最新的VMware NSX 4.x Professional - 2V0-41.23免費考試真題
問題1
A company Is deploying NSX micro-segmentation in their vSphere environment to secure a simple application composed of web. app, and database tiers.
The naming convention will be:
* WKS-WEB-SRV-XXX
* WKY-APP-SRR-XXX
* WKI-DB-SRR-XXX
What is the optimal way to group them to enforce security policies from NSX?
The naming convention will be:
* WKS-WEB-SRV-XXX
* WKY-APP-SRR-XXX
* WKI-DB-SRR-XXX
What is the optimal way to group them to enforce security policies from NSX?
正確答案: B
說明:(僅 VCESoft 成員可見)
問題2
What are two functions of the Service Engines in NSX Advanced Load Balancer? (Choose two.)
正確答案: D,E
問題3
In an NSX environment, an administrator is observing low throughput and congestion between the Tier-O Gateway and the upstream physical routers.
Which two actions could address low throughput and congestion? (Choose two.)
Which two actions could address low throughput and congestion? (Choose two.)
正確答案: C,E
說明:(僅 VCESoft 成員可見)
問題4
The security administrator turns on logging for a firewall rule.
Where is the log stored on an ESXi transport node?
Where is the log stored on an ESXi transport node?
正確答案: A
說明:(僅 VCESoft 成員可見)
問題5
Which choice is a valid insertion point for North-South network introspection?
正確答案: C
說明:(僅 VCESoft 成員可見)
問題6
Which two CLI commands could be used to see if vmnic link status is down? (Choose two.)
正確答案: D,E
說明:(僅 VCESoft 成員可見)
問題7
Sort the rule processing steps of the Distributed Firewall. Order responses from left to right.
正確答案:
Explanation:
The correct order of the rule processing steps of the Distributed Firewall is as follows:
* Packet arrives at vfilter connection table. If matching entry in the table, process the packet.
* If connection table has no match, compare the packet to the rule table.
* If the packet matches source, destination, service, profile and applied to fields, apply the action defined.
* If the rule table action is allow, create an entry in the connection table and forward the packet.
* If the rule table action is reject or deny, take that action.
This order is based on the description of how the Distributed Firewall works in the web search results1. The first step is to check if there is an existing connection entry for the packet in the vfilter connection table, which is a cache of flow entries for rules with an allow action. If there is a match, the packet is processed according to the connection entry. If there is no match, the packet is compared to the rule table, which contains all the security policy rules. The rules are evaluated from top to bottom until a match is found. The match criteria include source, destination, service, profile and applied to fields. The action defined by the matching rule is applied to the packet. The action can be allow, reject or deny. If the action is allow, a new connection entry is created for the packet and the packet is forwarded to its destination. If the action is reject or deny, the packet is dropped and an ICMP message or a TCP reset message is sent back to the source.
問題8
Which statement is true about an alarm in a Suppressed state?
正確答案: D
說明:(僅 VCESoft 成員可見)
問題9
Which of the two following characteristics about NAT64 are true? (Choose two.)
正確答案: A,B
說明:(僅 VCESoft 成員可見)
