An NSX Edge Service Gateway has two interfaces:
Internal interface named Internal Access
-- IP address = 10.10.10.1
-- Network mask = 255.255.255.0
Uplink interface named Physical Uplink
-- IP address = 20.20.20.1
-- Network mask = 255.255.255.0
A vSphere administrator wants to add a SNAT rule to allow traffic from the internal network segment to access external resources via the uplink interface.
Which three steps should the vSphere administrator do to add the SNAT rule? (Choose three)
A. Choose 20.20.20.2 as the translated source IP.
B. Apply the SNAT rule on the Physical Uplink interface.
C. Select 10.10.10.1 as the translated source IP.
D. Select 10.10.10.0/24 as the original subnet.
E. Apply the SNAT rule to the Internal Access interface.
正解:A,B,D
質問 2:
Which NSX component can validate that security policies at your organization are being enforced correctly?
A. Activity Monitoring
B. Flow Monitoring
C. ERSPAN
D. Distributed firewalls
正解:A
質問 3:
A vSphere administrator wants to add a VLAN LIF to a Distributed Router. What must the vSphere administrator do for the VLAN LIF to be added successfully?
A. The vSphere administrator must assign a VLAN number to the distributed portgroup that the VLAN LIF connects to.
B. The vSphere administrator must assign a VLAN number to the Logical Switch that the Distributed Router connects to.
C. The vSphere administrator must assign a VLAN number to the uplink on the distributed switch that the VLAN LIF connects to.
D. The vSphere administrator must assign a VLAN number to the Distributed Router that the Logical Switch connects to.
正解:A
質問 4:
-- Exhibit- -- Exhibit -
The diagrams show two possible physical network architectures. Each architecture provides a means in dealing with the pictured failure.
Which architecture provides the highest degree of connectivity in the event of the pictured failure?
A. Diagram B's architecture will provide the highest percentage of connectivity in times of failure.
B. Both designs will provide the same percentage ofconnectivityin times of failure.
C. Diagram A's architecture will provide the highest percentage of connectivity in times of failure.
D. Neither design is properly architected to work around the displayed failure.
正解:A
質問 5:
Which NSX Data Security role has the permission to start and stop data security scans?
A. NSX Administrator
B. Security Administrator
C. Auditor
D. Enterprise Administrator
正解:A
質問 6:
How does NSX simplify physical network design?
A. VLANs are moved into the virtual network for virtual machine traffic, eliminating the need to use PVLANs on the physical network.
B. Network administrators only need to configure routing on the physical network for virtual machine traffic since all other network functions are moved to the virtual network.
C. Virtual network integration can make changes to the physical network programmatically using REST API calls which automates network changes and increases agility.
D. Transport zones are created in the virtual network for virtual machine traffic, removing
the need to make changes to the physical network.
正解:D
質問 7:
An administrator wishes to control traffic flow between two virtual machines. The virtual machines are in the same subnet, but are located on separate ESXi hosts.
The administrator deploys an Edge Firewall to one of the hosts and verifies the default firewall rule is set to deny, but the two virtual machines can still communicate with each other.
What task will correct this issue?
A. Deploy another Edge Firewall on the host running the second virtual machine.
B. Remove any other firewall appliances that may exist on either of the ESXi hosts.
C. Configure both ESXi host firewalls to deny traffic from the virtual machine on the other host.
D. Deploy a Distributed Firewall with firewall rules to prevent traffic between the virtual machines.
正解:D
質問 8:
Which tool detects a VLAN misconfiguration between virtual and physical switches?
A. VDS Health Check
B. esxcfg-vswitch
C. NSX Controller command line interface (CLI)
D. esxtop
正解:A
Kurasawa -
Pass4Testの問題集はとにかくわかりやすい!勉強期間は2ヶ月半でしたが、問題だけを集中してやるなら最短2週間程度で合格できると思います。
Pass4Testさん、本当に助かりました!