Page: 1
/ 14
Total 16 questions
VMware 3V0-41.22 Advanced Deploy VMware NSX-T Data Center 3.x Exam Practice Test
Question 1
SIMULATION
Task 16
You are working to automate your NSX-T deployment and an automation engineer would like to retrieve your BOP routing information from the API.
You need to:
* Run the GET call in the API using Postman
* Save output to the desktop to a text file called API.txt
Complete the requested task.
Notes: Passwords are contained in the user _ readme.txt. This task is not dependent on another. This task should take approximately 5 minutes to complete.
Answer : A
To run the GET call in the API using Postman and save the output to the desktop to a text file called API.txt, you need to follow these steps:
Open Postman and create a new request tab. Select GET as the method from the drop-down menu.
Enter the URL of the NSX-T Policy API endpoint for retrieving the BGP routing table, such as https://<nsx-manager-ip-address>/policy/api/v1/infra/tier-0s/vmc/routing-table?enforcement_point_path=/infra/sites/default/enforcement-points/vmc-enforcementpoint
Click the Authorization tab and select Basic Auth as the type from the drop-down menu. Enter your NSX-T username and password in the Username and Password fields, such as admin and VMware1!.
Click Send to execute the request and view the response in the Body tab. You should see a JSON object with the BGP routing table information, such as routes, next hops, prefixes, etc.
Click Save Response and select Save to a file from the drop-down menu. Enter API.txt as the file name and choose Desktop as the location. Click Save to save the output to your desktop.
Question 2
SIMULATION
Task 15
You have been asked to enable logging so that the global operations team can view inv Realize Log Insight that their Service Level Agreements are being met for all network traffic that is going in and out of the NSX environment. This NSX environment is an Active / Active two Data Center design utilizing N-VDS with BCP. You need to ensure successful logging for the production NSX-T environment.
You need to:
Verify via putty with SSH that the administrator can connect to all NSX-Transport Nodes. You will use the credentials identified in Putty (admin).
Verify that there is no current active logging enabled by reviewing that directory is empty -/var/log/syslog-
Enable NSX Manager Cluster logging
Select multiple configuration choices that could be appropriate success criteria
Enable NSX Edge Node logging
Validate logs are generated on each selected appliance by reviewing the "/var/log/syslog''
Complete the requested task.
Notes: Passwords are contained in the user _ readme.txt. complete.
These task steps are dependent on one another. This task should take approximately 10 minutes to complete.
Answer : A
To enable logging for the production NSX-T environment, you need to follow these steps:
Verify via putty with SSH that the administrator can connect to all NSX-Transport Nodes. You can use the credentials identified in Putty (admin) to log in to each transport node. For example, you can use the following command to connect to the sfo01w01en01 edge transport node: ssh admin@sfo01w01en01. You should see a welcome message and a prompt to enter commands.
Verify that there is no current active logging enabled by reviewing that directory is empty -/var/log/syslog-. You can use the ls command to list the files in the /var/log/syslog directory. For example, you can use the following command to check the sfo01w01en01 edge transport node: ls /var/log/syslog. You should see an empty output if there is no active logging enabled.
Navigate to System > Fabric > Profiles > Node Profiles then select All NSX Nodes then under Syslog Servers click +ADD
Enter the IP or FQDN of the syslog server, the Port and Protocol and the desired Log Level then click ADD
Select multiple configuration choices that could be appropriate success criteri
a. You can use the search_web('NSX-T logging success criteria') tool to find some information on how to verify and troubleshoot logging for NSX-T. Some of the possible success criteria are:
The syslog server receives log messages from all NSX nodes
The log messages contain relevant information such as timestamp, hostname, facility, severity, message ID, and message content
The log messages are formatted and filtered according to the configured settings
The log messages are encrypted and authenticated if using secure protocols such as TLS or LI-TLS
Run the following command to configure a log server and the types of messages to send to the log server. Multiple facilities or message IDs can be specified as a comma delimited list, without spaces.
set logging-server <hostname-or-ip-address [:port]> proto
Validate logs are generated on each selected appliance by reviewing the '/var/log/syslog''. You can use the cat or tail commands to view the contents of the /var/log/syslog file on each appliance. For example, you can use the following command to view the last 10 lines of the sfo01w01en01 edge transport node: tail -n 10 /var/log/syslog. You should see log messages similar to this:
2023-04-06T12:34:56+00:00 sfo01w01en01 user.info nsx-edge[1234]: 2023-04-06T12:34:56Z nsx-edge[1234]: INFO: [nsx@6876 comp='nsx-edge' subcomp='nsx-edge' level='INFO' security='False'] Message from nsx-edge
You have successfully enabled logging for the production NSX-T environment.
Question 3
SIMULATION
Task 14
An administrator has seen an abundance of alarms regarding high CPU usage on the NSX Managers. The administrator has successfully cleared these alarms numerous times in the past and is aware of the issue. The administrator feels that the number of alarms being produced for these events is overwhelming the log files.
You need to:
* Review CPU Sensitivity and Threshold values.
Complete the requested task.
Notes: Passwords are contained in the user_readme.txt. This task is not dependent on other tasks. This task should take approximately 5 minutes to complete.
Answer : A
To review CPU sensitivity and threshold values, you need to follow these steps:
Log in to the NSX Manager UI with admin credentials. The default URL is https://<nsx-manager-ip-address>.
Navigate to System > Settings > System Settings > CPU and Memory Thresholds.
You will see the current values for CPU and memory thresholds for NSX Manager, NSX Controller, and NSX Edge. These values determine the percentage of CPU and memory usage that will trigger an alarm on the NSX Manager UI.
You can modify the default threshold values by clicking Edit and entering new values in the text boxes. For example, you can increase the CPU threshold for NSX Manager from 80% to 90% to reduce the number of alarms for high CPU usage. Click Save to apply the changes.
Question 4
SIMULATION
Task 13
You have been asked to configure the NSX backups for the environment so that if the NSX Manager fails it can be restored with the same IP address to the original primary Data Center that is in an Active / Standby configuration. Backups should be scheduled to run once every 24 hours as well as when there are changes published to the NSX environment. Ensure that backups are completed on their respective environment. Verify the backup file has been created on the SFTP server.
* Credentials needed to complete the task:
You need to:
* Verify that an SFTP server is available on the network and obtain SFTP Fingerprint.
* Configure NSX Backups via NSX Appliance Backup
* Configure Scheduling Criteria
Backup Configuration Criteria
Complete the requested task.
Notes: Passwords are contained in the user_readme.txt. This task is not dependent on other tasks. This task should take approximately 15 minutes to complete.
Answer : A
To configure the NSX backups for the environment, you need to follow these steps:
Verify that an SFTP server is available on the network and obtain SFTP fingerprint. You can use the search_web('SFTP server availability') tool to find some information on how to set up and check an SFTP server. You can also use the ssh-keyscan command to get the fingerprint of the SFTP server. For example, ssh-keyscan -t ecdsa sftp_server will return the ECDSA key of the sftp_server. You can compare this key with the one displayed on the NSX Manager UI when you configure the backup settings.
Configure NSX Backups via NSX Appliance Backup. Log in to the NSX Manager UI with admin credentials. The default URL is https://<nsx-manager-ip-address>. Select System > Lifecycle Management > Backup & Restore. Click Edit under the SFTP Server label to configure your SFTP server. Enter the FQDN or IP address of the backup file server, such as 10.10.10.100. The protocol text box is already filled in. SFTP is the only supported protocol. Change the default port if necessary. The default TCP port is 22. In the Directory Path text box, enter the absolute directory path where the backups will be stored, such as /dat
a. The directory must already exist and cannot be the root directory (/). Avoid using path drive letters or spaces in directory names; they are not supported. In the Passphrase text box, enter a passphrase that will be used to encrypt and decrypt the backup files, such as VMware1!. Click Save to create the backup configuration.
Configure Scheduling Criteria. On the Backup & Restore page, click Edit under the Schedule label to configure your backup schedule. Select Enabled from the drop-down menu to enable scheduled backups. Select Daily from the Frequency drop-down menu to run backups once every 24 hours. Select a time from the Time drop-down menu to specify when the backup will start, such as 12:00 AM. Select Enabled from the Additional Backup Trigger drop-down menu to run backups when there are changes published to the NSX environment. Click Save to create the backup schedule.
Question 5
SIMULATION
Task 12
An issue with the Tampa web servers has been reported. You would like to replicate and redirect the web traffic to a network monitoring tool outside Of the NSX-T environment to further analyze the traffic.
You are asked to configure traffic replication to the monitoring software for your Tampa web overlay segments with bi-directional traffic using this detail:
Complete the requested configuration.
Notes: Passwords are contained in the user_readme.txt. This task is not dependent on other tasks. This task should take approximately 10 minutes to complete.
Answer : A
To configure traffic replication to the monitoring software for your Tampa web overlay segments with bi-directional traffic, you need to follow these steps:
Log in to the NSX Manager UI with admin credentials. The default URL is https://<nsx-manager-ip-address>.
Navigate to Networking > Segments and select the Tampa web overlay segment that you want to replicate the traffic from. For example, select Web-01 segment that you created in Task 2.
Click Port Mirroring > Set > Add Session and enter a name and an optional description for the port mirroring session. For example, enter Tampa-Web-Monitoring.
In the Direction section, select Bi-directional as the direction from the drop-down menu. This will replicate both ingress and egress traffic from the source to the destination.
In the Source section, click Set and select the VMs or logical ports that you want to use as the source of the traffic. For example, select Web-VM-01 and Web-VM-02 as the source VMs. Click Apply.
In the Destination section, click Set and select Remote L3 SPAN as the destination type from the drop-down menu. This will allow you to replicate the traffic to a remote destination outside of the NSX-T environment.
Enter the IP address of the destination device where you have installed the network monitoring software, such as 10.10.10.200.
Select an existing service profile from the drop-down menu or create a new one by clicking New Service Profile. A service profile defines the encapsulation type and other parameters for the replicated traffic.
Optionally, you can configure advanced settings such as TCP/IP stack, snap length, etc., for the port mirroring session.
Click Save and then Close to create the port mirroring session.
Question 6
SIMULATION
Task 11
upon testing the newly configured distributed firewall policy for the Boston application. it has been discovered that the Boston-Web virtual machines can be ''pinged" via ICMP from the main console. Corporate policy does not allow pings to the Boston VMs.
You need to:
* Troubleshoot ICMP traffic and make any necessary changes to the Boston application security policy.
Complete the requested task.
Notes: Passwords are contained in the user _readme.txt. This task is dependent on Task 5.
Answer : A
To troubleshoot ICMP traffic and make any necessary changes to the Boston application security policy, you need to follow these steps:
Log in to the NSX Manager UI with admin credentials. The default URL is https://<nsx-manager-ip-address>.
Navigate to Security > Distributed Firewall and select the firewall policy that applies to the Boston application. For example, select Boston-web-Application.
Click Show IPSec Statistics and view the details of the firewall rule hits and logs. You can see which rules are matching the ICMP traffic and which actions are taken by the firewall.
If you find that the ICMP traffic is allowed by a rule that is not intended for it, you can edit the rule and change the action to Drop or Reject. You can also modify the source, destination, or service criteria of the rule to make it more specific or exclude the ICMP traffic.
If you find that the ICMP traffic is not matched by any rule, you can create a new rule and specify the action as Drop or Reject. You can also specify the source, destination, or service criteria of the rule to match only the ICMP traffic from the main console to the Boston web VMs.
After making the changes, click Publish to apply the firewall policy.
Question 7
SIMULATION
Task 10
You have been notified by the Web Team that they cannot get to any northbound networks from their Tampa web servers that are deployed on an NSX-T
network segment. The Tampa web VM's however can access each other.
You need to:
* Troubleshoot to find out why the Tampa web servers cannot communicate to any northbound networks and resolve the issue.
Complete the requested task. TO verify your work. ping the Control Center @ 192.168.110.10
Notes: Passwords are contained in the user_readme.txt. This task is dependent on Task 4. Some exam candidates may have already completed this task if they had done more than the minimum required in Task 4. This task should take approximately 15 minutes to complete.
Answer : A
To troubleshoot why the Tampa web servers cannot communicate to any northbound networks, you need to follow these steps:
Log in to the NSX Manager UI with admin credentials. The default URL is https://<nsx-manager-ip-address>.
Navigate to Networking > Tier-0 Gateway and select the tier-0 gateway that connects the NSX-T network segment to the northbound networks. For example, select T0-GW-01.
Click Interfaces > Set and verify the configuration details of the interfaces. Check for any discrepancies or errors in the parameters such as IP address, subnet mask, MTU, etc.
If you find any configuration errors, click Edit and modify the parameters accordingly. Click Save to apply the changes.
If you do not find any configuration errors, check the connectivity and firewall rules between the tier-0 gateway and the northbound networks. You can use ping or traceroute commands from the NSX Edge CLI or the vSphere Web Client to test the connectivity. You can also use show service router command to check the status of the routing service on the NSX Edge.
If you find any connectivity or firewall issues, resolve them by adjusting the network settings or firewall rules on the NSX Edge or the northbound devices.
All Official Question Types