Practice Free 2V0-41.23 Exam Online Questions
Question #1
Which VMware GUI tool is used to identify problems in a physical network?
- A . VMware Aria Automation
- B . VMware Aria Orchestrator
- C . VMware Site Recovery Manager
- D . VMware Aria Operations Networks
Correct Answer: D
D
Explanation:
According to the web search results, VMware Aria Operations Networks (formerly vRealize Network Insight) is a network monitoring tool that can help monitor, discover and analyze networks and applications across clouds1. It can also provide enhanced troubleshooting and visibility for physical and virtual networks2.
The other options are either incorrect or not relevant for identifying problems in a physical network. VMware Aria Automation is a cloud automation platform that can help automate the delivery of IT services. VMware Aria Orchestrator is a cloud orchestration tool that can help automate workflows and integrate with other systems. VMware Site Recovery Manager is a disaster recovery solution that can help protect and recover virtual machines from site failures.
D
Explanation:
According to the web search results, VMware Aria Operations Networks (formerly vRealize Network Insight) is a network monitoring tool that can help monitor, discover and analyze networks and applications across clouds1. It can also provide enhanced troubleshooting and visibility for physical and virtual networks2.
The other options are either incorrect or not relevant for identifying problems in a physical network. VMware Aria Automation is a cloud automation platform that can help automate the delivery of IT services. VMware Aria Orchestrator is a cloud orchestration tool that can help automate workflows and integrate with other systems. VMware Site Recovery Manager is a disaster recovery solution that can help protect and recover virtual machines from site failures.
Question #2
What are four NSX built-in rote-based access control (RBAC) roles? (Choose four.)
- A . Network Admin
- B . Enterprise Admin
- C . Full Access
- D . Read
- E . LB Operator
- F . None
- G . Auditor
Correct Answer: ABEG
ABEG
Explanation:
https://docs.vmware.com/en/VMware-NSX/4.1/administration/GUID-26C44DE8-1854-4B06-B6DA-A2FD426CDF44.html
ABEG
Explanation:
https://docs.vmware.com/en/VMware-NSX/4.1/administration/GUID-26C44DE8-1854-4B06-B6DA-A2FD426CDF44.html
Question #3
Which of the following exist only on Tler-1 Gateway firewall configurations and not on Tier-0?
- A . Applied To
- B . Actions
- C . Profiles
- D . Sources
Correct Answer: C
Question #4
Which three data collection sources are used by NSX Network Detection and Response to create correlations/Intrusion campaigns? (Choose three.)
- A . Files and anti-malware (lie events from the NSX Edge nodes and the Security Analyzer
- B . East-West anti-malware events from the ESXi hosts
- C . Distributed Firewall flow data from the ESXi hosts
- D . IDS/IPS events from the ESXi hosts and NSX Edge nodes
- E . Suspicious Traffic Detection events from NSX Intelligence
Correct Answer: ADE
ADE
Explanation:
The correct answers are A. Files and anti-malware (file) events from the NSX Edge nodes and the Security Analyzer, D. IDS/IPS events from the ESXi hosts and NSX Edge nodes, and E. Suspicious Traffic Detection events from NSX Intelligence. According to the VMware NSX Documentation3, these are the three data collection sources that are used by NSX Network Detection and Response to create correlations/intrusion campaigns.
The other options are incorrect or not supported by NSX Network Detection and Response. East-West anti-malware events from the ESXi hosts are not collected by NSX Network Detection and Response3. Distributed Firewall flow data from the ESXi hosts are not used for correlation/intrusion campaigns by NSX Network Detection and Response3.
ADE
Explanation:
The correct answers are A. Files and anti-malware (file) events from the NSX Edge nodes and the Security Analyzer, D. IDS/IPS events from the ESXi hosts and NSX Edge nodes, and E. Suspicious Traffic Detection events from NSX Intelligence. According to the VMware NSX Documentation3, these are the three data collection sources that are used by NSX Network Detection and Response to create correlations/intrusion campaigns.
The other options are incorrect or not supported by NSX Network Detection and Response. East-West anti-malware events from the ESXi hosts are not collected by NSX Network Detection and Response3. Distributed Firewall flow data from the ESXi hosts are not used for correlation/intrusion campaigns by NSX Network Detection and Response3.
Question #5
Which VPN type must be configured before enabling a L2VPN?
- A . Route-based IPSec VPN
- B . Policy based IPSec VPN
- C . SSL-bosed IPSec VPN
- D . Port-based IPSec VPN
Correct Answer: A
A
Explanation:
According to the VMware NSX Documentation, this VPN type must be configured before enabling a L2VPN. L2VPN stands for Layer 2 VPN and is a feature that allows you to extend your layer 2 network across different sites using an IPSec tunnel. Route-based IPSec VPN is a VPN type that uses logical router ports to establish IPSec tunnels between sites. https://docs.vmware.com/en/VMware-NSX/4.1/administration/GUID-86C8D6BB-F185-46DC-828C-1E1876B854E8.html
A
Explanation:
According to the VMware NSX Documentation, this VPN type must be configured before enabling a L2VPN. L2VPN stands for Layer 2 VPN and is a feature that allows you to extend your layer 2 network across different sites using an IPSec tunnel. Route-based IPSec VPN is a VPN type that uses logical router ports to establish IPSec tunnels between sites. https://docs.vmware.com/en/VMware-NSX/4.1/administration/GUID-86C8D6BB-F185-46DC-828C-1E1876B854E8.html
Question #6
Which Is the only supported mode In NSX Global Manager when using Federation?
- A . Controller
- B . Policy
- C . Proxy
- D . Proton
Correct Answer: B
B
Explanation:
NSX Global Manager is a feature of NSX that allows managing multiple NSX domains across different sites or clouds from a single pane of glass. NSX Global Manager supports Federation, which is a capability that enables synchronizing configuration and policy across multiple NSX domains. Federation has many benefits such as simplifying operations, improving resiliency, and enabling disaster recovery.
The only supported mode in NSX Global Manager when using Federation is Policy mode. Policy mode means that NSX Global Manager acts as a policy manager that defines and distributes global policies to local NSX managers in different domains. Policy mode also allows local NSX managers to have their own local policies that can override or merge with global policies. https://docs.vmware.com/en/VMware-NSX/4.0/administration/GUID-29998FC5-C1AB-40BC-B669-6E8E9937F345.html
B
Explanation:
NSX Global Manager is a feature of NSX that allows managing multiple NSX domains across different sites or clouds from a single pane of glass. NSX Global Manager supports Federation, which is a capability that enables synchronizing configuration and policy across multiple NSX domains. Federation has many benefits such as simplifying operations, improving resiliency, and enabling disaster recovery.
The only supported mode in NSX Global Manager when using Federation is Policy mode. Policy mode means that NSX Global Manager acts as a policy manager that defines and distributes global policies to local NSX managers in different domains. Policy mode also allows local NSX managers to have their own local policies that can override or merge with global policies. https://docs.vmware.com/en/VMware-NSX/4.0/administration/GUID-29998FC5-C1AB-40BC-B669-6E8E9937F345.html
Question #7
Which is an advantages of a L2 VPN In an NSX 4.x environment?
- A . Enables Multi-Cloud solutions
- B . Achieve better performance
- C . Enables VM mobility with re-IP
- D . Use the same broadcast domain
Correct Answer: D
D
Explanation:
L2 VPN is a feature of NSX that allows extending Layer 2 networks across different sites or clouds over an IPsec tunnel. L2 VPN has an advantage of enabling VM mobility with re-IP, which means that VMs can be moved from one site to another without changing their IP addresses or network configurations. This is possible because L2 VPN allows both sites to use the same broadcast domain, which means that they share the same subnet and VLAN.
D
Explanation:
L2 VPN is a feature of NSX that allows extending Layer 2 networks across different sites or clouds over an IPsec tunnel. L2 VPN has an advantage of enabling VM mobility with re-IP, which means that VMs can be moved from one site to another without changing their IP addresses or network configurations. This is possible because L2 VPN allows both sites to use the same broadcast domain, which means that they share the same subnet and VLAN.
Question #8
An NSX administrator wants to create a Tler-0 Gateway to support equal cost multi-path (ECMP) routing.
Which failover detection protocol must be used to meet this requirement?
- A . Bidirectional Forwarding Detection (BFD)
- B . Virtual Router Redundancy Protocol (VRRP)
- C . Beacon Probing (BP)
- D . Host Standby Router Protocol (HSRP)
Correct Answer: A
A
Explanation:
According to the VMware NSX 4.x Professional documents and tutorials, BFD is a failover detection protocol that provides fast and reliable detection of link failures between two routing devices. BFD can be used with ECMP routing to monitor the health of the ECMP paths and trigger a route change in case of a failure12. BFD is supported by both BGP and OSPF routing protocols in NSX-T3. BFD can also be configured with different timers to achieve different detection times3.
A
Explanation:
According to the VMware NSX 4.x Professional documents and tutorials, BFD is a failover detection protocol that provides fast and reliable detection of link failures between two routing devices. BFD can be used with ECMP routing to monitor the health of the ECMP paths and trigger a route change in case of a failure12. BFD is supported by both BGP and OSPF routing protocols in NSX-T3. BFD can also be configured with different timers to achieve different detection times3.
Question #9
A security administrator needs to configure a firewall rule based on the domain name of a specific application.
Which field in a distributed firewall rule does the administrator configure?
- A . Profile
- B . Service
- C . Policy
- D . Source
Correct Answer: A
A
Explanation:
To configure a firewall rule based on the domain name of a specific application, the administrator needs to use the Profile field in a distributed firewall rule. The Profile field allows the administrator to select a context profile that contains one or more attributes for filtering traffic. One of the attributes that can be used is Domain (FQDN) Name, which specifies the fully qualified domain name of the application. For example, if the administrator wants to filter traffic to *.office365.com, they can create a context profile with the Domain (FQDN) Name attribute set to *.office365.com and use it in the Profile field of the firewall rule.
References:
Filtering Specific Domains (FQDN/URLs)
FQDN Filtering
A
Explanation:
To configure a firewall rule based on the domain name of a specific application, the administrator needs to use the Profile field in a distributed firewall rule. The Profile field allows the administrator to select a context profile that contains one or more attributes for filtering traffic. One of the attributes that can be used is Domain (FQDN) Name, which specifies the fully qualified domain name of the application. For example, if the administrator wants to filter traffic to *.office365.com, they can create a context profile with the Domain (FQDN) Name attribute set to *.office365.com and use it in the Profile field of the firewall rule.
References:
Filtering Specific Domains (FQDN/URLs)
FQDN Filtering
Question #10
Which three selections are capabilities of Network Topology? (Choose three.)
- A . Display how the different NSX components are interconnected.
- B . Display the uplink configured on the Tier-0 Gateways.
- C . Display how the Physical components ate interconnected.
- D . Display the VMs connected to Segments.
- E . Display the uplinks configured on the Tier-1 Gateways.
Correct Answer: ABD
ABD
Explanation:
According to the VMware NSX Documentation, these are three of the capabilities of Network Topology, which is a graphical representation of your network infrastructure in NSX:
Display how the different NSX components are interconnected: You can use Network Topology to view how your segments, gateways, routers, firewalls, load balancers, VPNs, and other NSX components are connected and configured in your network.
Display the uplink configured on the Tier-0 Gateways: You can use Network Topology to view the uplink interface and segment that connect your tier-0 gateways to your physical network. You can also view the VLAN ID and IP address of the uplink interface.
Display the VMs connected to Segments: You can use Network Topology to view the VMs that are attached to your segments. You can also view the IP address and MAC address of each VM. https://docs.vmware.com/en/VMware-NSX/4.0/administration/GUID-A75B2553-7595-40B9-A902-854941BB06FD.html
ABD
Explanation:
According to the VMware NSX Documentation, these are three of the capabilities of Network Topology, which is a graphical representation of your network infrastructure in NSX:
Display how the different NSX components are interconnected: You can use Network Topology to view how your segments, gateways, routers, firewalls, load balancers, VPNs, and other NSX components are connected and configured in your network.
Display the uplink configured on the Tier-0 Gateways: You can use Network Topology to view the uplink interface and segment that connect your tier-0 gateways to your physical network. You can also view the VLAN ID and IP address of the uplink interface.
Display the VMs connected to Segments: You can use Network Topology to view the VMs that are attached to your segments. You can also view the IP address and MAC address of each VM. https://docs.vmware.com/en/VMware-NSX/4.0/administration/GUID-A75B2553-7595-40B9-A902-854941BB06FD.html