Which two choices are use cases for Distributed Intrusion Detection? (Choose two.)
A. Use agentless antivirus with Guest Introspection.
B. Quarantine workloads based on vulnerabilities.
C. Identify risk and reputation of accessed websites.
D. Gain Insight about micro-segmentation traffic flows.
E. Identify security vulnerabilities in the workloads.
Correct Answer: BE
According to the VMware NSX Documentation, these are two of the use cases for Distributed Intrusion Detection, which is a feature of NSX Network Detection and Response:
Quarantine workloads based on vulnerabilities: You can use Distributed Intrusion Detection to detect vulnerabilities in your workloads and apply quarantine actions to isolate them from the network until they are remediated. Identify security
vulnerabilities in the workloads: You can use Distributed Intrusion Detection to scan your workloads for known vulnerabilities and generate reports that show the severity, impact, and remediation steps for each vulnerability.
Question 22:
Which two tools are used for centralized logging in VMware NSX? (Choose two.)
A. VMware Aria Operations
B. Syslog Server
C. VMware Aria Automation
D. VMware Aria Operations for Logs
E. VMware Aria Operations for Networks
Correct Answer: BD
Two tools that are used for centralized logging in VMware NSX are Syslog Server and VMware Aria Operations for Logs. Syslog Server is a standard protocol for sending log messages from various network devices to a centralized server1. VMware NSX supports syslog for long term retention of logs and all NSX components can send syslog messages to a configured syslog server2. VMware Aria Operations for Logs is a VMware product that provides intelligent log analytics for NSX3. It provides monitoring and troubleshooting capabilities and customizable dashboards for network virtualization, flow analysis, and alerts3. The other options are incorrect because they are not tools for centralized logging in VMware NSX. VMware Aria Operations is a VMware product that provides operations management and automation for NSX4, but it is not the same as VMware Aria Operations for Logs. VMware Aria Automation is a VMware product that provides automation and orchestration for NSX5, but it is not related to logging. VMware Aria Operations for Networks is not a valid product name. References: Syslog, NSX Logging and System Events, VMware vRealize Log Insight for NSX, VMware vRealize Operations Management Pack for NSX, VMware vRealize Automation
Question 23:
Which command on ESXI is used to verify the Local Control Plane connectivity with Central Control Plane?
A. Option A
B. Option B
C. Option C
D. Option D
Correct Answer: B
According to the web search results, the command that is used to verify the Local Control Plane (LCP) connectivity with Central Control Plane (CCP) on ESXi is get control-cluster status. This command displays the status of the LCP and CCP components on the ESXi host, such as the LCP agent, CCP client, CCP server, and CCP connection. It also shows the IP address and port number of the CCP server that the LCP agent is connected to. If the LCP agent or CCP client are not running or not connected, it means that there is a problem with the LCP connectivity .
Question 24:
Which two are supported by L2 VPN clients? (Choose two.)
A. NSX for vSphere Edge
B. 3rd party Hardware VPN Device
C. NSX Autonomous Edge
D. NSX Edge
Correct Answer: CD
The following L2 VPN clients are recommended:
1.
NSX Managed NSX Edge in a separate NSX Managed environment.
Overlay and VLAN segments can be extended.
2.
Autonomous Edge:
Enables L2 VPN access from a non-a NSX environment to NSX environments.
Deployed by using an OVF file on a host that is not managed by NSX.
Only VLAN segments can be extended.
Question 25:
NSX improves the security of today's modern workloads by preventing lateral movement, which feature of NSX can be used to achieve this?
A. Network Segmentation
B. Virtual Security Zones
C. Edge Firewalling
D. Dynamic Routing
Correct Answer: A
According to the web search results, network segmentation is a feature of NSX that improves the security of today's modern workloads by preventing lateral movement. Lateral movement is a technique used by attackers to move from one compromised system to another within a network, exploiting vulnerabilities or credentials . Network segmentation prevents lateral movement by dividing a network into smaller segments or zones, each with its own security policies and controls. This way, if one segment is compromised, the attacker cannot access other segments or resources . NSX enables network segmentation by using micro-segmentation, which applies granular firewall rules at the virtual machine level, regardless of the physical network topology .
Question 26:
Which VPN type must be configured before enabling a L2VPN?
A. Route-based IPSec VPN
B. Policy based IPSec VPN
C. SSL-bosed IPSec VPN
D. Port-based IPSec VPN
Correct Answer: A
According to the VMware NSX Documentation, this VPN type must be configured before enabling a L2VPN. L2VPN stands for Layer 2 VPN and is a feature that allows you to extend your layer 2 network across different sites using an IPSec tunnel. Route-based IPSec VPN is a VPN type that uses logical router ports to establish IPSec tunnels between sites. https://docs.vmware.com/en/VMware-NSX/4.1/administration/GUID-86C8D6BB-F185-46DC-828C-1E1876B854E8.html
Question 27:
Which table on an ESXi host is used to determine the location of a particular workload for a frame-forwarding decision?
A. TEP Table
B. MAC Table
C. ARP Table
D. Routing Table
Correct Answer: B
The MAC table on an ESXi host is used to determine the location of a particular workload for a frame-forwarding decision. The MAC table maps the MAC addresses of the workloads to their corresponding tunnel endpoint (TEP) IP addresses. The TEP IP address identifies the ESXi host where the workload resides. The MAC table is populated by learning the source MAC addresses of the incoming frames from the workloads. The MAC table is also synchronized with other ESXi hosts in the same transport zone by using the NSX Controller. https://nsx.techzone.vmware.com/resource/nsx-reference-design-guide Reference: https://www.oreilly.com/library/view/mastering-vmware-vsphere/9781787286016/6e81703b-29e7-4249-a823-1ba6a17d7f3a.xhtml
Question 28:
Which three DHCP Services are supported by NSX? (Choose three.)
A. Gateway DHCP
B. Port DHCP per VNF
C. Segment DHCP
D. VRF DHCP Server
E. DHCP Relay
Correct Answer: ACE
According to the VMware NSX Documentation1, NSX-T Data Center supports the following types of DHCP configuration on a segment:
Local DHCP server: This option creates a local DHCP server that has an IP address on the segment and provides dynamic IP assignment service only to the VMs that are attached to the segment.
Gateway DHCP server: This option is attached to a tier-0 or tier-1 gateway and provides DHCP service to the networks (overlay segments) that are directly connected to the gateway and configured to use a gateway DHCP server. DHCP
Relay: This option relays the DHCP client requests to the external DHCP servers that can be in any subnet, outside the SDDC, or in the physical network.
Which command is used to display the network configuration of the Tunnel Endpoint (TEP) IP on a bare metal transport node?
A. tepconfig
B. ifconfig
C. tcpdump
D. debug
Correct Answer: B
The command ifconfig is used to display the network configuration of the Tunnel Endpoint (TEP) IP on a bare metal transport node2. The TEP IP is assigned to a network interface on the bare metal server that is used for overlay traffic. The ifconfig command can show the IP address, netmask, broadcast address, and other information of the network interface. For example, the following command shows the network configuration of the TEP IP on a bare metal transport node with interface name ens192: ifconfig ens192 The output of the command would look something like this: ens192: flags=4163 mtu 1500 inet 10.10.10.10 netmask 255.255.255.0 broadcast 10.10.10.255 inet6 fe80::250:56ff:fe9a:1b8c prefixlen 64 scopeid 0x20 ether 00:50:56:9a:1b:8c txqueuelen 1000 (Ethernet) RX packets 123456 bytes 123456789 (123.4 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 234567 bytes 234567890 (234.5 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
The TEP IP in this example is 10.10.10.10.
References:
IBM Cloud Docs
Question 30:
What are two valid BGP Attributes that can be used to influence the route path traffic will take? (Choose two.)
A. AS-Path Prepend
B. BFD
C. Cost
D. MED
Correct Answer: AD
AS-Path Prepend: This attribute allows you to prepend one or more AS numbers to the AS path of a route, making it appear longer and less preferable to other BGP routers. You can use this attribute to manipulate the inbound traffic from
your BGP peers by advertising a longer AS path for some routes and a shorter AS path for others .
MED: This attribute stands for Multi-Exit Discriminator and allows you to specify a preference value for a route among multiple exit points from an AS. You can use this attribute to manipulate the outbound traffic to your BGP peers by
advertising a lower MED value for some routes and a higher MED value for others .
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only VMware exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 2V0-41.23 exam preparations and VMware certification application, do not hesitate to visit our Vcedump.com to find your solutions here.
