Which feature is not supported by the vSphere 5.5 Distributed Switch?

Which feature is not supported by the vSphere 5.5 Distributed Switch? 

A. Multiple link aggregation groups
B. Differentiated Service Code Point (DSCP) QOS at layer3
C. Packet captures at the uplink, virtual switch port, or vNIC
D. IGMP snooping at layer 2







Answer: D

An administrator has received reports of intermittent connectivity between virtual machines on an NSX network. The network team has verified that all physical network devices have been set to 1600 MTU. What other configuration could cause this issue?

An administrator has received reports of intermittent connectivity between virtual machines on an NSX network. The network team has verified that all physical network devices have been set to 1600 MTU.
What other configuration could cause this issue? 

A. An MTU value of 1500 on the vDS Switch
B. An MTU value of 1500 on the distributed firewall
C. An MTU value of 1500 on the logical router
D. An MTU value of 1500 on the logical load balancer








Answer: A

Which port must be available for communication between the NSX Manager and vCenter Server, ESXi hosts, and NSX appliances?

Which port must be available for communication between the NSX Manager and vCenter Server, ESXi hosts, and NSX appliances? 

A. 22
B. 80
C. 443
D. 902







Answer: C

Which condition could prevent an ESXi host from receiving VXLAN Tunnel End Point (VTEP) tables?

Which condition could prevent an ESXi host from receiving VXLAN Tunnel End Point (VTEP) tables? 

A. The ESXi host is disconnected from vCenter Server
B. The netcpa agent is not running on the ESXi host
C. The vsfwd agent is not running on the ESXi host
D. The NSX controller on the ESXi host is down







Answer: B

An administrator configures the IPSec VPN service on an NSX Edge instance, but the negotiation fails. Examining the log file, the administrator notices the following message: INVALID_ID_INFORMATION Which misconfiguration caused the error?

An administrator configures the IPSec VPN service on an NSX Edge instance, but the negotiation fails. Examining the log file, the administrator notices the following message:
INVALID_ID_INFORMATION
Which misconfiguration caused the error? 

A. Pre-shared key (PSK) does not match
B. Diffie-Hellman (DH) Group does not match
C. Perfect Forward Secrecy (PFS) does not match
D. VPN tunnel address incorrect







Answer: A

An administrator can only log into the NSX manager using local credentials and not Active Directory credentials. Which option would cause this issue?

An administrator can only log into the NSX manager using local credentials and not Active Directory credentials. Which option would cause this issue? 

A. The NSX manager has not been connected to the vCenter Server
B. The NSX manager has not been connected to the lookup service
C. The NSX manager has not been connected to an SSO server
D. The NSX manager has not been connected to Active Directory






Answer: B

An administrator has deployed and powered on a new virtual machine configured to get its networking information via DHCP. The virtual machine is connected to an NSX network and connectivity has been verified. After reconfiguring the virtual machine with a static IP address, network connectivity is lost. Which statement explains what happened?

An administrator has deployed and powered on a new virtual machine configured to get its networking information via DHCP. The virtual machine is connected to an NSX network and connectivity has been verified. After reconfiguring the virtual machine with a static IP address, network connectivity is lost.
Which statement explains what happened? 

A. SpoofGuard is disabled
B. SpoofGuard is enabled and the operation mode is set to automatic
C. SpoofGuard is enabled and the operation mode is set to manual
D. SpoofGuard is enabled but not configured







Answer: B

Which configuration change on the physical infrastructure is required when deploying NSX?

Which configuration change on the physical infrastructure is required when deploying NSX? 

A. Increase the MTU size on the physical switches
B. Enable multicast when the control plane mode is set to unicast
C. Disable spanning tree protocol
D. Enable IGMP snooping when the control plane mode is set to multicast








Answer: A

Where is the net-vdr command used?

Where is the net-vdr command used? 

A. ESXi host
B. NSX Controller
C. NSX Edge
D. vSphere Management Assistant (vMA)








Answer: A

An administrator needs to verify which port the switch manager is using. Which command should be used?

An administrator needs to verify which port the switch manager is using. Which command should be used? 

A. show controller-cluster status
B. show controller-cluster core stats
C. show controller-cluster connections
D. show controller-cluster logical-switches







Answer: C

Which time frequency is not available when scheduling NSX backups?

Which time frequency is not available when scheduling NSX backups? 

A. Hourly
B. Daily
C. Weekly
D. Monthly







Answer: D

Which two are pieces of information required to perform an NSX backup?

Which two are pieces of information required to perform an NSX backup?  

A. Transfer protocol
B. Default Port
C. Number of backups retained
D. Filename prefix








Answer: A,D

Which two protocols are used to perform NSX backups?

Which two protocols are used to perform NSX backups?  

A. FTP
B. HTTP
C. SFTP
D. HTTPS








Answer: A,C

How many syslog servers can be configured for an NSX Edge device?

How many syslog servers can be configured for an NSX Edge device? 

A. 1
B. 2
C. 3
D. 4







Answer: B

Where does an administrator configure logging for the NSX Manager?

Where does an administrator configure logging for the NSX Manager? 

A. In the vSphere Web Client
B. In the NSX Manager GUI
C. In the NSX Manager command line interface (CLI)
D. In the vSphere Syslog Collector







Answer: B

Which NSX component can validate that security policies at your organization are being enforced correctly?

Which NSX component can validate that security policies at your organization are being enforced correctly? 

A. Activity Monitoring
B. Flow Monitoring
C. ERSPAN
D. Distributed firewalls







Answer: A

You have deployed a vShield Endpoint for antivirus and malware detection on an NSX network and need to monitor audit messages for the endpoint. Which log file are the audit messages recorded in?

You have deployed a vShield Endpoint for antivirus and malware detection on an NSX network and need to monitor audit messages for the endpoint.
Which log file are the audit messages recorded in? 

A. vmkwarning.log on the ESXi host
B. vmware.log on the virtual machine
C. cloudnet_cpp.log on the NSX Controller
D. messages.log on the NSX Manager








Answer: B

What is the maximum time span for viewing Flow Monitoring data?

What is the maximum time span for viewing Flow Monitoring data? 

A. 2 hours
B. 1 week
C. 2 weeks
D. 1 month








Answer: C

Which tool is used to detect rogue services?

Which tool is used to detect rogue services? 

A. NSX Logical Firewall
B. NSX Logical Router
C. Activity Monitoring
D. Flow Monitoring







Answer: D

Which two web browsers are supported for programming the NSX REST API?

Which two web browsers are supported for programming the NSX REST API?  

A. Internet Explorer
B. Chrome
C. Firefox
D. Safari








Answer: B,C

Which component could be used to automate the deployment of an NSX environment?

Which component could be used to automate the deployment of an NSX environment? 

A. A Cloud Management Platform (CMP).
B. The NSX Controller.
C. The NSX Manager.
D. The vSphere Distributed Switch wizard.








Answer: A

A user needs to be given the ability to make configuration changes on a specific NSX Edge device. What role and scope could be used to meet this requirement?

A user needs to be given the ability to make configuration changes on a specific NSX Edge device. What role and scope could be used to meet this requirement? 

A. NSX Administrator role and Limit Access scope
B. Security Administrator role and Limit Access scope
C. NSX Administrator role and No restriction scope
D. Security Administrator role and No restriction scope







Answer: B

Which NSX Data Security role has the permission to start and stop data security scans?

Which NSX Data Security role has the permission to start and stop data security scans? 

A. Security Administrator
B. NSX Administrator
C. Auditor
D. Enterprise Administrator








Answer: B

Which service cannot be included in a Security Policy using Service Composer?

Which service cannot be included in a Security Policy using Service Composer? 

A. Endpoint Services
B. Firewall Rules
C. Virtual Private Network Services
D. Network Introspection Services







Answer: C

What is the default delay when the active NSX Edge instance fails before the standby instance takes the active role?

What is the default delay when the active NSX Edge instance fails before the standby instance takes the active role? 

A. 3 seconds.
B. 6 seconds.
C. 15 seconds.
D. 45 seconds.






Answer: C

What is the frequency of the heartbeat between the active and standby NSX Edge instances when configured for HA?

What is the frequency of the heartbeat between the active and standby NSX Edge instances when configured for HA? 

A. Every 1 second.
B. Every 2 seconds.
C. Every 5 seconds.
D. Every 15 seconds.







Answer: A

A Distributed Router and an NSX Edge Gateway are connected to a Logical Switch with a VNI of 7321. Both also have connections to the external network.The Distributed Router serves as the default gateway for the virtual machines in VNI 7321. A vSphere administrator does not want to advertise the subnet in VNI 7321 to the rest of the network, but still wants to allow virtual machines in the segment to access external resources. What two steps should the vSphere administrator take to achieve this?

A Distributed Router and an NSX Edge Gateway are connected to a Logical Switch with a VNI of 7321. Both also have connections to the external network.The Distributed Router serves as the default gateway for the virtual machines in VNI 7321. A vSphere administrator does not want to advertise the subnet in VNI 7321 to the rest of the network, but still wants to allow virtual machines in the segment to access external resources. What two steps should the vSphere administrator take to achieve this?  

A. Make the NSX Edge Gateway the default gateway for VNI 7321.
B. Configure a SNAT rule for VNI 7321 on the NSX Edge Gateway.
C. Configure a static route to the NSX Edge Gateway in the upstream router.
D. Create an inbound Access Control List on the Distributed Router.







Answer: A,B

An organization requires a high performance firewall as part of an NSX deployment. What is the minimum NSX Edge Services Gateway configuration that would be suitable for the organization's requirements?

An organization requires a high performance firewall as part of an NSX deployment. What is the minimum NSX Edge Services Gateway configuration that would be suitable for the organization's requirements? 

A. X-Large
B. Quad-Large
C. Large
D. Compact








Answer: B

How many DHCP pools can be created on the NSX Edge?

How many DHCP pools can be created on the NSX Edge? 

A. 2,000
B. 5,000
C. 10,000
D. 20,000








Answer: D

Which two Virtual Private Networks are supported by the NSX Edge Service Gateway?

Which two Virtual Private Networks are supported by the NSX Edge Service Gateway?  

A. Layer 2 VPN
B. GRE VPN
C. IPSec VPN
D. Layer 3 VPN









Answer: A,C

How many Virtual IPs does the NSX Edge Load Balancer support?

How many Virtual IPs does the NSX Edge Load Balancer support? 

A. 1
B. 32
C. 64
D. 128







Answer: C

A vSphere administrator deploys the NSX Edge Load Balancer in Inline mode. Which is not a requirement for the Load Balancer to operate correctly?

A vSphere administrator deploys the NSX Edge Load Balancer in Inline mode. Which is not a requirement for the Load Balancer to operate correctly? 

A. Perform Source NAT on the traffic from the clients.
B. Connect the Load Balancer directly to the same subnet as the VMs that are part of the Server Pool.
C. Perform Destination NAT on the traffic from the clients.
D. Point the virtual machines in the Server Pool to the Load Balancer as their default gateway.








Answer: A

Which two IPv6 connections are supported by the NSX Edge Load Balancer in Transparent mode?

Which two IPv6 connections are supported by the NSX Edge Load Balancer in Transparent mode? 

A. IPv4 to IPv6
B. IPv6 to IPv6
C. IPv6 to IPv4
D. IPv4 to IPv4









Answer: A,D

A company hosts an internal website on multiple virtual machines on a Logical Switch with VNI 7321. A Distributed Router serves as the virtual machines' default gateway. When an user resolves the URL for the website, the internal DNS server responds with the IP address of one of the virtual machine's IP addresses in a round robin fashion. The company wants to deploy an NSX Edge Service Load Balancer and maintain the use of the Distributed Router for the virtual machines' default gateway. Which mode can the NSX Edge Load Balancer can be deployed to meet the Company's needs?

A company hosts an internal website on multiple virtual machines on a Logical Switch with VNI 7321. A Distributed Router serves as the virtual machines' default gateway.
When an user resolves the URL for the website, the internal DNS server responds with the IP address of one of the virtual machine's IP addresses in a round robin fashion. The company wants to deploy an NSX Edge Service Load Balancer and maintain the use of the Distributed Router for the virtual machines' default gateway.
Which mode can the NSX Edge Load Balancer can be deployed to meet the Company's needs? 

A. One-Arm
B. Transparent
C. Local
D. Global







Answer: A

Which routing protocol cannot be configured on an NSX edge device?

Which routing protocol cannot be configured on an NSX edge device? 

A. EIGRP
B. IS-IS
C. OSPF
D. BGP







Answer: A

What is a VXLAN LIF?

What is a VXLAN LIF? 

A. The Distributed Router interface that connects to a Logical Switch.
B. The Distributed Router interface that connects to the distributed portgroup.
C. The Logical Switch interface that connects to the Distributed Router.
D. The distributed portgroup that the Distributed Router connects to.








Answer: A

How many Logical Interfaces can be assigned to a single Distributed Router instance?

How many Logical Interfaces can be assigned to a single Distributed Router instance? 

A. 1
B. 12
C. 1000
D. 1200






Answer: C

What is the maximum number of Distributed Router Logical Interfaces that can be connected to a Logical Switch?

What is the maximum number of Distributed Router Logical Interfaces that can be connected to a Logical Switch? 

A. 1
B. 2
C. 1200
D. 2000






Answer: A

Where is the layer 2 bridge instance deployed when configuring a bridge connection between a logical switch and a VLAN?

Where is the layer 2 bridge instance deployed when configuring a bridge connection between a logical switch and a VLAN? 

A. On the ESXi host running the logical router
B. On the ESXi host running the logical switch
C. On both ESXi hosts that make up the layer 2 bridge
D. On each virtual machine that will utilize the layer 2 bridge







Answer: A

What is a requirement of the physical network for VXLAN to operate correctly when deploying NSX for vSphere?

What is a requirement of the physical network for VXLAN to operate correctly when deploying NSX for vSphere? 

A. Configure Jumbo Frames.
B. Configure PIM in Sparse or Dense mode.
C. Multichassis Link Aggregation (MLAG) on the Top of Rack switches.
D. IPv4 enabled in the local segment where the VTEPs are connected.







Answer: A

Which is the transport protocol and port number used in VMware's implementation of VXLAN in NSX for vSphere?

Which is the transport protocol and port number used in VMware's implementation of VXLAN in NSX for vSphere? 

A. UDP, port number 8472
B. UDP, port number 4789
C. TCP, port number 4789
D. TCP, port number 8472








Answer: A

After consulting with the network team, it is decided that Transport Zones will be configured with Unicast Replication Mode for a new NSX for vSphere deployment. Which statement is true regarding the function of the VXLAN Tunnel End Points (VTEPs)?

After consulting with the network team, it is decided that Transport Zones will be configured with Unicast Replication Mode for a new NSX for vSphere deployment.
Which statement is true regarding the function of the VXLAN Tunnel End Points (VTEPs)? 

A. The VTEPs will send unicast frames to the NSX Controllers when the VTEPs do not have a MAC address in the MAC table.
B. The VTEPs will switch to Multicast Replication Mode for those VTEPs to which multicast path discovery is successful.
C. The VTEPs will send multicast frames to all other VTEPs in the Transport Zone when the VTEPs do not have a MAC address in the MAC table.
D. The VTEPs will send unicast frames to all local VTEPs and remote proxies in the Transport Zone when the VTEPs do not have a MAC address in the MAC table.







Answer: D

Which scenario can be configured to use 3DES encryption for virtual machine traffic?

Which scenario can be configured to use 3DES encryption for virtual machine traffic? 

A. Two virtual machines communicating across a point-to-point IPSec VPN connection.
B. Two virtual machines running on different ESXi hosts communicating across the same logical switch.
C. Two virtual machines communicating across a layer 2 bridge.
D. Two virtual machines configured to use NSX Data Security.








Answer: A

A NSX administrator attempts to create a Logical Switch, but assigns it a name of an existing Logical Switch. What will be the result?

A NSX administrator attempts to create a Logical Switch, but assigns it a name of an existing Logical Switch. What will be the result? 

A. The Logical Switch is created with the name assigned by the NSX Administrator.
B. NSX Manager will append a two digit number to the Logical Switch name, starting with 01.
C. The Logical Switch can't be attached to a Redistributed Router until it's name is changed.
D. An error message is displayeD.Unable to allocate an available resource.








Answer: A

What is a prerequisite to deploying a Logical Switch?

What is a prerequisite to deploying a Logical Switch? 

A. Configure the VXLAN Tunnel Endpoint's (VTEP) VLAN on the trunk in the physical switches.
B. Add the ESXi hosts to the same vSphere Distributed Switch.
C. Prepare and configure VTEPs on the ESXi hosts using the vSphere Web Client.
D. Create a port group on the vSphere Distributed Switch.








Answer: A

What is the appropriate source from which to deploy the VMware NSX Manager component?

What is the appropriate source from which to deploy the VMware NSX Manager component? 

A. Open Virtualization Appliance (OVA) file
B. VMware Infrastructure Bundle (VIB) file
C. VMware vSphere Update Manager update baseline
D. MSI install package







Answer: A

Which option is VMware's best practice for the deployment of NSX Manager and NSX Controller components?

Which option is VMware's best practice for the deployment of NSX Manager and NSX Controller components? 

A. Deploy the NSX Manager and NSX Controller components to a management cluster.
B. Deploy the NSX Manager component to a management cluster and the NSX Controller components to a resource cluster.
C. Deploy the NSX Controller components to a management cluster and the NSX Manager component to a resource cluster.
D. Deploy the NSX Manager and NSX Controller components to a resource cluster.








Answer: A

What is the minimum number of vSphere Distributed Switches (vDS) that must be configured before deploying VMware NSX for vSphere?

What is the minimum number of vSphere Distributed Switches (vDS) that must be configured before deploying VMware NSX for vSphere? 

A. 0
B. 1
C. 2
D. 4







Answer: B