PassLeader 2V0-642 Exam Dumps Collection with VCE and PDF (Question 21 – Question 40)

100% pass guarantee PassLeader 2V0-642 VCE and PDF dumps: https://www.passleader.com/2v0-642.html (285 Q&As)

P.S. Free & New 2V0-642 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpbVl3X1hXbUdteHc

QUESTION 21
Which two statements are true regarding Layer 2 VPNs? (Choose two.)

A.    Layer 2 VPNs are used to securely extend Ethernet segments over an untrusted medium.
B.    The NSX Edge Service Gateway can form a Layer 2 VPN with a standards-compliant physical appliance.
C.    The Distributed Router can form a Layer 2 VPN to another Distributed Router or NSX Edge Service Gateway.
D.    Layer 2 VPNs require the two VPN endpoints be in the same Layer 2 segment.

Answer: AB

QUESTION 22
A vSphere administrator wants to setup an NSX Edge Service Gateway to provide traveling employees secure access to company servers located in specific network segments within the corporate Data Center. The remote access solution must provide a method to authenticate the users. Which two methods can be used with the NSX Edge Service Gateway? (Choose two.)

A.    TACACS+
B.    MS-CHAP
C.    RSA Secure ID
D.    Active Directory

Answer: CD

QUESTION 23
A company has augmented its Data Center infrastructure by using vCloud Hybrid Service during peak hours. The company wants to extend their existing subnets into the cloud while workloads retain their existing IP addresses. The virtual machines in these subnets use an NSX Edge Gateway as their default gateway. Which solution should this company use?

A.    Layer 2 VPN
B.    MPLS VPN
C.    IPSec VPN
D.    SSL VPN

Answer: A

QUESTION 24
A vSphere administrator wants to setup an NSX Edge Service Gateway to provide traveling employees secure access to company servers located in specific network segments within the corporate Data Centers. The solution has to be as scalable as possible. Which Virtual Private Network solution will satisfy the administrator’s requirements?

A.    SSL VPN
B.    MPLS VPN
C.    Layer 2 VPN
D.    IPSec VPN

Answer: A

QUESTION 25
Which statement is true regarding an NSX Edge gateway device configured with a DNS Server?

A.    The NSX Edge will forward all DNS requests from virtual machines sent to it to the DNS Server.
B.    The NSX Edge configuration will override the DNS Server configured by the NSX Manager.
C.    The NSX Edge registers the DNS Server with the NSX Controller.
D.    The NSX Edge periodically synchronizes its DNS tables with the primary DNS Server.

Answer: A

QUESTION 26
An NSX Edge Service Gateway has two interfaces:
1. Internal interface named Internal Access
— IP address = 10.10.10.1
— Network mask = 255.255.255.0
2. Uplink interface named Physical Uplink
— IP address = 20.20.20.1
— Network mask = 255.255.255.0
A vSphere administrator wants to add a SNAT rule to allow traffic from the internal network segment to access external resources via the uplink interface. Which three steps should the vSphere administrator do to add the SNAT rule? (Choose three.)

A.    Apply the SNAT rule to the Internal Access interface.
B.    Select 10.10.10.1 as the translated source IP.
C.    Apply the SNAT rule on the Physical Uplink interface.
D.    Select 10.10.10.0/24 as the original subnet.
E.    Choose 20.20.20.2 as the translated source IP.

Answer: CDE

QUESTION 27
An administrator manages a TFTP server virtual machine that is connected to a Logical Switch with a VNI of 7321. The TFTP server has been configured to use port 1069. An NSX Edge Service Gateway is connected to VNI 7321 and has an uplink interface with access to the physical network. Assume external users can reach the Service Gateway. What should the administrator configure to ensure external connections to the TFTP server are successful?

A.    Create a DNAT rule with the original port of 69 and translated port of 1069.
B.    Create a SNAT rule with the original port of 1069 and translated port of 69.
C.    Create a SNAT rule with the original port of 69 and translated port of 1069.
D.    Create a DNAT rule with the original port of 1069 and translated port of 69.

Answer: A

QUESTION 28
Which two actions take place when an active NSX Edge instance fails? (Choose two.)

A.    Once the original NSX Edge instance is recovered, it preempts the other NSX Edge instance and takes over the active role.
B.    The standby NSX Edge instance becomes the active instance and requests routing updates from the routing neighbors.
C.    Once the original NSX Edge instance is recovered, the NSX Manager attempts to place it on a different host from the other NSX Edge instance.
D.    The standby NSX Edge instance becomes the active instance and retains any routing neighbor adjacencies.

Answer: CD

QUESTION 29
Which two statements are true regarding NSX High Availability? (Choose two.)

A.    NSX HA is configured as Active-Active.
B.    NSX HA is configured as Active-Standby.
C.    If an Active node fails, there is no service interruption during failover.
D.    If an Active node fails, there is a 15 second service interruption during failover.

Answer: BC

QUESTION 30
Where does the Distributed Logical Firewall enforce firewall rules?

A.    At the Virtual Machine’s virtual Network Interface Card (vNIC).
B.    At the Logical Switch virtual port that the Virtual Machine connects to.
C.    At the NSX Controller’s firewall kernel module.
D.    At the ESXi host vmnic used by the vSphere Distributed Switch.

Answer: A

QUESTION 31
How are Logical Firewall rules applied to affected virtual machines?

A.    They are pushed by the NSX Controllers into all the ESXi hosts in the same Transport Zone.
B.    They are pushed by the NSX Manager to the ESXi hosts running the source and/or destination virtual machines.
C.    They are pushed by the NSX Controllers to the ESXi hosts running the destination virtual machines.
D.    They are pushed by the NSX Manager to all the ESXi hosts in the NSX environment.

Answer: B

QUESTION 32
An administrator wishes to control traffic flow between two virtual machines. The virtual machines are in the same subnet, but are located on separate ESXi hosts. The administrator deploys an Edge Firewall to one of the hosts and verifies the default firewall rule is set to deny, but the two virtual machines can still communicate with each other. What task will correct this issue?

A.    Configure both ESXi host firewalls to deny traffic from the virtual machine on the other host.
B.    Deploy another Edge Firewall on the host running the second virtual machine.
C.    Remove any other firewall appliances that may exist on either of the ESXi hosts.
D.    Deploy a Distributed Firewall with firewall rules to prevent traffic between the virtual machines.

Answer: D

QUESTION 33
An administrator has deployed NSX in an environment containing a mix of vSphere 5 hosts. The implementation includes the Distributed Firewall Service, but the administrator finds that rules are not being applied to all affected virtual machines. What two conditions would cause this behavior? (Choose two.)

A.    Some hosts have not been prepared for NSX.
B.    Only ESXi 5.5 and later hosts can push the rules to the virtual machines.
C.    Only ESXi 5.1 and later hosts can push the rules to the virtual machines.
D.    Some hosts are blocking the port used for rule distribution.

Answer: AC

QUESTION 34
An administrator wants to perform Activity Monitoring on a large group of virtual machines in an NSX environment. How would this task be accomplished with minimal administrative effort?

A.    Create a PowerCLI script to enable virtual machine data collection on each virtual machine.
B.    Create a security group in Service Composer and add the virtual machines to the security group.
C.    Add the virtual machines to the pre-defined Activity Monitoring security group in Service Composer.
D.    Add the virtual machines to a VM folder in vCenter Server and enable data collection.

Answer: C

QUESTION 35
Which action is not an option for adding Virtual Machines to a Security Group?

A.    Adding Virtual Machines to a Security Group and nesting it within another Security Group.
B.    Defining Dynamic Membership in the Security Group.
C.    Adding Virtual Machines to a Security Policy and associating it with a Security Group.
D.    Selecting objects to include within a Security Group.

Answer: C

QUESTION 36
What is the most restrictive NSX role that can be used to create and publish security policies and install virtual appliances?

A.    Security Administrator
B.    NSX Administrator
C.    Auditor
D.    Enterprise Administrator

Answer: D

QUESTION 37
Which two NSX Data Security roles could be assigned to view configured policies and violation reports? (Choose two.)

A.    Security Administrator
B.    NSX Administrator
C.    Auditor
D.    Enterprise Administrator

Answer: AC

QUESTION 38
Which port is used for NSX REST API Requests?

A.    80
B.    443
C.    5480
D.    8443

Answer: B

QUESTION 39
Which component automates the consumption of third-party services and provides mapping to virtual machines using a logical policy?

A.    NSX Manager
B.    Cloud Management Platform (CMP)
C.    Service Composer
D.    NSX Data Security

Answer: C

QUESTION 40
An administrator enables the NSX Ticket Logger to track infrastructure changes. The administrator logs out for lunch, returns and logs back in to complete the task. What is the status of ticket logger when the administrator logs back in?

A.    The ticket logger still tracks changes until it is turned off by the administrator.
B.    The ticket logger is turned off.
C.    The ticket logger will prompt the user if they still want to continue tracking changes.
D.    The ticket logger will display an error.

Answer: B


100% valid 2V0-642 exam questions from PassLeader 2V0-642 dumps! Welcome to download the newest & 100% pass guarantee PassLeader 2V0-642 VCE and PDF dumps: https://www.passleader.com/2v0-642.html (285 Q&As)

P.S. Free & New 2V0-642 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpbVl3X1hXbUdteHc