Scribd
Upload
146 views28 pages

2V0-41 From PrepAway

This document contains information about the VMware Professional NSX-T Data Center 2.4 certification exam (2V0-41.19). It includes details about the exam such as the number, passing score, time limit, and file version. The document then provides 20 sample multiple choice questions similar to what may be seen on the actual exam. It asks about NSX-T concepts and commands related to logical switches, gateways, firewall rules, VPN configurations, QoS, NSX manager roles, and more.

Uploaded by

Sebastian Burton
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
146 views28 pages

2V0-41 From PrepAway

This document contains information about the VMware Professional NSX-T Data Center 2.4 certification exam (2V0-41.19). It includes details about the exam such as the number, passing score, time limit, and file version. The document then provides 20 sample multiple choice questions similar to what may be seen on the actual exam. It asks about NSX-T concepts and commands related to logical switches, gateways, firewall rules, VPN configurations, QoS, NSX manager roles, and more.

Uploaded by

Sebastian Burton
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

[Link].

70q
Number: 2V0-41.19
Passing Score: 800
Time Limit: 120 min
File Version: 1.3

2V0-41.19

VMware Professional NSX-T Data Center 2.4

Version 1.3
Exam A

QUESTION 1
Which two commands are used to query the arp-table of a logical switch? (Choose two.)

A. get logical-switch arp-table <logical-switch-uuid>


B. get logical-switch <logical-switch-uuid> arp-table
C. get logical-switch <vni> arp-table
D. get logical-switch arp-table <vni>
E. get logical-switch arp-table

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:
Reference: [Link] d9cef-6b2b-4772-93be-
3fe60ce064a1/1f67b9e1-b111-4de7-9ea1-39931d28f560/NSX-T%20Comm and-Line%20Interface%
[Link]

QUESTION 2
When a stateful service is enabled for the first time on a Tier-0 Gateway, what happens on the NSX Edge
node?

A. SR and DR doesn't need to be connected to provide any stateful services.


B. SR is instantiated and automatically connected with DR.
C. SR and DR is instantiated but requires manual connection.
D. DR is instantiated and automatically connected with SR.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 3
Which NAT type must the NSX-T Data Center administrator create on the Tier-0 or Tier-1 Gateway to allow
Web VM to initiate communication with public networks?

A. Reverse NAT
B. SNAT
C. 1:1 NAT
D. DNAT

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 4
A security administrator needs to configure a firewall rule based on the domain name of a specific application.

Which field in a distributed firewall rule does the administrator configure?

A. Policy
B. Profile
C. Service
D. Source

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:
On the Profile page, choose which profiles to apply the rule to. For most servers, you should apply the rule to
all three profiles, because servers are usually continually connected to a single network. For mobile computers
in domain environments, you typically need to apply firewall rules only to the Domain profile.

Reference: [Link]

QUESTION 5
What are two supported VPN configuration types in a NSX-Y Data Center? (Choose two.)

A. OpenVPN
B. MPLS
C. L3VPN
D. L2VPN
E. SSLVPN+

Correct Answer: CE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 6
An NSX administrator is applying QoS to guarantee bandwidth for critical production workloads.

Which three actions must be taken? (Choose three.)

A. Edit the exported JSON file.


B. Export transport node NIOC profile.
C. Create a QoS segment profile.
D. Specify QoS parameters.
E. Change Segment QoS profile.
F. Upload the JSON file and apply configuration.

Correct Answer: BCD


Section: (none)
Explanation

Explanation/Reference:
QUESTION 7
A customer is planning deployment of a third-party OpenStack application.

Which is used to grant permissions to the application on NSX Manager?

A. Guest Identity
B. Cloud Identity
C. Principal Identity
D. API Identity

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:
The Enterprise Administrator role gets the same access to the NSX Manager appliance and the API as the
NSX Manager admin user. The other NSX roles get read-only access to the NSX Manager appliance and the
API.

Reference: [Link]
[Link]/[Link]

QUESTION 8
What are three functions of a Tier-0 Gateway in a multi-tenant service provider environment? (Choose three.)

A. acts as a default gateway for the tenant workloads


B. enables east-west connectivity to the tenant workloads
C. interconnects the Tier-1 gateways of multiple tenants
D. provides isolation between the tenants
E. provides first-hop routing for the tenant workloads
F. enables north-south connectivity to the tenant workloads

Correct Answer: CDE


Section: (none)
Explanation

Explanation/Reference:

QUESTION 9
Which CLI command is used to start the NSX Manager virtual machine in the KVM environment?

A. virsh start <NSX-Manager-Name>


B. virsh poweron <nsx-manager-name>
C. virsh poweron <nsx-manager-ID>
D. virsh start <NSX-Manager-ID>

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Reference: [Link]
[Link]

QUESTION 10
What are the supported N-VDS modes?

A. DPDK Datapath
B. Enhanced Datapath
C. Overlay Datapath
D. Standard Datapath
E. Secure Datapath

Correct Answer: BD
Section: (none)
Explanation

Explanation/Reference:
Explanation:
N-VDS Mode: There are 2 modes for N-VDS: Standard or Enhanced Datapath.

Reference: [Link] uring-transport-zone-and-


transport- nodes/

QUESTION 11
A NSX-T Data Center administrator wants to ensure that any machine on a public network can communicate
with a Web VM running in a NSX-T Data Center environment.

Which NAT type must be created on the Tier-0 or Tier-1 Gateway to achieve this?

A. 1:1 NAT
B. Reverse NAT
C. DNAT
D. SNAT

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: [Link]
[Link]
QUESTION 12
An NSX administrator created a Segment from the Simplified UI and wants to find the Replication Mode
configured on the Segment. Which NSX CLI command lists the Replication mode?

A. get logical-switches
B. get logical-switch <Logical-switch-UUID>
C. get logical-switch <Local-Switch-UUID> status
D. get logical-switch status

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: [Link]

QUESTION 13
What is the most restrictive NSX-T built-in role which will allow a user to apply configuration changes on a
NSX Edge?

A. Network Operator
B. Network Engineer
C. Cloud Service Administrator
D. NSX Administrator

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference:
[Link]
[Link]

QUESTION 14
What is the maximum supported ECMP paths in NSX-T 2.4 Data Center?

A. 6
B. 8
C. 9
D. 7

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:
A maximum of eight ECMP paths are supported.

Reference: [Link]
443B6B0D- [Link]

QUESTION 15
Refer to the exhibit.
An administrator Is trying to configure a medium load balancer in a production environment, but is getting the
error message shown in the exhibit.

Which step must the administrator perform to remediate the problem?

A. Reduce the size of the virtual pool.


B. Restart the NSX Manager.
C. Power-off the existing load balancer and change its size.
D. Place the Tier-1 Gateway in a large edge cluster and redeploy the load balancer.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 16
An NSX administrator has deployed an NSX Edge on a bare-metal server.

Which command registers the NSX Edge with the NSX Manager?

A. join cluster <NSX-Cluster-IP> username root password <root-password> thumbprint <NSX Manager-
thumbprint>
B. join management-plane <nsx-manager-ip> username admin password <admin-password> thumbprint
<nsx-manager-thumbprint>
C. join policy-manager <nsx-manager-ip> username root password <root-password> thumbprint <nsx-
manager-thumbprint>
D. join management-cluster <NSX-Cluster-IP> username admin password <admin-password> thumbprint
<NSX Manager-thumbprint>

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: [Link]
QUESTION 17
An NSX administrator would like to export syslog events that capture messages related to NSX host
preparation events.

Which message ID (msgid) should be used in the syslog export configuration command as a filter?

A. SYSTEM
B. FABRIC
C. MONITORING
D. GROUPING

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 18
What are three NSX Manager roles? (Choose three.)

A. zookeeper
B. manager
C. policy
D. controller
E. cloud
F. master

Correct Answer: BCD


Section: (none)
Explanation

Explanation/Reference:
Explanation:
In NSX-T 2.4 the NSX-T Manager is a Converged Appliance where Policy, Management and Control Roles
are available

Reference: [Link]

QUESTION 19
Which network tool cloud an administrator use on an ESXi 6.7 host to capture packets when troubleshooting
connectivity issues?

A. Wireshark
B. pktcap-uw
C. net-stats
D. tcpdump

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:
If you do when troubleshooting connectivity issues on your Virtualization environment. This post will help you
to capture Network traffic on ESXi host using pktcap-uw tool.

Reference: [Link]

QUESTION 20
Which three hardware-based offloads provide maximum performance for physical network interface cards?
(Choose three.)

A. Netfilter Flow Offload (NFO)


B. Priority Flow Control (PFC)
C. Receive Side Scaling (RSS)
D. TCP Segmentation Offload (TSO)
E. Source Route Bridging (SRB)
F. Large Receive Offload (LRO)

Correct Answer: BDF


Section: (none)
Explanation

Explanation/Reference:

QUESTION 21
Which two commands could be used on an ESXI transport node to validate connectivity to the NSX Manager?
(Choose two.)

A. nsxcli --cmd get manager status


B. esxcli network ip connection list I grep rabbitmq
C. nsxcli --cmd get managers
D. nsxcli --cmd get manager connectivity status
E. esxcli network ip connection list I grep 5671

Correct Answer: BE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 22
Which two statements describe the characteristics of the Services Router (SR) component of a Tier-0
Gateway? (Choose two.)

A. Edge cluster is mandatory for SR to be created.


B. SR can exist on both hypervisor transport nodes and Edge transport nodes.
C. SR is automatically created when stateful services are enabled.
D. Edge transport nodes are required for SR to be created.
E. SR can be created from the NSX Advanced Networking & Security tab in the UI.

Correct Answer: AE
Section: (none)
Explanation

Explanation/Reference:
QUESTION 23
Which statement Is true regarding the audit user account? (Choose two.)

A. The admin user must set the password for the audit account to log in to NSX Manager.
B. The administrator must run the set audit user password <password> command.
C. The audit user has read-write access to the NSX Manager.
D. The audit user is disabled by default and must be enabled to log in to the NSX Manager.
E. The administrator must run the set user audit password <password> command.

Correct Answer: AC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 24
An NSX administrator is migrating vSphere port groups configured in vSphere to N-VDS.

What are two migration options? (Choose two.)

A. Migrate vSphere port groups using the esxcli command line.


B. Migrate vSphere port group through the NSX Manager API Calls.
C. Migrate Networking from the vCenter Server.
D. Migrate from the NSX Manager UI, go to Fabric -> Profile -> Uplink Profiles path.
E. Migrate from the NSX Simplified UI> Click Transport Node > Configure NSX > PNIC Only Migration
path.

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 25
What is the function of a domain in a NSX-T Data Center?

A. defines the scope of transport zones


B. defines the scope of security policies and groups
C. defines the scope of physical networks
D. defines the scope of transport nodes

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Reference: [Link]
[Link]

QUESTION 26
Which port is used by a transport node to communicate with NSX Manager in NSX-T Data Center 2.4?
A. 5671
B. 1234
C. 1235
D. 5678

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Reference: [Link]

QUESTION 27
Which three teaming policy modes are supported by NSX-T Data Center? (Choose three.)

A. Destination MAC
B. Failover Order
C. Load Balanced Source
D. Load Balanced Source IP
E. Destination Port
F. Load Balanced Source MAC

Correct Answer: BCF


Section: (none)
Explanation

Explanation/Reference:

QUESTION 28
Which two logical router components span across all transport nodes? (Choose two.)

A. SERVICE_ROUTER_TIER0
B. DISTRIBUTED_ROUTER_TIER0
C. SERVICE_ROUTER_TIER1
D. DISTRIBUTED_ROUTER_TIER1
E. TIER0_DISTRIBUTED_ROUTER

Correct Answer: BD
Section: (none)
Explanation

Explanation/Reference:
Reference: [Link]

QUESTION 29
What is VMware's recommendation for the minimum MTU requirements when planning a NSX-T Data Center
deployment?

A. MTU should be set to 1550 or less across the data center network including inter-data center connections.
B. MTU should be set to 1500 or less only on inter-data center connections.
C. Configure Path MTU Discovery and rely on fragmentation.
D. MTU should be set to 1600 or greater across the data center network including inter-data center
connections.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 30
An NSX administrator wants to create a Tier-0 Gateway to support equal cost multi-path (ECMP) routing.

Which failover detection protocol must be used to meet this requirement?

A. Host Standby Router Protocol (HSRP)


B. Beacon Probing (BP)
C. Virtual Router Redundancy Protocol (VRRP)
D. Bidirectional Forwarding Detection (BFD)

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 31
An NSX administrator is reviewing syslog and notices that Distributed Firewall Rules hit counts are not being
logged.

What could cause this issue?

A. Syslog Is not configured on the NSX Manager


B. Distributed Firewall Rule Logging is not enabled
C. Zero Trust Security Is not enabled
D. Syslog is not configured on the ESXI transport node

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 32
A company is deploying a NSX-T Data Center micro-segmentation in their vSphere environment to allow
simple 3-tier app forms through web, app, and database.

The naming convention will be:


• WKS-WEB-SRV-XXX
• WKY-APP-SRR-XXX
• WKI-DB-SRR-XXX

What is the optimal way to group them in order to enforce security policies from NSX-T Data Center?

A. Use Edge as a firewall between tiers.


B. Create an Ethernet based security policy.
C. Do a service Insertion to accomplish the task.
D. Group all by means of tags membership.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 33
The NSX Control Plane is responsible for which two functions? (Choose two.)

A. push stateless configurations to forwarding engines


B. propagate topology information
C. receive and validate configuration from NSX Policy
D. host API services
E. maintain packet-level statistics

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 34
The security administrator turns on logging for a firewall rule.

Where is the log stored on ESXi and KVM transport nodes?

A. /var/log/vmware/nsx/[Link]
B. /var/log/[Link]
C. /var/log/[Link]
D. /var/log/[Link]

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 35
Which visual tool within the NSX User Interface should an administrator use to monitor hop-by-hop
connectivity between two virtual machines or logical ports?

A. IPFIX
B. Port Connection
C. Port Mirroring
D. Port Status

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:
Port connection tool – this tool is a visualization of connectivity between two container logical ports. As the
topology is built, realized state data like machine information, logical port status, and tunnel health status, gets
represented as hop by hop connectivity between various points in the path.

Reference:
[Link] containers-
[Link]

QUESTION 36
An NSX administrator would like to configure syslog for a KVM transport node.

Which host log files could be exported to a remote syslog server?

A. /var/log/vmware/nsx-syslog
B. /var/log/[Link]
C. /var/log/[Link]
D. /var/log/cloudnet/[Link]

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 37
Refer to the exhibit.

A vSphere administrator is trying to connect T1-Web-01 virtual machine to a NSX-T logical switch and is
receiving an error.

Which service must be restarted to connect the virtual machine to a NSX-T logical switch?

A. /etc/init.d/nsx-opsagent start
B. /etc/init.d/nsx-proxy start
C. /etc/init.d/nsxa start
D. /etc/init.d/nsx-datapath start

Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:

QUESTION 38
Which three steps must be taken to assign a new IP address to a member of a NSX Management Cluster that
was deployed manually? (Choose three.)

A. Delete NSX Manager VM


B. Change IP address of NSX Manager in vApp Properties
C. Execute detach node <node-id> from the NSX Manager CLI
D. Deploy new NSX Manager VM
E. Delete NSX Management cluster member from NSX Simplified UI

Correct Answer: ABC


Section: (none)
Explanation

Explanation/Reference:

QUESTION 39
What is required to configure a load balancer in inline mode?

A. DNAT
B. SNAT
C. Client and server connected to different Tier-1 Gateways
D. Client and server running on different transport nodes

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 40
Which NSX CLI command is used to check the GENEVE tunnel status on ESXi transport node?

A. get host-switch <Host-Switch-Name> tunnels


B. get host-switch <Host-Switch-Name> tunnel status
C. get transport-node tunnel state
D. get transport-node tunnel status

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 41
In a NSX-T Data Center environment, an administrator is observing low throughput and congestion between
the Tier-0 Gateway and the upstream physical routers.
Which two actions could address low throughput and congestion? (Choose two.)

A. Configure a Tier-1 gateway and connect it directly to the physical routers.


B. Configure ECMP on the Tier-0 gateway.
C. Configure NAT on the Tier-0 gateway.
D. Deploy Large size Edge node/s.
E. Add an additional vNIC to the NSX Edge node.

Correct Answer: BD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 42
How many IPs are required when deploying a highly available NSX Management Cluster with VIP in a
production environment?

A. 3
B. 5
C. 4
D. 6

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 43
Which vmkernel module implements the N-VDS on an ESXi transport node?

A. openvswitch
B. enterswitch
C. nsx-vswitch
D. dvswitch

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Reference: [Link] uring-transport-zone-and-
transport- nodes/

QUESTION 44
Which two IP Discovery mechanisms are supported in KVM-environments? (Choose two.)

A. IGMP Snooping
B. Packet Snooping
C. DHCP Snooping
D. ARP Snooping
E. ND Snooping

Correct Answer: CD
Section: (none)
Explanation

Explanation/Reference:
Reference: [Link]
[Link]

QUESTION 45
An NSX administrator is creating a NAT rule on a Tier-0 Gateway configured in active-standby high availability
mode.

Which two NAT rule types are supported for this configuration? (Choose two.)

A. Port NAT
B. Source NAT
C. Destination NAT
D. 1:1 NAT
E. Reflexive NAT

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 46
Which command on ESXi Is used to verify the Local Control Plane connectivity with Central Control Plane?

A. esxcli network ip connection list | grep ccpd


B. esxcli network ip connection list | grep 1234
C. esxcli network ip connection list | grep netcpa
D. esxcli network ip connection list | grep 1235

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Reference: [Link] (25)

QUESTION 47
Which is correct when deploying a NSX Edge in a KVM only environment?

A. deploy NSX Edge VM with QCOW2 image


B. deploy NSX Edge VM with ISO image
C. deploy NSX Edge on a bare-metal server
D. deploy NSX Edge VM with OVF template

Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Reference: [Link] (41)

QUESTION 48
Refer to the exhibit.

The Node Status for all hosts in the SA-Compute-01 cluster Is shown as Not Configured. There are no VM
connectivity issues reported on any of the ESXI transport nodes.

Which service must be restarted to fix the issue?

A. nsx-mpa service on the ESXi transport nodes


B. nsx-policy-manager service on NSX Manager
C. nsx-mpa-api service on NSX Manager
D. cm-inventory service on NSX Manager

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 49
How is the RouterLink port created between a Tier-1 Gateway and Tier-0 Gateway?

A. Manually create a Segment and connect to both Tier-1 and Tier-0 Gateways.
B. Automatically created when Tier-1 is created.
C. Manually create a Logical Switch and connect to bother Tier-1 and Tier-0 Gateways.
D. Automatically created when Tier-1 is connected with Tier-0 from Simplified UI.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Reference: [Link]
[Link]

QUESTION 50
Which CLI command should be executed on a KVM hypervisor to retrieve the VM interface UUID?

A. virsh list-interface <VM Name>


B. virsh get-interface <VM Name>
C. virsh dumpxml <VM Name> | grep interfaceid
D. virsh show <VM Name> | grep interfaceid

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Reference: [Link]

QUESTION 51
Which two built-in VMware tools will help identify the cause of packet loss on VLAN Segments? (Choose two.)

A. Flow Monitoring
B. Traceflow
C. Activity Monitoring
D. Live Flow
E. Packet Capture

Correct Answer: BE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 52
A customer is preparing to deploy VMware Kubernetes on an NSX-T Data Center.

What is the minimum MTU size for the UPLINK profile?

A. 1600
B. 1650
C. 1550
D. 1500

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 53
Which component does the hyperbus interface (vmk50) provide network connectivity to?

A. virtual machines and containers running across transport nodes


B. virtual machines running on the same hypervisor
C. containers running on ESXi/KVM transport nodes
D. virtual machines running in the same segment

Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Reference: [Link]

QUESTION 54
An administrator wants to validate the BGP connection status between the Tier-0 Gateway and the upstream
physical router.

What sequence of commands could be used to check this status on NSX Edge node?

A. - set vrf <ID>


- show logical-routers
- show <LR-D> bgp
B. - show logical-routers
- get vrf
- show ip route bgp
C. - enable <LR-D>
- get vrf <ID>
- show bgp neighbor
D. - get logical-routers
- vrf <number>
- get bgp neighbor

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Reference: [Link]
[Link]

QUESTION 55
An NSX administrator is troubleshooting a connectivity issue with virtual machines running on an ESXi
transport node.

Which feature in the NSX Manager Simplified UI shows the mapping between the virtual NIC and the host's
physical adapter?

A. N-VDS Visualization
B. Activity Monitoring
C. IPFIX
D. Port Mirroring

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 56
What are the advantages of using a Tier-0 Gateway in ECMP mode? (Choose two.) I

A. stateful services leveraged


B. increased north/south bandwidth
C. traffic load balancing
D. Failover of services
E. traffic predictability

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:
Reference: [Link]
[Link]

QUESTION 57
A user is assigned these two roles in NSX Manager:
• Load Balancer Administrator
• Network Engineer

What privileges does this user have in the system?

A. full access permissions on all networking services and full access permissions on load balancing features
B. read permissions on all networking services and read permissions on load balancing features
C. read permissions on all networking services and full access permissions on load balancing features
D. full access permissions on all networking services and read permissions on load balancing features

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 58
What are two valid options when configuring the scope of a distributed firewall rule? (Choose two.)

A. Group
B. Tier-1 Gateway
C. Segment Port
D. Segment
E. DFW

Correct Answer: AE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 59
An NSX administrator has configured a KVM hypervisor as a transport node.

Which kemel module on KVM implements a N VDS?

A. dvswitch
B. nsx-vswitch
C. openvswitch
D. etherswitch
Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Reference: [Link]

QUESTION 60
Refer to the exhibit.

An NSX administrator is retrieving a log bundle at the request of VMware Global Support. It is taking a long
time to get the log bundle. The administrator reviews the configuration.

Which two changes to the configuration must be made to speed up the creation of the bundle. (Choose two.)

A. Disable upload bundle to remote file server


B. Change transfer protocol
C. Do not use ssh fingerprint
D. Create the support bundle from vCenter
E. Disable Include core files and audit logs

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 61
How is the intra-tier transit link connection created between SR and DR for a Tier-0 Gateway?
A. Manually create a gateway interface and mark it as transit.
B. Automatically created when DR is created.
C. Automatically created when SR is initialized.
D. Manually create external uplink interface and mark it as transit.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Reference: [Link]

QUESTION 62
Which two components are involved in the logical switching and N-VDS configuration during ESXi transport
node installation? (Choose two.)

A. etherswitch
B. Open vSwitch
C. nsx-opsAgent
D. vdl2
E. nsx-vswitch

Correct Answer: BD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 63
A company is planning to implement NSX-T Data Center and will be using load balancing for 50 unique
production workloads.

Which is the minimum NSX-T Edge size configuration required to support the production load balancer?

A. Large (8 vCPU 16GB RAM)


B. Medium (4 vCPU 8GB RAM)
C. Extra Large (12 vCPU 24GB RAM)
D. Small (2 vCPU 4GB RAM)

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Reference: [Link]

QUESTION 64
What are three possible installation options for NSX Edge?

A. Install NSX Edge on a bare-metal server.


B. Deploy NSX Edge using a QCOW2 image.
C. Install NSX Edge VM on KVM using an ISO image.
D. Deploy NSX Edge on KVM using ovftool.
E. Deploy NSX Edge VM on ESXi using OVA.
F. Install NSX Edge VM on ESXi using an ISO image.

Correct Answer: AEF


Section: (none)
Explanation

Explanation/Reference:
Reference: [Link]
[Link]

QUESTION 65
Which three steps are required to create an IPSEC VPN tunnel? (Choose three.)

A. Create an IPSec service.


B. Configure a distributed firewall policy.
C. Configure a Tier-1 Gateway.
D. Add a local endpoint.
E. Configure an IPSec session.
F. Add a logical switch.

Correct Answer: ADE


Section: (none)
Explanation

Explanation/Reference:
Reference: [Link]
[Link]

QUESTION 66
Which two CLI commands could be used to see if vmnic link status is down? (Choose two.)

A. esxcli network vswitch dvs vmware list


B. esxcfg-nics -1
C. esxcfg-vmsvc/[Link]
D. esxcfg-vmknic -1
E. esxcli network nic list

Correct Answer: AE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 67
What is the correct prioritization for gateway policy categories?

A. Shared Pre-rules > Emergency > System > Local Gateway > Auto Service > Default
B. Shared Pre-rules > Emergency > Local Gateway > System > Auto Service > Default
C. Emergency > System > Shared Pre-rules > Auto Service > Local Gateway > Default
D. Emergency > System > Shared Pre-rules > Local Gateway > Auto Service > Default

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 68
Which three functions require a Services Router (SR) component on an Edge node? (Choose three.)

A. Distributed Firewall
B. Service Insertion
C. Gateway Firewall
D. Virtual Private Network
E. Distributed Routing
F. Packet Forwarding

Correct Answer: CEF


Section: (none)
Explanation

Explanation/Reference:

QUESTION 69
An NSX administrator has observed connectivity issues between the NSX Manager and the KVM Transport
Node.

Which two log files could be used to troubleshoot the issue on the KVM Transport Node? (Choose two.)

A. /var/log/vmware/nsx-syslog
B. /usr/vmware/log/syslog
C. /var/log/nsx/syslog
D. /usr/vmware/nsx-syslog
E. /var/log/syslog

Correct Answer: AE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 70
An NSX administrator is planning to deploy a multi-tier routing topology in their NSX-T Data Center
environment to provide north-south connectivity for the VMs.

Which routing component must be deployed?

A. Tier-0 Gateway
B. Edge Node
C. Tier-1 Gateway
D. Edge Cluster

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

You might also like