T topology and configure the physical network for route redistribute

A

C. Utilize the Border Gateway Protocol (BGP) on NSX-T and configure the physical network for route redistribution.