When a stateful service is enabled for the first lime on a Tier-0 Gateway, what happens on the NSX Edge node'
Correct Answer:A
The answer is A. SR is instantiated and automatically connected with DR.
SR stands for Service Router and DR stands for Distributed Router. They are components of the NSX Edge node that provide different functions1
The SR is responsible for providing stateful services such as NAT, firewall, load balancing, VPN, and DHCP. The DR is responsible for providing distributed routing and switching between logical segments and the physical network1
When a stateful service is enabled for the first time on a Tier-0 Gateway, the NSX Edge node automatically creates an SR instance and connects it with the existing DR instance. This allows the stateful service to be applied to the traffic that passes through the SR before reaching the DR2
According to the VMware NSX 4.x Professional Exam Guide, understanding the SR and DR components and their functions is one of the exam objectives3
To learn more about the SR and DR components and how they work on the NSX Edge node, you can refer to the following resources:
VMware NSX Documentation: NSX Edge Components 1
VMware NSX 4.x Professional: NSX Edge Architecture
VMware NSX 4.x Professional: NSX Edge Routing
Which troubleshooting step will resolve an error with code 1001 during the configuration of a time-based firewall rule?
Correct Answer:B
According to the web search results, error code 1001 is related to a time synchronization issue between the ESXi host and the NSX Manager. This can cause problems when configuring a time-based firewall rule, which requires the ESXi host and the NSX Manager to have the same time zone and NTP server settings . To resolve this error, you need to restart the NTP service on the ESXi host to synchronize the time with the NSX Manager. You can use the following command to restart the NTP service on the ESXi host:
/etc/init.d/ntpd restart
The other options are not valid solutions for this error. Reinstalling the NSX VIBs on the ESXi host will not fix the time synchronization issue. Changing the time zone on the ESXi host may cause more discrepancies with the NSX Manager. Reconfiguring the ESXi host with a local NTP server may not be compatible with the NSX Manager’s NTP server.
Which CLI command is used for packet capture on the ESXi Node?
Correct Answer:C
According to the VMware Knowledge Base, this CLI command is used for packet capture on the ESXi node. pktcap-uw stands for Packet Capture User World and is a tool that allows you to capture packets from various points in the network stack of an ESXi host. You can use this tool to troubleshoot network issues or analyze traffic flows.
The other options are either incorrect or not available for this task. tcpdump is not a valid CLI command for packet capture on the ESXi node, as it is a tool that runs on Linux systems, not on ESXi hosts. debug is not a valid CLI command for packet capture on the ESXi node, as it is a generic term that describes the process of finding and fixing errors, not a specific tool or command. set capture is not a valid CLI command for packet capture on the ESXi node, as it does not exist in the ESXi CLI.
An NSX administrator wants to create a Tler-0 Gateway to support equal cost multi-path (ECMP) routing. Which failover detection protocol must be used to meet this requirement?
Correct Answer:A
According to the VMware NSX 4.x Professional documents and tutorials, BFD is a failover detection protocol that provides fast and reliable detection of link failures between two routing devices. BFD can be used with ECMP routing to monitor the health of the ECMP paths and trigger a route change in case of a failure12. BFD is supported by both BGP and OSPF routing protocols in NSX-T3. BFD can also be configured with different timers to achieve different detection times3.
In which VPN type are the Virtual Tunnel interfaces (VTI) used?
Correct Answer:B
Route-based VPN is a VPN type that uses Virtual Tunnel interfaces (VTI) to establish IPSec tunnels between an NSX Edge node and remote sites2. A VTI is a logical interface that is assigned an IP address and is associated with a physical or virtual interface. The VTI acts as an end point of the IPSec tunnel and routes traffic between the NSX Edge node and the remote site2. Route & SSL based VPNs, Policy & Route based VPNs, and SSL-based VPN are not VPN types that use VTI. References: Virtual Private Network (VPN)
Which three security features are dependent on the NSX Application Platform? (Choose three.)
Correct Answer:ACF
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/nsx-application-platform/GUID-42EDE0AD-CD