When deploying a Carbon Black Cloud Sensor using GPO, which option is a required setting?
- A . COMPANY_CODE
- B . LICENSE_CODE
- C . CONNECT_LIMIT
- D . AUTO_UPDATE
A
Explanation:
Reference: https://community.carbonblack.com/t5/Knowledge-Base/Endpoint-Standard-How-to-Deploy-Windows-Sensors-using-GPO/ta-p/33306
An administrator is updating NSX Distributed Firewall rules. The administrator did the Publish a few minutes ago and is now receiving calls about lost connections. The administrator has decided to roll-back the configuration.
Where can the administrator see past saved configurations to perform the rollback?
- A . Go to System > Distributed Firewall > Configurations > View
- B . Go to Security > Distributed Firewall > ACTIONS > Configurations – View
- C . Go to System > Distributed Firewall > Rolling back > View
- D . Go to Inventory > Distributed Firewall > ACTIONS > Configurations – View
An administrator has added a new ESXi host to a vCenter Server Cluster with NSX-T Data Center already working. The administrator installed NSX-T Data Center components in the new ESXi. When the administrator deploys a new VM in the host, connectivity tests good with ping, but SSH session traffic is erratic. The VDS and NSX-T Data Center configuration is the same as each ESXI in the Cluster, but only VMs in the new ESXI are having problems.
What should the administrator do to address the problem?
- A . Verify VLAN connection in each physical uplink.
- B . Verify MTU configuration in each physical uplink.
- C . Change VDS MTU to 1500 in each physical uplink.
- D . Change VDS MTU to 2000 in each physical uplink.
B
Explanation:
Reference: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/nsxt_30_install.pdf (144)
Which three statements are correct for Active Directory integration with Identity Firewalls (IDFW) in an NSX-T Data Center deployment? (Choose three.)
- A . The IDFW can be used on both physical and virtual servers as long as supported operating system is installed.
- B . The Thin Agent must be enabled in VMWare tools as it is not enabled by default.
- C . The IDFW can be used for Virtual Desktops (VDI) or Remote desktop sessions (RDSH support).
- D . Identity-based groups can be used as the source or destination in DFW rules.
- E . User identity information is provided by the NSX Guest Introspection Thin Agent.
C,D,E
Explanation:
Reference: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/administration/GUID-281FD887-8AB2-4D4D-841E-DF02065F3E97.html
In a Workspace ONE deployment, what two commands are available for a Windows policy when sending a command action as part of a compliance policy? (Choose two.)
- A . Device Wipe
- B . Enterprise Wipe
- C . Apply Baseline
- D . Apply Profile
- E . Request Device Checkin
When creating a policy in VMware Carbon Black Cloud, what impact does setting the Target Value to Low have?
- A . Alerts Severity scores are raised by 1.
- B . Alerts Severity scores are raised by 2.
- C . Alerts Severity scores are lowered by 1.
- D . Alerts Severity scores are lowered by 2.
D
Explanation:
Reference: https://docs.vmware.com/en/VMware-Carbon-Black-Cloud/services/carbon-black-cloud-user-guide.pdf (20)
Which two options are needed to configure NSX-T Data Center to access the Active Directory? (Choose two.)
- A . Domain Controller Name
- B . Distinguished Name
- C . username
- D . Port
- E . netBIOS name
B,E
Explanation:
Reference: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/administration/GUID-8B60D22B-3119-48F6-AEAE-AE27A9372189.html
Which is true about Time-Based Firewall Policy rules?
- A . Time-Based policy rules apply only to the NSX Distributed Firewall.
- B . Time-Based policy rules apply to the NSX Gateway and Distributed Firewall.
- C . Time-Based policy rules can only be used one time for NSX Gateway Firewall.
- D . Time-Based policy rules apply only to the NSX Gateway Firewall.
B
Explanation:
Reference: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/administration/GUID-8572496E-A60E-48C3-A016-4A081AC80BE7.html
Which is the name of the default policy that is applied to all applications in Workspace ONE Access?
- A . primary_policy
- B . default_policy
- C . default_access_policy_set
- D . default_application_policy
C
Explanation:
Reference: https://theidentityguy.ca/2021/02/25/workspace-one-access-best-practices-in-policy-management/
When designing NSX-T for high availability with Layer 2 adjacency, what is the recommended number of NSX Managers that should be deployed?
- A . 2 NSX Managers deployed using a load balancer
- B . 1 NSX Manager using vSphere for high availability
- C . 3 NSX Managers using a VIP address for Management
- D . 2 NSX Managers using a VIP address for Management
C
Explanation:
Reference: https://docs.vmware.com/en/VMware-Cloud-Foundation/4.3/vcf-management-domain-design/GUID-E8F4757B-8C4A-4CBB-BE93-E6969A8940D3.html
An organization is expanding NSX to deploy the NSX Distributed Firewall on an AWS VPC and Azure VNET.
Which statement is true concerning the expansion?
- A . The request is not possible because NSX works only in VMware environments.
- B . NSX can only manage native security components on AWS and Azure with agent based mode.
- C . NSX can only do an agent based mode on AWS and Azure.
- D . NSX can choose native security components on AWS and Azure or agent based mode.
B
Explanation:
Reference: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/administration/GUID-9522BEC9-E85E-41DC-8AF5-2652A647730F.html
Which two are features of a hybrid cloud model for networking and security when using NSX-T Data Center and VMware NSX Cloud? (Choose two.)
- A . NSX Data Center provides consistent logical networking and security across protected and recovery sites.
- B . NSX Data Center supports Layer 2 VPN between an NSX Edge and a Direct Connect Gateway.
- C . NSX Data Center and VMware NSX Cloud stretch Layer 2 domains between public clouds using the Geneve overlay.
- D . NSX Data Center supports secure, encrypted user access to private corporate applications (SSL VPN).
- E . NSX Data Center supports remote sites (IPsec VPN) with optional VPN gateways or hardware routers from other vendors.
A,E
Explanation:
Reference:
https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/nsx/vmware-nsx-datasheet.pdf
Where in the NSX UI does an administrator add an Active Directory Domain?
- A . Go to System > Configuration > Identity Firewall AD > ADD ACTIVE DIRECTORY
- B . Go to Inventory > Configuration > Identity Firewall AD > ADD ACTIVE DIRECTORY
- C . Go to Home > Configuration > Identity Firewall AD > ADD ACTIVE DIRECTORY
- D . Go to Security > Configuration > Identity Firewall AD > ADD ACTIVE DIRECTORY
A
Explanation:
Reference: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/administration/GUID-8B60D22B-3119-48F6-AEAE-AE27A9372189.html
When creating a new Identity Provider (IdP) in Workspace ONE Access, which two methods are used to identify users? (Choose two.)
- A . SAML Attribute
- B . NameID Element
- C . UserID Element
- D . User Attribute
- E . SAML Response
A,B
Explanation:
Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-Access/19.03/idm-administrator/GUID-0C459D5A-A0FF-4893-87A0-10ADDC4E1B8D.html
Refer to the exhibit.
What command was run on the NSX Edge node to pull this information?
- A . get tunnel-ID
- B . show vteps
- C . get vteps
- D . list vteps
C
Explanation:
Reference: https://vdc-download.vmware.com/vmwb-repository/dcr-public/c3fd9cef-6b2b-4772-93be-3fe60ce064a1/1f67b9e1-b111-4de7-9ea1-39931d28f560/NSX-T%20Command-Line%20Interface%20Reference.html#get%20vteps
In a Workspace ONE deployment, which three are valid pre-configured sources for creating a baseline with the Baseline Wizard? (Choose three.)
- A . GPO Connector
- B . Registry File Import
- C . Windows Security Baseline
- D . CIS Benchmarks
- E . Custom Baseline
C,D,E
Explanation:
Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/Windows_Desktop_Device_Management/GUID-uemWindeskUsingBaselines.html
Which three options are used to automate patch remediation based on CVEs for Windows devices using Workspace ONE Intelligence? (Choose three.)
- A . Use Workspace ONE UEM console to approve patches.
- B . Create Automated remediation based on Risk score.
- C . Create automated remediation based on CVE vulnerabilities.
- D . Identify vulnerable devices across the entire environment based on CVE information.
- E . Create a dashboard to track CVE remediation.
C,D,E
Explanation:
Reference: https://techzone.vmware.com/meeting-security-slas-through-intelligent-patch-automation-vmware-workspace-one-operational-tutorial#_1089620
A security administrator receives an error with code 1001 while configuring a time-based firewall rule on an ESXi host.
Which two actions can resolve the problem? (Choose two.)
- A . restarting the NSX firewall kernel module on the ESXi host
- B . restarting the NTP service on the ESXi host
- C . configuring the ESXi host with a remote NTP server
- D . configuring the ESXi host with a local NTP server
- E . reinstalling the NSX modules on the ESXi host
B,E
Explanation:
Reference: https://arabitnetwork.files.wordpress.com/2018/12/nsx_64_troubleshooting-update4.pdf
In a Workspace ONE environment, what is the maximum number of days a Windows Feature Update (Windows 10 1703 and above) can be deferred?
- A . 7
- B . 90
- C . 365
- D . 30
C
Explanation:
Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2011/Windows_Desktop_Device_Management/GUID-AWT-PROFILE-WAU-CONFIGWD.html#:~:text=The%20maximum%20number%20of%20days,defer%20up%20t o%20365%20days
Considering the NSX Manager Node, what is VMware’s recommended size for a typical production deployment?
- A . small appliance for deployments with up to 64 hosts
- B . medium appliance for deployments with up to 64 hosts
- C . medium appliance for deployments with up to 128 hosts
- D . small appliance for deployments with up to 32 hosts
B
Explanation:
Reference: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/installation/GUID-AECA2EE0-90FC-48C4-8EDB-66517ACFE415.html