Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
All Vendors
  2. Home
  3. Exams
  4. VMware
  5. 5V0-41.21

Free VMware 5V0-41.21 Exam Questions (page: 5)

Page 3 of 18
PDF with 70 Questions

In a brownfield environment with NSX-T Data Center deployed and configured, a customer is interested in Endpoint Protection integrations.
What recommendation should be provided to the customer when it comes to their existing virtual machines?

  1. Virtual machine must be protected by vSphere H
  2. Virtual machine hardware should be version 10 or higher.
  3. A minimum installation of VMware tools is required.
  4. A custom install of VMware tools is required to select the drivers.

Answer(s): D

Explanation:

Endpoint Protection (EPP) integrations with NSX-T Data Center typically involve installing a security agent on the virtual machines (VMs) in the environment. This agent communicates with the NSX-T Data Center platform to provide security features such as antivirus and intrusion detection. In order for the agent to work properly, it is important that the correct drivers are installed on the VMs. Typically, this is done by installing VMware tools on the VMs, which provides the necessary drivers. However, in a brownfield environment, the VMs may already have VMware tools installed and the drivers may not be the correct version for the agent to work properly. In this case, it is recommended to perform a custom install of VMware tools and select the drivers specifically for the agent.


Reference:

VMware NSX-T Data Center Endpoint Protection documentation https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/com.vmware.nsxt.epp.doc/GUID- C6F7F8C3-2F7B-4D5C-974F-F9C9E5BD5C5F.html
VMware Tools documentation https://docs.vmware.com/en/VMware- vSphere/7.0/com.vmware.vsphere.vm_admin.doc/GUID-D2F7D8C9-9D05-4F0F-A717- C4B4D4F4E4E4.html



Which two are true of the NSX Gateway Firewall? (Choose two.)

  1. Firewall rules in System category cannot be edited.
  2. Firewall rules in Pre Rule category are applied to all gateways.
  3. NAT service can be configured in NSX Gateway Firewall policy.
  4. Security Groups can be used in Applied-To column.
  5. Applied-To can be configured at Firewall Policy level.

Answer(s): B,D

Explanation:

NSX Gateway Firewall is a distributed firewall that provides security for east-west traffic within a virtual environment.
1. Firewall rules in Pre Rule category are applied to all gateways. This category contains system- defined rules that are always applied first to all gateways and cannot be modified. These rules include the default deny all rule and others that control basic connectivity.
2. Security Groups can be used in Applied-To column. Security groups allow you to group together VMs that have similar security requirements and then apply firewall policies to those groups. This way you can apply the same security rules to multiple VMs at once, instead of configuring the rules on each individual VM.


Reference:

VMware NSX-T Data Center documentation https://docs.vmware.com/en/VMware-NSX-T-Data- Center/index.html
VMware NSX-T Data Center Gateway Firewall documentation https://docs.vmware.com/en/VMware- NSX-T-Data-Center/3.1/com.vmware.nsxt.firewall.doc/GUID-4C5D5A5F-8FDF-4F2A-9C5A- 2C1903A3E5A5.html



At which two intervals are NSX-T IDS/IPS updates through VMware's cloud based internet service provided for threat signature files? (Choose two.)

  1. weekly periodic updates
  2. off-schedule for 0-day updates
  3. monthly periodic updates
  4. daily periodic updates
  5. bi-weekly periodic updates

Answer(s): B,D

Explanation:

The NSX-T IDS/IPS updates are provided through VMware's cloud-based internet service at two different intervals: daily periodic updates, and off-schedule for 0-day updates. Daily periodic updates are provided on a daily basis to ensure the latest threat signature files. Off-schedule updates are provided as needed when a 0-day threat is identified, allowing customers to have the most up-to- date protection from the latest threats.


Reference:

https://docs.vmware.com/en/VMware-NSX-T- Data-Center/3.1/nsxt_31_ids_ips/GUID-D0F3F66C-FF83-4B3C-B0A3- C12F19D7A8AD.html https://blogs.vmware.com/networkvirtualization/2020/02/nsx-t-ids-and-ips- threat-protection.html



Which two are the insertion points for North-South service insertion? (Choose two.)

  1. Partner Service VM
  2. Uplink of tier-1 gateway
  3. Transport Node NIC
  4. Guest VM vNIC
  5. Uplink of tier-0 gateway

Answer(s): D,E

Explanation:

The tier-0 gateway is the entry point of the NSX-T Data Center network, and it is where the North- South service insertion takes place. The uplink of the tier-0 gateway is the point of connection between the NSX-T Data Center network and the external network. The guest VM vNIC is the interface card inside the guest virtual machine, which is used to connect the guest VM to the NSX-T Data Center network. North-South services can be inserted at this point as well.


Reference:

https://docs.vmware.com/en/VMware-NSX-T-Data- Center/3.1/nsxt_31_admin_guide/GUID-A3A6C7E1-8F5E-4A17-9B79- A3D836E3A6D3.html https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/nsxt



Viewing page 5 of 18
Viewing questions 17 - 20 out of 70 questions



Post your Comments and Discuss VMware 5V0-41.21 exam prep with other Community members:

5V0-41.21 Exam Discussions & Posts