642 Dump

2V0-642.exam.
78q
Number: 2V0-642
Passing Score: 800
Time Limit: 120 min
2V0-642
VMware Certified Professional 6 - Network Virtualization 6.2 Exam

Exam A
QUESTION 1
An administrator creates a SpoofGuard policy for specific networks.
Which two modes are associated with this type of policy? (Choose two.)
A. Automatically trust IP assignments on their first use

B. Manually inspect and approve all IP assignments before use
C. Manually approve IP assignments listed in the Host file before use
D. Automatically inspect and trust IP assignments on every use
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Reference: http://www.virtually-limitless.com/vcix-nv-study-guide/create-modify-or-delete-spoofguard-policies/
QUESTION 2
Which would best describe a workload in Compute Cluster 1 attached to a logical switch port group?
A. Within Compute Cluster 1, Layer 2 would function, but Layer 3 would fail.
B. Within Compute Cluster 1, Layer 2 would fail, and Layer 3 would fail.
C. Within Compute Cluster 1, Layer 2 would fail, but Layer 3 would function.
D. Within Compute Cluster 1, Layer 2 would function, and Layer 3 would function.
Correct Answer: A
Section: (none)
Explanation
QUESTION 3
Where can firewall rules be applied on the NSX Edge Services Gateway?
A. Rules can be applied on the uplink interface only.

B. Rules can be applied on either the uplink interface or internal interface.
C. Rules can be on either the uplink, internal, or management interfaces.
D. Rules can be applied on the management and uplink interfaces only.
Correct Answer: B
Section: (none)
Explanation
Reference: https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.install.doc%2FGUID-
6FB89057-CD13-48AF-82F2-550B89F89FC5.html
QUESTION 4
Which is required to support unicast mode in NSX?
A. Hardware VTEP
B. Distributed Logical Router
C. NSX Controller
D. NSX Edge
Correct Answer: C
Section: (none)
Explanation
Reference: http://www.virtually-limitless.com/vcix-nv-study-guide/create-transport-zones-in-nsx/
QUESTION 5
Which type of VPN should be configured to ensure application mobility between data centers?
A. Application VPN
B. L2VPN
C. IPSec VPN
D. SSL VPN-Plus
Correct Answer: B
Section: (none)
Explanation
Reference: https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/nsx/vmw-nsx-
network-virtualization-design-guide.pdf (page 23)
QUESTION 6
How is high availability of the NSX Edge Gateway accomplished?
A. HA Application Monitoring on the Edge Gateway sends a heartbeat to the ESXi host.
B. VMware Tools on the Edge Gateway sends a heartbeat to the ESXi host.
C. The Edge appliance sends a heartbeat through an uplink interface.
D. The Edge appliance sends a heartbeat through an internal interface.
Correct Answer: D
Section: (none)
Explanation
Reference: https://www.zettagrid.com/faqs/nsx-charging/
QUESTION 7
Which three changes to a distributed switch configuration could trigger a rollback? (Choose three.)
A. Blocking all ports in the distributed port group containing the management VMkernel network adapter.
B. Configure the virtual machine system traffic to enable bandwidth allocation using Network I/O Control.
C. Adding a new host with a previous vDS configuration.
D. Changing the MTU.
E. Changing the VLAN settings in the distributed port group of the management VMkernel adapter.
Correct Answer: ADE

Section: (none)
Explanation
Reference: https://kb.vmware.com/selfservice/microsites/search.do?
language=en_US&cmd=displayKC&externalId=2032908
QUESTION 8
An application requires load balancing with minimal impact to network performance. An NSX administrator is
deploying a load balancer to meet the stated requirements.
Which load balancing engine should be deployed?
A. Layer 5
B. Layer 6
C. Layer 7
D. Layer 4
Correct Answer: D
Section: (none)
Explanation
Reference: http://cloudmaniac.net/nsx-load-balancer-under-the-hood/
QUESTION 9
When configuring BGP routing in NSX, what is the purpose of the Graceful Restart check box?
A. Automatically restart the peer router when BGP session is established.

B. Allow packet forwarding to be uninterrupted during restart of BGP services.
C. Automatically restart the local router when BGP session is established.
D. Allow packet forwarding to be paused during restart of BGP services.
Correct Answer: B
Section: (none)
Explanation
Reference: http://docs.hol.vmware.com/HOL-2017/hol-1703-sdc-1_html_en/
QUESTION 10
What is the purpose of a DHCP Relay Agent in an NSX Edge configuration?
A. Configures virtual machine interfaces to which DHCP messages are relayed.
B. Configures Edge interfaces from which DHCP messages are relayed.
C. Configures Edge interfaces to which DHCP messages are relayed.
D. Configures virtual machine interfaces from which DHCP messages are relayed.
Correct Answer: B
Section: (none)
Explanation
Reference: http://pubs.vmware.com/NSX-61/index.jsp#com.vmware.nsx.admin.doc/GUID-C655D21F-C800-
4C7F-A887-F5733810DF34.html
QUESTION 11
What are the correct steps for connecting a virtual machine to a logical switch?
A. Select the logical switch, select the virtual machine, click the Add Virtual Machine icon, select the vNIC to
connect.
B. Select the logical switch, click the Add Virtual Machine Icon, select the VM, select the vNIC to connect.
C. Select the vNIC, click the Add Virtual Machine Icon, select the logical switch.
D. Click the Add Virtual Machine icon, select the logical switch, vNIC to connect.
Correct Answer: B
Section: (none)
Explanation
QUESTION 12
Which term describes a situation where a bottleneck is created when traffic is sent to a single device for
security enforcement?
A. security event queueing

B. hairpinning
C. security looping
D. enforcement degradation
Correct Answer: A
Section: (none)
Explanation
QUESTION 13
VMware NSX is a key component in enabling enterprises to realize the full potential of their investment in which
technology?
A. Physical to virtual bridged networks.

B. Integrated physical topology.
C. Distributed firewall.
D. Software-defined data center.
Correct Answer: D
Section: (none)
Explanation
Reference: https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/whitepaper/products/nsx/
vmware-nsx-network-virtualization-platform-white-paper.pdf
QUESTION 14
A virtualized application needs access to a physical database. Both servers are on the 172.168.3.0/24 subnet.
NSX has been deployed across the entire virtual environment.
What method can be used to allow access between the servers?
A. Configure a DLR with an L2 bridge instance for 172.168.3.0/24 VXLAN to VLAN traffic.
B. Route 172.168.3.0/24 to the NSX Edge where the logical switch of the application exists.
C. Configure a NAT rule for 172.177.13.0/24 for the database physical router.
D. Configure the logical switch to bridge 172.168.3.0/24 to the physical router of the database.
Correct Answer: A
Section: (none)
Explanation
QUESTION 15
When running the NSX Control Plane in Hybrid Mode what are the minimum physical network requirements?
(Choose three.)
A. MTU 1500
B. NSX Controller connectivity
C. IGMP Snooping
D. Multicast Routing with PIM
E. Unicast L3 Routing
Correct Answer: BCE

Section: (none)
Explanation
QUESTION 16
Which three options are true about NSX logical bridges? (Choose three.)
A. A logical bridge configured for HA uses a 15 second heartbeat by default to detect failure.
B. A logical bridge configured for HA uses (BFD) Bi-Directional Forwarding to detect a failure in a minimum of
one second.
C. A logical bridge on the DLR supports VXLAN to VLAN bridging.
D. A logical bridge forwards traffic through the control VM.
E. A logical bridge forwards traffic through the hypervisor.
Correct Answer: ACE

Section: (none)
Explanation
QUESTION 17
Which two NSX roles could be used to create security policies? (Choose two.)
A. Enterprise Administrator
B. Security Administrator
C. NSX Administrator
D. Auditor
Correct Answer: AB
Section: (none)
Explanation
Reference: https://pubs.vmware.com/NSX-6/index.jsp?topic=%2Fcom.vmware.nsx.admin.doc%2FGUID-
79F9067D-2F29-45DA-85C7-09EFC31549EA.html
QUESTION 18
With which Application Profile types would the Insert X-Forwarded-For HTTP header option be used?
A. HTTP, HTTPS
B. TCP, UDP
C. HTTP, TCP
D. HTTP, UDP
Correct Answer: A
Section: (none)
Explanation
58EB4584-2215-42A3-892D-CCD937CAFD3A.html
QUESTION 19
What is the minimum NSX role necessary for a user to edit the firewall on an Edge Services Gateway (ESG)?
A. Auditor
B. NSX Administrator
C. Enterprise Administrator
D. Security Administrator
Correct Answer: D
Section: (none)
Explanation
QUESTION 20
The user at 192.168.150.10 can reach the physical router but CANNOT reach edge-2 or any virtual machines.
What routing change would resolve the issue?
A. Enable Default Originate on edge-2 for OSPF.

B. Configure static routes on the physical router.
C. Enable route redistribution on edge-2 between both routing protocols.
D. Enable Default Originate on edge-2 for BGP.
Correct Answer: D
Section: (none)
Explanation
QUESTION 21
What vSphere Distributed Switch security policy allows virtual machines to send frames with a MAC Address
that is different from the one specified in the vmx file?
A. MAC Address Changes

B. Failover detection
C. Forged Transmits
D. Promiscuous Mode
Correct Answer: C
Section: (none)
Explanation
Reference: http://www.vmwarearena.com/vsphere-distributed-switch-part-16/
QUESTION 22
In a Cross-vCenter implementation, where is the Universal Control Cluster deployed and configured?
A. In each vCenter instance associated with the Cross-vCenter implementation.

B. In each prepared NSX cluster associated with the Cross-vCenter implementation.
C. In every vCenter instance associated with an NSX Manager.
D. In the vCenter instance associated with the Primary NSX Manager.
Correct Answer: D
Section: (none)
Explanation
Reference: https://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_cross_vc_install.pdf
(page 16)
QUESTION 23
Which highly available Edge design would provide high bandwidth and isolation to four application networks?
A. Four Distributed Routers (standalone mode) with one Edge Services Gateway in Active/Standby mode.
B. One Edge Services Gateway in ECMP mode.
C. One distributed Router (in HA mode) with two Edge Services Gateways in ECMP mode.
D. Four Distributed Routers (in HA mode) with one Edge Services Gateway in Active/Standby mode.
Correct Answer: C
Section: (none)
Explanation
QUESTION 24
An administrator is deploying NSX to secure the virtual environment. NSX Manager has been deployed and
registered with the vCenter server.
Which additional step is required before the distributed firewall is functional?
A. Deploy the NSX Controller cluster

B. Enable Guest Introspection
C. Perform host preparation on the cluster
D. Configure VTEPs on each host
Correct Answer: C
Section: (none)
Explanation
Reference: https://esxsi.com/2017/01/18/nsx-part1/
QUESTION 25
An administrator has been asked to provide single failure redundancy. What is the minimum supported number
of NSX Controllers needed to meet this requirements?
A. 2
B. 3
C. 1
D. 5
Correct Answer: B
Section: (none)
Explanation
Reference: http://www.vmwarearena.com/vmware-nsx-installation-part-4-deploying-nsx-controller/
QUESTION 26
In which VMware NSX use case would VXLAN NOT be required?
A. L2 Bridging physical to virtual

B. NSX micro-segmentation
C. Active/Active Datacenter
D. Distributed Logical Routing
Correct Answer: B
Section: (none)
Explanation
QUESTION 27
Which NSX routing protocols offers the most flexible policy control when peering with the physical
environment?
A. BGP
B. OSPF
C. ISIS
D. EIGRP
Correct Answer: A
Section: (none)
Explanation
QUESTION 28
What is the best practice workflow for a NSX installation to support logical switching?
A. Deploy NSX Manager, Configure Logical Switches, Register with vCenter, Deploy Controllers. Prepare
hosts
B. Deploy NSX Manager, Deploy Controllers, Configure Logical Switches, Register with vCenter, Prepare
hosts
C. Deploy NSX Manager, Register with vCenter, Prepare hosts, Deploy Controllers, Configure Logical
Switches
D. Deploy NSX Manager, Register with vCenter, Deploy Controllers, Prepare hosts, Configure Logical
Switches
Correct Answer: D
Section: (none)
Explanation
QUESTION 29
What can be enabled on the vSphere Distributed Switch to monitor IP packets that are passing through a
distributed port group?
A. Traffic Marking
B. TraceFlow
C. Traffic Filtering
D. NetFlow
Correct Answer: D
Section: (none)
Explanation
Reference: https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.networking.doc%
2FGUID-3CF9AEEB-08B0-47F5-A3B6-ADD8A919DFA0.html
QUESTION 30
Which two statements are true regarding L2 Bridges and Distributed Logical Routers? (Choose two.)
A. There can only be one instance of an L2 Bridge on a DLR.

B. Each L2 bridge instance can map to multiple VLANs.
C. Each L2 bridge instance can only map to a single VLAN.
D. There can be multiple instances of an L2 bridge on a DLR.
Correct Answer: CD
Section: (none)
Explanation
Reference: http://www.virtualizationblog.com/nsx-step-step-part-12-deploying-l2-bridge-using-distributed-
logical-router/
QUESTION 31
Which is a best practice to secure system traffic, ensure optimal performance and satisfy prerequisites for
NSX?
A. Configure a single VMkernel and a single distributed port group for all the system traffic.
B. Configure a single distributed port group with a single VMkernel for Management and iSCSI traffic, a
separate VMkernel for vMotion and VSAN traffic.
C. Dedicate separate VMkernel adapters for each type of system traffic. Dedicate separate distributed port
groups for each VMkernel adapter and isolate the VLANs for each type of system traffic.
D. Dedicate separate VMkernel adapters for each type of system traffic and dedicate separate standard
switches for each type of system traffic connected to a single physical network.
Correct Answer: C
Section: (none)
Explanation
QUESTION 32
Which three statements are valid methods of Link Aggregation Control Protocol negotiation? (Choose three.)
A. Switches activate one of the blocked paths and negotiate the forwarding path upon failure.
B. Every other switch on the LAN negotiates only one data path back to the root bridge.
C. Switches wait until they receive an aggregation request, negotiate the status of the links, and proceed.
D. One switch sends repeated requests to the other switch that is requesting the port aggregation status. The
two switches negotiate the status of the links and proceed.
E. Switches with links enabled for port aggregation do the port aggregation themselves and must be manually
configured to be compatible at each end of that link.
Correct Answer: CDE

Section: (none)
Explanation
QUESTION 33
What needs to be deployed before configuring the identity Firewall?
A. Network Introspection
B. Data Security
C. LDAP Integration
D. Guest Introspection
Correct Answer: D
Section: (none)
Explanation
F37BEF98-3661-447E-A721-C40C589E9F57.html
QUESTION 34
An NSX administrator is creating a filter as shown below.
What would be the purpose of creating a filter?
A. To quickly add a new rule.

B. To temporarily filter traffic.
C. To quickly remove a rule.
D. To quickly identify rules.
Correct Answer: D
Section: (none)
Explanation
QUESTION 35
When designing a multi-site NSX deployment, which capability requires Enhanced Linked Mode to function?
A. Creating Universal Transport Zones
B. Creating Universal Logical Switches
C. Cross-vCenter vMotion
D. Registering a Secondary NSX Manager
Correct Answer: C
Section: (none)
Explanation
Reference: https://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_cross_vc_install.pdf
QUESTION 36
Which details can an administrator verify from the Summary tab of the VMware NSX Manager? (Choose
three.)
A. Current time
B. Average MTBF
C. Version
D. Storage utilization
E. Health Score
Correct Answer: ACD

Section: (none)
Explanation
QUESTION 37
Which three ways can membership be defined in a dynamic security group? (Choose three.)
A. Distributed Firewall Rules

B. Locale ID
C. Security Tags
D. Security Groups
E. Regular Expressions
Correct Answer: CDE

Section: (none)
Explanation
QUESTION 38
Which two statements are true about NSX Data Security support? (Choose two.)
A. It supports HIPAA and PCI-DSS compliance policies as well as U.S. Driver License and Social Security
numbers.
B. It supports both Windows and Linux-based virtual machines.
C. It only supports HIPAA and PCI-DSS compliance policies.
D. It only supports Windows-based virtual machines.
Correct Answer: AD
Section: (none)
Explanation
QUESTION 39
Which two functions are provided by VMkernel ports? (Choose two.)
A. VXLAN Port Configuration

B. vSphere vMotion
C. ESXi Host Management
D. 802.1Q VLAN tagging
Correct Answer: BC
Section: (none)
Explanation
Reference: http://www.pearsonitcertification.com/articles/article.aspx?p=2190191&seqNum=10
QUESTION 40
A network administrator is troubleshooting an issue and needs to observe an injected packet as it passes
through the physical and logical network.
Which tool will accomplish this?

A. Traceflow
B. NetFlow
C. Flow Monitoring
D. Activity Monitoring
Correct Answer: A
Section: (none)
Explanation
05647D5E-B669-40A8-8B84-02C18781186F.html
QUESTION 41
What is true when configuring vSphere Distributed Switches (vDS)?
A. All configurations are done by the vCenter Server. Each ESXi host can be part of multiple vDS.
B. All configurations are done by the vCenter Server. Each ESXi host can be part of only one vDS.
C. All configurations are done by the NSX Manager. Each ESXi host can be part of only one vDS.
D. All configurations are done by the NSX Manager. Each ESXi host can be part of multiple vDS.
Correct Answer: A
Section: (none)
Explanation
QUESTION 42
An administrator is attempting to troubleshoot a routing issue between the Edge Services Gateway (ESG) and
the Distributed Logical Router (DLR).
Based on the exhibit, which method CANNOT be used to troubleshoot the issue?
A. SSH session into 192.168.100.3 on the ESG.

B. Console session into the ESG.
C. Console session into the DLR.
D. SSH session into 192.168.10.5 on the DLR.
Correct Answer: D
Section: (none)
Explanation
QUESTION 43
An organization is planning to use NSX as part of a disaster recovery project to provide consistent networking
between two sites. Each site has one vCenter server. The organization requires universal objects and requires
components to function during a site outage.
What is the minimum total instances of NSX Manager(s) and NSX Controller(s) that must be deployed across
both sites to support the required functionality?
A. Two NSX Managers and two NSX Controllers

B. Two NSX Managers and six NSX Controllers
C. Two NSX Managers and three NSX Controllers
D. Two NSX Managers and four NSX Controllers
Correct Answer: C
Section: (none)
Explanation
QUESTION 44
An NSX Administrator is examining traffic on the network shown below.
What is the packet flow when VM1 communicates to VM5?
A. Host A will perform a destination lookup, route the packet, switch the packet onto segment 5002, then
encapsulate and send the packet to Host C.
B. Host A will perform a destination lookup, switch the packet onto segment 5002, route the packet, then
encapsulate the packet and send it to the DLR control VM.
C. Host A will encapsulate the packet, send the encapsulated packet to host C, Host C will perform a
destination lookup and switch the packet onto segment 5002.
D. Host A will encapsulate the packet, perform a destination lookup, route the packet to the DLR control VM,
the control DLR will bridge the packet onto segment 5002.
Correct Answer: A
Section: (none)
Explanation
QUESTION 45
Which three NSX services are available for synchronization in a Cross-vCenter implementation? (Choose
three.)
A. Spoofguard
B. Distributed Firewall
C. Edge Firewall
D. Logical Switch
E. Transport Zone
Correct Answer: BDE

Section: (none)
Explanation
Reference https://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_cross_vc_install.pdf
QUESTION 46
Two virtual machines are unable to communicate with one another. The virtual machines are in the same
distributed portgroup, but reside on different ESXi hosts.
What are two possible causes for the communications issue? (Choose two.)
A. Basic multicast filtering mode has been disabled on the ESXi hosts.
B. No physical NICs are assigned as active or standby uplinks in a NIC team.
C. The standby links are configured on different VLANs, preventing heartbeats from reaching each VM.
D. The physical NICs assigned as active or standby uplinks reside on different VLANs on the physical switch.
Correct Answer: BD
Section: (none)
Explanation
QUESTION 47
An administrator needs to perform a configuration backup of NSX. From which two locations can this task be
performed? (Choose two.)
A. Directly on the NSX Manager

B. From the vSphere Web Client
C. Using the NSX API
D. Directly on each NSX Controller
Correct Answer: AC
Section: (none)
Explanation
QUESTION 48
Where does an administrator configure logging for the NSX Manager?
A. In the vSphere Web Client

B. In the NSX Manager GUI
C. In the NSX Manager command line interface (CLI)
D. In the vSphere Syslog Collector
Correct Answer: B
Section: (none)
Explanation
QUESTION 49
An NSX environment requires physical NIC redundancy for all dvPortGroups when connecting hosts to the
physical network. There are two 10Gb NIC's per host. Which two teaming methods should be used to ensure
both links are utilized simultaneously? (Choose two.)
A. Virtual Port Channel

B. LACP Port-Channel
C. Static Port-Channel
D. Explicit Failover Order
Correct Answer: AB
Section: (none)
Explanation
QUESTION 50
What is required before running an Activity Monitoring report?
A. Enable data collection on the NSX Controller.

B. Enable data collection on the vCenter Server.
C. Enable data collection on the NSX Manager.
D. Enable data collection on the virtual machine.
Correct Answer: D
Section: (none)
Explanation
QUESTION 51
An administrator wants to perform Activity Monitoring on a large group of virtual machines in an NSX
environment. How would this task be accomplished with minimal administrative effort?
A. Create a PowerCLI script to enable virtual machine data collection on each virtual machine.
B. Create a security group in Service Composer and add the virtual machines to the security group.
C. Add the virtual machines to the pre-defined Activity Monitoring security group in Service Composer.
D. Add the virtual machines to a VM folder in vCenter Server and enable data collection.
Correct Answer: C
Section: (none)
Explanation
QUESTION 52
A workload was attached to a logical switch port group in Compute Cluster 1. Users are complaining that they
can communicate with other workloads on that port group in the cluster, but not with other workloads on
different networks.
What is the most probable cause?
A. The distributed firewall has a default rule set to deny all.

B. The Distributed Logical Router was not configured on Compute Cluster 1.
C. Compute Cluster 1 is NOT a member of the Transport Zone.
D. An NSX Edge has NOT been deployed into Compute Cluster 1.
Correct Answer: C
Section: (none)
Explanation
QUESTION 53
There is intermittent connectivity reported between virtual machines on separate hosts over logical switching.
What command-line tool can be used to test the MTU between two hosts?
A. netstat -1
B. esxcli network ip neighbor list
C. vmkping
D. traceroute
Correct Answer: C
Section: (none)
Explanation
QUESTION 54
An NSX administrator determines that routing adjacency between a NSX Edge device and a Top Of Rack L3
switch CANNOT be established. Which two logs would be the most useful in resolving this issue? (Choose
two.)
A. NSX Manager Logs

B. Edge Services Gateway logs
C. Distributed Router Logs
D. NSX Controller logs
Correct Answer: BD
Section: (none)
Explanation
QUESTION 55
What are two roles of vmnics? (Choose two.)
A. ESXi hosts reach the physical network through vmnics.

B. Virtual machines require vmnics to communicate with their host.
C. ESXi hosts are segmented using vmnics, also called virtual trunk ports.
D. Virtual machines require vmnics to communicate with physical networks.
Correct Answer: AD
Section: (none)
Explanation
QUESTION 56
Which service cannot be included in a Security Policy using Service Composer?
A. Endpoint Services
B. Firewall Rules
C. Virtual Private Network Services
D. Network Introspection Services
Correct Answer: C
Section: (none)
Explanation
QUESTION 57
A user needs to be given the ability to make configuration changes on a specific NSX Edge device. What role
and scope could be used to meet this requirement?
A. NSX Administrator role and Limit Access scope

B. Security Administrator role and Limit Access scope
C. NSX Administrator role and No restriction scope
D. Security Administrator role and No restriction scope
Correct Answer: B
Section: (none)
Explanation
QUESTION 58
An administrator needs to verify which port the switch manager is using. Which command should be used?
A. show controller-cluster status

B. show controller-cluster core stats
C. show controller-cluster connections
D. show controller-cluster logical-switches
Correct Answer: C
Section: (none)
Explanation
QUESTION 59
Which component automates the consumption of third-party services and provides mapping to virtual machines
using a logical policy?
A. NSX Manager
B. Cloud Management Platform (CMP)
C. Service Composer
D. NSX Data Security
Correct Answer: C
Section: (none)
Explanation
QUESTION 60
Which two methods does VMware NSX offer to integrate with third-party partners? (Choose two.)
A. Integration Manager
B. Service Chaining
C. VMware NSX APIs
D. Universal Synchronization Service
Correct Answer: BC
Section: (none)
Explanation
QUESTION 61
Which load balancing algorithm is only available on a vSphere Distributed Switch?
A. Route Based on Source MAC Hash

B. Route Based on Originating Virtual Port
C. Route Based on IP Hash
D. Route Based on Physical NIC Load
Correct Answer: D
Section: (none)
Explanation
Reference: https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.networking.doc/GUID-
959E1CFE-2AE4-4A67-B4D4-2D2E13765715.html
QUESTION 62
Which action is not an option for adding Virtual Machines to a Security Group?
A. Adding Virtual Machines to a Security Group and nesting it within another Security Group.
B. Defining Dynamic Membership in the Security Group.
C. Adding Virtual Machines to a Security Policy and associating it with a Security Group.
D. Selecting objects to include within a Security Group.
Correct Answer: C
Section: (none)
Explanation
QUESTION 63
From the NSX Edge CLI, which command would show VIP statistics?
A. show service load balancer pool

B. show service load balancer virtual
C. show service load balancer monitor
D. show service load balancer
Correct Answer: B
Section: (none)
Explanation
QUESTION 64
An NSX administrator notices that when configuring Flow Monitoring, the graphs do not include the IPFix flows.
Where are these flows displayed?
A. In the IPFix collector's interface.

B. In the Flow Monitor UI.
C. In the vRealize Operations UI.
D. In the IPFix tab of the NSX Manager UI.
Correct Answer: A
Section: (none)
Explanation
QUESTION 65
An administrator is deploying NSX in a Cross-vCenter configuration across three data centers located 100
miles apart Datacenter-1 and Datacenter-3 already have NSX deployed locally and Datacenter-2 does not
have NSX deployed yet. What is the correct order of steps to configure all three data centers for this solution?
A. 1. Remove the NSX manager from Datacenter-1 and Datacenter-3.

2. Reinstall all three NSX managers at the same time.
3. Deploy a universal transport zone.
4. Deploy a universal distributed logical router.
B. 1. Deploy an NSX manager at Dataсenter-2.
2. Change the roles of the NSX managers in Datacentar-1 and Datacenter-3 to Transit Mode.
4. Configure the Primary and Secondary roles on all three NSX managers.
C. 1. Deploy an NSX manager in Datacenter 2.
2. Update the NSX manager role in Datacenter-1 to Primary.
3. Update the roles in Datacenter-2 and Datacentar-3 to Secondary.
D. 1. Deploy the NSX manager at Datacenter-2.
2. Update the NSX manager role in Datacenter-1 to Primary.
4. Deploy a universal distributed logical router.
Correct Answer: C
Section: (none)
Explanation
QUESTION 66
A security administrator needs to create a Security Group based on an Active Directory group. However, AD
Groups are not available as an option. What must the administrator configure before AD Groups are available?
A. Guest Introspection virtual machines must be joined to the domain

B. Inventory Service must be registered with a domain account
C. NSX Manager must be registered with Active Directory
D. NSX Controller must be registered with Active Directory
Correct Answer: C
Section: (none)
Explanation
QUESTION 67
What is one of the benefits of a spine-leaf network topology?
A. A loop prevention protocol is not required.
B. Automatic propagation of security policies to all nodes.
C. Allows for VXLANs to be defined in a traditional network topology.
D. Network virtualization relies on spine leaf topologies to create logical switches.
Correct Answer: A
Section: (none)
Explanation
QUESTION 68
What is the most restrictive NSX role that can be used to create and publish security policies and install virtual
appliances?
A. Security Administrator
C. Auditor
D. Enterprise Administrator
Correct Answer: D
Section: (none)
Explanation
QUESTION 69
In a Cross-vCenter NSX deployment, what are two requirements that must be met in order for an administrator
to deploy both universal logical switches and local logical switches within the same vCenter instance? (Choose
two.)
A. A universal distributed logical router must be created.

B. A local distributed logical router must be created.
C. A universal transport zone must be created.
D. A local transport zone must be created.
Correct Answer: CD
Section: (none)
Explanation
QUESTION 70
The fact that NSX Data Security has visibility into sensitive data provides which two benefits? (Choose two.)
A. It helps address compliance and risk management requirements.

B. It acts as a forensic tool to analyze TCP and UDP connections between virtual machines.
C. It is able to trace packets between a source and destination without requiring access to the guest OS.
D. It eliminates the typical agent footprint that exists with legacy software agents.
Correct Answer: AB
Section: (none)
Explanation
QUESTION 71
An NSX Edge Service Gateway has two interfaces:
* Internal interface named Internal Access
-- IP address = 10.10.10.1
-- Network mask = 255.255.255.0
* Uplink interface named Physical Uplink
-- IP address = 20.20.20.1
-- Network mask = 255.255.255.0
A vSphere administrator wants to add a SNAT rule to allow traffic from the internal network segment to access
external resources via the uplink interface.
Which three steps should the vSphere administrator do to add the SNAT rule? (Choose three.)
A. Apply the SNAT rule to the Internal Access interface.

B. Select 10.10.10.1 as the translated source IP.
C. Apply the SNAT rule on the Physical Uplink interface.
D. Select 10.10.10.0/24 as the original subnet.
E. Choose 20.20.20.2 as the translated source IP address.
Correct Answer: CDE

Section: (none)
Explanation
QUESTION 72
An administrator enables the NSX Ticket Logger to track infrastructure changes. The administrator logs out for
lunch, returns and logs back in to complete the task. What is the status of ticket logger when the administrator
logs back in?
A. The ticket logger still tracks changes until it is turned off by the administrator.
B. The ticket logger is turned off.
C. The ticket logger will prompt the user if they still want to continue tracking changes.
D. The ticket logger will display an error.
Correct Answer: B
Section: (none)
Explanation
QUESTION 73
A Service Provider is using VMware vCloud Director with VMware vCloud Networking and Security (VCNS) on
vSphere. Which two products will be impacted by the upgrade of VCNS to VMware NSX? (Choose two.)
A. ESXi hosts
B. NSX Controller Cluster
C. vShield Manager
D. vCenter Server
Correct Answer: AC
Section: (none)
Explanation
QUESTION 74
What are two requirements of the network infrastructure to the access layer? (Choose two)
A. IPv4 connectivity among ESXi hosts provided by a spine-leaf network design.

B. IPv4 connectivity among ESXi hosts.
C. Increased MTU if the virtual machines are using the default MTU size of 1500.
D. A Redundant, Layer 3, Top-of-Rack network design to provide high availability to ESX hosts.
Correct Answer: BC
Section: (none)
Explanation
QUESTION 75
Which tool is used to detect rogue services?
A. NSX Logical Firewall

B. NSX Logical Router
C. Activity Monitoring
D. Flow Monitoring
Correct Answer: D
Section: (none)
Explanation
QUESTION 76
Which two NSX Data Security roles could be assigned to view configured policies and violation reports?
(Choose two.)
A. Security Administrator
C. Auditor
D. Enterprise Administrator
Correct Answer: AC
Section: (none)
Explanation
QUESTION 77
When defining membership for a security group, which three identifiers can be used for dynamic inclusion?
(Choose three.)
A. VM folder
B. Computer OS Name
C. ESXi host
D. VM Name
E. Security Tag
Correct Answer: BDE

Section: (none)
Explanation
QUESTION 78
An administrator has implemented VMware NSX on a leaf-spine underlay. They have deployed the following in
the data center:
* Two racks for a management cluster that is not prepared for VMware NSX
* Six racks for compute clusters
* Two racks for an Edge cluster which holds a DLR control VM for bridging, and North/South Edge Service
Gateways
Which three of the following are true regarding the physical and logical networking of the environment?
(Choose three.)
A. At least one VXLAN segment spans across all the racks.

B. VXLAN segments span the compute and Edge racks.
C. At least one VLAN spans the compute racks.
D. At least one VLAN spans across the two management racks.
E. At least 2 VLANs span across the two Edge racks.
Correct Answer: BCD

Section: (none)
Explanation

642 Dump

Uploaded by

Copyright:

Available Formats

You might also like

642 Dump

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

642 Dump

Uploaded by

Copyright:

Available Formats

2V0-642.exam.

VMware Certified Professional 6 - Network Virtualization 6.2 Exam

A. Automatically trust IP assignments on their first use

A. Rules can be applied on the uplink interface only.

Correct Answer: ADE

Which load balancing engine should be deployed?

A. Automatically restart the peer router when BGP session is established.

A. security event queueing

A. Physical to virtual bridged networks.

What method can be used to allow access between the servers?

Correct Answer: BCE

Correct Answer: ACE

A. Enable Default Originate on edge-2 for OSPF.

A. MAC Address Changes

A. In each vCenter instance associated with the Cross-vCenter implementation.

Which additional step is required before the distributed firewall is functional?

A. Deploy the NSX Controller cluster

A. L2 Bridging physical to virtual

A. There can only be one instance of an L2 Bridge on a DLR.

Correct Answer: CDE

A. To quickly add a new rule.

Correct Answer: ACD

A. Distributed Firewall Rules

Correct Answer: CDE

A. VXLAN Port Configuration

Which tool will accomplish this?

A. SSH session into 192.168.100.3 on the ESG.

A. Two NSX Managers and two NSX Controllers

What is the packet flow when VM1 communicates to VM5?

Correct Answer: BDE

A. Directly on the NSX Manager

A. In the vSphere Web Client

A. Virtual Port Channel

A. Enable data collection on the NSX Controller.

What is the most probable cause?

A. The distributed firewall has a default rule set to deny all.

A. NSX Manager Logs

A. ESXi hosts reach the physical network through vmnics.

A. NSX Administrator role and Limit Access scope

A. show controller-cluster status

A. Route Based on Source MAC Hash

A. show service load balancer pool

A. In the IPFix collector's interface.

A. 1. Remove the NSX manager from Datacenter-1 and Datacenter-3.

A. Guest Introspection virtual machines must be joined to the domain

A. A universal distributed logical router must be created.

A. It helps address compliance and risk management requirements.

A. Apply the SNAT rule to the Internal Access interface.

Correct Answer: CDE

A. IPv4 connectivity among ESXi hosts provided by a spine-leaf network design.

A. NSX Logical Firewall

Correct Answer: BDE

A. At least one VXLAN segment spans across all the racks.

Correct Answer: BCD

You might also like