What is the VMware recommended way to deploy a virtual NSX Edge Node?
B
Explanation:
VMware recommends deploying a virtual NSX Edge Node using an ISO in either automated or
interactive mode. This method provides flexibility and ensures that the NSX Edge node is deployed
properly with all the necessary configurations. Using an ISO allows for a more streamlined and
controlled deployment process, especially in larger environments.
Which three selections are capabilities of Network Topology? (Choose three.)
A, B, C
Explanation:
Display how the different NSX components are interconnected.
Network Topology in NSX provides a visual representation of how different NSX components (like
Edge nodes, Logical Routers, and other NSX components) are interconnected.
Display the VMs connected to Segments.
It also allows you to see which VMs are connected to specific segments (logical switches).
Display how the Physical components are interconnected.
The Network Topology view includes information about how physical network components are
connected, providing a comprehensive overview of both the virtual and physical networking
infrastructure.
An NSX administrator has deployed a single NSX Manager node and will be adding two additional
nodes to form a 3-node NSX Management Cluster for a production environment. The administrator
will deploy these two additional nodes and Cluster VIP using the NSX UI.
What two are the prerequisites for this configuration? (Choose two.)
B, D
Explanation:
For a 3-node NSX Manager cluster, all nodes must be within the same subnet to ensure proper
communication and functionality between them.
A compute manager must be configured before adding nodes to the cluster, as it provides the
necessary integration between the NSX Manager and the underlying virtualization infrastructure
(such as vSphere or vCenter).
Which two commands does an NSX administrator use to check the IP address of the VMkernel port
for the Geneve protocol on the ESXi transport node? (Choose two.)
C
Explanation:
The esxcli network ip interface ipv4 get command is used to display the IP address configuration of
the VMkernel network interfaces, including those used for the Geneve protocol.
The esxcfg-vmknic -l command lists all VMkernel network interfaces, including their IP addresses,
which can help identify the VMkernel port for the Geneve protocol.
Which two are supported by L2 VPN clients? (Choose two.)
B, D
Explanation:
The NSX Edge supports L2 VPN (Layer 2 VPN) functionality, which allows it to connect different Layer
2 networks over an IP transport.
Third-party hardware VPN devices can also be used as L2 VPN clients, providing connectivity
between different Layer 2 networks through an external device.
As part of an organization’s IT security compliance requirement, NSX Manager must be configured
for 2FA (two-factor authentication).
What should an NSX administrator have ready before the integration can be configured?
B
Explanation:
To enable two-factor authentication (2FA) for NSX Manager, VMware Identity Manager must be
configured and integrated with NSX. The NSX Manager should be added as a web application in
VMware Identity Manager, which will allow 2FA to be applied during the authentication process.
VMware Identity Manager supports 2FA methods, including integration with external identity
providers, and it can manage access to NSX with additional security layers.
What should an NSX administrator check to verify that VMware Identity Manager integration is
successful?
B
Explanation:
To verify that VMware Identity Manager integration is successful with NSX, the administrator should
check the NSX UI for the integration status. If it is configured correctly, the status should be marked
as "Enabled," indicating that the integration is active and functioning.
An administrator has been tasked with implementing the SSL certificates for the NSX Manager
Cluster VIP.
Which is the correct way to implement this change?
D
Explanation:
To implement SSL certificates for the NSX Manager Cluster VIP, the correct method is to SSH into the
NSX Manager (using the Cluster VIP IP) and run the nsxcli cluster certificate vip install <certificate_id>
command. This command installs the SSL certificate for the VIP, ensuring that the cluster's SSL
certificate is properly configured for secure communications.
An administrator wants to validate the BGP connection status between the Tier-0 Gateway and the
upstream physical router.
What sequence of commands could be used to check this status on NSX Edge node?
A.
- enable <LR-D>
- get vrf <ID>
- show bgp neighbor
B.
- get gateways
- vrf <number>
- get bgp neighbor
C.
- set vrf <ID>
- show logical-routers
- show <LR-D> bgp
D.
- show logical-routers
- get vrf
- show ip route bgp
A
Explanation:
To validate the BGP connection status between the Tier-0 Gateway and the upstream physical router
on an NSX Edge node, the correct sequence involves enabling the specific logical router (Tier-0
Gateway), checking the VRF (Virtual Routing and Forwarding) context, and then using the show bgp
neighbor command to view the BGP session status.
enable <LR-D>: This command enables the logical router interface (Tier-0 Gateway) to access its
configuration.
get vrf <ID>: This command checks the specific VRF (used for routing separation) to see the
associated routing table.
show bgp neighbor: This command displays the status of the BGP connection, including details about
the neighbor relationships and their state.
What is VMware’s recommendation for the minimum MTU requirements when planning an NSX
deployment?
A
Explanation:
VMware recommends setting the MTU (Maximum Transmission Unit) to 1700 or greater for NSX
deployments. This is to ensure that the VXLAN encapsulation, which adds overhead to the original
Ethernet frame, can be accommodated without fragmentation. This MTU requirement includes the
entire data center network, including inter-data center connections, to ensure consistent
communication across all network components involved in the NSX deployment.
In which VPN type are the Virtual Tunnel interfaces (VTI) used?
D
Explanation:
Virtual Tunnel Interfaces (VTI) are used in route-based VPNs. In this type of VPN, the tunnel is treated
like a regular interface on the router. This allows for the configuration of routing protocols and the
application of routing decisions to the traffic flowing through the VPN tunnel. VTIs simplify the
management of routing and make it more flexible in VPN scenarios.
In an NSX environment, an administrator is observing low throughput and congestion between the
Tier-0 Gateway and the upstream physical routers.
Which two actions could address low throughput and congestion? (Choose two.)
A, C
Explanation:
Configure ECMP on the Tier-0 gateway: ECMP (Equal-Cost Multi-Path) allows multiple paths for traffic
between the Tier-0 Gateway and the upstream physical routers, effectively distributing the traffic
load and improving throughput. By enabling ECMP, you can reduce congestion and increase
bandwidth utilization, thus addressing performance issues.
Deploy Large size Edge node/s: Deploying larger Edge nodes can provide more resources (CPU,
memory, and network interfaces) to handle higher throughput and reduce congestion. This is
especially important if the existing Edge node is overwhelmed by the amount of traffic.
A company security policy requires all users to log into applications using a centralized
authentication system.
Which two authentication, authorization, and accounting (AAA) systems are available when
integrating NSX with VMware Identity Manager? (Choose two.)
A, D
Explanation:
RSA SecureID: RSA SecureID is a commonly used two-factor authentication (2FA) system that can
integrate with VMware Identity Manager for enhanced security during authentication, making it a
suitable AAA system for user authentication.
LDAP and OpenLDAP based on Active Directory (AD): VMware Identity Manager can integrate with
LDAP and OpenLDAP directories, including Active Directory (AD), for centralized user authentication.
This allows users to authenticate against an organization's directory service.
An NSX administrator would like to export syslog events that capture messages related to NSX host
preparation events.
Which message ID (msgid) should be used in the syslog export configuration command as a filter?
A
Explanation:
In NSX, the FABRIC message ID is used to capture and export syslog events related to host
preparation and other fabric-related activities. These events are important for tracking and
troubleshooting the setup and configuration of NSX components across the fabric, including host
preparation events.
An NSX administrator wants to create a Tier-0 Gateway to support equal cost multi-path (ECMP)
routing.
Which failover detection protocol must be used to meet this requirement?
D
Explanation:
To support Equal-Cost Multi-Path (ECMP) routing in an NSX environment, Bidirectional Forwarding
Detection (BFD) must be used for failover detection. BFD is a rapid failure detection protocol that
works with ECMP to provide fast failure detection between routers. It helps in detecting link failures
more quickly than traditional protocols, ensuring that traffic is routed through available paths as
quickly as possible.