Which three of the following describe the Border Gateway Routing Protocol (BGP) configuration on a Tier-0 Gateway? (Choose three.)
Correct Answer:
ABE
It supports a 4-byte autonomous system number: BGP on a Tier-0 Gateway supports 4-byte AS (Autonomous System) numbers, which are necessary for larger routing domains. Can be used as an Exterior Gateway Protocol: BGP is commonly used as an Exterior Gateway Protocol to establish routing between different autonomous systems (AS).
BGP is enabled by default: On a Tier-0 Gateway, BGP is typically enabled by default, allowing administrators to configure it for external routing.
Which is an advantage of an L2 VPN in an NSX 4.x environment?
Correct Answer:
B
An L2 VPN (Layer 2 VPN) in an NSX 4.x environment allows you to extend a Layer 2 network across different sites or data centers. This enables the connected environments to share the same broadcast domain, meaning that broadcast traffic can be transmitted between sites as if they were on the same local network. This is particularly useful for scenarios where you need to maintain Layer 2 connectivity across geographically dispersed locations.
Where in the NSX UI would an administrator set the time attribute for a time-based Gateway Firewall rule?
Correct Answer:
D
According to the VMware documentation1, the clock icon appears on the firewall policy section that you want to have a time window. By clicking the clock icon, you can create or select a time window that applies to all the rules in that policy section. The other options are incorrect because they either do not exist or are not related to the time- based rule feature. There is no option to set a time-based rule in the rule itself, as it is a policy-level setting. There is also an option to set a time-based rule in the NSX UI, so it does not require using the command line interface. https://docs.vmware.com/en/VMware-NSX/4.1/administration/GUID-8572496E-A60E-48C3-A016-4A081AC80BE7.html
An architect receives a request to apply distributed firewall in a customer environment without making changes to the network and vSphere environment. The architect decides to use Distributed Firewall on VDS.
Which two of the following requirements must be met in the environment? (Choose two.)
Correct Answer:
BD
Distributed Firewall on VDS is a feature of NSX-T Data Center that allows users to install Distributed Security for vSphere Distributed Switch (VDS) without the need to deploy an
NSX Virtual Distributed Switch (N-VDS). This feature provides NSX security capabilities such as Distributed Firewall (DFW), Distributed IDS/IPS, Identity Firewall, L7 App ID, FQDN Filtering, NSX Intelligence, and NSX Malware Prevention. To enable this feature, the following requirements must be met in the environment:
✑ The NSX version must be 3.2 and later1. This is the minimum version that
supports Distributed Security for VDS.
✑ The VDS version must be 6.6.0 and later1. This is the minimum version that supports the NSX host preparation operation that activates the DFW with the default rule set to allow.
References:
✑ Overview of NSX IDS/IPS and NSX Malware Prevention
How is the RouterLink port created between a Tier-1 Gateway and Tier-0 Gateway?
Correct Answer:
D
The RouterLink port between a Tier-1 Gateway and a Tier-0 Gateway is automatically created when the Tier-1 Gateway is connected to the Tier-0 Gateway through the NSX UI. This link enables routing between the Tier-1 and Tier-0 gateways without the need for manual configuration of segments or logical switches.
