2V0-641 - VMware Certified Professional 6
Go back to VMware
You are tasked with designing a data center architecture that should maximize the use of vMotion within your environment. The design has these requirements: · The network must utilize widely offered layer 2 switching and layer 3 switching services · Purchase of new equipment should be minimized Which two network design architectures will provide the requirements for vMotion in your data center? (Choose two.)
Utilize layer 3 switching from the access layer through the core.
Deploy an overlay technology for the deployment of your virtual network.
A company has augmented its Data Center infrastructure by using vCloud Hybrid Service during peak hours. The company wants to extend their existing subnets into the cloud while workloads retain their existing IP addresses. The virtual machines in these subnets use an NSX Edge Gateway as their default gateway. Which solution should this company use?
Layer 2 VPN
Which statement is correct when upgrading vShield Data Security to NSX Data Security?
NSX Data Security does not support a direct upgrade.
Which NSX component can validate that security policies at your organization are being enforced correctly?
Which NSX service or feature provides optimized management of virtual machine broadcast (ARP) traffic?
What is the minimum number of vSphere Distributed Switches (vDS) that must be configured before deploying VMware NSX for vSphere?
How does NSX simplify the underlying physical network?
All configuration and state information are readily accessible, as is the mapping between virtual network topologies and the physical network.
A vSphere administrator wants to setup an NSX Edge Service Gateway to provide traveling employees secure access to company servers located in specific network segments within the corporate Data Center. The remote access solution must provide a method to authenticate the users. Which two methods can be used with the NSX Edge Service Gateway? (Choose two.)
RSA Secure ID
On a vSphere Standard Switch, how does teaming two or more physical network adapters provide load balancing when using the Load Balancing feature Route based on the originating virtual port ID?
They physical network adapter is chosen by use of a round robin based algorithm for each additional virtual port in the port group that becomes active.
Which two options are pieces of information required to perform an NSX backup? (Choose two.)
If a Security Group is the Source for a General Logical Firewall Rule, which Virtual Machines will be affected by the rule?
Each Virtual Machine identified in the Applied To field of the Logical Firewall Rule.
How are Logical Firewall rules applied to affected virtual machines?
They are pushed by the NSX Manager to the ESXi hosts running the source and/or destination virtual machines.
What are three switch features found only on vSphere Distributed Switches? (Choose three.)
Network I/O Control
Which two characteristics of the underlying physical network does VMware NSX require for robust IP transport? (Choose two.)
The physical network should provide scalable network I/O using Equal Cost Multipathing (ECMP).
QoS classification and marking is required to provide end-to-end flow control.
Which two statements are true regarding Layer 2 VPNs? (Choose two.)
Layer 2 VPNs are used to securely extend Ethernet segments over an untrusted medium.
The NSX Edge Service Gateway can form a Layer 2 VPN with a standards-compliant physical appliance.
Which NSX feature provides the ability to audit network traffic, define and refine firewall polices, and identify threats to the network?
What are two advantages for using NSX for vSphere's Logical Switching? (Choose two.)
Allows for Layer 2 switching over Layer 3 infrastructure.
Provides for 10,000 logical segments.
Where must you go to manually register a third-party service with VMware NSX?
vSphere Web Client -> Networking & Security -> Service Definitions
You want to use an existing NSX Manager to extend logical networks to the ESXi hosts of a new cluster. What should you do?
On the Installation > Host Preparation page of the Networking & Security section of the vSphere Web Client, click the Install link for the new cluster.
Which two components are required to enable layer 2 bridging? (Choose two.)
Distributed firewall rule to allow layer 2 traffic in the bridge.
Deployed Logical Router.
A network security administrator wants to monitor traffic on several VLANs configured on a vSphere Distributed Switch. The traffic will be sent to another distributed port. What type of port mirroring session must be configured to meet these requirements?
Select the session type Remote Mirroring Destination when configuring the Port Mirroring session.
An administrator has deployed NSX in an environment containing a mix of vSphere 5 hosts. The implementation includes the Distributed Firewall Service, but the administrator finds that rules are not being applied to all affected virtual machines. What two conditions would cause this behavior? (Choose two.)
Some hosts have not been prepared for NSX.
Only ESXi 5.1 and later hosts can push the rules to the virtual machines.
An administrator configures the IPSec VPN service on an NSX Edge instance, but the negotiation fails. Examining the log file, the administrator notices the following messagE. INVALID_ID_INFORMATION Which misconfiguration caused the error?
Pre-shared key (PSK) does not match.
When preparing a vSphere host cluster to work with VMware NSX, which two options show VIBs that are installed and registered with all hosts within the prepared cluster? (Choose two.)
NSX Distributed Firewall
Which action is not an option for adding Virtual Machines to a Security Group?
Adding Virtual Machines to a Security Policy and associating it with a Security Group.
Where does the Distributed Logical Firewall enforce firewall rules?
At the Virtual Machine's virtual Network Interface Card (vNIC).
Which two are valid statements regarding third-party services and NSX? (Choose two.)
Third party services can either be automatically or manually registered with NSX Manager.
Third party services may or may not utilize a service virtual appliance.
An administrator manages a TFTP server virtual machine that is connected to a Logical Switch with a VNI of 7321. The TFTP server has been configured to use port 1069. An NSX Edge Service Gateway is connected to VNI 7321 and has an uplink interface with access to the physical network. Assume external users can reach the Service Gateway. What should the administrator configure to ensure external connections to the TFTP server are successful?
Create a DNAT rule with the original port of 69 and translated port of 1069.
Which statement best describes scaling a fault tolerant spine-leaf multipathing fabric architected for an NSX deployment?
Scaling should be performed by increasing the number of spine switches while maintaining point-to- point connectivity between leafs and spines.
After consulting with the network team, it is decided that Transport Zones will be configured with Unicast Replication Mode for a new NSX for vSphere deployment. Which statement is true regarding the function of the VXLAN Tunnel End Points (VTEPs)?
The VTEPs will send unicast frames to all local VTEPs and remote proxies in the Transport Zone when the VTEPs do not have a MAC address in the MAC table.
A vSphere administrator deploys the NSX Edge Load Balancer in Inline mode. Which is not a requirement for the Load Balancer to operate correctly?
Perform Source NAT on the traffic from the clients.
Which component automates the consumption of third-party services and provides mapping to virtual machines using a logical policy?
What is the function of NSX Data Security?
Identifies sensitive data in your virtualized environment based upon regulation violation reports
An administrator wants to perform Activity Monitoring on a large group of virtual machines in an NSX environment. How would this task be accomplished with minimal administrative effort?
Add the virtual machines to the pre-defined Activity Monitoring security group in Service Composer.
What two statements correctly describe the way NSX provides integration with Cloud Management Platforms (CMPs)? (Choose two.)
OpenStack provides integration with the Neutron plug-in.
VMware provides out of the box integration with their own CMP products such as vCloud Director and vRealize Automation.
A vSphere administrator wants to add a VLAN LIF to a Distributed Router. What must the vSphere administrator do for the VLAN LIF to be added successfully?
The vSphere administrator must assign a VLAN number to the distributed portgroup that the VLAN LIF connects to.
An administrator wishes to control traffic flow between two virtual machines. The virtual machines are in the same subnet, but are located on separate ESXi hosts. The administrator deploys an Edge Firewall to one of the hosts and verifies the default firewall rule is set to deny, but the two virtual machines can still communicate with each other. What task will correct this issue?
Deploy a Distributed Firewall with firewall rules to prevent traffic between the virtual machines.
An administrator has recently deployed NSX, but is still using a pair of physical network security devices. The administrator wants to use the physical security devices to filter virtual machine traffic hosted in the overlay network. Which NSX component will provide the connectivity between the overlay and the physical network?
Which two options are valid SpoofGuard operational modes? (Choose two.)
Automatically Trust IP Assignments on Their First Use
Manually Inspect and Approve All IP Assignments Before Use
Which is not a valid Destination option for a General Logical Firewall rule?
Where is the layer 2 bridge instance deployed when configuring a bridge connection between a logical switch and a VLAN?
On the ESXi host running the logical router
Which service cannot be included in a Security Policy using Service Composer?
Virtual Private Network Services
What are two valid methods of configuring virtual machines to use a vSphere Distributed Switch (vDS) that are currently using a vSphere Standard Switch (vSS)? (Choose two.)
Select each virtual machine and edit the virtual network adapter's connection settings.
Use the Migrate Virtual Machine Networking option from the right-click menu of the vDS.
What is the earliest version of vCloud Network and Security (vCNS) that can be upgraded to VMware NSX for vSphere 6.0?
Based on VMware's best practices, what two statements define the best solution for scaling layer 2 services for the virtual network? (Choose two.)
Employ a layer 3 switched network.
Use VXLAN for an overlay network.
What is the most restrictive NSX role that can be used to create and publish security policies and install virtual appliances?
Which two statements are true regarding NSX? (Choose two.)
Workloads can be placed and moved independently of physical topology.
Workload deployments are non-disruptive over the existing physical network.
A new ESXi 5.5 host is deployed in a vSphere environment with VMware NSX for vSphere. How can the host be prepared for VMware NSX for vSphere?
By using Image Builder to pre-load the NSX for vSphere VIBs in the ESXi image in an Auto Deploy solution.
You have deployed a two-tiered application using four virtual machines: · Two virtual machines are web application servers · Two virtual machines providing a clustered database service What feature can you configure to provide the most accurate account for only the traffic between the web servers and the clustered database?
On the vSphere Distributed Switch, configure Netflow for the distributed virtual port group and enable Process internal flows only for the distributed switch.
Which statement is true regarding an NSX Edge gateway device configured with a DNS Server?
The NSX Edge will forward all DNS requests from virtual machines sent to it to the DNS Server.