Free 2V0-41.23 Sample Questions — VMware NSX 4.x Professional

What needs to be configured on a Tier-0 Gateway to make NSX Edge Services available to a VM on a VLAN-backed logical switch?

• A. Loopback Router Port
• B. VLAN Uplink
• C. Service interface
• D. Downlink interface

In an NSX environment, an administrator is observing low throughput and congestion between the Tier-0 Gateway and the upstream physical routers. Which two actions could address low throughput and congestion? (Choose two.)

• A. Add an additional vNIC to the NSX Edge node
• B. Configure NAT on the Tier-0 gateway
• C. Configure ECMP on the Tier-0 gateway
• D. Configure a Tier-1 gateway and connect it directly to the physical routers
• E. Deploy Large size Edge node/s

Which command is used to display the network configuration of the Tunnel Endpoint (TEP) IP on a bare metal transport node?

• A. tcpdump
• B. ifconfig
• C. tcpconfig
• D. debug

Which troubleshooting step will resolve an error with code 1001 during the configuration of a time-based firewall rule?

• A. Changing the time zone on the ESXi host
• B. Re-installing the NSX VIBs on the ESXi host
• C. Restarting the NTPservice on the ESXi host
• D. Reconfiguring the ESXi host with a local NTP server

Which three DHCP Services are supported by NSX? (Choose three.)

• A. Port DHCP per VNF
• B. Segment DHCP
• C. Gateway DHCP
• D. VRF DHCP Server
• E. DHCP Relay

An NSX administrator has deployed a single NSX Manager node and will be adding two additional nodes to form a 3-node NSX Management Cluster for a production environment. The administrator will deploy these two additional nodes and Cluster VIP using the NSX UI. What two are the prerequisites for this configuration? (Choose two.)

• A. The cluster configuration must be completed using API
• B. All nodes must be in separate subnets
• C. All nodes must be in the same subnet
• D. compute manager must be configured
• E. NSX Manager must reside on a Windows Server

When a stateful service is enabled for the first time on a Tier-0 Gateway, what happens on the NSX Edge node?

• A. SR and DR is instantiated but requires manual connection
• B. SR is instantiated and automatically connected with DR
• C. DR is instantiated and automatically connected with SR
• D. SR and DR doesn't need to be connected to provide any stateful services

What must be configured on Transport Nodes for encapsulation and decapsulation of Geneve protocol?

• A. STT
• B. TEP
• C. UDP
• D. VXLAN

A company security policy requires all users to log into applications using a centralized authentication system. Which two authentication, authorization, and accounting (AAA) systems are available when integrating NSX with VMware Identity Manager? (Choose two.)

• A. LDAP and OpenLDAP based on Active Directory (AD)
• B. RSA SecureID
• C. Keygen Enterprise
• D. SecureDAP
• E. RADII 2.0

Which two steps must an NSX administrator take to integrate VMware Identity Manager in NSX to support role-based access control? (Choose two.)

• A. Create a SAML authentication in VMware Identity Manager using the NSX Manager FQDN
• B. Enter the Identity Provider (IdP) metadata URL in NSX Manager
• C. Create an OAuth 2.0 client in VMware Identity Manager
• D. Add NSX Manager as a Service Provider (SP) in VMware Identity Manager
• E. Enter the service URL, Client Secret, and SSL thumbprint in NSX Manager

What can the administrator use to identify overlay segments in an NSX environment if troubleshooting is required?

• A. VNI ID
• B. VLAN ID
• C. Segment ID
• D. Geneve ID

Which two of the following will be used for ingress traffic on the Edge node supporting a Single Tier topology? (Choose two.)

• A. Inter-Tier interface on the Tier-0 gateway
• B. Tier-0 Uplink interface
• C. Downlink Interface for the Tier-0 DR
• D. Tier-1 SR Router Port
• E. Downlink Interface for the Tier-1 DR

Which two of the following features are supported for the Standard NSX Application Platform Deployment? (Choose two.)

• A. NSX Network Detection and Response
• B. NSX Intelligence
• C. NSX Malware Prevention Metrics
• D. NSX Intrinsic Security
• E. NSX Intrusion Detection and Prevention

The security administrator turns on logging for a firewall rule. Where is the log stored on an ESXi transport node?

• A. /var/log/fw.log
• B. /var/log/messages.log
• C. /var/log/dfwpktlogs.log
• D. /var/log/vmware/nsx/firewall.log

Which of the two following characteristics about NAT64 are true? (Choose two.)

• A. NAT64 is stateless and requires gateways to be deployed in active-standby mode
• B. NAT64 is supported on Tier-1 gateways only
• C. NAT64 is supported on Tier-0 and Tier-1 gateways
• D. NAT64 requires the Tier-1 gateway to be configured in active-standby mode
• E. NAT64 requires the Tier-1 gateway to be configured in active-active mode

Which two of the following are used to configure Distributed Firewall on VDS? (Choose two.)

• A. vCenter API
• B. NSX UI
• C. NSX CLI
• D. vSphere API
• E. NSX API

How does the Traceflow tool identify issues in a network?

• A. Compares intended network state in the control plane with Tunnel End Point (TEP) keepalives in the data plane
• B. Injects ICMP traffic into the data plane and observes the results in the control plane
• C. Compares the management plane configuration states containing control plane traffic and error reporting from transport node agents
• D. Injects synthetic traffic into the data plane and observes the results in the control plane

Which choice is a valid insertion point for North-South network introspection?

• A. Tier-0 gateway
• B. Host Physical NIC
• C. Guest VM vNIC
• D. Partner SVM

In which VPN type are the Virtual Tunnel interfaces (VTI) used?

• A. Policy & Route based VPNs
• B. Route & SSL based VPNs
• C. SSL-based VPN
• D. Route-based VPN

An administrator has a requirement to have consistent policy configuration and enforcement across NSX instances. What feature of NSX fulfills this requirement?

• A. Federation
• B. Policy-driven configuration
• C. Load balancer
• D. Multi-hypervisor support