NEW QUESTION 1
Which two ports are used by a transport node to communicate with the management and control planes in NSX-T Data Center 3.0? (Choose two.)

• A. 5685
• B. 1235
• C. 5671
• D. 5678
• E. 1234

Answer: BE

Explanation:
The NSX Manager management plane communicates with the transport nodes by using APH Server over NSX-RPC/TCP through port 1234. CCP communicates with the transport nodes by using APH Server over NSX-RPC/TCP through port 1235. Taken from NSX-T ICM 3.0 Lecture manual

NEW QUESTION 2
What are two types of supported IPSec VPNs in NSX-T Data Center? (Choose two.)

• A. policy-based IPSec VPN
• B. Layer-7 based IPSec VPN
• C. route-based IPSec VPN
• D. Open source based IPSec VPN
• E. SSL based IPSec VPN

Answer: AC

NEW QUESTION 3
Which two choices are use cases for Distributed Intrusion Detection? (Choose two.)

• A. Identify security vulnerabilities in the workloads.
• B. Use agentless antivirus with Guest Introspection.
• C. Quarantine workloads based on vulnerabilities.
• D. Identify risk and reputation of accessed websites.
• E. Gain insight about micro-segmentation traffic flows.

Answer: AC

NEW QUESTION 4
A company is deploying a NSX-T Data Center micro-segmentation in their vSphere environment to secure a simple application composed of web, app, and database tiers.
The naming convention will be:
WKS-WEB-SRV-XXX
WKY-APP-SRR-XXX
WKI-DB-SRR-XXX
What is the optimal way to group them in order to enforce security policies from NSX-T Data Center?

• A. Create an Ethernet based security policy.
• B. Group all by means of tags membership.
• C. Use Edge as a firewall between tiers.
• D. Do a service insertion to accomplish the task.

Answer: B

NEW QUESTION 5
Which three services are compatible with VRF Lite? (Choose three.)

• A. VPN
• B. Intrusion Detection
• C. NAT
• D. Load Balancer
• E. DHCP

Answer: BCE

Explanation:
VRF Lite is not compatible with the following services:
-VPN
-Load Balancer
Taken from NSX-T ICM 3.0 Lecture Manual.

NEW QUESTION 6
A security administrator needs to configure a firewall rule based on the domain name of a specific application. Which field in a distributed firewall rule does the administrator configure?

• A. Profile
• B. Source
• C. Service
• D. Policy

Answer: A

NEW QUESTION 7
A DevOps user has deployed a Kubernetes Pod in vSphere. What does the term ClusterIP represent within NSX-T?

• A. Deployment of T1 with NLB service.
• B. Deployment of Distributed Router.
• C. Deployment of Distributed Load Balancing service.
• D. Deployment of T0 and T1

Answer: C

NEW QUESTION 8
Which two statements are true about the implementation of multicast in NSX-T Data Center? (Choose two.)

• A. Multicast routing is implemented with PIM Sparse-Mode.
• B. IGMP Snooping is used to populate multicast forwarding tables.
• C. Tier-0 gateways can be the Rendezvous Point.
• D. Multicast is supported in ESXi and KVM transport nodes.
• E. An Edge can be the Rendezvous Point.

Answer: AB

Explanation:
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/nsxt_30_admin.pdf

NEW QUESTION 9
Which Network and Security virtualization solution provides network hybridity and mobility?

• A. VMware HCX
• B. VMware Tanzu Service Mesh
• C. NSX Advanced Load Balancer
• D. NSX Intelligence

Answer: A

NEW QUESTION 10
What needs to be configured on a Tier-0 Gateway to make NSX Edge Services available to a VM on a VLAN- backed logical switch?

• A. Service interface
• B. Loopback Router Port
• C. Downlink interface
• D. VLAN Uplink

Answer: A

Explanation:
"The service interface is a special-purpose port to enable services for mainly VLAN-based networks.
North-south service insertion is another use case that requires a service interface to connect a partner appliance and redirect north-south traffic for partner services. Service interfaces are supported on both active-standby Tier-0 logical routers and Tier-1 routers. Firewall, NAT, and VPNs are supported on this interface. The service interface is also a downlink"

NEW QUESTION 11
Which two commands does an NSX administrator use to check the IP address of the VMkernel port for the GENEVE protocol on the ESXi transport node? (Choose two.)

• A. esxcfg-nics -1
• B. net-dvs
• C. esxcli network nic list
• D. esxcfg-vmknic -1
• E. esxcli network ip interface ipv4 get

Answer: DE

NEW QUESTION 12
What is the most restrictive NSX-T built-in role which will allow a user to apply configuration changes on a NSX Edge?

• A. Cloud Service Administrator
• B. Network Engineer
• C. Network Operator
• D. NSX Administrator

Answer: B

NEW QUESTION 13
Which three teaming policy modes are supported by NSX-T Data Center? (Choose three.)

• A. Destination MAC
• B. Load Balanced Source IP
• C. Failover Order
• D. Destination Port
• E. Load Balanced Source MAC
• F. Load Balanced Source

Answer: CEF

NEW QUESTION 14
An NSX administrator is creating a NAT rule on a Tier-0 Gateway configured in active-standby high availability mode.
Which two NAT rule types are supported for this configuration? (Choose two.)

• A. Port NAT
• B. Source NAT
• C. Destination NAT
• D. 1:1 NAT
• E. Reflexive NAT

Answer: BC

NEW QUESTION 15
In a NSX-T Data Center environment, an administrator is observing low throughput and congestion between the Tier-0 Gateway and the upstream physical routers.
Which two actions could address low throughput and congestion? (Choose two.)

• A. Deploy Large size Edge node/s.
• B. Configure ECMP on the Tier-0 gateway.
• C. Configure NAT on the Tier-0 gateway.
• D. Add an additional vNIC to the NSX Edge node.
• E. Configure a Tier-1 gateway and connect it directly to the physical routers.

Answer: AB

NEW QUESTION 16
An NSX administrator would like to configure syslog for a KVM transport node. Which host log files could be exported to a remote syslog server?

• A. /var/log/vmware/nsx-syslog
• B. /var/log/cfgAgent.log
• C. /var/log/nsx-audit.log
• D. /var/log/cloudnet/nsx-ccp.log

Answer: A

NEW QUESTION 17
Which three steps are required to create an IPsec VPN tunnel? (Choose three.)

• A. Create an IPsec service.
• B. Add a local endpoint.
• C. Configure an IPsec session.
• D. Configure a distributed firewall policy.
• E. Add a logical switch.

Answer: ABC

NEW QUESTION 18
An administrator has a requirement to have consistent policy configuration and enforcement across NSXT instances. What feature of NSX-T Data Center fulfills this requirement?

• A. Load balancer
• B. Policy-driven configuration
• C. Multi-hypervisor support
• D. Federation

Answer: B

NEW QUESTION 19
......