Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. VMware
  5. 5V0-41.21

VMware 5V0-41.21 Exam
VMware NSX-T Data Center 3.1 Security (Page 6 )

Updated On: 1-Feb-2026
Page 3 of 15
PDF with 70 Questions

Which two statements are true about NSX Intelligence? (Choose two.)

  1. NSX Intelligence assists to build service insertion with Partner SVM.
  2. NSX Intelligence supports planning of distributed firewall rules and policy.
  3. NSX Intelligence can help to visualize network physical infrastructure.
  4. NSX Intelligence can be used in conjunction with vRealize Network Insight.
  5. NSX Intelligence supports planning of NSX-T Edge Firewall rules and policy.

Answer(s): A,E

Explanation:

The two statements that are true about NSX Intelligence are that it assists to build service insertion with Partner SVM and that it supports planning of NSX-T Edge Firewall rules and policy. NSX Intelligence can be used in conjunction with vRealize Network Insight to provide visibility and insights into the network, but it cannot be used to visualize the physical infrastructure. Additionally, while it can help to plan firewall rules and policy, it does not support planning of distributed firewall rules and policy.



An administrator wants to use Distributed Intrusion Detection. How is this implemented in an NSX-T Data Center?

  1. As a distributed solution across multiple ESXi hosts.
  2. As a distributed solution across multiple KVM hosts.
  3. As a distributed solution across multiple NSX Managers.
  4. As a distributed solution across multiple NSX Edge nodes.

Answer(s): D

Explanation:

An administrator can implement Distributed Intrusion Detection as a distributed solution across multiple NSX Edge nodes in an NSX-T Data Center. This allows for real-time monitoring of network traffic, as well as detection and prevention of malicious activity. Additionally, it can be used to identify, investigate, and respond to potential security threats.


Reference:

[1] https://docs.vmware.com/en/VMware-NSX-T/3.0/vmware-nsx-t-30-administration-guide/GUID- 1F8741C0-D1CD-4EA3-A2BB-
98CEF7F8D1DA.html [2] https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/t echpaper/vmware-nsx-data-center-for-vsphere-distributed-intrusion-detection-deployment- guide.pdf



Reference the CLI output.



What is the source IP address in the distributed firewall rule to accept HTTP traffic?

  1. 172.16.30.11
  2. 172.16.10.12
  3. 172.16.10.11
  4. 172.16.20.11

Answer(s): C



What component in a transport node receives the firewall configuration from the central control plane?

  1. nsx-ccp
  2. nsx-appl-proxy
  3. nsx-mpa
  4. nsx-proxy

Answer(s): C

Explanation:

The component in a transport node that receives the firewall configuration from the central control plane is the NSX-MPA (Management Plane Agent). The NSX-MPA runs on each transport node and is responsible for connecting to the NSX-T central control plane and receiving the configuration for the transport node. It is also responsible for pushing the configuration down to the other components on the transport node, such as the NSX-Proxy, NSX-Appl-Proxy, and NSX-CCP.


Reference:

[1] https://docs.vmware.com/en/VMware-NSX-T/3.0/vmware-nsx-t-30-administration-guide/GUID- 8C33F5B5-1B98-4A5F-B5B1-D70BE45F9FAD.html [2] https://docs.vmware.com/en/VMware-NSX- T/3.0/com.vmware.nsxt.install.doc/GUID-C129F7F0-E6F8-4A14-B2B0-9D6F3A7A3F62.



What needs to be configured on each transport node prior to using NSX-T Data Center Distributed Firewall time-based rule publishing?

  1. DNS
  2. NTP
  3. PAT
  4. NAT

Answer(s): B

Explanation:

In order to use NSX-T Data Center Distributed Firewall time-based rule publishing, the NTP (Network Time Protocol) needs to be configured on each transport node. This ensures that the transport nodes have accurate time synchronization, which is required for time-based rule publishing. Additionally, DNS (Domain Name System) and PAT (Port Address Translation) may also need to be configured on each transport node, depending on the desired configuration.


Reference:

[1] https://docs.vmware.com/en/VMware-NSX-T/2.5/com.vmware.nsxt.admin.doc/GUID-E9F8D8AD- 7AF1-4F09-B62C-6A17A6F39A6C.html [2] https://docs.vmware.com/en/VMware-NSX- T/2.4/com.vmware.nsxt.admin.doc/GUID-E9F8D8AD-7AF1-4F09-B62C-6A17A6F39A6C.html



Viewing page 6 of 15
Viewing questions 26 - 30 out of 70 questions



Post your Comments and Discuss VMware 5V0-41.21 exam prep with other Community members:

Join the 5V0-41.21 Discussion