• Home
  • Blogs
  • Instant Download 5V0-41.21 Dumps Q&As Provide PDF&Test Engine [Q13-Q30]

Instant Download 5V0-41.21 Dumps Q&As Provide PDF&Test Engine [Q13-Q30]

Share

Instant Download 5V0-41.21 Dumps Q&As Provide PDF&Test Engine

Fast Exam Updates 5V0-41.21 dumps with PDF Test Engine Practice

NEW QUESTION # 13
An NSX administrator has been tasked with configuring a remote logging server (192.168.110.60) to send FW connections and packets logs to a remote logging server. The administrator is using this command syntax found in the NSX-T 3.1 documentation:

Which of the following commands does the administrator use to complete the configuration task?

  • A. set logging-server 192.168.110.60 proto udp level info facility syslog message!- monitor. Firewall
  • B. set logging-server 192.168.110.60 proto udp level info facility syslog message Id system, fabric
  • C. set logging-server 192.168.110.60 proto udp level info facility syslog message Id FIREWALL-PKTLOG
  • D. set logging-server 192.168.110.60 proto udp level info facility syslog message Id FIREWALL-CONNECTION

Answer: C

Explanation:
The administrator is using the command syntax found in the NSX-T 3.1 documentation to configure a remote logging server to send firewall connections and packets logs. In order to complete the configuration task, the administrator needs to use the correct options for the command.
The options used in the command are:
logging-server: This option specifies the IP address or hostname of the remote logging server. In this case, the IP address of the remote logging server is 192.168.110.60.
proto: This option specifies the protocol to be used to send the logs to the remote server. In this case, the protocol used is UDP.
level: This option specifies the level of logging to be sent to the remote server. In this case, the level of logging is "info" facility: This option specifies the facility to be used for syslog messages. In this case, the facility used is "syslog" message Id: This option specifies the message Id that will be used for the logs. In this case, the message Id used is "FIREWALL-PKTLOG" Reference:
VMware NSX-T Data Center documentation https://docs.vmware.com/en/VMware-NSX-T-Data-Center/index.html VMware NSX-T Data Center Logging documentation https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/com.vmware.nsxt.logging.doc/GUID-2B9E9F8D-6CA9-4A1E-B7B1-8B8C7F0C2B2E.html


NEW QUESTION # 14
Which are the four use cases for NSX Tags?

  • A. Accountability, Third-party sharing/context sharing. Security, and Logging
  • B. Accountability, Third-party sharing/context sharing, Security, and Troubleshooting (Traceability)
  • C. Manageability, Third-party sharing/context sharing. Security, and Logging
  • D. Manageability, Third-party sharing/context sharing, Security, and Troubleshooting (Traceability)

Answer: B


NEW QUESTION # 15
Information Security Management (ISM) describes a set of controls that organizations employ to protect which properties?

  • A. configuration. Integrity, and availability
  • B. confidentiality. Integrity, and accessibility
  • C. confidentiality, integrity, and availability
  • D. confidentiality, interoperability, and availability

Answer: C

Explanation:
Information Security Management (ISM) describes a set of controls that organizations employ to protect confidentiality, integrity, and availability. Confidentiality ensures that data is protected from unauthorized access or disclosure, integrity ensures that data is not modified without authorization, and availability ensures that data is accessible when it is needed. ISM is a crucial component of any organization's security strategy and is used to protect against threats such as data theft, data loss, and system outages. Reference: [1] https://searchsecurity.techtarget.com/definition/information-security-management [2] https://www.iso.org/standard/45170.html [3] https://www.bsigroup.com/en-GB/iso-27001-information-security/


NEW QUESTION # 16
At which OSI Layer do Next Generation Firewalls capable of analyzing application traffic operate?

  • A. Layer 7
  • B. Layer 3
  • C. Layer 4
  • D. Layer 2

Answer: A


NEW QUESTION # 17
Refer to the exhibit.

An administrator configured a firewall rule on their Edge Gateway to allow access to web servers.
What is missing in the Gateway Firewall policy to have the firewall rule applied?

  • A. Firewall rule needs to be published
  • B. Firewall rule needs to be enabled.
  • C. Firewall service needs to be enabled on gateway.
  • D. Firewall rule needs to be moved to Default category.

Answer: D


NEW QUESTION # 18
Which two are true of the NSX Gateway Firewall? (Choose two.)

  • A. Applied-To can be configured at Firewall Policy level.
  • B. Firewall rules in System category cannot be edited.
  • C. Security Groups can be used in Applied-To column.
  • D. NAT service can be configured in NSX Gateway Firewall policy.
  • E. Firewall rules in Pre Rule category are applied to all gateways.

Answer: A,E


NEW QUESTION # 19
Which two are requirements for URL Analysis? (Choose two.)

  • A. A layer 7 gateway firewall rule must be configured on the tier-1 gateway uplink to capture DNS traffic,
  • B. A layer 7 gateway firewall rule must be configured on the tier-0 gateway uplink to capture DNS traffic.
  • C. The NSX Manager requires access to the Internet to download category and reputation definitions.
  • D. The ESXi hosts require access to the Internet to download category and reputation definitions.
  • E. The NSX Edge nodes require access to the Internet to download category and reputation definitions.

Answer: A,E

Explanation:
The NSX Edge nodes require access to the Internet to download category and reputation definitions, and a layer 7 gateway firewall rule must be configured on the tier-1 gateway uplink to capture DNS traffic. This will allow the URL Analysis service to analyze incoming DNS traffic and block malicious requests. For more information, please see this VMware Documentation article[1], which explains how to configure URL Analysis on NSX.
[1] https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/nsxt_31_url_analysis/GUID-46BC65F3-7A45-4A9F-B444-E4A1A7E0AC4A.html


NEW QUESTION # 20
An administrator needs to send FW connections logs to a remote server.
Which sequence of commands does the administrator need to apply on their ESXi Host?
A)

B)

C)

D)

  • A. Option A
  • B. Option B
  • C. Option C
  • D. Option D

Answer: C


NEW QUESTION # 21
An administrator has configured a new firewall rule but needs to change the Applied-To parameter. Which two are valid options that the administrator can configure? (Choose two.)

  • A. profiles
  • B. groups
  • C. DFW
  • D. services
  • E. rule

Answer: A,C

Explanation:
For further reading, see the VMware NSX-T Data Center Administration Guide (https://pubs.vmware.com/NSX-T-Data-Center/index.html#com.vmware.nsxt.admin.doc/GUID-704E1B2F-1E43-4E7F-97F2-59BBF8F6C9F6.html) for more information on configuring firewall rules.


NEW QUESTION # 22
Which two criteria would an administrator use to filter firewall connection logs on NSX?

  • A. FIREWALL RULE TAG
  • B. FIREWALL MONITORING
  • C. FIREWALL-PKTLOG
  • D. FIREWALL SYSTEM
  • E. FIREWALL CONNECTION

Answer: A,E

Explanation:
An administrator can use the FIREWALL RULE TAG and FIREWALL CONNECTION criteria to filter the logs on NSX. The FIREWALL RULE TAG criteria allows the administrator to filter the logs based on the tag assigned to each rule, while the FIREWALL CONNECTION criteria allows the administrator to filter the logs based on the connection status (e.g. accepted or denied).
For more information on how to filter firewall connection logs on NSX, please refer to the NSX-T Data Center documentation: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/nsx-t-3.0-firewall/GUID-B6B835F2-B6F2-4468-8F8E-6F7B9B9D6E91.html


NEW QUESTION # 23
As part of an audit, an administrator is required to demonstrate that measures have been taken to prevent critical vulnerabilities from being exploited. Which Distributed IDS/IPS event filter can the administrator show as proof?

  • A. CVE
  • B. Attack Type
  • C. Signature ID
  • D. CVSS

Answer: C


NEW QUESTION # 24
An NSX administrator has been tasked with deploying a NSX Edge Virtual machine through an ISO image.
Which virtual network interface card (vNIC) type must be selected while creating the NSX Edge VM allow participation in overlay and VLAN transport zones?

  • A. VMXNET2
  • B. VMXNET3
  • C. e1000
  • D. Flexible

Answer: B


NEW QUESTION # 25
A security administrator has configured NSX Intelligence for discovery. They would like to get recommendations based on the changes in the scope of the input entities every hour.
What needs to be configured to achieve the requirement?

  • A. Toggle the monitoring option on.
  • B. Publish the recommendations.
  • C. Start a new recommendation.
  • D. Adjust the time range to 1 hour.

Answer: A


NEW QUESTION # 26
A Security Administrator needs to update their NSX Distributed IDS/IPS policy to detect new attacks with critical CVSS scoring that leads to credential theft from targeted systems.
Which actions should you take?

  • A. * Create a new profile from Security > Distributed IDS > Profiles
    * Select Critical severity, filter on attack type and select Successful Credential Theft Detected
    * Check the profile is applied In Distributed IDS rules
    * Monitor Distributed IDS alerts to validate changes are applied
  • B. * Edit your Distributed IDS rule from Security > Distributed IDS/IPS > Rules
    * Filter on attack type and select Successful Credential Theft Detected
    * Update Mode to detect and prevent
    * Click on gear icon and change direction to OUT
  • C. * Edit your Distributed IDS rule from Security > Distributed IDS/IPS > Rules
    * Filter on attack type and select Successful Credential Theft Detected
    * Update Mode to detect and prevent
    * Click on gear icon and change direction to IN-OUT
  • D. * Update Distributed IDS/IPS signature database
    * Edit your profile from Security > Distributed IDS > Profiles
    * Select Critical severity, filter on attack type and select Successful Credential Theft Detected
    * Check the profile is applied in Distributed IDS rules

Answer: B


NEW QUESTION # 27
What component in a transport node receives the firewall configuration from the central control plane?

  • A. nsx-ccp
  • B. nsx-appl-proxy
  • C. nsx-mpa
  • D. nsx-proxy

Answer: B


NEW QUESTION # 28
Which is the port number used by transport nodes to export firewall statistics to NSX Manager?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: B


NEW QUESTION # 29
A security administrator is verifying the health status of an NSX Service Instance.
Which two parameters must be functioning for the health status to show as Up? (Choose two.)

  • A. VMs must have virtual hardware version 9 or higher.
  • B. VMs must have at least one vNIC.
  • C. VMs must be available on the host.
  • D. VMs must not have existing endpoint protection rules.
  • E. VMs must be powered on.

Answer: A,C


NEW QUESTION # 30
......

Exam Valid Dumps with Instant Download Free Updates: https://ucertify.examprepaway.com/VMware/braindumps.5V0-41.21.ete.file.html

Related Blogs

more
VMware 5V0-41.21 Certification Practice Exam