Latest [May 16, 2023] Real VMware 5V0-41.21 Exam Dumps Questions [Q17-Q37]

Share

Latest [May 16, 2023] Real VMware 5V0-41.21 Exam Dumps Questions

5V0-41.21 Dumps To Pass VMware NSX-T Data Center Security Skills 2023 Exam in One Day (Updated 72 Questions)

NEW QUESTION # 17
Refer to the exhibit.

Referencing the exhibit, what is the VMware recommended number of NSX Manager Nodes to additionally deploy to form an NSX-T Manager Cluster?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: C


NEW QUESTION # 18
Which two are used to define dynamic groups for an NSX Distributed Firewall? (Choose two.)

  • A. machine name
  • B. physical servers
  • C. tags
  • D. segment
  • E. segment's port

Answer: A,C

Explanation:
For further reading, see the VMware NSX-T Data Center Administration Guide (https://pubs.vmware.com/NSX-T-Data-Center/index.html#com.vmware.nsxt.admin.doc/GUID-BEDA8D9F-ACBC-42B1-B7F5-FEEF0E0D899C.html) for more information on configuring dynamic groups.


NEW QUESTION # 19
As part of an audit, an administrator is required to demonstrate that measures have been taken to prevent critical vulnerabilities from being exploited. Which Distributed IDS/IPS event filter can the administrator show as proof?

  • A. CVSS
  • B. Attack Type
  • C. Signature ID
  • D. CVE

Answer: C


NEW QUESTION # 20
Which two are the insertion points for North-South service insertion? (Choose two.)

  • A. Transport Node NIC
  • B. Guest VM vNIC
  • C. Partner Service VM
  • D. Uplink of tier-0 gateway
  • E. Uplink of tier-1 gateway

Answer: C,D


NEW QUESTION # 21
Which two criteria would an administrator use to filter firewall connection logs on NSX?

  • A. FIREWALL RULE TAG
  • B. FIREWALL-PKTLOG
  • C. FIREWALL SYSTEM
  • D. FIREWALL CONNECTION
  • E. FIREWALL MONITORING

Answer: A,D

Explanation:
An administrator can use the FIREWALL RULE TAG and FIREWALL CONNECTION criteria to filter the logs on NSX. The FIREWALL RULE TAG criteria allows the administrator to filter the logs based on the tag assigned to each rule, while the FIREWALL CONNECTION criteria allows the administrator to filter the logs based on the connection status (e.g. accepted or denied).
For more information on how to filter firewall connection logs on NSX, please refer to the NSX-T Data Center documentation: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/nsx-t-3.0-firewall/GUID-B6B835F2-B6F2-4468-8F8E-6F7B9B9D6E91.html


NEW QUESTION # 22
A Security Administrator needs to update their NSX Distributed IDS/IPS policy to detect new attacks with critical CVSS scoring that leads to credential theft from targeted systems.
Which actions should you take?

  • A. * Edit your Distributed IDS rule from Security > Distributed IDS/IPS > Rules
    * Filter on attack type and select Successful Credential Theft Detected
    * Update Mode to detect and prevent
    * Click on gear icon and change direction to OUT
  • B. * Create a new profile from Security > Distributed IDS > Profiles
    * Select Critical severity, filter on attack type and select Successful Credential Theft Detected
    * Check the profile is applied In Distributed IDS rules
    * Monitor Distributed IDS alerts to validate changes are applied
  • C. * Update Distributed IDS/IPS signature database
    * Edit your profile from Security > Distributed IDS > Profiles
    * Select Critical severity, filter on attack type and select Successful Credential Theft Detected
    * Check the profile is applied in Distributed IDS rules
  • D. * Edit your Distributed IDS rule from Security > Distributed IDS/IPS > Rules
    * Filter on attack type and select Successful Credential Theft Detected
    * Update Mode to detect and prevent
    * Click on gear icon and change direction to IN-OUT

Answer: C

Explanation:
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/nsxt_31_ids_ips/GUID-B2D6A7F6-


NEW QUESTION # 23
Which 3 CU commands ant required to configure remote logging on an ESXI host? (Choose three.)

  • A. esxcli systex syslog config set "loghost-udp://<log server IP>:<port>
  • B. esxcl; systex syslcg -sx firewall enable
  • C. esxcli network services restart --firewall
  • D. esxcli systex syslcg reload
  • E. esxcli network firewall ruleset set -r syslog -e true

Answer: A,D,E

Explanation:
The three CU commands required to configure remote logging on an ESXi host are esxcli syslog config set "loghost-udp://<log server IP>:<port>", esxcli network firewall ruleset set -r syslog -e true, and esxcli system syslog reload. The first command sets the remote log server IP address and port for the ESXi host, the second command enables the syslog ruleset, and the third command reloads the syslog configuration. This will ensure that all syslog messages generated by the ESXi host will be sent to the remote log server. Reference: [1] https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-CFE0E8FC-7C27-4F45-A037-CACCD8A1E9A2.html [2] https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-A2F2A3D2-076A-4FE6-


NEW QUESTION # 24
Which is an insertion point for East-West service insertion?

  • A. tier-1 gateway
  • B. Guest VM vNlC
  • C. transport node
  • D. Partner SVM

Answer: A


NEW QUESTION # 25
Refer to the exhibit.

An administrator is reviewing NSX Intelligence information as shown in the exhibit.
What does the red dashed line for the UDP:137 flow represent?

  • A. Allowed communication
  • B. Discovered communication
  • C. Unprotected communication
  • D. Blocked communication

Answer: D


NEW QUESTION # 26
A customer has deployed NSX Intelligence appliance with an incorrect IP address.
What should the customer do to correct the IP address?

  • A. Add a new network interface to the appliance and replace the old one.
  • B. Redeploy the appliance with the correct parameters.
  • C. In the CU, update intelligence manager node host-ip-addr.
  • D. Shutdown the appliance and change the vApp IP properties.

Answer: C

Explanation:
In the Cloud Director UI (CU), the customer should update the intelligence manager node's host-ip-addr parameter with the correct IP address. This can be done from the NSX Intelligence Settings page in the CU.
For more information on updating the IP address of the NSX Intelligence appliance, please refer to the NSX Intelligence documentation: https://docs.vmware.com/en/VMware-NSX-Intelligence/1.2/nsx-intelligence-1.2-administration-guide/GUID-9FA9D0E0-E8D6-4B2F-A1D3-3E8E3F9B9CC2.html


NEW QUESTION # 27
A security administrator has configured NSX Intelligence for discovery. They would like to get recommendations based on the changes in the scope of the input entities every hour.
What needs to be configured to achieve the requirement?

  • A. Toggle the monitoring option on.
  • B. Publish the recommendations.
  • C. Adjust the time range to 1 hour.
  • D. Start a new recommendation.

Answer: C

Explanation:
NSX Intelligence uses machine learning algorithms to analyze network traffic and provide recommendations for security and compliance. The administrator can configure the time range of the input entities to be analyzed, so that the recommendations are based on changes in the scope of the input entities over that period of time.
To achieve the requirement of getting recommendations based on the changes in the scope of the input entities every hour, the administrator needs to adjust the time range to 1 hour. This will ensure that the analysis and recommendations are based on the most recent hour of network traffic.
Reference:
VMware NSX Intelligence documentation https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/com.vmware.nsxt.intelligence.doc/GUID-F2F1D7E8-F6B2-4870-9E38-7C8D3D3F9B1E.html VMware NSX Intelligence Configuration documentation https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/com.vmware.nsxt.intelligence.config.doc/GUID-7F44F3D3-3A3C-4EBE-A5D5-F1E3E3F59A8B.html


NEW QUESTION # 28
A Security Administrator needs to update their NSX Distributed IDS/IPS policy to detect new attacks with critical CVSS scoring that leads to credential theft from targeted systems.
Which actions should you take?

  • A. * Create a new profile from Security > Distributed IDS > Profiles
    * Select Critical severity, filter on attack type and select Successful Credential Theft Detected
    * Check the profile is applied In Distributed IDS rules
    * Monitor Distributed IDS alerts to validate changes are applied
  • B. * Edit your Distributed IDS rule from Security > Distributed IDS/IPS > Rules
    * Filter on attack type and select Successful Credential Theft Detected
    * Update Mode to detect and prevent
    * Click on gear icon and change direction to OUT
  • C. * Edit your Distributed IDS rule from Security > Distributed IDS/IPS > Rules
    * Filter on attack type and select Successful Credential Theft Detected
    * Update Mode to detect and prevent
    * Click on gear icon and change direction to IN-OUT
  • D. * Update Distributed IDS/IPS signature database
    * Edit your profile from Security > Distributed IDS > Profiles
    * Select Critical severity, filter on attack type and select Successful Credential Theft Detected
    * Check the profile is applied in Distributed IDS rules

Answer: B


NEW QUESTION # 29
Which two are requirements for URL Analysis? (Choose two.)

  • A. A layer 7 gateway firewall rule must be configured on the tier-0 gateway uplink to capture DNS traffic.
  • B. The NSX Edge nodes require access to the Internet to download category and reputation definitions.
  • C. The ESXi hosts require access to the Internet to download category and reputation definitions.
  • D. A layer 7 gateway firewall rule must be configured on the tier-1 gateway uplink to capture DNS traffic,
  • E. The NSX Manager requires access to the Internet to download category and reputation definitions.

Answer: B,D

Explanation:
The NSX Edge nodes require access to the Internet to download category and reputation definitions, and a layer 7 gateway firewall rule must be configured on the tier-1 gateway uplink to capture DNS traffic. This will allow the URL Analysis service to analyze incoming DNS traffic and block malicious requests. For more information, please see this VMware Documentation article[1], which explains how to configure URL Analysis on NSX.
[1] https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/nsxt_31_url_analysis/GUID-46BC65F3-7A45-4A9F-B444-E4A1A7E0AC4A.html


NEW QUESTION # 30
Which two are true of the NSX Gateway Firewall? (Choose two.)

  • A. Security Groups can be used in Applied-To column.
  • B. NAT service can be configured in NSX Gateway Firewall policy.
  • C. Applied-To can be configured at Firewall Policy level.
  • D. Firewall rules in Pre Rule category are applied to all gateways.
  • E. Firewall rules in System category cannot be edited.

Answer: C,D


NEW QUESTION # 31
A security administrator is required to protect East-West virtual machine traffic with the NSX Distributed Firewall.What must be completed with the virtual machine's vNIC before applying the rules'

  • A. It is connected to the underlay.
  • B. It must be connected to a vSphere Standard Switch.
  • C. It is connected to an NSX managed segment.
  • D. It is connected to a transport zone.

Answer: C


NEW QUESTION # 32
An administrator is creating the first distributed firewall rules for a company's salts department. What is the first object that must be created in the distributed firewall'

  • A. firewall policy
  • B. firewall file
  • C. firewall service
  • D. firewall folder

Answer: A

Explanation:
The first object that must be created in the distributed firewall is a firewall policy. A firewall policy is a set of rules that define what traffic is allowed or blocked on a given network. When creating a policy, the administrator must specify the source and destination address and port, as well as the type of traffic that is allowed or blocked. The policy will then be applied to the distributed firewall, allowing it to enforce the rules specified in the policy. Reference: [1] https://docs.vmware.com/en/VMware-NSX-T/3.0/vmware-nsx-t-30-administration-guide/GUID-4CAF59C8-13F3-4F3E-B53E-D8F1E03FBE7B.html [2] https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/vmware-nsx-data-center-for-vsphere-distributed-firewall-deployment-guide.pdf


NEW QUESTION # 33
Refer to the exhibit.

An administrator is reviewing NSX Intelligence information as shown in the exhibit.
What does the red dashed line for the UDP:137 flow represent?

  • A. Allowed communication
  • B. Discovered communication
  • C. Unprotected communication
  • D. Blocked communication

Answer: D

Explanation:
The red dashed line for the UDP:137 flow in the NSX Intelligence information represents blocked communication. This indicates that the NSX Distributed Firewall has blocked the communication between the source and destination IP addresses on port 137.
For more information on NSX Intelligence and how to use it, please refer to the NSX-T Data Center documentation: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/nsx-t-3.0-intelligence/GUID-C2B2AF2E-A76A-46B8-A67A-42D7A9E924A9.html


NEW QUESTION # 34
Which three security objects are provided as an output in a recommendation session in NSX Intelligence?
(Choose three.)

  • A. distributed firewall rules
  • B. security groups
  • C. security service
  • D. gateway firewall rules
  • E. context profiles

Answer: B,C,E


NEW QUESTION # 35
What needs to be configured on each transport node prior to using NSX-T Data Center Distributed Firewall time-based rule publishing?

  • A. PAT
  • B. DNS
  • C. NTP
  • D. NAT

Answer: C

Explanation:
In order to use NSX-T Data Center Distributed Firewall time-based rule publishing, the NTP (Network Time Protocol) needs to be configured on each transport node. This ensures that the transport nodes have accurate time synchronization, which is required for time-based rule publishing. Additionally, DNS (Domain Name System) and PAT (Port Address Translation) may also need to be configured on each transport node, depending on the desired configuration. Reference: [1] https://docs.vmware.com/en/VMware-NSX-T/2.5/com.vmware.nsxt.admin.doc/GUID-E9F8D8AD-7AF1-4F09-B62C-6A17A6F39A6C.html [2] https://docs.vmware.com/en/VMware-NSX-T/2.4/com.vmware.nsxt.admin.doc/GUID-E9F8D8AD-7AF1-4F09-B62C-6A17A6F39A6C.html


NEW QUESTION # 36
Which three are required by URL Analysis? (Choose three.)

  • A. Layer 7 DNS firewall rule on NSX Edge cluster
  • B. Medium-sized edge node (or higher), or a physical form factor edge
  • C. OFW rule allowing traffic OUT to Internet
  • D. NSX Enterprise or higher license key
  • E. Tier-0 gateway
  • F. Tier-1 gateway

Answer: B,C,F


NEW QUESTION # 37
......

5V0-41.21 Exam Brain Dumps - Study Notes and Theory: https://www.fast2test.com/5V0-41.21-premium-file.html

Contact Us

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday

Support: Contact now 

日本語 Deutsch 繁体中文 한국어