Page: 1
/ 14
Total 16 questions
VMware Advanced Deploy VMware NSX-T Data Center 3.x 3V0-41.22 Exam Practice Test
Question 1
SIMULATION
Task 14
An administrator has seen an abundance of alarms regarding high CPU usage on the NSX Managers. The administrator has successfully cleared these alarms numerous times in the past and is aware of the issue. The administrator feels that the number of alarms being produced for these events is overwhelming the log files.
You need to:
* Review CPU Sensitivity and Threshold values.
Complete the requested task.
Notes: Passwords are contained in the user_readme.txt. This task is not dependent on other tasks. This task should take approximately 5 minutes to complete.
Answer : A
To review CPU sensitivity and threshold values, you need to follow these steps:
Log in to the NSX Manager UI with admin credentials. The default URL is https://<nsx-manager-ip-address>.
Navigate to System > Settings > System Settings > CPU and Memory Thresholds.
You will see the current values for CPU and memory thresholds for NSX Manager, NSX Controller, and NSX Edge. These values determine the percentage of CPU and memory usage that will trigger an alarm on the NSX Manager UI.
You can modify the default threshold values by clicking Edit and entering new values in the text boxes. For example, you can increase the CPU threshold for NSX Manager from 80% to 90% to reduce the number of alarms for high CPU usage. Click Save to apply the changes.
Question 2
SIMULATION
Task 1
You are asked to prepare a VMware NSX-T Data Center ESXi compute cluster Infrastructure. You will prepare two ESXi servers in a cluster for NSX-T overlay and VLAN use.
All configuration should be done using the NSX UI.
* NOTE: The configuration details in this task may not be presented to you in the order in which you must complete them.
* Configure a new Transport Node profile and add one n-VDS switch. Ensure Uplink 1 and Uplink 2 of your configuration use vmnic2 and vmnic3 on the host.
Complete the requested task.
NOTE: Passwords are contained in the user_readme.txt. Configuration details may not be provided in the correct sequential order. Steps to complete this task must be completed in the proper order. Other tasks are dependent on the completion Of this task. You may want to move to other tasks/steps while waiting for configuration changes to be applied. This task should take approximately 20 minutes to complete.
Answer : A
To prepare a VMware NSX-T Data Center ESXi compute cluster infrastructure, you need to follow these steps:
Log in to the NSX Manager UI with admin credentials. The default URL is https://<nsx-manager-ip-address>.
Navigate to System > Fabric > Profiles > Transport Node Profiles and click Add Profile.
Enter a name and an optional description for the transport node profile.
In the Host Switches section, click Set and select N-VDS as the host switch type.
Enter a name for the N-VDS switch and select the mode as Standard or Enhanced Datapath, depending on your requirements.
Select the transport zones that you want to associate with the N-VDS switch. You can select one overlay transport zone and one or more VLAN transport zones.
Select an uplink profile from the drop-down menu or create a custom one by clicking New Uplink Profile.
In the IP Assignment section, select Use IP Pool and choose an existing IP pool from the drop-down menu or create a new one by clicking New IP Pool.
In the Physical NICs section, map the uplinks to the physical NICs on the host. For example, map Uplink 1 to vmnic2 and Uplink 2 to vmnic3.
Click Apply and then click Save to create the transport node profile.
Navigate to System > Fabric > Nodes > Host Transport Nodes and click Add Host Transport Node.
Select vCenter Server as the compute manager and select the cluster that contains the two ESXi servers that you want to prepare for NSX-T overlay and VLAN use.
Select the transport node profile that you created in the previous steps and click Next.
Review the configuration summary and click Finish to start the preparation process.
Question 3
SIMULATION
Task 8
You are tasked With troubleshooting the NSX IPSec VPN service Which has been reported down. Verify the current NSX configuration is deployed and resolve any issues.
You need to:
* Verify the present configuration as provided below:
Complete the requested task.
Notes: Passwords are contained in the user_readme.txt. This task is not dependent on another. This task Should take approximately 15 minutes to complete.
Answer : A
To troubleshoot the NSX IPSec VPN service that has been reported down, you need to follow these steps:
Log in to the NSX Manager UI with admin credentials. The default URL is https://<nsx-manager-ip-address>.
Navigate to Networking > VPN > IPSec VPN and select the IPSec VPN session that is down. You can identify the session by its name, local endpoint, remote endpoint, and status.
Click Show IPSec Statistics and view the details of the IPSec VPN session failure. You can see the error message, the tunnel state, the IKE and ESP status, and the statistics of the traffic sent and received.
Compare the configuration details of the IPSec VPN session with the expected configuration as provided below. Check for any discrepancies or errors in the parameters such as local and remote endpoints, local and remote networks, IKE and ESP profiles, etc.
If you find any configuration errors, click Actions > Edit and modify the parameters accordingly. Click Save to apply the changes.
If you do not find any configuration errors, check the connectivity and firewall rules between the local and remote endpoints. You can use ping or traceroute commands from the NSX Edge CLI to test the connectivity. You can also use show service ipsec command to check the status of IPSec VPN service on the NSX Edge.
If you find any connectivity or firewall issues, resolve them by adjusting the network settings or firewall rules on the NSX Edge or the third-party device.
Question 4
SIMULATION
Task 3
You are asked to deploy a new instance of NSX-T into an environment with two isolated tenants. These tenants each have separate physical data center cores and have standardized on BCP as a routing protocol.
You need to:
Complete the requested task.
Notes: Passwords are Contained in the user_readme.txt. Task 3 is dependent on the Completion Of Task and 2. Other tasks are dependent On the Completion Of this task. Do not wait for configuration changes to be applied in this task as processing may take up to 10 minutes to complete. Check back on completion. This task should take approximately 10 minutes to complete.
Answer : A
To deploy a new instance of NSX-T into an environment with two isolated tenants, you need to follow these steps:
Log in to the NSX Manager UI with admin credentials. The default URL is https://<nsx-manager-ip-address>.
Navigate to System > Fabric > Nodes > Edge Transport Nodes and click Add Edge VM.
Enter a name and an optional description for the edge VM. Select the compute manager, cluster, and resource pool where you want to deploy the edge VM. Click Next.
Select the deployment size and form factor for the edge VM. For this task, you can select Medium as the size and VM as the form factor. Click Next.
Select the datastore and folder where you want to store the edge VM files. Click Next.
Configure the management network settings for the edge VM. Enter a hostname, a management IP address, a default gateway, a DNS server, and a domain search list. Optionally, you can enable SSH and join the edge VM to a domain. Click Next.
Configure the transport network settings for the edge VM. Select an N-VDS as the host switch type and enter a name for it. Select an uplink profile from the drop-down menu or create a new one by clicking New Uplink Profile. Map the uplinks to the physical NICs on the edge VM. For example, map Uplink 1 to fp-eth0 and Uplink 2 to fp-eth1. Optionally, you can configure IP assignment, MTU, or LLDP for the uplinks. Click Next.
Review the configuration summary and click Finish to deploy the edge VM.
Repeat steps 2 to 8 to deploy another edge VM for redundancy.
Navigate to Networking > Tier-0 Gateway and click Add Gateway > VRF.
Enter a name and an optional description for the VRF gateway. Select an existing tier-0 gateway as the parent gateway or create a new one by clicking New Tier-0 Gateway.
Click VRF Settings and enter a VRF ID for the tenant. Optionally, you can enable EVPN settings if you want to use EVPN as the control plane protocol for VXLAN overlay networks.
Click Save to create the VRF gateway.
Repeat steps 10 to 13 to create another VRF gateway for the second tenant with a different VRF ID.
Navigate to Networking > Segments and click Add Segment.
Enter a name and an optional description for the segment. Select VLAN as the connectivity option and enter a VLAN ID for the segment. For example, enter 128 for Tenant A's first uplink VLAN segment.
Select an existing transport zone from the drop-down menu or create a new one by clicking New Transport Zone.
Click Save to create the segment.
Repeat steps 15 to 18 to create three more segments for Tenant A's second uplink VLAN segment (VLAN ID 129) and Tenant B's uplink VLAN segments (VLAN ID 158 and 159).
Navigate to Networking > Tier-0 Gateway and select the VRF gateway that you created for Tenant A.
Click Interfaces > Set > Add Interface.
Enter a name and an optional description for the interface.
Enter the IP address and mask for the external interface in CIDR format, such as 10.10.10.1/24.
In Type, select External.
In Connected To (Segment), select the VLAN segment that you created for Tenant A's first uplink VLAN segment (VLAN ID 128).
Select an edge node where you want to attach the interface, such as Edge-01.
Enter the Access VLAN ID from the list as configured for the segment, such as 128.
Click Save and then Close.
Repeat steps 21 to 28 to create another interface for Tenant A's second uplink VLAN segment (VLAN ID 129) on another edge node, such as Edge-02.
Repeat steps 20 to 29 to create two interfaces for Tenant B's uplink VLAN segments (VLAN ID 158 and 159) on each edge node using their respective VRF gateway and IP addresses.
Verify that BGP sessions are established between each VRF gateway and its physical router neighbors using NSX UI or CLI commands . You can also check the routing tables and BGP statistics on each device .
You have successfully deployed a new instance of NSX-T into an environment with two isolated tenants using VRF Lite and BGP.
Question 5
SIMULATION
Task 15
You have been asked to enable logging so that the global operations team can view inv Realize Log Insight that their Service Level Agreements are being met for all network traffic that is going in and out of the NSX environment. This NSX environment is an Active / Active two Data Center design utilizing N-VDS with BCP. You need to ensure successful logging for the production NSX-T environment.
You need to:
Verify via putty with SSH that the administrator can connect to all NSX-Transport Nodes. You will use the credentials identified in Putty (admin).
Verify that there is no current active logging enabled by reviewing that directory is empty -/var/log/syslog-
Enable NSX Manager Cluster logging
Select multiple configuration choices that could be appropriate success criteria
Enable NSX Edge Node logging
Validate logs are generated on each selected appliance by reviewing the "/var/log/syslog''
Complete the requested task.
Notes: Passwords are contained in the user _ readme.txt. complete.
These task steps are dependent on one another. This task should take approximately 10 minutes to complete.
Answer : A
To enable logging for the production NSX-T environment, you need to follow these steps:
Verify via putty with SSH that the administrator can connect to all NSX-Transport Nodes. You can use the credentials identified in Putty (admin) to log in to each transport node. For example, you can use the following command to connect to the sfo01w01en01 edge transport node: ssh admin@sfo01w01en01. You should see a welcome message and a prompt to enter commands.
Verify that there is no current active logging enabled by reviewing that directory is empty -/var/log/syslog-. You can use the ls command to list the files in the /var/log/syslog directory. For example, you can use the following command to check the sfo01w01en01 edge transport node: ls /var/log/syslog. You should see an empty output if there is no active logging enabled.
Navigate to System > Fabric > Profiles > Node Profiles then select All NSX Nodes then under Syslog Servers click +ADD
Enter the IP or FQDN of the syslog server, the Port and Protocol and the desired Log Level then click ADD
Select multiple configuration choices that could be appropriate success criteri
a. You can use the search_web('NSX-T logging success criteria') tool to find some information on how to verify and troubleshoot logging for NSX-T. Some of the possible success criteria are:
The syslog server receives log messages from all NSX nodes
The log messages contain relevant information such as timestamp, hostname, facility, severity, message ID, and message content
The log messages are formatted and filtered according to the configured settings
The log messages are encrypted and authenticated if using secure protocols such as TLS or LI-TLS
Run the following command to configure a log server and the types of messages to send to the log server. Multiple facilities or message IDs can be specified as a comma delimited list, without spaces.
set logging-server <hostname-or-ip-address [:port]> proto
Validate logs are generated on each selected appliance by reviewing the '/var/log/syslog''. You can use the cat or tail commands to view the contents of the /var/log/syslog file on each appliance. For example, you can use the following command to view the last 10 lines of the sfo01w01en01 edge transport node: tail -n 10 /var/log/syslog. You should see log messages similar to this:
2023-04-06T12:34:56+00:00 sfo01w01en01 user.info nsx-edge[1234]: 2023-04-06T12:34:56Z nsx-edge[1234]: INFO: [nsx@6876 comp='nsx-edge' subcomp='nsx-edge' level='INFO' security='False'] Message from nsx-edge
You have successfully enabled logging for the production NSX-T environment.
Question 6
SIMULATION
Task 13
You have been asked to configure the NSX backups for the environment so that if the NSX Manager fails it can be restored with the same IP address to the original primary Data Center that is in an Active / Standby configuration. Backups should be scheduled to run once every 24 hours as well as when there are changes published to the NSX environment. Ensure that backups are completed on their respective environment. Verify the backup file has been created on the SFTP server.
* Credentials needed to complete the task:
You need to:
* Verify that an SFTP server is available on the network and obtain SFTP Fingerprint.
* Configure NSX Backups via NSX Appliance Backup
* Configure Scheduling Criteria
Backup Configuration Criteria
Complete the requested task.
Notes: Passwords are contained in the user_readme.txt. This task is not dependent on other tasks. This task should take approximately 15 minutes to complete.
Answer : A
To configure the NSX backups for the environment, you need to follow these steps:
Verify that an SFTP server is available on the network and obtain SFTP fingerprint. You can use the search_web('SFTP server availability') tool to find some information on how to set up and check an SFTP server. You can also use the ssh-keyscan command to get the fingerprint of the SFTP server. For example, ssh-keyscan -t ecdsa sftp_server will return the ECDSA key of the sftp_server. You can compare this key with the one displayed on the NSX Manager UI when you configure the backup settings.
Configure NSX Backups via NSX Appliance Backup. Log in to the NSX Manager UI with admin credentials. The default URL is https://<nsx-manager-ip-address>. Select System > Lifecycle Management > Backup & Restore. Click Edit under the SFTP Server label to configure your SFTP server. Enter the FQDN or IP address of the backup file server, such as 10.10.10.100. The protocol text box is already filled in. SFTP is the only supported protocol. Change the default port if necessary. The default TCP port is 22. In the Directory Path text box, enter the absolute directory path where the backups will be stored, such as /dat
a. The directory must already exist and cannot be the root directory (/). Avoid using path drive letters or spaces in directory names; they are not supported. In the Passphrase text box, enter a passphrase that will be used to encrypt and decrypt the backup files, such as VMware1!. Click Save to create the backup configuration.
Configure Scheduling Criteria. On the Backup & Restore page, click Edit under the Schedule label to configure your backup schedule. Select Enabled from the drop-down menu to enable scheduled backups. Select Daily from the Frequency drop-down menu to run backups once every 24 hours. Select a time from the Time drop-down menu to specify when the backup will start, such as 12:00 AM. Select Enabled from the Additional Backup Trigger drop-down menu to run backups when there are changes published to the NSX environment. Click Save to create the backup schedule.
Question 7
SIMULATION
Task 6
You are asked to integrate NSX manager with LDAP to better control NSX administrators' roles and responsibilities. Ensure users can manage the NSX environment utilizing Active Directory login credentials.
You need to:
* Configure NSX Manager LDAP integration to the corp.local domain using the following configuration detail:
* Configure the user nsx-admin@corp.local Active Directory account as an Enterprise Admin access role.
Complete the requested task.
Notes:
Passwords are contained in the user_readme.txt. You may want to move to other tasks/steps while waiting for configuration changes to be applied. This task should take approximately 15 minutes to complete.
Answer : A
To integrate NSX Manager with LDAP to better control NSX administrators' roles and responsibilities, you need to follow these steps:
Log in to the NSX Manager UI with admin credentials. The default URL is https://<nsx-manager-ip-address>.
Navigate to System > User Management > LDAP and click Add Identity Source.
Enter a name for the identity source, such as corp.local.
Enter the domain name of your Active Directory server, such as DC=corp,DC=local.
Select Active Directory over LDAP as the type from the drop-down menu.
Click Set to configure LDAP servers. You can add up to three LDAP servers for failover support, to each domain.
Enter the hostname or IP address of your LDAP server, such as corpdcserver.corp.local.
Select LDAP as the protocol from the drop-down menu.
Enter the port number for the LDAP server, such as 389.
Click Connection Status to test the connection to the LDAP server. If successful, you will see a green check mark and a message saying ''Connection successful''.
Optionally, you can enable StartTLS to use encryption for the LDAP connection. To do this, toggle the Use StartTLS button and enter the certificate of the LDAP server in PEM format in the text box below.
Click Save to add the LDAP server.
Repeat steps 6 to 12 to add more LDAP servers if needed.
Enter the bind entry user name and password for the LDAP server, such as Administrator@corp.local and VMware1!.
Click Save to create the identity source.
Navigate to System > User Management > Users and Roles and click Add Role Assignment for LDAP.
Select corp.local as the domain from the drop-down menu.
Enter nsx-admin@corp.local in the search box and select it from the list that appears.
Select Enterprise Admin as the role from the drop-down menu.
Click Save to assign the role to the user.
All Official Question Types