VMware 2V0-41.24 Exam Practice Test Instant Access

Question 1

Which two of the following are used to configure Distributed Firewall on VDS? (Choose two.)

AvSphere API

BNSX API

CNSX CU

DvCenter API

ENSX UI

Answer : B, E

According to the VMware NSX Documentation, these are two of the ways that you can use to configure Distributed Firewall on VDS:

NSX API: This is a RESTful API that allows you to programmatically configure and manage Distributed Firewall on VDS using HTTP methods and JSON payloads. You can use tools such as Postman or curl to send API requests to the NSX Manager node.

NSX UI: This is a graphical user interface that allows you to configure and manage Distributed Firewall on VDS using menus, tabs, buttons, and forms. You can access the NSX UI by logging in to the NSX Manager node using a web browser.

https://docs.vmware.com/en/VMware-NSX/4.1/administration/GUID-0DEF9F18-608D-4B5C-9175-5514750E901B.html

Question 2

What are two valid BGP Attributes that can be used to influence the route path traffic will take? (Choose two.)

AAS-Path Prepend

BBFD

CCost

DMED

Answer : A, D

AS-Path Prepend: This attribute allows you to prepend one or more AS numbers to the AS path of a route, making it appear longer and less preferable to other BGP routers. You can use this attribute to manipulate the inbound traffic from your BGP peers by advertising a longer AS path for some routes and a shorter AS path for others.

MED: This attribute stands for Multi-Exit Discriminator and allows you to specify a preference value for a route among multiple exit points from an AS. You can use this attribute to manipulate the outbound traffic to your BGP peers by advertising a lower MED value for some routes and a higher MED value for others.

Question 3

Which of the two following characteristics about NAT64 are true? (Choose two.)

ANAT64 is stateless and requires gateways to be deployed in active-standby mode.

BNAT64 is supported on Tier-1 gateways only.

CNAT64 is supported on Tier-0 and Tier-1 gateways.

DNAT64 requires the Tier-1 gateway to be configured in active-standby mode.

ENAT64 requires the Tier-1 gateway to be configured in active-active mode.

Answer : C, D

https://docs.vmware.com/en/VMware-NSX/4.1/administration/GUID-69604E49-BC8B-4777-BFD8-B98F8D1FF064.html

Question 4

Which two are requirements for FQDN Analysis? (Choose two.)

AThe NSX Edge nodes require access to the Internet to download category and reputation definitions.

BESXi control panel requires access to the Internet to download category and reputation definitions.

CThe NSX Manager requires access to the Internet to download category and reputation definitions.

DA layer 7 gateway firewall rule must be configured on the Tier-1 gateway uplink.

EA layer 7 gateway firewall rule must be configured on the Tier-0 gateway uplink.

Answer : A, D

https://docs.vmware.com/en/VMware-NSX/4.1/administration/GUID-C5CD87FD-8095-49F3-97CE-E606AB89162E.html?hWord=N4IghgNiBcIGYEcAmA7ABGFkCeBnAlriAL5A

Question 5

What are four NSX built-in rote-based access control (RBAC) roles? (Choose four.)

ANetwork Admin

BEnterprise Admin

CFull Access

DRead

ELB Operator

FNone

GAuditor

Answer : A, B, E, G

https://docs.vmware.com/en/VMware-NSX/4.1/administration/GUID-26C44DE8-1854-4B06-B6DA-A2FD426CDF44.html

Question 6

Which of the following exist only on Tler-1 Gateway firewall configurations and not on Tier-0?

AApplied To

BActions

CProfiles

DSources

Answer : C

Question 7

NSX improves the security of today's modern workloads by preventing lateral movement, which feature of NSX can be used to achieve this?

ANetwork Segmentation

BVirtual Security Zones

CEdge Firewalling

DDynamic Routing

Answer : A

According to the web search results, network segmentation is a feature of NSX that improves the security of today's modern workloads by preventing lateral movement. Lateral movement is a technique used by attackers to move from one compromised system to another within a network, exploiting vulnerabilities or credentials . Network segmentation prevents lateral movement by dividing a network into smaller segments or zones, each with its own security policies and controls. This way, if one segment is compromised, the attacker cannot access other segments or resources . NSX enables network segmentation by using micro-segmentation, which applies granular firewall rules at the virtual machine level, regardless of the physical network topology .

VMware 2V0-41.24 VMware NSX 4.X Professional V2 Exam Practice Test