Get Certified in VMware NSX-T Data Center Security with ITPrepare's 5V0-41.21 Exam Questions

Get Certified in VMware NSX-T Data Center Security with ITPrepare’s 5V0-41.21 Exam Questions

Eleanor2023-02-11T03:02:06+00:00

Are you looking to validate your understanding of network security concepts and administration of VMware’s NSX-T Data Center security solutions? Then the VMware NSX-T Data Center Security Skills badge is the perfect certification for you. ITPrepare makes the VMware NSX-T Data Center Security Skills exam preparation process easier for you with their 5V0-41.21 exam questions. These questions are valid, updated, and based on the real 5V0-41.21 exam, ensuring that you are fully prepared for the final VMware NSX-T Data Center 3.1 Security 5V0-41.21 exam. ITPrepare’s 5V0-41.21 Exam Questions are the key to your success in the VMware 5V0-41.21 exam.

Choose to check VMware 5V0-41.21 free demo questions first:

Page 1 of 2

1. An administrator has enabled the "logging" option on a specific firewall rule. The administrator does not see messages on the Logging Server related to this firewall rule.

What could be causing the issue?

The logging on the firewall policy needs to be enabled.

Firewall Rule Logging is only supported in Gateway Firewalls.

NSX Manager must have Firewall Logging enabled.

The logging server on the transport nodes is not configured.

2. 1.Which three are required by URL Analysis? (Choose three.)

NSX Enterprise or higher license key

Tier-1 gateway

Tier-0 gateway

OFW rule allowing traffic OUT to Internet

Medium-sized edge node (or higher), or a physical form factor edge

Layer 7 DNS firewall rule on NSX Edge cluster

3. When configuring members of a Security Group, which membership criteria art permitted?

Virtual Machine, Physical Machine, Cloud Native Service Instance, and IP Set

Segment Port, Segment, Virtual Machine, and IP Set

Virtual Interface, Segment, Cloud Native Service Instance, and IP Set.

Virtual Interface, Segment, Physical Machine, and IP Set

4. An administrator wants to use Distributed Intrusion Detection.

How is this implemented in an NSX-T Data Center?

As a distributed solution across multiple ESXi hosts.

As a distributed solution across multiple KVM hosts.

As a distributed solution across multiple NSX Managers.

As a distributed solution across multiple NSX Edge nodes.

5. A security administrator is required to protect East-West virtual machine traffic with the NSX Distributed Firewall.

What must be completed with the virtual machine's vNIC before applying the rules?

It is connected to the underlay.

It must be connected to a vSphere Standard Switch.

It is connected to an NSX managed segment.

It is connected to a transport zone.

6. Which three are required to configure a firewall rule on a getaway to allow traffic from the internal to web servers? (Choose three.)

Create a URL analysis profile for web hosting category.

Create a firewall rule in System category.

Enable Firewall Service for gateway.

Create a firewall policy in Local Gateway category.

Add a firewall rule in Local Gateway category.

Disable the firewall rule in Default category.

7. In a brownfield environment with NSX-T Data Center deployed and configured, a customer is interested in Endpoint Protection integrations.

What recommendation should be provided to the customer when it comes to their existing virtual machines?

Virtual machine must be protected by vSphere H

Virtual machine hardware should be version 10 or higher.

A minimum installation of VMware tools is required.

A custom install of VMware tools is required to select the drivers.

8. Which are two use-cases for the NSX Distributed Firewall'(Choose two.)

Zero-Trust with segmentation

Security Analytics

Lateral Movement of Attacks prevention

Software defined networking

Network Visualization

9. An NSX administrator is trying to find the dvfilter name of the sa-web-01 virtual machine to capture the sa-web-01 VM traffic.

What could be a reason the sa-web-01 VM dvfilter name is missing from the command output?

sa-web-01 VM has the no firewall rules configured.

ESXi host has 5SH disabled.

sa-web-01 is powered Off on ESXi host.

ESXi host has the firewall turned off.

10. A security administrator is verifying the health status of an NSX Service Instance.

Which two parameters must be functioning for the health status to show as Up? (Choose two.)

VMs must have at least one vNI

VMs must not have existing endpoint protection rules.

VMs must have virtual hardware version 9 or higher.

VMs must be available on the host.

VMs must be powered on.

Page 2 of 2

11. What is the default action of the Default Layer 3 distributed firewall rule?

Drop

Allow

Forward

Reject

12. Refer to the exhibit.

An administrator is reviewing NSX Intelligence information as shown in the exhibit.

What does the red dashed line for the UDP: 137 flow represent?

Discovered communication

Allowed communication

Blocked communication

Unprotected communication

13. An NSX administrator has been tasked with deploying a NSX Edge Virtual machine through an ISO image.

Which virtual network interface card (vNIC) type must be selected while creating the NSX Edge VM allow participation in overlay and VLAN transport zones?

e1000

VMXNET2

VMXNET3

Flexible

14. Which dot color indicates an on-going attack of medium severity in the IDS/IPS events tab of NSX-T Data Center?

blinking yellow dot

solid red dot

solid orange dot

blinking orange dot

15. What needs to be configured on each transport node prior to using NSX-T Data Center Distributed Firewall time-based rule publishing?

DNS

NTP

PAT

NAT

16. Which two statements are true about IDS/IPS signatures? (Choose two.)

Users can upload their own IDS signature definitions from the NSX U

IDS Signatures can be High Risk, Suspicious, Low Risk and Trustworthy.

Users can create their own IDS signature definitions from the NSX U

An IDS signature contains data used to identify known exploits and vulnerabilities.

An IDS signature contains a set of instructions that determine which traffic is analyzed.

17. How does N5X Distributed IDS/IPS keep up to date with signatures?

NSX Edge uses manually uploaded signatures by the security administrator.

NSX-T Data Center is using a cloud based database to download the IDS/IPS signatures.

NSX Manager has a local IDS/IPS signatures database that does not need to be updated.

NSX Distributed IDS/IPS signatures are retrieved from updates.vmware.com.

18. Which esxcli command lists the firewall configuration on ESXi hosts?

esxcli network firewall ruleset list

vsipioct1 getrules -filter <filter-name>

esxcli network firewall rules

vsipioct1 getrules -f <filter-name>

19. An organization is using VMware Identity Manager (vIDM) to authenticate NSX-T Data Center users Which two selections are prerequisites before configuring the service? (Choose two.)

Validate vIDM functionality

Assign a role to users

Time Synchronization

Configure vIDM Integration

Certificate Thumbprint from vIDM

20. An administrator wants to configure NSX-T Security Groups inside a distributed firewall rule.

Which menu item would the administrator select to configure the Security Groups?

System

Inventory

Security

Networking

Get Certified in VMware NSX-T Data Center Security with ITPrepare’s 5V0-41.21 Exam Questions