Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. VMware
  5. 5V0-41.21

VMware 5V0-41.21 Exam
VMware NSX-T Data Center 3.1 Security (Page 5 )

Updated On: 9-Feb-2026
Page 3 of 15
PDF with 70 Questions

Which two are true of the NSX Gateway Firewall? (Choose two.)

  1. Firewall rules in System category cannot be edited.
  2. Firewall rules in Pre Rule category are applied to all gateways.
  3. NAT service can be configured in NSX Gateway Firewall policy.
  4. Security Groups can be used in Applied-To column.
  5. Applied-To can be configured at Firewall Policy level.

Answer(s): B,D

Explanation:

NSX Gateway Firewall is a distributed firewall that provides security for east-west traffic within a virtual environment.
1. Firewall rules in Pre Rule category are applied to all gateways. This category contains system- defined rules that are always applied first to all gateways and cannot be modified. These rules include the default deny all rule and others that control basic connectivity.
2. Security Groups can be used in Applied-To column. Security groups allow you to group together VMs that have similar security requirements and then apply firewall policies to those groups. This way you can apply the same security rules to multiple VMs at once, instead of configuring the rules on each individual VM.


Reference:

VMware NSX-T Data Center documentation https://docs.vmware.com/en/VMware-NSX-T-Data- Center/index.html
VMware NSX-T Data Center Gateway Firewall documentation https://docs.vmware.com/en/VMware- NSX-T-Data-Center/3.1/com.vmware.nsxt.firewall.doc/GUID-4C5D5A5F-8FDF-4F2A-9C5A- 2C1903A3E5A5.html



At which two intervals are NSX-T IDS/IPS updates through VMware's cloud based internet service provided for threat signature files? (Choose two.)

  1. weekly periodic updates
  2. off-schedule for 0-day updates
  3. monthly periodic updates
  4. daily periodic updates
  5. bi-weekly periodic updates

Answer(s): B,D

Explanation:

The NSX-T IDS/IPS updates are provided through VMware's cloud-based internet service at two different intervals: daily periodic updates, and off-schedule for 0-day updates. Daily periodic updates are provided on a daily basis to ensure the latest threat signature files. Off-schedule updates are provided as needed when a 0-day threat is identified, allowing customers to have the most up-to- date protection from the latest threats.


Reference:

https://docs.vmware.com/en/VMware-NSX-T- Data-Center/3.1/nsxt_31_ids_ips/GUID-D0F3F66C-FF83-4B3C-B0A3- C12F19D7A8AD.html https://blogs.vmware.com/networkvirtualization/2020/02/nsx-t-ids-and-ips- threat-protection.html



Which two are the insertion points for North-South service insertion? (Choose two.)

  1. Partner Service VM
  2. Uplink of tier-1 gateway
  3. Transport Node NIC
  4. Guest VM vNIC
  5. Uplink of tier-0 gateway

Answer(s): D,E

Explanation:

The tier-0 gateway is the entry point of the NSX-T Data Center network, and it is where the North- South service insertion takes place. The uplink of the tier-0 gateway is the point of connection between the NSX-T Data Center network and the external network. The guest VM vNIC is the interface card inside the guest virtual machine, which is used to connect the guest VM to the NSX-T Data Center network. North-South services can be inserted at this point as well.


Reference:

https://docs.vmware.com/en/VMware-NSX-T-Data- Center/3.1/nsxt_31_admin_guide/GUID-A3A6C7E1-8F5E-4A17-9B79- A3D836E3A6D3.html https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/nsxt



Which are two use-cases for the NSX Distributed Firewall' (Choose two.)

  1. Zero-Trust with segmentation
  2. Security Analytics
  3. Lateral Movement of Attacks prevention
  4. Software defined networking
  5. Network Visualization

Answer(s): A,C

Explanation:

Zero-Trust with segmentation is a security strategy that uses micro-segmentation to protect a network from malicious actors. By breaking down the network into smaller segments, the NSX Distributed Firewall can create a zero-trust architecture which limits access to only users and devices that have been authorized. This reduces the risk of a malicious actor gaining access to sensitive data and systems.
Lateral Movement of Attacks prevention is another use-case for the NSX Distributed Firewall. Lateral movement of attacks are when an attacker is already inside the network and attempts to move laterally between systems. The NSX Distributed Firewall can help protect the network from these attacks by controlling the flow of traffic between systems and preventing unauthorized access.


Reference:

https://www.vmware.com/products/nsx/distributed- firewall.html https://searchsecurity.techtarget.com/definition/zero-trust-network



An administrator wants to configure NSX-T Security Groups inside a distributed firewall rule.
Which menu item would the administrator select to configure the Security Groups?

  1. System
  2. Inventory
  3. Security
  4. Networking

Answer(s): C

Explanation:

To configure NSX-T Security Groups inside a distributed firewall rule, the administrator would select the "Security" menu item in the NSX-T Manager user interface. Within the Security menu, the administrator would navigate to the "Groups" option, where they can create, edit, and manage security groups. These groups can then be used in the "Applied To" column when creating or editing firewall rules.
In the Security menu, administrator can also configure other security features such as firewall, micro- segmentation, intrusion detection and prevention, and endpoint protection.


Reference:

VMware NSX-T Data Center documentation https://docs.vmware.com/en/VMware-NSX-T-Data- Center/index.html
VMware NSX-T Data Center Security Groups documentation https://docs.vmware.com/en/VMware- NSX-T-Data-Center/3.1/com.vmware.nsxt.groups.doc/GUID-8C8DDC52-0B91-4E9F-8D8E- E1649D3C3BBD.html






Post your Comments and Discuss VMware 5V0-41.21 exam prep with other Community members:

Join the 5V0-41.21 Discussion