VCAN610 VMware Certified Associate– Network Virtualization

Page 1   
Question 1

An administrator has deployed NSX within the vSphere environment, but is unable to
deploy an NSX Controller. What step must be taken to resolve the issue?

  • A. Register the third-party security service device or virtual appliance with NSX Manager
  • B. Deploy a distributed router and enable the High Availability option.
  • C. On the NSX Manager, select Enable multicast addressing and complete the configuration.
  • D. Define a data security group for all deployed virtual machine groups.

Answer : C

Question 2

A user needs to be given the ability to make configuration changes on a specific NSX Edge
device. What role and scope could be used to meet this requirement?

  • A. NSX Administrator role and Limit Access scope
  • B. Security Administrator role and Limit Access scope
  • C. NSX Administrator role and No restriction scope
  • D. Security Administrator role and No restriction scope

Answer : B

Question 3

Which tool is used to detect rogue services?

  • A. NSX Logical Firewall
  • B. NSX Logical Router
  • C. Activity Monitoring
  • D. Flow Monitoring

Answer : D

Question 4

You are tasked with designing a data center architecture that should maximize the use of
vMotion within your environment. You must use these VMware best practices:
✑ The network must utilize widely offered layer 2 switching and layer 3 switching
✑ Purchase of new equipment should be minimized
Which two network design architectures will provide the requirements for vMotion in your
data center? (Choose two.)

  • A. Utilize layer 3 switching from the access layer through the core.
  • B. Employ layer 2 multipathing using a standardized protocol.
  • C. Deploy a flat, traditional layer 2 switched network.
  • D. Deploy an overlay technology for the deployment of your virtual network.

Answer : A,D

Question 5

How does NSX simplify physical network design?

  • A. VLANs are moved into the virtual network for virtual machine traffic, eliminating the need to use PVLANs on the physical network.
  • B. Network administrators only need to configure routing on the physical network for virtual machine traffic since all other network functions are moved to the virtual network.
  • C. Transport zones are created in the virtual network for virtual machine traffic, removing the need to make changes to the physical network.
  • D. Virtual network integration can make changes to the physical network programmatically using REST API calls which automates network changes and increases agility.

Answer : C

Question 6

An administrator manages a TFTP server virtual machine that is connected to a Logical
Switch with a VNI of 7321. The TFTP server has been configured to use port 1069. An
NSX Edge Service Gateway is connected to VNI 7321 and has an uplink interface with
access to the physical network. Assume external users can reach the Service Gateway.
What should the administrator configure to ensure external connections to the TFTP server
are successful?

  • A. Create a DNAT rule with the original port of 69 and translated port of 1069.
  • B. Create a SNAT rule with the original port of 1069 and translated port of 69.
  • C. Create a SNAT rule with the original port of 69 and translated port of 1069.
  • D. Create a DNAT rule with the original port of 1069 and translated port of 69.

Answer : A

Question 7

-- Exhibit

-- Exhibit --
An NSX administrator is examining an error in the Event Console as shown:
Which condition would result in this error?

  • A. The configured MTU size on the physical network is too small.
  • B. The VTEP IP pool addresses are on the ESXi management network subnet.
  • C. VLANs are configured on the logical network.
  • D. A VXLAN segment ID pool is not configured.

Answer : B

Question 8

Which Layer 2 bridge is supported by the Distributed Router?

  • A. VCD-NI to VLAN bridge
  • B. VXLAN to PVLAN bridge
  • C. VCD-NI to PVLAN bridge
  • D. VXLAN to VLAN bridge

Answer : D

Question 9

What is the appropriate source from which to deploy the VMware NSX Manager

  • A. Open Virtualization Appliance (OVA) file
  • B. VMware Infrastructure Bundle (VIB) file
  • C. VMware vSphere Update Manager update baseline
  • D. MSI install package

Answer : A

Question 10

-- Exhibit

-- Exhibit --
An NSX administrator creates the NSX network in the exhibit:
What destination IP address will Host-A use when sending a VXLAN frame to Host-B?

  • A. The IP address of one of Host-B's new vmkernel ports created during host configuration.
  • B. The IP address of Host-B's management vmkernel port, which is also the VTEP IP address.
  • C. The IP address of Host-B's NSX Controller. The NSX Controller forwards the VXLAN frame to Host-B.
  • D. The IP address Host-B provided to Host-A during VXLAN tunnel setup negotiations.

Answer : A

Question 11

An administrator configures the IPSec VPN service on an NSX Edge instance, but the
negotiation fails. Examining the log file, the administrator notices the following message:
Which misconfiguration caused the error?

  • A. Pre-shared key (PSK) does not match
  • B. Diffie-Hellman (DH) Group does not match
  • C. Perfect Forward Secrecy (PFS) does not match
  • D. VPN tunnel address incorrect

Answer : A

Question 12

-- Exhibit

-- Exhibit --
The diagram displays various points where QoS configuration may be used.
Based on the diagram, which two statements correctly identify the appropriate QoS usage?
(Choose two.)

  • A. Location A should provide Trust DSCP.
  • B. Location A should provide either Trust DHCP or Set DSCP.
  • C. Location B should provide Trust DSCP and Trust COS.
  • D. Location B should provide Set DSCP and Set COS.

Answer : B,C

Question 13

A company hosts an internal website on multiple virtual machines attached to a Logical
Switch with VNI 7321. A Distributed Router serves as the virtual machines' default
When an user resolves the URL for the website, the internal DNS server responds with the
IP address of one of the virtual machine's IP addresses in a round robin fashion. This
approach results in some virtual machines having a much higher number of user sessions
than others.
The company wants to deploy a NSX Edge Service Load Balancer to improve on this
situation. Which distribution method can be configured on the NSX Edge Load Balancer to
meet the company's needs?

  • B. IP_HASH
  • D. URI

Answer : A

Question 14

-- Exhibit

-- Exhibit --
An administrator is deploying a distributed router and is adding an interface for a logical
switch, as shown in the following exhibit:
The administrator clicks on the Change link to specify the network to connect to. Selecting
the distributed portgroup, the administrator finds that no portgroups are listed. The
administrator verifies the desired portgroup exists in vCenter Server.
What condition would result in this behavior?

  • A. The MTU size is set to 1500
  • B. A subnet has not been configured
  • C. The interface name has an invalid character
  • D. The interface type is incorrect

Answer : D

Question 15

Which two Virtual Private Networks are supported by the NSX Edge Service Gateway?
(Choose two.)

  • A. Layer 2 VPN
  • B. GRE VPN
  • C. IPSec VPN
  • D. Layer 3 VPN

Answer : A,C

Page 1