Which function is performed by the data plane?
- A . Log indexing
- B . Service engine lifecycle management
- C . Configuration backups
- D . Pool health monitoring
How would an operator replace the default certificate used by the Avi GUI with a trusted certificate?
- A . Generate a certificate of type Controller Certificate, then assign it to the management VS.
- B . Generate a certificate of type Controller Certificate, then update the Access Settings under Administration -> Settings.
- C . Avi can auto-generate a trusted certificate from the GUI and use it for the GUI access.
- D . The default certificate used by the Avi GUI is already trusted.
Which three techniques can an operator use to scale data plane performance? (Choose three.)
- A . BGP-based horizontal scaling of SES in an SE Group
- B . Native horizontal scaling of an individual SE
- C . Increase the maximum number of Virtual Services in an SE Group.
- D . Vertical scaling of an individual SE’s resources
- E . Native horizontal scaling of SES in an SE Group
- F . O OSPF-based horizontal scaling of SEs in an SE Group
An operator needs to configure a second Virtual Service that re-uses an existing VS IP on a separate service port.
How is this handled in the Create VS configuration?
- A . In the Basic Setup Wizard, create the second VS without Auto Allocate, and then type in the existing VS IP.
- B . In the Advanced Setup Wizard, create the second VS as a Child Virtual Service.
- C . In the Advanced Setup Wizard, create the second VS without Auto Allocate, and then type in the existing VS IP.
- D . In the Advanced Setup Wizard, create the second VS with a "Virtual Service for VIP Sharing":
Which method must be used by an Operator to create a new Virtual Service for multiple ports and network protocols?
- A . Create multiple Application Profiles for each required port.
- B . Create the Virtual Service using Basic Mode.
- C . Create the Virtual Service using Advanced Mode.
- D . Create the Virtual Service via the Service Engine CLI.
A virtual service is configured with an HTTP Security policy, Network Security policy, DataScript Response policy, and an HTTP Request policy.
In which order will these be evaluated?
- A . Network Security -> HTTP Security -> HTTP Request -> DataScript Response
- B . Network Security -> HTTP Request -> HTTP Security -> DataScript Response
- C . HTTP Security -> Network Security -> HTTP Request -> DataScript Response
- D . DataScript Response -> Network Security -> HTTP Request -> HTTP Security
An administrator has configured an existing Layer 7 Virtual Service terminating SSL/TLS with WAF enabled. The administrator needs to include support for SMTP on the same FQDN/Virtual Service IP.
Which is the correct configuration method?
- A . Create a second Virtual Service and IP for SMTP, and add a new record in DNS to handle SMTP separately.
- B . Add the SMTP listening ports with separate L4 Application Profile to the same L7 SSL/TLS VS, and use content switching to select SMTP Pool based on inbound port/protocol.
- C . Create a second Virtual Service that re-uses the same Virtual IP as the L7 SSL/TLS VS with separate listening ports, L4 Application Profile, and back-end SMTP pool.
- D . Add the SMTP listening ports with separate L4 Application Profile to the same L7 SSL/TLS VS, and disable destination port translation to the existing server pool.
What are two benefits of EC certificates over RSA certificates? (Choose two.)
- A . ECC provides similar strength as RSA but with much smaller keys.
- B . The certificates cost less money.
- C . Modern browsers no longer support RSA certificates.
- D . Processing for ECC is less CPU-intensive than for RSA.
- E . RSA certificates cannot be used in certain countries.
An operator configured a new content switch rule for HTTP Virtual Service and wants to check the logs on the Virtual Service level to verify that the rule was executed as expected. However, the request cannot be found in the logs.
Which action, if any, should the operator take so these logs can be seen?
- A . Enable non-significant logs on the Service Engine where Virtual Service is placed.
- B . Enable log headers option on the Virtual Service level.
- C . Enable non-significant logs on the Virtual Service level.
- D . No action will work because if the logs are not visible, it means there are no requests from the
client.
Which item can only be configured when the operator uses the Advanced Setup wizard?
- A . Auto Allocation of the VIP
- B . Service Port
- C . Pool Group
- D . IPv6 VIP
Which built-in application profile is a valid option for a Virtual Service?
- A . System-DTLS
- B . System-Fast-Path
- C . System-ICMP
- D . System-DNS
Which statement accurately describes Service Engine Groups?
- A . They can contain Service Engines with different High Availability modes.
- B . They can be shared across multiple clouds.
- C . They can be deleted only after all Service Engines within it are deleted.
- D . Service Engines can be a member of more than one Service Engine Group.
Where are logging messages related to the inspection of application traffic found when enabling the Web Application Firewall (WAF) on a Virtual Service?
- A . Logs tab of Virtual Service detail screen
- B . Security tab of the Virtual Service detail screen
- C . Analytics tab of Virtual Service detail screen
- D . Alerts tab of the Operations screen
The network operations center has reported dramatically fewer entries in the logs tab of a new Virtual Service after the first 30 minutes of operation.
What is the likely cause of the reduced log volume?
- A . Logs are being sent to syslog instead of the logs tab.
- B . The Service Engine has disabled logging due to high CPU load.
- C . Non-significant logs are not enabled.
- D . A widespread internet outage has occurred.
In which situation would using the Advanced Setup mode of the "Create Virtual Service" wizard be required?
- A . When creating HTTPS Virtual Service type
- B . When adding servers as part of the Virtual Service creation
- C . When specifying analytics settings
- D . When determining the application type
Which SE Group parameter affects the value of N for N+M HA?
- A . CPU Reserve
- B . VCPUs/Service Cores per SE
- C . Scale per Virtual Service
- D . Buffer Service Engines
An operator selects "Average Values" and "Past 30 Minutes" for statistics type and timeframe on the Analytics tab of a Virtual Service and notices the graph only provides a new data point every five minutes. The graph had been updating more frequently when the Virtual Service was first created.
What is the explanation for this behavior?
- A . The Real Time Metrics option has been disabled by another operator.
- B . The GUI Refresh Interval has been increased to five minutes.
- C . The statistics type should be set to "Current Values" rather than "Average Values."
- D . The timeframe should be set to "Real Time" rather than "Past 30 Minutes."
Which element of the End-to-End Timing graph identifies the average time taken for a web server to process a request, fetch content from a database, and generate the content?
- A . Server RTT
- B . Total Time
- C . App Response
- D . Data Transfer
What is one component that is required to create a Virtual Service?
- A . Pool
- B . Application Type or Profile
- C . Health Monitor
- D . Server
What is the maximum number of virtual network adapters that can be used on single Service Engine running in a vSphere environment?
- A . 4
- B . 10
- C . 1
- D . 16
The network team has noticed that a Virtual Service has been marked down, but the application team has validated that the web servers are working as expected.
What is the issue?
- A . The HTTP policy is configured to send a local response.
- B . The HTTP Redirect policy is associated with the Virtual Service, and its pool is marked down by health check.
- C . The Pool is configured with the wrong health monitor.
- D . The DataScript is attached to the Virtual Service without a default pool.
Which DNS application profile setting returns NOERROR responses for IPv6 AAAA queries when there is no AAAA record present for the FQDN?
- A . Change "Invalid DNS Query Processing" to drop
- B . Change "Number of IPs returned by DNS server" to 4
- C . Add an IPv6 domain name to "Valid Subdomains"
- D . Change "Invalid DNS Query Processing" to respond
Which approach CANNOT be used to redirect HTTP to HTTPS for a Virtual Service?
- A . Select the System-Secure-HTTP Application Profile
- B . Use a Network Security Policy
- C . Write a Datascript
- D . Use an HTTP Request Policy
Which Virtual Service policy object can be used to serve a static web page if a rule is matched?
- A . Network Security Policy
- B . HTTP Request Policy
- C . HTTP Response Policy
- D . Custom Error Page
Which statement regarding SNAT is NOT true?
- A . SNAT is enabled by default.
- B . SNAT limits a Virtual Service to a maximum of 64k concurrent connections.
- C . SNAT is required for connection multiplexing.
- D . SNAT is required for scaling a Virtual Service across Service Engines.
Which three options can be configured via the HTTP Application Profile? (Choose three.)
- A . X-Forwarded-For header
- B . PROXY Protocol
- C . HTTP cookie persistence
- D . Caching
- E . Rate limiting
- F . Web Application Firewall
Which statement is true for Avi to compress an HTTP response?
- A . Caching must be disabled.
- B . The Web Application Firewall must be disabled.
- C . Client round trip time must be greater than 100ms.
- D . Client’s Accept-Encoding header must be in the request.
The operator observes that the Health Score for a particular Virtual Service has a gray background and no numeric value.
What is the explanation for the state of this Health Score?
- A . The Service Engines on which the Virtual Service is placed have lost connection to the Controller.
- B . All of the servers in the Virtual Service’s configured Pools are down.
- C . The Virtual Service has been disabled.
- D . All Service Engines in the Service Engine Group are at maximum capacity, preventing the Virtual Service from being placed.
An operator suspects that the currently deployed Service Engines are undersized and is concerned about the impact of that situation. They are configured with 1 vCPU and 2 GB RAM.
Why is the operator concerned?
- A . Operator would be unable to login to NSX Load Balancer Admin console
- B . Additional Virtual Services could not be placed
- C . SSL throughput would be affected
- D . Client connections would be redirected to another pool
An application owner wants to ensure that traffic is only sent to a web server in the pool when its
connection to a back-end database is fully functional.
Which approach will ensure this goal?
- A . Create a DataScript that performs a database lookup to the back-end database.
- B . Configure an External Health Monitor that performs a database lookup to the back-end database.
- C . Create a Virtual Service with the back-end database server as pool member, and configure a TCP Health Monitor. Then, reconfigure the web servers to communicate with the database via this Virtual Service.
- D . Configure an HTTP Health Monitor to query a URI that returns a specific response if and only if a back-end database call is successful.