VCP-NV 6.2 - Examps

VMware VCP6-NV 2V0-642
Number: 2V0-642
Passing Score: 800
Time Limit: 120 min
File Version: 14.75
Exam A
QUESTION 1
An administrator needs to perform a configuration backup of NSX. From which two locations can this task be
performed? (Choose two.)
A. Directly on the NSX Manager

B. From the vSphere Web Client
C. Using the NSX API
D. Directly on each NSX Controller
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
Where does an administrator configure logging for the NSX Manager?
A. In the vSphere Web Client

B. In the NSX Manager GUI
C. In the NSX Manager command line interface (CLI)
D. In the vSphere Syslog Collector
Correct Answer: B
Section: (none)
Explanation
QUESTION 3
Which term describes a situation where a bottleneck is created when traffic is sent to a single device for
security enforcement?
A. security event queuing

B. hairpinning
C. security looping
D. enforcement degradation
Correct Answer: A
Section: (none)
Explanation
QUESTION 4
Which NSX routing protocols offers the most flexible policy control when peering with the physical
environment?
A. BGP
B. OSPF
C. ISIS
D. EIGRP
Correct Answer: A
Section: (none)
Explanation
Explanation: Both the NSX DLR and the NSX ESG support OSPF and BGP.
The primary difference between these routing protocols is the level of control on routes propagation and
attribute manipulations they allow, with BGP being the more flexible of the two. The concept of an Autonomous
System (AS), defined as a group of routers under the same administrative domain, comes also into play.
Routing inside an AS is usually done via an IGP (e.g., OSPF) while routing between Autonomous Systems is
done via an EGP (e.g., BGP).
QUESTION 5
Two virtual machines are unable to communicate with one another. The virtual machines are in the same
distributed port group, but reside on different ESXi hosts. What are two possible causes for the
communications issue? (Choose two )
A. Basic multicast filtering mode has been disabled on the ESXi hosts.
B. No physical NICs are assigned as active or standby uplinks in a NIC team.
C. The standby links are configured on different VLANs, preventing heartbeats from reaching each VM.
D. The physical NICs assigned as active or standby uplinks reside on different VLANs on the physical switch.
Correct Answer: BD
Section: (none)
Explanation
https://docs.vmware.com/en/VMwarevSphere/6.5/com.vmware.vsphere.troubleshooting.doc/GUID-5324A0E4-
AA7B-40CC-A975-D45328B5C434.html
QUESTION 6
An NSX environment requires physical NIC redundancy for all dvPortGroups when connecting hosts to the
physical network. There are two 10Gb NIC's per host. Which two teaming methods should be used to ensure
both links are utilized simultaneously?
A. Virtual Port Channel

B. LACP Port-Channel
C. Static Port-Channel
D. Explicit Failover Order
Correct Answer: AB
Section: (none)
Explanation
QUESTION 7
When creating a new security policy how is the default weight determined?
A. The default weight is equal to the highest defined weight plus 1000.
B. The default weight is incremented by 100, starting at 0.
C. The default weight is equal to the highest defined weight minus 1000.
D. The default weight is equal to the highest defined weight
Correct Answer: A
Section: (none)
Explanation
Explanation: https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-
607C399F-0D11-4B95-90DAA6E17E8C906E.html
QUESTION 8
What vSphere Distributed Switch security policy allows virtual machines to send frames with a MAC Address
that is different from the one specified in the vmx file?
A. MAC Address Changes

B. Failover detection
C. Forged Transmits
D. Promiscuous Mode
Correct Answer: C
Section: (none)
Explanation
http://www.vmwarearena.com/vsphere-distributed-switch-part-16/
QUESTION 9
What is required before running an Activity Monitoring report?
A. Enable data collection on the NSX Controller.

B. Enable data collection on the vCenter Server.
C. Enable data collection on the NSX Manager.
D. Enable data collection on the virtual machine.
Correct Answer: D
Section: (none)
Explanation
QUESTION 10
An administrator wants to perform Activity Monitoring on a large group of virtual machines in an NSX
environment. How would this task be accomplished with minimal administrative effort?
A. Create a PowerCLI script to enable virtual machine data collection on each virtual machine.
B. Create a security group in Service Composer and add the virtual machines to the security group.
C. Add the virtual machines to the pre-defined Activity Monitoring security group in Service Composer.
D. Add the virtual machines to a VM folder in vCenter Server and enable data collection.
Correct Answer: C
Section: (none)
Explanation
QUESTION 11
When configuring BGP routing in NSX, what is the purpose of the Graceful Restart check box?
A. Allow packet forwarding to be paused during restart of BGP services

B. Allow packet forwarding to be uninterrupted during restart of BGP services
C. Automatically restart the local router when BGP session is established
D. Automatically restart the peer router when BGP session is established
Correct Answer: B
Section: (none)
Explanation
https://docs.vmware.com/en/VMware-NSX-forvSphere/6.3/com.vmware.nsx.admin.doc/GUID-EF251ED4-
5BCA-43D5-9C01-975601EACF1E.html
QUESTION 12
Which vSphere network object obstructs the physical network, provides access-level switching in the hypervisor
and enables support tot overlay networking?
A. Standard Switch
B. Distributed Port Group
C. Distributed Switch
D. Logical Switch
Correct Answer: C
Section: (none)
Explanation
https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/nsx/vmw-nsx-network-
virtualization-design-guide.pdf
QUESTION 13
Which three statements ore valid methods of Link Aggregation Control Protocol negotiation? (Choose three.)
A. Switches activate one of the blocked paths and negotiate the forwarding path upon failure.
B. Every other switch on the LAN negotiates only one data path back to the root bridge.
C. Switches wait until they receive an aggregation request,negotiate the status of the links, and proceed.
D. One switch sends repeated requests to the other switch that is requesting the port aggregation status. The
two switches negotiate the status of the links and proceed.
E. Switches with links enabled for port aggregation do the port aggregation themselves and must be manually
configured to be compatible at each end of that link
Correct Answer: ABC

Section: (none)
Explanation
QUESTION 14
What is the effect on NSX Edge virtual machines when NSX Edge high availability is configured but vSphere
HA is NOT configured?
A. The active-standby NSX Edge pair will survive one failure. However, the virtual machines must reside on
the same host to prevent NSX Edge availability from being compromised.
B. The active-standby NSX Edge HA pair will survive multiple failures.
C. The active-standby NSX Edge HA pair will survive one failure. However, if another failure happens before
the second Edge appliance is restored, NSX Edge availability can be compromised.
D. The active-standby NSX Edge HA pair will survive two failures. However, the virtual machines must reside
on two different hosts.
Correct Answer: C
Section: (none)
Explanation
QUESTION 15
What are two roles of vmnics? (Choose two)
A. ESXi hosts reach the physical network through vmnics.

B. Virtual machines require vmnics to communicate with their host
C. ESXi hosts are segmented using vmnics, also called virtual trunk ports
D. Virtual machines require vmnics to communicate with physical networks
Correct Answer: AC
Section: (none)
Explanation
QUESTION 16
Which two statements are true about NSX Data Security support? (Choose two )
A. It supports HIPAA and PCI-DSS compliance policies as well as U.S. Driver License and Social Security
numbers.
B. It supports both Windows and Linux-based virtual machines.
C. It only supports HIPAA and PCI-DSS compliance policies.
D. It only supports Windows-based virtual machines.
Correct Answer: BC
Section: (none)
Explanation
https://www.vmware.com/products/nsx.html
QUESTION 17
A virtualized application needs access to a physical database. Both servers are on the 172.168.3.0/24 subnet.
NSX has been deployed across the entire virtual environment. What method can be used to allow access
between the servers?
A. Configure a DLR with an L2 bridge instance for 172.168.3.0/24 VXLAN to VLAN traffic.
B. Route 172.168.3.0/24 to the NSX Edge where the logical switch of the applicationexists.
C. Configure a NAT rule for 172.177.13/024 for the database physical router.
D. Configure the logical switch to bridge 172.168.3.0/24 to the physical router of the database.
Correct Answer: D
Section: (none)
Explanation
QUESTION 18
What is the purpose of a DHCP Relay Agent in an NSX Edge configuration?
A. Configures virtual machine interfaces to which DHCP messages are relayed.

B. Configures Edge interfaces from which DHCP messages are relayed.
C. Configures Edge interfaces to which DHCP messages are relayed.
D. Configures virtual machine interfaces from which DHCP messages are relayed.
Correct Answer: B
Section: (none)
Explanation
http://pubs.vmware.com/NSX-61/index.jsp#com.vmware.nsx.admin.doc/GUIDC655D21F-C800-4C7F-A887-
F5733810DF34.html
QUESTION 19
A user needs to be given the ability to make configuration changes on a specific NSX Edge device. What role
and scope could be used to meet this requirement?
A. NSX Administrator role and Limit Access scope

B. Security Administrator role and Limit Access scope
C. NSX Administrator role and No restriction scope
D. Security Administrator role and No restriction scope
Correct Answer: B
Section: (none)
Explanation
QUESTION 20
An administrator needs to verify which port the switch manager is using. Which command should be used?
A. show controller-cluster status

B. show controller-cluster core stats
C. show controller-cluster connections
D. show controller-cluster logical-switches
Correct Answer: C
Section: (none)
Explanation
QUESTION 21
If the Applied To scope is set to Distributed Firewall, which virtual machines with have the firewall rule applied?
A. Only the virtual machines defined in the Source field.

B. Only virtual machines defined in the Destination field.
C. All virtual machines in a Datacenter.
D. All virtual machines on prepared hosts.
Correct Answer: C
Section: (none)
Explanation
http://www.routetocloud.com/2015/04/nsx-distributed-firewall-deep-dive/
QUESTION 22
Which two NSX rotes could be used to create security policies? (Choose two.)
A. Enterprise Administrator
B. Security Administrator
C. NSX Administrator
D. Auditor
Correct Answer: AB
Section: (none)
Explanation
https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-79F9067D-2F29-
45DA-85C7-09EFC31549EA.html
QUESTION 23
Which load balancing algorithm is only available on a vSphere Distributed Switch?
A. Route Based on Source MAC Hash

B. Route Based on Originating Virtual Port
C. Route Based on IP Hash
D. Route Based on Physical NIC Load
Correct Answer: D
Section: (none)
Explanation
https://docs.vmware.com/en/VMwarevSphere/6.5/com.vmware.vsphere.networking.doc/GUID-959E1CFE-
2AE4-4A67-B4D4-2D2E13765715.html
QUESTION 24
Which action is not an option for adding Virtual Machines to a Security Group?
A. Adding Virtual Machines to a Security Group and nesting it within another Security Group.
B. Defining Dynamic Membership in the Security Group.
C. Adding Virtual Machines to a Security Policy and associating it with a Security Group.
D. Selecting objects to include within a Security Group.
Correct Answer: C
Section: (none)
Explanation
QUESTION 25
When running the NSX Control Plane in Hybrid Mode what are the minimum physical network requirements?
(Choose three.)
A. MTU 1500
B. NSX Controller connectivity
C. IGMP Snooping
D. Multicast Routing with PIM
E. Unicast L3 Routing
Correct Answer: BCE

Section: (none)
Explanation
QUESTION 26
What is a requirement of NSX Data Security?
A. NSX manager must be configured for Active Directory integration

B. The Global Flow Collection Status must be set to Enabled
C. Guest Introspection must be installed on the cluster
D. AN IP Pool must be created.
Correct Answer: C
Section: (none)
Explanation
http://pubs.vmware.com/NSX-61/index.jsp?topic=%2Fcom.vmware.nsx.install.doc%2FGUID-62B22E0C-ABAC-
42D8-93AA-BDFCD0A43FEA.html
QUESTION 27
From the NSX Edge CLI, which command would show VIP statistics?
A. show service loadbalancer pool

B. show service loadbalancer virtual
C. show service loadbalancer monitor
D. show service loadbalancer
Correct Answer: B
Section: (none)
Explanation
https://kb.vmware.com/selfservice/microsites/search.do?
language=en_US&cmd=displayKC&externalId=2122708
QUESTION 28
What is the best practice workflow for a NSX installation to support logical switching?
A. Deploy NSX Manager, Configure Logical Switches, Register with vCenter, Deploy Controllers, Prepare
hosts
B. Deploy NSX Manager, Deploy Controllers, Configure Logical Switches, Register with vCenter, Prepare
hosts
C. Deploy NSX Manager, Register with vCenter, Prepare hosts, Deploy Controllers, Configure Logical
Switches
D. Deploy NSX Manager, Register with vCenter, Deploy Controllers, Prepare hosts, Configure Logical
Switches
Correct Answer: B
Section: (none)
Explanation
QUESTION 29
A group of users' needs secured access to a set of web-based applications in a SDDC. Which VPN option is
best suited for this?
A. SSL VPN-Plus
B. L2VPN
C. IPSec VPN
D. Application VPN
Correct Answer: A
Section: (none)
Explanation
QUESTION 30
Which is a prerequisite for deploying an Edge Service Gateway?
A. Firewall Default Policy

B. An interface
C. Default Gateway
D. High Availability
Correct Answer: B
Section: (none)
Explanation
http://buildvirtual.net/vcp-nv-deploying-an-edge-services-gateway/
QUESTION 31
An administrator is deploying NSX in a Cross-vCenter configuration across three data centers located 100
miles apart Datacenter-1 and Datacenter-3 already have NSX deployed locally and Datacenter-2 does not have
NSX deployed yet. What is the correct order of steps to configure all three data centers for this solution?
A. 1 Remove the NSX manager from Datacenter-1 and Datacenter-3

2 Reinstall all three NSX managers at the same time
3 Deploy a universal transport zone
4 Deploy a universal distributed logical router
B. 1 Deploy an NSX manager at Dataeenter-2
2 Change the roles of the NSX managers in Datacentar-1 and Datacenter-3 to Transit Mode
4 Configure the Primary and Secondary roles on all three NSX managers
C. 1 Deploy an NSX manager in Datacenter 2
2 Update the NSX manager role in Datacenter-1 to Primary
3 Update the roles in Dafacenter-2 and Datacentar-3 to Secondary
D. 1 Deploy the NSX manager at Datacenter-2
2 Update the NSX manager role in Datacenter-1 to Primary
4 Deploy a universal distributed logical router
Correct Answer: D
Section: (none)
Explanation
QUESTION 32
Which two functions are provided by VMkernel ports? (Choose two)
A. VXLAN Port Configuration

B. vSphere vMotion
C. ESXi Host Management
D. 802.1Q VLAN tagging
Correct Answer: BC
Section: (none)
Explanation
http://www.pearsonitcertification.com/articles/article.aspx?p=2190191&seqNum=10
QUESTION 33
When deploying a standalone NSX Edge as a Layer 2 VPN client, which port needs to be configured on the
client vSphere Distributed Switch?
A. Trunk port
B. Span port
C. Sink port
D. Mirror port
Correct Answer: A
Section: (none)
Explanation
https://pubs.vmware.com/NSX-62/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-C9E2B0E4-
F1C1-44A7-B142-F814F801FA42.html
QUESTION 34
A security administrator needs to create a Security Group based on an Active Directory group. However, AD
Groups are not available as an option. What must the administrator configure before AD Groups are available?
A. Guest Introspection virtual machines must be joined to the domain

B. Inventory Service must be registered with a domain account
C. NSX Manager must be registered with Active Directory
D. NSX Controller must be registered with Active Directory
Correct Answer: C
Section: (none)
Explanation
QUESTION 35
What is one of the benefits of a spine-leaf network topology?
A. A loop prevention protocol is not required

B. Automatic propagation of security policies to all nodes
C. Allows for VXl ANs to be defined in h traditional network topology
D. Network virtualization relies on spine leaf topologies to create logical switches
Correct Answer: D
Section: (none)
Explanation
QUESTION 36
What is the most restrictive NSX role that can be used to create and publish security policies and install virtual
appliances?
A. Security Administrator
B. NSX Administrator
C. Auditor
D. Enterprise Administrator
Correct Answer: D
Section: (none)
Explanation
QUESTION 37
In a Cross-vCenter implementation, where is the Universal Control Cluster deployed and configured?
A. In each vCenter instance associated with the Cross-vCenter implementation.

B. In each prepared NSX cluster associated with the Cross-vCenter implementation.
C. In every vCenter instance associated with an NSX Manager.
D. In the vCenter instance associated with the Primary NSX Manager.
Correct Answer: D
Section: (none)
Explanation
https://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_cross_vc_install.pdf(page 16)
QUESTION 38
An NSX administrator is validating the setup for a new NSX implementation and inputs this command:
A. It helps verify that VXLAN segments are functional and the transport network supports the proper MTU size
for NSX.
B. It helps verify that the source virtual machine is configured with the proper MTU size for NSX.
C. It helps verify that the NSX Controller is communicating with the destination VTEP.
D. It helps verify that the NSX Logical Switch is routing packets to the destination host.
Correct Answer: A
Section: (none)
Explanation
https://www.viktorious.nl/2014/12/02/nsx-basics-creating-logical-switch/
QUESTION 39
Which type of VPN should be configured to ensure application mobility data centers?
A. Application VPN
B. L2VPN
C. IPSec VPN
D. SSL VPN-Plus
Correct Answer: B
Section: (none)
Explanation
https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/nsx/vmw-nsx-network-
virtualization-design-guide.pdf(page 23)
QUESTION 40
In a Cross-vCenter NSX deployment, what are two requirements that must be met in order for an administrator
to deploy both universal logical switches and local logical switches within the same vCenter instance? (Choose
two )
A. A universal distributed logical router must be created

B. A logical distributed router must be created
C. A universal transport zone must be created.
D. A local transport zone must be created
Correct Answer: CD
Section: (none)
Explanation
https://docs.vmware.com/en/VMware-NSX-forvSphere/6.3/com.vmware.nsx.cross-vcenter-install.doc/GUID-
7F76BB1E-7E36-4E9DB8C2-798100E62192.html
QUESTION 41
What is one of the benefits of using logical switches in an NSX environment?
A. IP subnet definitions can be migrated into logical switches using the NSX Manager.
B. Quality of Service parameters are automatically configured in a logical switch
C. The physical infrastructure is responsible for maintaining the logical switch broadcast tables
D. The physical infrastructure is not constrained by MAC/FIB table limits.
Correct Answer: D
Section: (none)
Explanation
https://pubs.vmware.com/NSX-6/topic/com.vmware.nsx.admin.doc/GUIDDF57C441-CE9A-4138-9639-
1658DBE65D48.html
QUESTION 42
The fact that NSX Data Security has visibility into sensitive data provides which two benefits? (Choose two )
A. It helps address compliance and risk management requirements.

B. It acts as a forensic tool to analyze TCP and UDP connections between virtual machines
C. It is able to trace packets between a source and destination without requiring access to the guestOS
D. It eliminates the typical agent footprint that exists with legacy software agents
Correct Answer: AB
Section: (none)
Explanation
QUESTION 43
Which is a best practice to secure system traffic, ensure optimal performance and satisfy prerequisites for
NSX?
A. Configure a single VMkernel and a single distributed port group for all the system traffic.
B. Configure a single distributed port group with a single VMkernel for Management and iSCSI traffic, a
separate VMkernel for vMotion and VSAN traffic.
C. Dedicate separate VMkernel adapters for each type of system traffic. Dedicate separate distributed port
groups for each VMkernel adapter and isolate the VLANs for each type of system traffic.
D. Dedicate separate VMkernel adapters for each type ofsystem traffic and dedicate separate standard
switches for each type of system traffic connected to a single physical network.
Correct Answer: B
Section: (none)
Explanation
QUESTION 44
Which port is used for NSX REST API Requests?
A. 80
B. 443
C. 5480
D. 8443
Correct Answer: B
Section: (none)
Explanation
QUESTION 45
An administrator is attempting to troubleshoot a routing issue between the Edge Services Gateway (ESG) and
the Distributed Logical Router (DLR).
Based on the exhibit, which method CANNOT be used to troubleshoot the issue?
A. SSH session into 192.168.100.3 on the ESG.

B. Console session into the ESG.
C. Console session into the DLR.
D. SSH session into 192.168.10.5 on the DLR.
Correct Answer: A
Section: (none)
Explanation
QUESTION 46
When specifying a source for a security rule, what is the purpose of the Negates Source check box?
A. If Negate Source is selected, the rule is sent to only the objects identified under object type.
B. If Negate Source is selected, the rule is applied to traffic coming from all sources except for the source
identified under the object type.
C. If Negate Source is not selected, the rule is applied to traffic coming from all sources except for the source
identified under the object type.
D. If Negate Source is not selected, the rule is sent to only the objects identified under the object type.
Correct Answer: B
Section: (none)
Explanation
https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-C7A0093A-4AFA-
47EC-9187-778BDDAD1C65.html
QUESTION 47
What are two benefits of the NSX Distributed Firewall? (Choose two )
A. VMs are protected even as they are vMotioned

B. Each VM is individually protected by a L2-L4 stateful firewall
C. ESXi hosts are automatically protected by a distributed firewall
D. VXLANs are automatically protected by the Transport Zone definition
Correct Answer: AC
Section: (none)
Explanation
QUESTION 48
How many vCenter Server environments can a single NSX Manager serve at one time?
A. 2000 vCenter Servers

B. 10 vCenier Servers
C. 1 vCenler Server
D. 2 vCenter Servers
Correct Answer: C
Section: (none)
Explanation
https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.install.doc%2FGUID-CFB0DC96-C329-
490EB2A9-D92C5704E853.html
QUESTION 49
A new ESXi host was added to an existing cluster, prepared for NSX and enabled for Distributed Firewall,
logical switching and Logical Routing. The Most Preparation page in the NSX Web Ul shows this new host is in
Ready state and the Logical Network Preparation tab displays the VXLAN VTEPs are correctly configured.
Virtual machines on the new host can communicate with each other but CANNOT communicate with VMs
running on other hosts and connected to the same Logical Switch. Which condition below will result in the
described behavior on the new host?
A. NSX Edge is powered off

B. Host Agent (vpxa) to vCenter is disconnected
C. Rabbitmq message bus connection (vsfwd) to NSX Manager is down
D. Network Control Plane Agent (netcpa) connection to the controller is down
Correct Answer: B
Section: (none)
Explanation
QUESTION 50
What resource must a partner security service be registered with before the service is available to a policy?
A. NSX Manager
B. ESXi host
C. Service Composer
D. vCenter Server
Correct Answer: A
Section: (none)
Explanation
https://blogs.vmware.com/consulting/2015/01/automating-security-policy- enforcement-nsx-service-
composer.html
QUESTION 51
What configuration change do you need to make to allow this connection?
A. Change Applied On to "Uplink"

B. Change the Translated Port/Range to "rdp"
C. Swap the Original IP/Range and Translated IP/Range IP Addresses
D. Change the Protocol to "any"
Correct Answer: C
Section: (none)
Explanation
QUESTION 52
An administrator is deploying NSX to secure the virtual environment. NSX Manager has been deployed and
register with it, Which additional step is required before the distributed firewall is functional?
A. Configure VTEPs on each host

B. Perform host preparation on the cluster
C. Deploy the NSX Controller cluster
D. Enable Guest Introspection
Correct Answer: C
Section: (none)
Explanation
QUESTION 53
Which two options are correct regarding vSphere Distributed Switches? (Choose two )
A. A single vDS can span multiple vCenter Servers
B. A single host can be attached to multiple vDS
C. A single vDS can span multiple hosts across multiple clusters
D. A vDS is automatically created when a new 802.1Q trunk is configured
Correct Answer: AB
Section: (none)
Explanation
QUESTION 54
What are the correct steps for connecting a virtual machine to a logical switch?
A. Select the logical switch, click the Add Virtual Machine Icon, select the VM, select the vNIC to connect
B. Select the Add Virtual Machine icon, select the logical switch, vNIC to connect
C. Select the logical switch, select the virtual machine, click the Add Virtual Machine .con. select the vNIC to
connect
D. Select the vNIC, click the Add Virtual Machine Icon, select the logical switch
Correct Answer: A
Section: (none)
Explanation
https://docs.vmware.com/en/VMware-NSX-forvSphere/6.2/com.vmware.nsx.admin.doc/GUID-571237B3-1665-
4B92-A3A9-51C078EC601D.html
QUESTION 55
Which virtual machine does VMware recommend be manually excluded from the Distributed Firewall?
A. NSX Manager
B. vCenter Server
C. Microsoft SQL Server
D. vRealize Automation Appliance
Correct Answer: B
Section: (none)
Explanation
https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-C3DDFBCE-
A51A-40B2-BFE1-E549F2B770F7.html
QUESTION 56
Which two statements are true regarding L2 Bridges and Distributed Logical Routers? (Choose two )
A. Each L2 bridge instance can only map to a single VLAN

B. There can only be one instance of an L2 bridge on a DLR
C. There can be multiple instances of an L2 bridge on a DLR
D. Each L2 bridge instance can map to multiple VLANs.
Correct Answer: AC
Section: (none)
Explanation
https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-ECE2893A-A1A6-
4D43-93DA-AE4A97ABBF44.html
QUESTION 57
An administrator enables the NSX Ticket Logger to track infrastructure changes. The administrator logs out for
lunch, returns and logs back in to complete the task. What is the status of ticket logger when the administrator
logs back in?
A. The ticket logger still tracks changes until it is turned off by the administrator.
B. The ticket logger is turned off.
C. The ticket logger will prompt the user if they still want to continue tracking changes.
D. The ticket logger will display an error.
Correct Answer: B
Section: (none)
Explanation
QUESTION 58
Which three ways can membership be defined in a dynamic security group? (Choose three)
A. Distributed Firewall Rules

B. Locale ID
C. Security Tags
D. Security Groups
E. Regular Expressions
Correct Answer: BCD

Section: (none)
Explanation
https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-B9FC0D05-BE96-
4D83-8C58-98B0F96DB342.html
QUESTION 59
A Service Provider is using VMware vCloud Director with VMware vCloud Networking and Security (VCNS) on
vSphere. Which two products will be impacted by the upgrade of VCNS to VMware NSX? (Choose two)
A. ESXi hosts
B. NSX Controller Cluster
C. vShield Manager
D. vCenter Server
Correct Answer: BD
Section: (none)
Explanation
https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.2/nsx_62_upgrade.pdf
QUESTION 60
What are two requirements of the network infrastructure to the access layer? (Choose two )
A. IPv4 connectivity among ESXi hosts provided by a spine-leaf network design.

B. IPv4 connectivity among ESXi hosts.
C. Increased MTU if the virtual machines are using the default MTU size of 1500.
D. A Redundant, Layer 3, Top-of-Rack network design to provide high availability to ESX hosts.
Correct Answer: AC
Section: (none)
Explanation
QUESTION 61
In a vSphere Distributed Switch architecture, which plane handles packet switching?
A. Data Plane
B. Forwarding Plane
C. Management Plane
D. Control Plan
Correct Answer: A
Section: (none)
Explanation
https://www.slideshare.net/VMworld/vmworld-2013-vsphere-distributed-switch- design-and-best-practices(slide
7)
QUESTION 62
Which details can an administrator verify from the Summary tab of the VMware NSX Manager? (Choose three)
A. Current time
B. Average MTBF
C. Version
D. Storage utilization
E. Health Score
Correct Answer: ACD

Section: (none)
Explanation
QUESTION 63
How is high availability of the NSX Edge Gateway accomplished?
A. HA Application Monitoring on the Edge Gateway sends a heartbeat to the ESXi host.
B. VMware Tools on the Edge Gateway sends a heartbeat to the ESXi host.
C. The Edge appliance sends a heartbeat through an uplink interface.
D. The Edge appliance sends a heartbeat through an internal interface.
Correct Answer: D
Section: (none)
Explanation
https://www.zettagrid.com/faqs/nsx-charging/
QUESTION 64
An NSX administrator notices an error during the initial configuration of the SSO lookup service, as shown:
The administrator pulls up the lookup service status, which displays Disconnected.
What step should be performed to resolve this issue?

A. Change the Port number from 7444 to 443
B. Change the SSO Administrator User Name
C. Regenerate the SSL Certificate and reboot the NSX Manager
D. Use IP address versus the DNS name in the Lookup Service
Correct Answer: C
Section: (none)
Explanation
QUESTION 65
An application requires load balancing with minimal impact to network performance. An NSX administrator is
deploying a load balancer to meet the stated requirements. Which load balancing engine should be deployed?
A. Layer 5
B. Layer 6
C. Layer 7
D. Layer 4
Correct Answer: D
Section: (none)
Explanation
https://www.icc-usa.com/resources/vmw-nsx-network-virtualization-design-guide.pdf
QUESTION 66
A user has configured a specific distributed firewall rule preventing VM-A (172.16.10.11) on the Web-Logical
Switch to communicate to VM-B (172.16.20.11), running on the same switch. After the changes, the user is still
able to communicated to VM-A from VM-B. To debug this anomaly, the user will need to obtain logs from which
component?
A. The Distributed Logical Router

B. The Edge Services Gateway
C. The appropriate ESXi Hosts(s)
D. The appropriate NSX Controller(s)
Correct Answer: C
Section: (none)
Explanation
QUESTION 67
Which tool is used to detect rogue services?
A. NSX Logical Firewall

B. NSX Logical Router
C. Activity Monitoring
D. Flow Monitoring
Correct Answer: D
Section: (none)
Explanation
QUESTION 68
Which are two uses of the NSX DLR protocol address? (Choose two.)
A. When configuring BGP the protocol address is used to forward traffic to peers.
B. When configuring BGP the protocol address is used by the protocol to form adjacencies with peers.
C. When configuring OSPF the protocol address is used to forward traffic to peers.
D. When configuring OSPF the protocol address is used by the protocol to form adjacencies with peers.
Correct Answer: BD
Section: (none)
Explanation
For a logical router
a
Click Edit at the top right corner of the window.
b
Click Enable OSPF.
c
In Forwarding Address, type an IP address that is to be used by the router datapath module in the
hosts to forward datapath packets.
d
In Protocol Address, type a unique IP address within the same subnet as the
Forwarding Address. Protocol address is used by the protocol to form adjacencies with the peers
From <https://pubs.vmware.com/NSX-6/topic/com.vmware.nsx.admin.doc/GUID-6E985577-3629-42FE-AC22-
C4B56EFA8C9B.html>
QUESTION 69
Which two NSX Data Security roles could be assigned to view configured policies and violation reports?
(Choose two.)
A. Security Administrator
C. Auditor
D. Enterprise Administrator
Correct Answer: AC
Section: (none)
Explanation
QUESTION 70
When defining membership for a security group, which three identifiers can be used for dynamic inclusion?
(Choose Three)
A. VM folder
B. Computer OS Name
C. ESXi host
D. VM Name
E. Security Tag
Correct Answer: BDE

Section: (none)
Explanation
https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-B9FC0D05-BE96-
4D83-8C58-98B0F96DB342.html
QUESTION 71
With which Application Profile types would the Insert X-Forwarded-for HTTP header option be used?
A. TCP, UDP
B. HTTP, UDP
C. HTTP, HTTPS
D. HTTP, TCP
Correct Answer: C
Section: (none)
Explanation
QUESTION 72
A network administrator is troubleshooting an issue and needs to observe an injected packet as it passes
through the physical and logical network. Which tool will accomplish this?
A. Traceflow
B. NetFlow
C. Flow Monitoring
D. Activity Monitoring
Correct Answer: A
Section: (none)
Explanation
https://pubs.vmware.com/NSX-62/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-05647D5E-
B669-40A8-8B84-02C18781186F.html
QUESTION 73
Which two are accurate statements with regards to Guest Introspection installation? (Chose two )
A. The service virtual machine performs data security and activity monitoring.
B. The installation deploys a virtual machine to hosts prepared for VMware NSX.
C. A security policy weight of 4300 is assigned to hosts prepared to Guest Introspection.
D. Guest Introspection is deployed with NSX Data Security by default.
Correct Answer: AB
Section: (none)
Explanation
Installing Guest Introspection automatically installs a new VIB and a service virtual machine on each host in the
cluster. Guest Introspection is required for NSX Data Security, Activity Monitoring, and several third-party
security solutions.
From <https://docs.vmware.com/en/VMware-NSX-forvSphere/6.2/com.vmware.nsx.install.doc/GUID-
62B22E0C-ABAC-42D8-93AA-BDFCD0A43FEA.html>
QUESTION 74
Which two network services are abstracted from the underlying hardware by NSX? (Choose two.)
A. Virtual Private Networks

B. Multiprotocol Label Switching
C. Load Balancing
D. Overlay Transport Virtualizations
Correct Answer: AC
Section: (none)
Explanation
http://www.altaro.com/vmware/vmware-nsx-abstracting-the-network-layer/
QUESTION 75
What is the minimum NSX role necessary for a user to edit the firewall on an Edge Services Gateway (ESG)?
A. Auditor
C. Enterprise Administrator
D. Security Administrator
Correct Answer: D
Section: (none)
Explanation
QUESTION 76
In a Cross-vCenter environment where is information about local logical switches and local logical routers
maintained?
A. Platform Services Controller

B. Local transport /one
C. Local Controller Cluster
D. Universal Controller Cluster
Correct Answer: D
Section: (none)
Explanation
QUESTION 77
You have deployed an Edge Services Gateway with the following interface configuration:
Your customer has requested that you provide the ability to use Remote Desktop Protocol to log into a virtual
machine that has a tenant IP address of 192.168.7.21 using the provider IP address 192.168.100.4. You have
performed the following configuration however, you cannot RDP into the virtual machine.
What configuration change do you need to make to allow this connection?
A. Change Applied Onto "Uplink"

B. Change the Protocol to "any".
C. Change the Translated Port/Range to "rdp".
D. Swap the Original IP/Range and Translated IP/Range IP Addresses.
Correct Answer: A
Section: (none)
Explanation
QUESTION 78
Activity Monitoring has been enabled for a host with several virtual machines. However, only one virtual
machine appears in the list.
Which two additional configuration steps are required to allow the other virtual machines on the host to be
selected? (Choose two.)
A. Guest Introspection driver must be installed.

B. Virtual Machine Data Collection must be enabled on the other VMs.
C. NSX Manager must be linked to Active Directory
D. Guest Introspection appliance must be deployed on the host.
Correct Answer: AB
Section: (none)
Explanation
As it shows one VM on the mentioned ESXi host, so C and D working correctly, it shout be A and B
To protect VMs using a Guest Introspection security solution, you must install Guest Introspection thin agent,
also called Guest Introspection drivers,
From <https://docs.vmware.com/en/VMware-NSX-forvSphere/6.3/com.vmware.nsx.admin.doc/GUID-
D04D1521-8EBC-449F-AD57-EF829075A25D.html>
Guest Introspection supports File Introspection in Linux for anti-virus only. To protect Linux VMs using a Guest
Introspection security solution, you must install the Guest Introspection thin agent.
From <https://docs.vmware.com/en/VMware-NSX-forvSphere/6.3/com.vmware.nsx.admin.doc/GUID-
636788A7-BB64-483A-A48D-4E62B3AFC0C8.html>
QUESTION 79
The user at 192.168.150.10 can reach the physical router but CANNOT reach edge-2 or any virtual machines.
What routing change would resolve the issue?
A. Enable Default Originate on edge-2 for OSPF.

B. Configure static routes on the physical router.
C. Enable route redistribution on edge-2 between both routing protocols.
D. Enable Default Originate on edge-2 for BGP
Correct Answer: D
Section: (none)
Explanation
QUESTION 80
Which tool is used to display VXLAN connection information?
A. pktcap-uw
B. NSX Controller CLI
C. esxtop
D. VDS Health Check
Correct Answer: B
Section: (none)
Explanation
QUESTION 81
Internet access is required from virtual machines located on any logical switch Direct access from the internet
to these virtual machines is NOT permitted
Which perimeter NSX Edge feature would achieve this with the least configuration?
A. LB
B. VPN
C. SNAT
D. DNAT
Correct Answer: D
Section: (none)
Explanation
QUESTION 82
You are creating a Unrversal Segment ID Pool for a three site Cross-vCenter environment.
The three sites are designated as Site A, Site B and Site C,
* Site A has a local Segment ID pool of 5000-5999
* Site B has a local Segment ID pool of 6000-6999
* Site C has a local Segment ID pool of 7000-7999
Which of the following ranges would be valid for the Universal Segment ID pool?
A. 5000-7999
B. 7000-8999
C. 4000-4999
D. 2000000-2000999
Correct Answer: D
Section: (none)
Explanation
https://thewificable.com/2017/04/27/cross-vcenter-multi-site-nsx-guide/
QUESTION 83
A customer has Cisco Nexus 1000V switches in their environment and is looking at deploying NSX
Which statement is correct?
A. The environment must be migrated from the Nexus 1000V to vSphere Distributed Switches.
B. The environment must be configured for VXLAN over the Nexus 1000V.
C. The environment can use the Nexus 1000V switches for the NSX deployment.
D. The environment must be migrated from the Nexus 1000V to vSphere Standard Switches.
Correct Answer: A
Section: (none)
Explanation
QUESTION 84
Your environment has two sites designated as Site A and Site B. Each site has its own vCenler Server instance
with NSX installed and configured in standalone mode. You are migrating the environment to Cross vCenter
and have already promoted Site A to the Primary role. What action must be taken before the NSX Manager at
Site B can be changed to Secondary?
A. Migrate the Site B Controllers to Site A

B. Convert the Site B Controllers to Universal Controllers
C. Remove any logical switches from the Site B NSX Controller.
D. Delete the Controllers at Site B
Correct Answer: B
Section: (none)
Explanation
QUESTION 85
Which three NSX services are available for synchronization in a Cross-vCenter implementation? (Choose
three.)
A. Spoofguard
B. Distributed Firewall
C. Edge Firewall
D. Logical Switch
E. Transport Zone
Correct Answer: BDE

Section: (none)
Explanation
https://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_cross_vc_install.pdf
QUESTION 86
An NSX administrator is creating a filter as shown below.
What would be the purpose of creating a filter?
A. To quickly add a new rule.

B. To temporarily filter traffic.
C. To quickly remove a rule.
D. To quickly identify rules.
Correct Answer: D
Section: (none)
Explanation
QUESTION 87
Which is required to support unicast mode in NSX?
A. Hardware VTEP
B. Distributed Logical Router
C. NSX Controller
D. NSX Edge
Correct Answer: C
Section: (none)
Explanation
http://www.virtually-limitless.com/vcix-nv-study-guide/create-transport-zones-in-nsx/
QUESTION 88
An administrator has implemented VMware NSX on a leaf-spine underlay. They have deployed the following in
the data center:
* Two racks for a management cluster that is not prepared for VMware NSX
* Six racks for compute clusters
* Two racks for an Edge cluster which holds a DLR control VM for bridging, and North/South Edge Service
Gateways
Which three of the following are true regarding the physical and logical networking of the environment?
(Choose three )
A. At least one VXLAN segment spans across all the racks

B. VXLAN segments span the compute and Edge racks
C. At least one VLAN spans the compute racks
D. At least one VLAN spans across the two management racks
E. At least 2 VLANs span across the two Edge racks.
Correct Answer: BCD

Section: (none)
Explanation
QUESTION 89
An administrator has been asked to provide single failure redundancy. What is the minimum supported number
of NSX Controllers needed to meet this requirement?
A. 2
B. 3
C. 1
D. 5
Correct Answer: B
Section: (none)
Explanation
http://www.vmwarearena.com/vmware-nsx-installation-part-4-deploying-nsx-controller/
QUESTION 90
An NSX Administrator is examining traffic on the network shown below.
What is the packet flow when VM1 communicates to VM5?
A. Host A will perform a destination lookup, route the packet, switch the packet onto segment 5002, then
encapsulate and send the packet to Host C.
B. Host A will perform a destination lookup, switch the packet onto segment 5002, route the packet, then
encapsulate the packet and send it to the DLR control VM.
C. Host A will encapsulate thepacket, send the encapsulated packet to host C, Host C will perform a
destination lookup and switch the packet onto segment 5002.
D. Host A will encapsulate the packet, perform a destination lookup, route the packet to the DLR control VM,
the control DLR will bridge the packet onto segment 5002.
Correct Answer: D
Section: (none)
Explanation
QUESTION 91
Which NSX component can validate that security policies at your organization are being enforced correctly?
A. Activity Monitoring
B. Flow Monitoring
C. ERSPAN
D. Distributed firewalls
Correct Answer: A
Section: (none)
Explanation
QUESTION 92
In which VMware NSX use case would VXLAN NOT be required?
A. L2 Bridging physical to virtual
B. NSX micro-segmentation
C. Active/Active Datacenter
D. Distributed Logical Routing
Correct Answer: C
Section: (none)
Explanation
QUESTION 93
Which three methods can be used by the NSX Distributed Firewall to discover IP addresses? (Choose three )
A. DHCP Snooping
B. IP Sets
C. Spoofguard configured for Trust on First Use.
D. VMware Tools installed on every guest virtual machine.
E. ARP Spoofing
Correct Answer: ACD

Section: (none)
Explanation
QUESTION 94
Which highly available Edge design would provide high bandwidth and isolation to four application networks?
A. Four Distributed Routers (standalone mode) with one Edge Services Gateway in Active/Standby mode.
B. One Edge Services Gateway in ECMP mode.
C. One distributed Router (in HA mode) with two Edge Services Gateways in ECMP mode.
D. Four Distributed Routers (in HA mode) with one Edge Services Gateway in Active/Standby mode.
Correct Answer: C
Section: (none)
Explanation
QUESTION 95
An NSX Administrator is examining a broken set of firewall rules and discovers that the Block Telnet rule was
created in the wrong section.
Based on the exhibit, which option would correct the issue with the least amount of effort?
A. Use the Merge Section functionality to correct this.

B. Use the Move rule Up icon to move rules between sections.
C. Add a new rule called Block Telnet to the correct section and then remove the existing rule.
D. Delete the rule and then re-add the rule to the correct section.
Correct Answer: D
Section: (none)
Explanation
QUESTION 96
Which three objects are supported for universal synchronization in a Cross-vCenter NSX deployment? (Choose
three)
A. IP Pools
B. IP Sets
C. L2 bridges
D. MAC Sets
E. Transport Zones
Correct Answer: BDE

Section: (none)
Explanation
https://docs.vmware.com/en/VMware-NSX-forvSphere/6.3/com.vmware.nsx.admin.doc/GUID-229D0501-836E-
4788-A72E-4D3DEBF2B26D.html
QUESTION 97
An NSX administrator notices that when configuring Flow Monitoring, the graphs do not include the IPFix flows.
Where are these flows displayed?
A. In the IPFix collector's interface

B. In the Flow Monitor UI
C. In the vRealize Operations UI
D. In the IPFix tab of the NSX Manager UI
Correct Answer: A
Section: (none)
Explanation
https://docs.vmware.com/en/VMware-NSX-forvSphere/6.3/com.vmware.nsx.admin.doc/GUID-4C085DAE-
A671-44A3-B9D1-62BC7966B388.html
QUESTION 98
Which two methods does VMware NSX offer to integrate with third-party partners? (Choose two )
A. Integration Manager
B. Service Chaining
C. VMware NSX APIs
D. Universal Synchronization Service
Correct Answer: AC
Section: (none)
Explanation
https://docs.vmware.com/en/VMware-NSX-forvSphere/6.3/com.vmware.nsx.admin.doc/GUID-EA477D96-
E2D3-488B-90AA-2F19B4AE327D.html#GUID-EA477D96-E2D3-488B-90AA-2F19B4AE327D
QUESTION 99
Which two NSX Data Security roles could be used to create security policies? (Choose two)
A. Auditor
C. Enterprise Administrator
D. Security Administrator
Correct Answer: CD
Section: (none)
Explanation
https://pubs.vmware.com/NSX-6/index.jsp#com.vmware.nsx.admin.doc/GUID-66DA0370-C241-40BD-A987-
98597564EEDF.html
QUESTION 100
A network administrator has been tasked with deploying a 3-tier application across two data centers. Tier-1 and
tier-2 will be located in Datacenter-A and tier-3 will be located in Datacenter-B. Which NSX components are
needed to make this deployment functional?
A. A universal transport zone deployed with a universal distributedlogical router (UDLR), a universal logical
switch and two local logical switches connected to the UDLR.
B. A universal transport zone deployed with a universal distributed logical router (UDLR), two universal logical
switches and a single logical switch connected to the UDLR.
C. A universal transport zone deployed with a universal distributed logical router (UDLR) and three universal
logical switches connected to the UDLR.
D. A universal transport zone, a universal distributed logical router (UDLR) and three local switches in each
data center connected to the UDLR
Correct Answer: A
Section: (none)
Explanation
QUESTION 101
What is true when configuring vSphere Distributed Switches (vDS)?
A. All configurations are done by the vCenter Server. Each ESXi host can be part of multiple vDS.
B. All configurations are done by the vCenter Server. Each ESXi host can be part of only one vDS.
C. All configurations are done by the NSX Manager. Each ESXi host can be part of only one vDS.
D. All configurations are done by the NSX Manager. Each ESXi host can be part of multiple vDS.
Correct Answer: A
Section: (none)
Explanation
QUESTION 102
An organization is planning to use NSX as part of a disaster recovery project to provide consistent networking
between two sites. Each site has one vCenter server. The organization requires universal objects and requires
components to function during a site outage.
What is the minimum total instances of NSX Manager(s) and NSX Controller(s) that must be deployed across
both sites to supporting the required functionality?
A. Two NSX Managers and two NSX Controllers

B. Two NSX Managers and six NSX Controllers
C. Two NSX Managers and three NSX Controllers
D. Two NSX Managers and four NSX Controllers
Correct Answer: B
Section: (none)
Explanation
QUESTION 103
Which two networking and security components are contained m the backup configuration data of an NSX
Manager backup file? (Choose two )
A. vSphere Distributed Switch

B. Resource Pools
C. Edge Services Gateway
D. Grouping Objects
Correct Answer: CD
Section: (none)
Explanation
QUESTION 104
What needs to be deployed before configuring the identify Firewall?
A. Guest Introspection
B. Data Security
C. Network hit inspection
D. LDAP Integration
Correct Answer: A
Section: (none)
Explanation
https://docs.vmware.com/en/VMware-NSX-forvSphere/6.2/rn/releasenotes_nsx_vsphere_624.html
QUESTION 105
VMware NSX is a key component in enabling enterprises to realize the full potential of their investment in which
technology?
A. Physical to virtual bridged networks.

B. Integrated physical topology.
C. Distributed firewall.
D. Software-defined data center.
Correct Answer: D
Section: (none)
Explanation
https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/whitepaper/products/nsx/vmware-nsx-
network-virtualization-platform-white-paper.pdf
QUESTION 106
When designing a multi-site NSX deployment, which capably requires Enhanced Linked Mode to function?
A. Creating Universal Transport Zones

B. Creating Universal Logical Switches
C. Cross-vCenter vMotion
D. Registering a Secondary NSX Manager
Correct Answer: A
Section: (none)
Explanation
https://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_cross_vc_install.pdf
QUESTION 107
Which component automates the consumption of third-party services and provides mapping to virtual machines
using a logical policy?
A. NSX Manager
B. Cloud Management Platform (CMP)
C. Service Composer
D. NSX Data Security
Correct Answer: C
Section: (none)
Explanation
QUESTION 108
Which three changes to a distributed switch configuration could trigger a rollback? (Choose three )
A. Blocking all ports in the distributed port group containing the management VMkernel network adapter.
B. Configure the virtual machine system traffic to enable bandwidth allocation using Network I/O Control.
C. Adding a new host with a previous vDS configuration.
D. Changing the MTU.
E. Changing the VLAN settings in the distributed port group of the management VMkernel adapter.
Correct Answer: ADE

Section: (none)
Explanation
QUESTION 109
Which three options are true about NSX logical bridges? (Choose three)
A. A logical bridge configured for HA uses a 15 second heartbeat by default to detect failure.
B. A logical bridge configured for HA uses (BFD) Bi-Directional Forwarding to detect a failure in a minimum of
one second
C. A logical bridge on the DLR supports VXLAN to VLAN bridging.
D. A logical bridge forwards traffic through the control VM.
E. A logical bridge forwards traffic through the hypervisor.
Correct Answer: ACE

Section: (none)
Explanation
From <http://www.routetocloud.com/2014/10/nsx-l2-bridging/>
All NSX Edge services run on the active appliance. The primary appliance maintains a heartbeat with the
standby appliance and sends service updates through an internal interface. If a heartbeat is not received from
the primary appliance within the specified time (default value is 15 seconds), the primary appliance is declared
dead
https://pubs.vmware.com/NSX-61/topic/com.vmware.ICbase/PDF/nsx_61_admin.pdf
Page 197
QUESTION 110
Which service cannot be included in a Security Policy using Service Composer?
A. Endpoint Services
B. Firewall Rules
C. Virtual Private Network Services
D. Network Introspection Services
Correct Answer: C
Section: (none)
Explanation
QUESTION 111
An NSX administrator determines that routing adjacency a NSX Edge device and a Top Of Rack L3 switch
CANNOT be established. Which two logs would be the most useful in resolving this issue? (choose two)
A. NSX Manager Logs

B. Edge Services Gateway logs
C. Distributed Router Logs
D. NSX Controller logs
Correct Answer: CD
Section: (none)
Explanation
QUESTION 112
What can be enabled on the vSphere Distributed Switch to monitor IP packets that are passing through a
distributed port group?
A. Traffic Marking
B. TraceFlow
C. Traffic Filtering
D. NetFlow
Correct Answer: D
Section: (none)
Explanation
https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.networking.doc%2FGUID-
3CF9AEEB-08B0-47F5-A3B6-ADD8A919DFA0.html
QUESTION 113
An organization has PCI compliant application deployed as part of a larger NSX environment.Every year a team
of contractors evaluates the security of the environment and recommends changes.
What NSX Role and Scope should the contractors be given to minimize access but still allow them to fulfill the
staled requirement?
A. Security Administrator, No restrictions

B. Auditor. Limit access scope
C. NSX Administrator, Limit access scope
D. Enterprise Administrator, Limit access scope
Correct Answer: B
Section: (none)
Explanation
https://c368768.ssl.cf1.rackcdn.com/product_files/28022/original/
VMware_SDDC_Validated_Reference_Architecture_for_PCI_v3.0_June_2014b1844892b9e7e4c6aa280f5fd9d
f5a0f.pdf
Page 3
VMware NSX VMware NSX Edge, VMware NSX Firewall, VMware NSX Router,
VMware NSX Load
Balancer, and, VMware NSX Service Composer
QUESTION 114
What command-line tool can be used to test the MTU between two hosts?
A. netstat -1
B. esxcli network ip neighbor list
C. vmkping
D. traceroute
Correct Answer: C
Section: (none)
Explanation
QUESTION 115
A workload was attached to a logical switch port group in Compute Cluster 1. Users are complaining that I hey
can communicate with other workloads on that port group in the cluster, but not with other workloads on
different networks.
What is the most probable cause?
A. The distributed firewall has a default rule set to deny all

B. The Distributed Logical Router was not configured on Compute Cluster 1
C. Compute Cluster 1 is NOT a member of the Transport Zone
D. An NSX Edge has NOT been deployed into Compute Cluster 1
Correct Answer: A
Section: (none)
Explanation
QUESTION 116
An NSX Edge Service Gateway has two interfaces:
* Internal interface named Internal Access
-- IP address = 10.10.10.1
-- Network mask = 255.255.255.0
* Uplink interface named Physical Uplink
-- IP address = 20.20.20.1
-- Network mask = 255.255.255.0
A vSphere administrator wants to add a SNAT rule to allow traffic from the internal network segment to access
external resources via the uplink interface.
Which three steps should the vSphere administrator do to add the SNAT rule? (Choose three.)
A. Apply the SNAT rule to the Internal Access interface.

B. Select 10.10.10.1 as the translated source IP.
C. Apply the SNAT rule on the Physical Uplink interface.
D. Select 10.10.10.0/24 as the original subnet.
E. Choose 20.20.20.2 as the translated source IP address.
Correct Answer: CDE

Section: (none)
Explanation
QUESTION 117
What is the function of NSX Data Security?
A. Prevents sensitive data in your virtualized environment from being copied

B. Prevents sensitive data in your virtualized environment from being modified
C. Identifies sensitive data in your virtualized environment based upon regulation security policies
D. Identifies sensitive data in your virtualized environment based upon regulation violation reports
Correct Answer: D
Section: (none)
Explanation
QUESTION 118
What are two things that should be done before upgrading from vCloud Networking and Security to NSX?
(Choose two.)
A. Power off vShield Manager

B. Deploy NSX Manager virtual appliance
C. Uninstall vShield Data Security
D. Ensure that forward and reverse DNS is functional
Correct Answer: CD
Section: (none)
Explanation
https://pubs.vmware.com/NSX-62/index.jsp?topic=%2Fcom.vmware.nsx.upgrade.endpoint.doc%2FGUID-
0D1B18B1-B5CC-483B-8BC0-95A2E8C025B9.html
QUESTION 119
An administrator creates a SpoofGuard policy for specific network.
Which two modes are associated with this type of policy? (Choose two )
A. Automatically trust IP assignments on their first use

B. Manually inspect and approve all IP assignments before use
C. Manually approve IP assignments listed in the Host file before use
D. Automatically inspect and trust IP assignments on every use
Correct Answer: AB
Section: (none)
Explanation
QUESTION 120
Where can firewall rules be applied on the NSX Edge Services Gateway?
A. Rules can be applied on the uplink interface only.

B. Rules can be applied on either the uplink interface or internal interface.
C. Rules can be on either the uplink, internal, or management interfaces.
D. Rules can be applied on the management and uplink interfaces only.
Correct Answer: B
Section: (none)
Explanation
QUESTION 121
Which would best describe a workload in Compute Cluster 1 attached to a logical switch port group?
A. Within Compute Cluster 1, Layer 2 would function, but Layer 3 would fail.
B. Within Compute Cluster 1, Layer 2 would fail, and Layer 3 would fail.
C. Within Compute Cluster 1, Layer 2 would fail, but Layer 3 would function.
D. Within Compute Cluster 1, Layer 2 would function, and Layer 3 would function.
Correct Answer: A
Section: (none)
Explanation
Explanation:
This has an interesting side effect: if you didn't add all clusters of a given DVS to the TZ, those clusters you
haven't added will still have access to that Logical Switch . Let's have a look at the following diagram:
From <https://telecomoccasionally.wordpress.com/2014/12/27/nsx-for-vsphere-understanding-transport-zone-
scoping/>
his means that in out hypothetical case, if we were to create a DLR and connect to it that LS we've created
earlier, DLR instance would get created on hosts in clusters Comp B and Mgmt / Edge, but not on hosts in
cluster Comp A:
From <https://telecomoccasionally.wordpress.com/2014/12/27/nsx-for-vsphere-understanding-transport-zone-
scoping/

VCP-NV 6.2 - Examps

Uploaded by

Copyright:

Available Formats

VCP-NV 6.2 - Examps

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

VCP-NV 6.2 - Examps

Uploaded by

Copyright:

Available Formats

VMware VCP6-NV 2V0-642

A. Directly on the NSX Manager

A. In the vSphere Web Client

A. security event queuing

A. Virtual Port Channel

A. MAC Address Changes

A. Enable data collection on the NSX Controller.

A. Allow packet forwarding to be paused during restart of BGP services

Correct Answer: ABC

A. ESXi hosts reach the physical network through vmnics.

A. Configures virtual machine interfaces to which DHCP messages are relayed.

A. NSX Administrator role and Limit Access scope

A. show controller-cluster status

A. Only the virtual machines defined in the Source field.

A. Route Based on Source MAC Hash

Correct Answer: BCE

A. NSX manager must be configured for Active Directory integration

A. show service loadbalancer pool

A. Firewall Default Policy

A. 1 Remove the NSX manager from Datacenter-1 and Datacenter-3

A. VXLAN Port Configuration

A. Guest Introspection virtual machines must be joined to the domain

A. A loop prevention protocol is not required

A. In each vCenter instance associated with the Cross-vCenter implementation.

A. A universal distributed logical router must be created

A. It helps address compliance and risk management requirements.

A. SSH session into 192.168.100.3 on the ESG.

A. VMs are protected even as they are vMotioned

A. 2000 vCenter Servers

A. NSX Edge is powered off

A. Change Applied On to "Uplink"

A. Configure VTEPs on each host

A. Each L2 bridge instance can only map to a single VLAN

A. Distributed Firewall Rules

Correct Answer: BCD

A. IPv4 connectivity among ESXi hosts provided by a spine-leaf network design.

Correct Answer: ACD

What step should be performed to resolve this issue?

A. The Distributed Logical Router

A. NSX Logical Firewall

Correct Answer: BDE

A. Virtual Private Networks

A. Platform Services Controller

What configuration change do you need to make to allow this connection?

A. Change Applied Onto "Uplink"

A. Guest Introspection driver must be installed.

What routing change would resolve the issue?

A. Enable Default Originate on edge-2 for OSPF.

A. Migrate the Site B Controllers to Site A

Correct Answer: BDE

What would be the purpose of creating a filter?

A. To quickly add a new rule.

A. At least one VXLAN segment spans across all the racks

Correct Answer: BCD

Correct Answer: ACD

A. Use the Merge Section functionality to correct this.

Correct Answer: BDE

A. In the IPFix collector's interface

A. Two NSX Managers and two NSX Controllers

A. vSphere Distributed Switch