VCP-NV

Question 1

Which CLI command is used to start the NSX Manager virtual machine in the KVM environment?
A. virsh start 
B. virsh poweron 
C. virsh poweron 
D. virsh start

Answer 1

A. virsh start

Question 2

What are the supported N-VDS modes?
A. DPDK Datapath
B. Enhanced Datapath
C. Overlay Datapath
D. Standard Datapath
E. Secure Datapath

Answer 2

B. Enhanced Datapath

D. Standard Datapath

Question 3

A NSX-T Data Center administrator wants to ensure that any machine on a public network can communicate with a Web VM running in a NSX-T Data Center
environment.
Which NAT type must be created on the Tier-0 or Tier-1 Gateway to achieve this?
A. 1:1 NAT
B. Reverse NAT
C. DNAT
D. SNAT

Answer 3

C. DNAT

Question 4

An NSX administrator created a Segment from the Simplified UI and wants to find the Replication Mode configured on the Segment. Which NSX CLI command
lists the Replication mode?
A. get logical-switches
B. get logical-switch 
C. get logical-switch  status
D. get logical-switch status

Answer 4

B. get logical-switch

Question 5

What is the most restrictive NSX-T built-in role which allow a user to apply configuration changes on a NSX Edge?
A. Network Operator
B. Network Engineer
C. Cloud Service Administrator
D. NSX Administrator

Answer 5

B. Network Engineer

Question 6

What are three NSX Manager roles? (Choose three.)
A. zookeeper
B. manager
C. policy
D. controller
E. cloud
F. master

Answer 6

B. manager
C. policy
D. controller

Question 7

Which network tool cloud an administrator use on an ESXi 6.7 host to capture packets when troubleshooting connectivity issues?
A. Wireshark
B. pktcap-uw
C. net-stats
D. tcpdump

Answer 7

B. pktcap-uw

Question 8

Which three hardware-based offloads provide maximum performance for physical network interface cards? (Choose three.)
A. Netfilter Flow Offload (NFO)
B. Priority Flow Control (PFC)
C. Receive Side Scaling (RSS)
D. TCP Segmentation Offload (TSO)
E. Source Route Bridging (SRB)
F. Large Receive Offload (LRO)

Answer 8

C. Receive Side Scaling (RSS)
D. TCP Segmentation Offload (TSO)
F. Large Receive Offload (LRO)

Question 9

Which two commands could be used on an ESXI transport node to validate connectivity to the NSX Manager? (Choose two.)
A. nsxcli –cmd get manager status
B. esxcli network ip connection list I grep rabbitmq
C. nsxcli –cmd get managers
D. nsxcli –cmd get manager connectivity status
E. esxcli network ip connection list I grep 5671

Answer 9

C. nsxcli –cmd get managers

E. esxcli network ip connection list I grep 5671

Question 10

Which two statements describe the characteristics of the Services Router (SR) component of a Tier-0 Gateway? (Choose two.)
A. Edge cluster is mandatory for SR to be created.
B. SR can exist on both hypervisor transport nodes and Edge transport nodes.
C. SR is automatically created when stateful services are enabled.
D. Edge transport nodes are required for SR to be created.
E. SR can be created from the NSX Advanced Networking & Security tab in the UI.

Answer 10

C. SR is automatically created when stateful services are enabled.
D. Edge transport nodes are required for SR to be created.

Question 11

Which statement Is true regarding the audit user account? (Choose two.)
A. The admin user must set the password for the audit account to log in to NSX Manager.
B. The administrator must run the set audit user password command.
C. The audit user has read-write access to the NSX Manager.
D. The audit user is disabled by default and must be enabled to log in to the NSX Manager.
E. The administrator must run the set user audit password command.

Answer 11

D. The audit user is disabled by default and must be enabled to log in to the NSX Manager.
E. The administrator must run the set user audit password command.

Question 12

An NSX administrator is migrating vSphere port groups configured in vSphere to N-VDS.
What are two migration options? (Choose two.)
A. Migrate vSphere port groups using the esxcli command line.
B. Migrate vSphere port group through the NSX Manager API Calls.
C. Migrate Networking from the vCenter Server.
D. Migrate from the NSX Manager UI, go to Fabric -> Profile -> Uplink Profiles path.
E. Migrate from the NSX Simplified UI> Click Transport Node > Configure NSX > PNIC Only Migration path.

Answer 12

B. Migrate vSphere port group through the NSX Manager API Calls.
C. Migrate Networking from the vCenter Server.

Question 13

What is the function of a domain in a NSX-T Data Center?
A. defines the scope of transport zones
B. defines the scope of security policies and groups
C. defines the scope of physical networks
D. defines the scope of transport nodes

Answer 13

A. defines the scope of transport zones

Question 14

Which port is used by a transport node to communicate with NSX Manager in NSX-T Data Center 2.4?
A. 5671
B. 1234
C. 1235
D. 5678

Answer 14

A. 5671

Question 15

The security administrator turns on logging for a firewall rule.
Where is the log stored on ESXi and KVM transport nodes?
A. /var/log/vmware/nsx/fIrewall.log
B. /var/log/fw.log
C. /var/log/messages.log
D. /var/log/dfwpktlogs.log

Answer 15

D. /var/log/dfwpktlogs.log

Question 16

Which visual tool within the NSX User Interface should an administrator use to monitor hop-by-hop connectivity between two virtual machines or logical ports?
A. IPFIX
B. Port Connection
C. Port Mirroring
D. Port Status

Answer 16

B. Port Connection

Question 17

An NSX administrator would like to configure syslog for a KVM transport node.
Which host log files could be exported to a remote syslog server?
A. /var/log/vmware/nsx-syslog
B. /var/log/cfgAgent.log
C. /var/log/nsx-audit.log
D. /var/log/cloudnet/nsx-ccp.log

Answer 17

A. /var/log/vmware/nsx-syslog

Question 18

Refer to the exhibit.
A vSphere administrator is trying to connect T1-Web-01 virtual machine to a NSX-T logical switch and is receiving an error.
Which service must be restarted to connect the virtual machine to a NSX-T logical switch?
A. /etc/init.d/nsx-opsagent start
B. /etc/init.d/nsx-proxy start
C. /etc/init .d/nsxa start
D. /etc/init.d/nsx-datapath start

Answer 18

A. /etc/init.d/nsx-opsagent start

Question 19

Which three steps must be taken to assign a new IP address to a member of a NSX Management Cluster that was deployed manually? (Choose three.)
A. Delete NSX Manager VM
B. Change IP address of NSX Manager in vApp Properties
C. Execute detach node from the NSX Manager CLI
D. Deploy new NSX Manager VM
E. Delete NSX Management cluster member from NSX Simplified UI

Answer 19

A. Delete NSX Manager VM
C. Execute detach node from the NSX Manager CLI
D. Deploy new NSX Manager VM

Question 20

What is required to configure a load balancer in inline mode?
A. DNAT
B. SNAT
C. Client and server connected to different Tier-1 Gateways
D. Client and server running on different transport nodes

Answer 20

C. Client and server connected to different Tier-1 Gateways

Question 21

In a NSX-T Data Center environment, an administrator is observing low throughput and congestion between the Tier-0 Gateway and the upstream physical routers.
Which two actions could address low throughput and congestion? (Choose two.)
A. Configure a Tier-1 gateway and connect it directly to the physical routers.
B. Configure ECMP on the Tier-0 gateway.
C. Configure NAT on the Tier-0 gateway.
D. Deploy Large size Edge node/s.
E. Add an additional vNIC to the NSX Edge node.

Answer 21

B. Configure ECMP on the Tier-0 gateway.

C. Configure NAT on the Tier-0 gateway.

Question 22

How many IPs are required when deploying a highly available NSX Management Cluster with VIP in a production environment?
A. 3
B. 5
C. 4
D. 6

Answer 22

C. 4

Question 23

Which vmkernel module implements the N-VDS on an ESXi transport node?
A. openvswitch
B. enterswitch
C. nsx-vswitch
D. dvswitch

Answer 23

C. nsx-vswitch

Question 24

Which two IP Discovery mechanisms are supports in KVM-environments? (Choose two.)
A. IGMP Snooping
B. Packet Snooping
C. DHCP Snooping
D. ARP Snooping
E. ND Snooping

Answer 24

C. DHCP Snooping

D. ARP Snooping

Question 25

An NSX administrator is creating a NAT rule on a Tier-0 Gateway configured in active-standby high availability mode.
Which two NAT rule types are supported for this configuration? (Choose two.)
A. Port NAT
B. Source NAT
C. Destination NAT
D. 1:1 NAT
E. Reflexive NAT

Answer 25

B. Source NAT

C. Destination NAT

Question 26

An administrator wants to validate the BGP connection status between the Tier-0 Gateway and the upstream physical router.
What sequence of commands could be used to check this status on NSX Edge node?
A. - set vrf 
- show logical-routers
- show  bgp
B. - show logical-routers
- get vrf
- show ip route bgp
C. - enable 
- get vrf 
- show bgp neighbor
D. - get logical-routers
- vrf 
- get bgp neighbor

Answer 26

D. - get logical-routers

• vrf
• get bgp neighbor

Question 27

An NSX administrator is troubleshooting a connectivity issue with virtual machines running on an ESXi transport node.
Which feature in the NSX Manager Simplified UI shows the mapping between the virtual NIC and the host’s physical adapter?
A. N-VDS Visualization
B. Activity Monitoring
C. IPFIX
D. Port Mirroring

Answer 27

A. N-VDS Visualization

Question 28

What are the advantages of using a Tier-0 Gateway in ECMP mode? (Choose two.) I
A. stateful services leveraged
B. increased north/south bandwidth
C. traffic load balancing
D. Failover of services
E. traffic predictability

Answer 28

B. increased north/south bandwidth

C. traffic load balancing

Question 29

A user is assigned these two roles in NSX Manager:
• Load Balancer Administrator
• Network Engineer
What privileges does this user have in the system?
A. full access permissions on all networking services and full access permissions on load balancing features
B. read permissions on all networking services and read permissions on load balancing features
C. read permissions on all networking services and full access permissions on load balancing features
D. full access permissions on all networking services and read permissions on load balancing features

Answer 29

A. full access permissions on all networking services and full access permissions on load balancing features

Question 30

An NSX administrator has configured a KVM hypervisor as a transport node.
Which kemel module on KVM implements a N VDS?
A. dvswitch
B. nsx-vswitch
C. openvswitch
D. etherswitch

Answer 30

C. openvswitch

Question 31

Refer to the exhibit.
An NSX administrator is retrieving a log bundle at the request of VMware Global Support. It is taking a long time to get the log bundle. The administrator reviews the configuration.
Which two changes to the configuration must be made to speed up the creation of the bundle. (Choose two.)
A. Disable upload bundle to remote file server
B. Change transfer protocol
C. Do not use ssh fingerprint
D. Create the support bundle from vCenter
E. Disable Include core files and audit logs

Answer 31

A. Disable upload bundle to remote file server

E. Disable Include core files and audit logs

Question 32

How is the intra-tier transit link connection created between SR and DR for a Tier-0 Gateway?
A. Manually create a gateway interface and mark it as transit.
B. Automatically created when DR is created.
C. Automatically created when SR is initialized.
D. Manually create external uplink interface and mark it as transit.

Answer 32

C. Automatically created when SR is initialized.

Question 33

Which two components are involved in the logical switching and N-VDS configuration during ESXi transport node installation? (Choose two.)
A. etherswitch
B. Open vSwitch
C. nsx-opsAgent
D. vdl2
E. nsx-vswitch

Answer 33

C. nsx-opsAgent

E. nsx-vswitch

Question 34

A security administrator needs to configure a firewall rule based on the domain name of a specific application.
Which field in a distributed firewall rule does the administrator configure?
A. Policy
B. Profile
C. Service
D. Source

Answer 34

B. Profile

Question 35

What are two supported VPN configuration types in a NSX-T Data Center? (Choose two.)
A. OpenVPN
B. MPLS
C. L3VPN
D. L2VPN
E. SSLVPN+

Answer 35

C. L3VPN

D. L2VPN

Question 36

An NSX administrator is applying QoS to guarantee bandwidth for critical production workloads.
Which three actions must be taken? (Choose three.)
A. Edit the exported JSON file.
B. Export transport node NIOC profile.
C. Create a QoS segment profile.
D. Specify QoS parameters.
E. Change Segment QoS profile.
F. Upload the JSON file and apply configuration.

Answer 36

C. Create a QoS segment profile.
D. Specify QoS parameters.
E. Change Segment QoS profile.

Question 37

What is the maximum supported ECMP paths in NSX-T 2.4 Data Center?
A. 6
B. 8
C. 9
D. 7

Answer 37

B. 8

Question 38

An NSX administrator has deployed an NSX Edge on a bare-metal server.
Which command registers the NSX Edge with the NSX Manager?
A. join cluster username root password thumbprint
B. join management-plane username admin password thumbprint
C. join policy-manager username root password thumbprint
D. join management-cluster username admin password thumbprint

Answer 38

B. join management-plane username admin password thumbprint

Question 39

An NSX administrator would like to export syslog events that capture messages related to NSX host preparation events.
Which message ID (msgid) should be used in the syslog export configuration command as a filter?
A. SYSTEM
B. FABRIC
C. MONITORING
D. GROUPING

Answer 39

B. FABRIC

Question 40

An NSX administrator is migrating vSphere port groups configured in vSphere to N-VDS.
What are two migration options? (Choose two.)
A. Migrate vSphere port groups using the esxcli command line.
B. Migrate vSphere port group through the NSX Manager API Calls.
C. Migrate Networking from the vCenter Server.
D. Migrate from the NSX Manager UI, go to Fabric -> Profile -> Uplink Profiles path.

Answer 40

B. Migrate vSphere port group through the NSX Manager API Calls.
C. Migrate Networking from the vCenter Server.

Question 41

Which three teaming policy modes are supported by NSX-T Data Center? (Choose three.)
A. Destination MAC
B. Failover Order
C. Load Balanced Source
D. Load Balanced Source IP
E. Destination Port
F. Load Balanced Source MAC

Answer 41

B. Failover Order
C. Load Balanced Source
F. Load Balanced Source MAC

Question 42

An NSX administrator wants to create a Tier-0 Gateway to support equal cost multi-path (ECMP) routing.
Which failover detection protocol must be used to meet this requirement?
A. Host Standby Router Protocol (HSRP)
B. Beacon Probing (BP)
C. Virtual Router Redundancy Protocol (VRRP)
D. Bidirectional Forwarding Detection (BFD)

Answer 42

D. Bidirectional Forwarding Detection (BFD)

Question 43

An NSX administrator is reviewing syslog and notices that Distributed Firewall Rules hit counts are not being logged.
What could cause this issue?
A. Syslog is not configured on the NSX Manager
B. Distributed Firewall Rule logging is not enabled
C. Zero Trust Security is not enabled
D. Syslog is not configured on the ESXi transport node

Answer 43

D. Syslog is not configured on the ESXi transport node

Question 44

The NSX Control Plane is responsible for which two functions? (Choose two.)
A. push stateless configurations to forwarding engines
B. propagate topology information
C. receive and validate configuration from NSX Policy
D. host API services
E. maintain packet-level statistics

Answer 44

A. push stateless configurations to forwarding engines

B. propagate topology information

Question 45

Which NSX CLI command is used to check the GENEVE tunnel status on ESXi transport node?
A. get host-switch  tunnels
B. get host-switch  tunnel status
C. get transport-node tunnel state
D. get transport-node tunnel status

Answer 45

A. get host-switch tunnels

Question 46

In a NSX-T Data Center environment, an administrator is observing low throughput and congestion between the Tier-0 Gateway and the upstream physical routers.
Which two actions could address low throughput and congestion? (Choose two.)
A. Configure a Tier-1 gateway and connect it directly to the physical routers.
B. Configure ECMP on the Tier-0 gateway.
C. Configure NAT on the Tier-0 gateway.
D. Deploy Large size Edge node/s.
E. Add an additional vNIC to the NSX Edge node.

Answer 46

B. Configure ECMP on the Tier-0 gateway.

C. Configure NAT on the Tier-0 gateway.

Question 47

Which command on ESXi Is used to verify the Local Control Plane connectivity with Central Control Plane?
A. esxcli network ip connection list | grep ccpd
B. esxcli network ip connection list | grep 1234
C. esxcli network ip connection list | grep netcpa
D. esxcli network ip connection list | grep 1235

Answer 47

D. esxcli network ip connection list | grep 1235

Question 48

Which is correct when deploying a NSX Edge in a KVM only environment?
A. deploy NSX Edge VM with QCOW2 image
B. deploy NSX Edge VM with ISO image
C. deploy NSX Edge on a bare-metal server
D. deploy NSX Edge VM with OVF template

Answer 48

C. deploy NSX Edge on a bare-metal server

Question 49

Which component does the hyperbus interface (vmk50) provide network connectivity to?
A. virtual machines and containers running across transport nodes
B. virtual machines running on the same hypervisor
C. containers running on ESXi/KVM transport nodes
D. virtual machines running in the same segment

Answer 49

A. virtual machines and containers running across transport nodes

Question 50

What are two valid options when configuring the scope of a distributed firewall rule? (Choose two.)
A. Group
B. Tier-1 Gateway
C. Segment Port
D. Segment
E. DFW

Answer 50

A. Group

E. DFW

Question 51

What are three possible installation options for NSX Edge?
A. Install NSX Edge on a bare-metal server.
B. Deploy NSX Edge using a QCOW2 image.
C. Install NSX Edge VM on KVM using an ISO image.
D. Deploy NSX Edge on KVM using ovftool.
E. Deploy NSX Edge VM on ESXi using OVA.
F. Install NSX Edge VM on ESXi using an ISO image.

Answer 51

A. Install NSX Edge on a bare-metal server.
E. Deploy NSX Edge VM on ESXi using OVA.
F. Install NSX Edge VM on ESXi using an ISO image.

Question 52

Which three steps are required to create an IPSEC VPN tunnel? (Choose three.)
A. Create an IPSec service.
B. Configure a distributed firewall policy.
C. Configure a Tier-1 Gateway.
D. Add a local endpoint.
E. Configure an IPSec session.
F. Add a logical switch.

Answer 52

A. Create an IPSec service.
D. Add a local endpoint.
E. Configure an IPSec session.

Question 53

What is the correct prioritization for gateway policy categories?
A. Shared Pre-rules > Emergency > System > Local Gateway > Auto Service > Default
B. Shared Pre-rules > Emergency > Local Gateway > System > Auto Service > Default
C. Emergency > System > Shared Pre-rules > Auto Service > Local Gateway > Default
D. Emergency > System > Shared Pre-rules > Local Gateway > Auto Service > Default

Answer 53

D. Emergency > System > Shared Pre-rules > Local Gateway > Auto Service > Default

Question 54

Which three functions require a Services Router (SR) component on an Edge node? (Choose three.)
A. Distributed Firewall
B. Service Insertion
C. Gateway Firewall
D. Virtual Private Network
E. Distributed Routing
F. Packet Forwarding

Answer 54

B. Service Insertion
C. Gateway Firewall
D. Virtual Private Network

Question 55

An NSX administrator has observed connectivity issues between the NSX Manager and the KVM Transport Node.
Which two log files could be used to troubleshoot the issue on the KVM Transport Node? (Choose two.)
A. /var/log/vmware/nsx-syslog
B. /usr/vmware/log/syslog
C. /var/log/nsx/syslog
D. /usr/vmware/nsx-syslog
E. /var/log/syslog

Answer 55

A. /var/log/vmware/nsx-syslog

E. /var/log/syslog

Question 56

Which three CLI commands will list the TEP IPs configured on an ESXi transport node? (Choose three.)
A. esxcfg-vswitch -1
B. esxcfg-vmknic -1
C. esxcli network ip address list
D. esxcli network ip netstack list
E. esxcli network ip interface ipv4 get
F. esxcli network ip interface list

Answer 56

B. esxcfg-vmknic -1
D. esxcli network ip netstack list
E. esxcli network ip interface ipv4 get

Question 57

Which TraceFlow traffic type should an NSX administrator use for validating connectivity between App and DB virtual machines that reside on different segments?
A. Multicast
B. Anycast
C. Broadcast
D. Unicast

Answer 57

D. Unicast

Question 58

Which two tools are used to configure centralized logging in NSX-T Data Center? (Choose two.)
A. vRealize Network Insight
B. vRealize Automation
C. vRealize Log Insight
D. Syslog Server
E. vRealize Operations

Answer 58

C. vRealize Log Insight

D. Syslog Server

Question 59

Which protocol uses the 6081 UDP port?
A. Network Virtualization using Generic Routing Encapsulation (NVGRE)
B. Generic Network Virtualization Encapsulation (GENEVE)
C. Stateless Transport Tunneling (STT)
D. Virtual Extensible LAN (VXLAN)

Answer 59

B. Generic Network Virtualization Encapsulation (GENEVE)

Question 60

Which path is used to view the NSX Controller log file?
A. /var/log/cloudnet/nsx-ccp.log
B. /var/log/controller.log
C. /var/log/cloud/nsx-Icp.log
D. /var/log/ccp.log

Answer 60

A. /var/log/cloudnet/nsx-ccp.log

Question 61

Which CLI command is used to restart the Syslog service on a KVM transport node?
A. service.sh stop | start syslog
B. systemctl restart syslog
C. systemctl restart rsyslog
D. yum restart syslog

Answer 61

C. systemctl restart rsyslog

Question 62

Which two statements describe the characteristics of an Edge Cluster in NSX-T 2.4 Data Center? (Choose two.)
A. must contain only one type of edge nodes (VM or bare metal)
B. can contain multiple types of edge nodes (VM or bare metal)
C. must have only active-active edge nodes
D. can have a maximum of 10 edge nodes
E. can have a maximum of 8 edge nodes

Answer 62

A. must contain only one type of edge nodes (VM or bare metal)
D. can have a maximum of 10 edge nodes

Question 63

An NSX administrator has deployed a single NSX Manager node and will be adding two additional nodes to form a 3-node NSX Management Cluster for a
production environment. The administrator will deploy these two additional nodes and Cluster VIP using the NSX Simplified UI.
What are the pre-requisites for this configuration?
A. All nodes must be in the same subnet.
B. A compute manager must be configured.
C. All nodes must be in separate subnets.
D. NSX Manager must reside on a Windows Server.
E. The cluster configuration must be completed using API.

Answer 63

A. All nodes must be in the same subnet.

B. A compute manager must be configured.

Question 64

Which command is used to verify the application of Distributed Firewall Rules applied to a VM on a KVM transport node?
A. esxcli network firewall get
B. esxcli network ip connection list
C. ovs-vsctl add-br br-int
D. ovs-appctl -t /var/run/openvswitch/nsxa-ctl dfw/rules

Answer 64

D. ovs-appctl -t /var/run/openvswitch/nsxa-ctl dfw/rules

Question 65

An NSX administrator has disabled VMware Identity Manager (vIDM) integration with NSX Manager. The administrator is no longer able to log in to VMware NSX
Manager and receives the error shown in the exhibit.
Which NSX CLI command on the NSX Manager would fix this issue?
A. clear auth-policy vidm disabled
B. clear auth-policy vidm stop
C. clear auth-policy vidm enabled
D. clear auth-policy vidm start

Answer 65

C. clear auth-policy vidm enabled

Question 66

Considering Transport Zone limitations, how many NSX managed virtual distributed switches (N-VDSs) are needed on each ESXi to join all the Transport Zones?
A. 4
B. 3
C. 2
D. 1

Answer 66

C. 2

Question 67

Which CLI command is used for packet capture on the KVM Transport Node?
A. tcpdump
B. debug
C. set capture
D. tcpdump-uw

Answer 67

C. set capture

Question 68

Which tool injects packets and provides various observation points along the packet's path between two NSX-T managed objects?
A. SPAN mirrors
B. Port Mirroring
C. Traceflow
D. IPFIX

Answer 68

C. Traceflow

Question 69

Which two steps must an NSX administrator take to integrate VMware Identity Manager in NSX-T to support role-based access control? (Choose two.)
A. Add NSX Manager as a Service Provider (SP) in VMware Identity Manager.
B. Create an OAuth 2.0 client in VMware Identity Manager.
C. Enter the service URL, Client Secret, and SSL thumbprint in NSX Manager.
D. Create a SAML authentication in VMware Identity Manager using the NSX Manager FQDN.
E. Enter the Identity Provider (IdP) metadata URL in NSX Manager.

Answer 69

B. Create an OAuth 2.0 client in VMware Identity Manager.

C. Enter the service URL, Client Secret, and SSL thumbprint in NSX Manager.

Question 70

Which two are valid configurations when attempting to enable L2VPN services in a NSX-T Data Center? (Choose two.)
A. Connect the Segments to Edge Cluster.
B. Configure L2VPN on the Tier-1 Gateway.
C. Configure L2VPN on the Tier-0 Gateway.
D. Connect the Segments to Edge nodes.
E. Connect the Segments to Tier-0 or Tier-1 Gateway.

Answer 70

C. Configure L2VPN on the Tier-0 Gateway.

E. Connect the Segments to Tier-0 or Tier-1 Gateway.

Question 71

Which CLI command would an administrator use to allow syslog on an ESXi transport node when using the esxcli utility?
A. esxcli network firewall ruleset -e syslog
B. esxcli network firewall ruleset set -a -e false
C. esxcli network firewall ruleset set -r syslog -e true
D. esxcli network firewall ruleset set -r sysloq -e false

Answer 71

C. esxcli network firewall ruleset set -r syslog -e true

Question 72

Which technology is leveraged in the NSX Edge for fast packet processing?
A. Intel Data Plane Development Kit (DPDK)
B. Intel Speed Step
C. AMD Power Now
D. Non-Uniform Memory Access (NUMA)

Answer 72

A. Intel Data Plane Development Kit (DPDK)

Question 73

Which NSX CLI command is used to change the authentication policy for local users?
A. set cli-timeout
B. set hardening-policy
C. get auth-policy minimum-password-length
D. set auth-policy

Answer 73

D. set auth-policy

Question 74

An NSX administrator is creating a NAT rule on a Tier-0 Gateway configured in active-active high availability mode.
Which NAT rule type is supported for this configuration?
A. Destination NAT
B. 1:1 NAT
C. Reflexive NAT
D. Source NAT

Answer 74

D. Source NAT

Question 75

An organization with two data centers is planning an active-active multi-site deployment of NSX-T Data Center.
The two data centers have this network connectivity configuration:
Redundant 1Gbps links with 200 millisecond RTT
Global load balancing is not being utilized
1600 MTU
vSphere 6.5U2
Which configuration prevents the use of an active-active architecture?
A. vSphere 6.7 is the minimum supported version for active-active on vSphere
B. 9000 MTU is required for active-active state replication
C. global load-balancing is required to support NSX Manager DNS namespace
D. RTT must be under 150 ms

Answer 75

D. RTT must be under 150 ms

Question 76

Which NSX CLI command will enable the SSH service on the NSX Edge node?
A. set service ssh enabled
B. start service ssh
C. start service ssh start-on-boot
D. set service ssh start-on-boot enabled

Answer 76

C. start service ssh start-on-boot

Question 77

An NSX administrator is configuring the KVM hypervisor host as a transport node and wants to apply the Failover Order as a NIC teaming policy.
Which profile allows the administrator to configure the NIC Teaming policy as Failover Order?
A. N-VDS Profile
B. Uplink Profile
C. Host Switch Profile
D. Transport Node Profile

Answer 77

B. Uplink Profile

Question 78

An administrator Is trying to configure a medium load balancer in a production environment, but is getting the error message shown in the exhibit.
Which step must the administrator perform to remediate the problem?
A. Reduce the size of the virtual pool.
B. Restart the NSX Manager.
C. Power-off the existing load balancer and change its size.
D. Place the Tier-1 Gateway in a large edge cluster and redeploy the load balancer.

Answer 78

D. Place the Tier-1 Gateway in a large edge cluster and redeploy the load balancer.

Question 79

Which two logical router components span across all transport nodes? (Choose two.)
A. SERVICE_ROUTER_TIER0
B. DISTRIBUTED_ROUTER_TIER0
C. SERVICE_ROUTER_TIER1
D. DISTRIBUTED_ROUTER_TIER1
E. TIER0_DISTRIBUTED_ROUTER

Answer 79

B. DISTRIBUTED_ROUTER_TIER0

D. DISTRIBUTED_ROUTER_TIER1

Question 80

What is VMware’s recommendation for the minimum MTU requirements when planning a NSX-T Data Center deployment?
A. MTU should be set to 1550 or less across the data center network including inter-data center connections.
B. MTU should be set to 1500 or less only on inter-data center connections.
C. Configure Path MTU Discovery and rely on fragmentation.
D. MTU should be set to 1600 or greater across the data center network including inter-data center connections.

Answer 80

D. MTU should be set to 1600 or greater across the data center network including inter-data center connections.

Question 81

company is deploying a NSX-T Data Center micro-segmentation in their vSphere environment to allow simple 3-tier app forms through web, app, and database.
The naming convention will be:
• WKS-WEB-SRV-XXX
• WKY-APP-SRR-XXX
• WKI-DB-SRR-XXX
What is the optimal way to group them in order to enforce security policies from NSX-T Data Center?
A. Use Edge as a firewall between tiers.
B. Create an Ethernet based security policy.
C. Do a service Insertion to accomplish the task.
D. Group all by means of tags membership.

Answer 81

D. Group all by means of tags membership.

Question 82

The Node Status for all hosts in the SA-Compute-01 cluster Is shown as Not Configured. There are no VM connectivity issues reported on any of the ESXI
transport nodes.
Which service must be restarted to fix the issue?
A. nsx-mpa service on the ESXi transport nodes
B. nsx-policy-manager service on NSX Manager
C. nsx-mpa-api service on NSX Manager
D. cm-inventory service on NSX Manager

Answer 82

D. cm-inventory service on NSX Manager

Question 83

How is the RouterLink port created between a Tier-1 Gateway and Tier-0 Gateway?
A. Manually create a Segment and connect to both Tier-1 and Tier-0 Gateways.
B. Automatically created when Tier-1 is created.
C. Manually create a Logical Switch and connect to bother Tier-1 and Tier-0 Gateways.
D. Automatically created when Tier-1 is connected with Tier-0 from Simplified UI.

Answer 83

D. Automatically created when Tier-1 is connected with Tier-0 from Simplified UI.

Question 84

Which CLI command should be executed on a KVM hypervisor to retrieve the VM interface UUID?
A. virsh list-interface 
B. virsh get-interface 
C. virsh dumpxml  | grep interfaceid
D. virsh show  | grep interfaceid

Answer 84

C. virsh dumpxml | grep interfaceid

Question 85

Which two built-in VMware tools will help identify the cause of packet loss on VLAN Segments? (Choose two.)
A. Flow Monitoring
B. Traceflow
C. Activity Monitoring
D. Live Flow
E. Packet Capture

Answer 85

B. Traceflow

E. Packet Capture

Question 86

A customer is preparing to deploy VMware Kubernetes on an NSX-T Data Center.
What is the minimum MTU size for the UPLINK profile?
A. 1600
B. 1650
C. 1550
D. 1500

Answer 86

A. 1600

Question 87

Which three different transport nodes could be configured in the data plane? (Choose three.)
A. vShield Edge VM
B. ESXi and KVM
C. Linux-based Bare Metal server
D. NSX Edge VM on KVM
E. ESXi and Hyper-V
F. VM or Bare Metal NSX Edge

Answer 87

B. ESXi and KVM
C. Linux-based Bare Metal server
F. VM or Bare Metal NSX Edge

Question 88

Which two commands does an NSX administrator use to check the IP address of the VMkernel port for the GENEVE protocol on the ESXi transport node? (Choose
two.)
A. esxcfg-vmknic -1
B. esxcli network ip interface ipv4 get
C. esxcli network nic list
D. net-dvs
E. esxcfg-nics -1

Answer 88

A. esxcfg-vmknic -1

B. esxcli network ip interface ipv4 get

Question 89

Which denies all network traffic unless exclusively specified?
A. Blacklist
B. Whitelist
C. Default List
D. Trusted List

Answer 89

B. Whitelist

Question 90

While planning a NSX-T Data Center deployment with a network administrator, you are told the physical network uses Open Shortest Path First (OSPF) for the
Interior Gateway Protocol (IGP). The OSPF design is flat with the data center containing one OSPF area, area 0. The network administrator would like to extend
area 0 into NSX-T so that dynamic routing updates will be learned bidirectionally.
Which meets the requirement?
A. Utilize static routes between the NSX-T topology and the physical network.
B. Recommend creating a new area for NSX-T to protect NSX-T’s control plane from Link State Advertisement (LSA) floods from OSPF area 0.
C. Utilize the Border Gateway Protocol (BGP) on NSX-T and configure the physical network for route redistribution.
D. Utilize multi-protocol Border Gateway Protocol (BGP) in the NSX-T topology and configure the physical network for route redistribute

Answer 90

C. Utilize the Border Gateway Protocol (BGP) on NSX-T and configure the physical network for route redistribution.