Microsoft
Amazon
CompTIA
Salesforce
Cisco®
SAP
PMI
ISC
ISACA
VMware
HP
Palo Alto Networks
EC-Council
LPI
Google
Fortinet
All Vendors
  2. Home
  3. Exam List
  4. VMware
  5. 5V0-41.21

VMware NSX-T Data Center 3.1 Security
5V0-41.21 Exam

Which esxcli command lists the firewall configuration on ESXi hosts?

  1. esxcli network firewall ruleset list
  2. vsipioct1 getrules -filter <filter-name>
  3. esxcli network firewall rules
  4. vsipioct1 getrules -f <filter-name>

Answer(s): A

Explanation:

This command allows you to display the current firewall ruleset configuration on an ESXi host. It will show the ruleset names, whether they are enabled or disabled, and the services and ports that the ruleset applies to.
For example, you can use the command "esxcli network firewall ruleset list" to list all the firewall rulesets on the host.
You can also use the command "esxcli network firewall ruleset rule list -r <ruleset_name>" to display detailed information of the specific ruleset, where <ruleset_name> is the name of the ruleset you want to display.
It's important to note that you need to have access to the ESXi host's command-line interface (CLI) and have appropriate permissions to run this command.
https://docs.vmware.com/en/VMware-
vSphere/6.7/com.vmware.vcli.ref.doc/esxcli_network_firewall_ruleset.html



Which three are required by URL Analysis? (Choose three.)

  1. NSX Enterprise or higher license key
  2. Tier-1 gateway
  3. Tier-0 gateway
  4. OFW rule allowing traffic OUT to Internet
  5. Medium-sized edge node (or higher), or a physical form factor edge
  6. Layer 7 DNS firewall rule on NSX Edge cluster

Answer(s): B,D,F

Explanation:

To use URL Analysis, you will need to have a Tier-1 gateway and a Layer 7 DNS firewall rule on the NSX Edge cluster. Additionally, you will need to configure an OFW rule allowing traffic OUT to the Internet. Lastly, a medium-sized edge node (or higher), or a physical form factor edge is also required as the URL Analysis service will run on the edge node. For more information, please see this VMware Documentation article[1], which explains how to configure URL Analysis on NSX. [1] https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/nsxt_31_url_analysis/GUID- 46BC65F3-7A45-4A9F-B444-E4A1A7E0AC4A.html



Which two are requirements for URL Analysis? (Choose two.)

  1. The ESXi hosts require access to the Internet to download category and reputation definitions.
  2. A layer 7 gateway firewall rule must be configured on the tier-0 gateway uplink to capture DNS traffic.
  3. A layer 7 gateway firewall rule must be configured on the tier-1 gateway uplink to capture DNS traffic,
  4. The NSX Edge nodes require access to the Internet to download category and reputation definitions.
  5. The NSX Manager requires access to the Internet to download category and reputation definitions.

Answer(s): C,D

Explanation:

The NSX Edge nodes require access to the Internet to download category and reputation definitions, and a layer 7 gateway firewall rule must be configured on the tier-1 gateway uplink to capture DNS traffic. This will allow the URL Analysis service to analyze incoming DNS traffic and block malicious requests. For more information, please see this VMware Documentation article[1], which explains how to configure URL Analysis on NSX.
[1] https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/nsxt_31_url_analysis/GUID- 46BC65F3-7A45-4A9F-B444-E4A1A7E0AC4A.html



Refer to the exhibit.



Referencing the exhibit, what is the VMware recommended number of NSX Manager Nodes to additionally deploy to form an NSX-T Manager Cluster?

  1. 4
  2. 3
  3. 2
  4. 5

Answer(s): B




Mick H.
I passed the CCIE Written exam 350-001 last Friday, Thanks very much for your study guide and your help.
- UNITED STATES
Upvote


Hagit
i ust wanted to thank you folks at braindumgalaxy.com for your assistance. I used your CCNP exams for practice and to identify my weak areas. Passed the CCNP recert on Tuesday without any big problems.
- Israel
Upvote


Cisco Engineer
I have found that your resources are probably the best on the market...and I work at Cisco.
- UNITED STATES
Upvote


Koshani
A well Good morning Dear braindumpgalaxy.com Team I wanna say that I passed the 000-888 yesterday and i am happy
- UNITED STATES
Upvote


Aized
I took the A+ hardware exam yesterday and thanks to your excellent and helping preparation material. I got a nice score.
- Pakistan
Upvote


Nazanin
I passed the exam with great distinction!
- CANADA
Upvote


Xiwan W
Great Price....Great Product. Keep up the good work!
- China
Upvote


Ashwin
So far your practice exams are extremely helpful. My test scores keep on going up every time I do them and I feel very confident now.
- India
Upvote


Mike M
The exams was excellent and helped me pass without any doubt.Very helpful! Thank you! I passed!
- UNITED ARAB EMIRATES
Upvote


Smart one
You guys rock. I just passed my 920-139 exam with 929 marks. Thanks for accurate & descriptive question bank.
- UK
Upvote

Read more ...