Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which NSX feature provides the ability to audit network traffic, define and refine firewall polices, and identify threats to the network?
A. ERSPAN
B. Flow Monitoring
C. Logical Routers
D. Service Composer
Answer: B
Q2. How does NSX simplify physical network design?
A. VLANs are moved into the virtual network for virtual machine traffic, eliminating the need to use Private VLANs on the physical network.
B. Network administrators only need to configure routing on the physical network for virtual machine traffic since all other network functions are moved to the virtual network.
C. Transport zones are created in the virtual network for virtual machine traffic, removing the need to make changes to the physical network.
D. Virtual network integration can make changes to the physical network programmatically using REST API calls which automates network changes and increases agility.
Answer: C
Q3. Which two statements are true regarding Layer 2 VPNs? (Choose two.)
A. Layer 2 VPNs are used to securely extend Ethernet segments over an untrusted medium.
B. The NSX Edge Service Gateway can form a Layer 2 VPN with a standards-compliant physical appliance.
C. The Distributed Router can form a Layer 2 VPN to another Distributed Router or NSX Edge Service Gateway.
D. Layer 2 VPNs require the two VPN endpoints be in the same Layer 2 segment.
Answer: A, B
Q4. Which Virtual Machine cannot be protected by the Distributed Firewall?
A. A Virtual Machine connected to a vDS Portgroup running on an ESXi 5.1 host.
B. A Virtual Machine connected to a vSS Portgroup running on an ESXi 5.5 host.
C. A Virtual Machine connected to a vDS Portgroup running on an ESXi 5.5 host.
D. A Virtual Machine connected to a logical switch running on an ESXi 5.1 host.
Answer: D
Q5. What are two valid methods of configuring virtual machines to use a vSphere Distributed Switch (vDS) that are currently using a vSphere Standard Switch (vSS)? (Choose two.)
A. Select each virtual machine and drag it to the vSphere Distributed Switch.
B. Select the vSS in use by the virtual machines and select the Move to option on the right-click menu.
C. Select each virtual machine and edit the virtual network adapter's connection settings.
D. Use the Migrate Virtual Machine Networking option from the right-click menu of the vDS.
Answer: C, D
Q6. -- Exhibit --
-- Exhibit --An administrator has created the NSX network shown in the exhibit. Both VMs use the same
Distributed Router for their default gateway. VM-B receives an IP message from VM-A.
What is the source MAC address of the IP message received by VM-B?
A. VM-A's MAC address.
B. VM-B's default gateway's MAC Address.
C. VM-A's default gateway's MAC address.
D. Logical Switch 7321's MAC address
Answer: A
Q7. An administrator has deployed NSX in an environment containing a mix of vSphere 5 hosts. The implementation includes the Distributed Firewall Service, but the administrator finds that rules are not being applied to all affected virtual machines. What two conditions would cause this behavior? (Choose two.)
A. Some hosts have not been prepared for NSX.
B. Only ESXi 5.5 and later hosts can push the rules to the virtual machines.
C. Only ESXi 5.1 and later hosts can push the rules to the virtual machines.
D. Some hosts are blocking the port used for rule distribution.
Answer: A, C
Q8. A company has augmented its Data Center infrastructure by using vCloud Hybrid Service during peak hours. The company wants to extend their existing subnets into the cloud while workloads retain their existing IP addresses. The virtual machines in these subnets use an NSX Edge Gateway as their default gateway. Which solution should this company use?
A. Layer 2 VPN
B. MPLS VPN
C. IPSec VPN
D. SSL VPN
Answer: A
Q9. Which two statements describe the benefits provided by firewall services deployed by NSX?
(Choose two.)
A. Firewall services deployed using a software appliance will provide east-west traffic filtering and security.
B. Firewall services deployed using a distributed kernel module will provide east-west traffic filtering and security.
C. Firewall services providing edge security services uses a virtual appliance and is centrally managed.
D. Firewall services providing edge security services uses a distributed kernel module.
Answer: B, C
Q10. An administrator wishes to upgrade to NSX from the following infrastructurE.
. vCenter Server 4.1
. vShield 5.0
. ESXi hosts 4.1
What is a valid, minimum set of steps to properly upgrade this environment to NSX?
A. 1. Upgrade vCenter Server 4.1 to vCenter Server 5.5
2. Upgrade vShield 5.0 to vShield 5.5
3. Upgrade ESXi hosts to ESXi 5.1 or greater
4. Install the NSX upgrade bundle
B. 1. Upgrade vCenter Server 4.1 to vCenter Server 5.1
2. Upgrade vCenter Server 5.1 to vCenter Server 5.5
3. Upgrade ESXi hosts to ESXi 5.1 or greater
4. Install the NSX upgrade bundle
C. 1. Upgrade vCenter Server 4.1 to vCenter Server 5.5
2. Upgrade ESXi hosts to ESXi 5.1 or greater
3. Install the NSX upgrade bundle
D. 1. Upgrade vCenter Server 4.1 to vCenter Server 5.5
2. Upgrade vShield 5.0 to vShield 5.5
3. Install the NSX upgrade bundle
Answer: A
Q11. How are Logical Firewall rules applied to affected virtual machines?
A. They are pushed by the NSX Controllers to all the ESXi hosts in the same Transport Zone.
B. They are pushed by the NSX Manager to the ESXi hosts running the source and/or destination virtual machines.
C. They are pushed by the NSX Controllers to the ESXi hosts running the destination virtual machines.
D. They are pushed by the NSX Manager to all the ESXi hosts in the NSX environment.
Answer: B
Q12. An administrator has created a logical switch, but when attempting to select a transport zone, the dropdown box is empty. Which option is causing this issue?
A. The transport zone has not been enabled on the NSX Controller.
B. A VXLAN has not been created.
C. A VLAN has not been created.
D. The transport zone has not been assigned an IP address pool.
Answer: B
Q13. Which NSX service or feature provides optimized management of virtual machine broadcast (ARP) traffic?
A. NSX Controller
B. NSX Manager
C. Edge Services Gateway
D. VTEP
Answer: A
Q14. How is the Bridge Instance chosen?
A. It is chosen based on the ESXi host where the Logical Router Control VM is running.
B. It is manually assigned by the vSphere administrator when the distributed portgroup is configured.
C. During an election process among all ESXi hosts. The host with the highest MAC address is selected.
D. The VTEP configured with the highest VXLAN Network Identifier (VNI) is selected.
Answer: A
Q15. A vSphere administrator added a new interface to a Distributed Router with a subnet of 172.16.10.0/24 and wants to make this subnet reachable to the rest of the network. How can the vSphere administrator achieve this?
A. Enable OSPF on the Distributed Router. Configure the uplink interface in the Backbone area and redistribute into OSPF the 172.16.10.0/24 subnet.
B. Enable OSPF on the Distributed Router. Configure the uplink interface in the normal area and the new interface with the subnet 172.16.10.0/24 in a Backbone area.
C. Enable OSPF on the Distributed Router. Configure the uplink interface in the Backbone area and redistribute from OSPF the 172.16.10.0/24 subnet.
D. Enable OSPF on the Distributed Router. Configure the uplink interface in the Backbone area and the new interface with the subnet 172.16.10.0/24 in a normal area.
Answer: D
Q16. Which is not a valid Destination option for a General Logical Firewall rule?
A. Datacenter
B. Virtual App
C. MAC Set
D. Network
Answer: C