VMware 3V0-41.22 Exam Dumps: Advanced Deploy VMware NSX-T Data Center 3.x, Exams of Educational Mathematics

Download VMware 3V0-41.22 Exam Dumps: Advanced Deploy VMware NSX-T Data Center 3.x and more Exams Educational Mathematics in PDF only on Docsity!

Exam : 3V0-41.

Title :

https://www.passcert.com/3V0-41.22.html

Advanced Deploy VMware

NSX-T Data Center 3.x

1.Task 1 You are asked to prepare a VMware NSX-T Data Center ESXi compute cluster Infrastructure. You will prepare two ESXi servers in a cluster for NSX-T overlay and VLAN use. All configuration should be done using the NSX UI.

• NOTE: The configuration details in this task may not be presented to you in the order in which you must complete them.
• Configure a new Transport Node profile and add one n-VDS switch. Ensure Uplink1and Uplink 2 of your configuration use vmnic2 and vmnic3 on the host. Complete the requested task. NOTE: Passwords are contained in the user_readme.txt. Configuration details may not be provided in the correct sequential order. Steps to complete this task must be completed in the proper order. Other tasks are dependent on the completion Of this task. You may want to move to other tasks/steps while waiting for configuration changes to be applied. This task should take approximately 20 minutes to complete. See the Explanation part of the Complete Solution and step by step instructions.

See the Explanation part of the Complete Solution and step by step instructions. Answer: To configure traffic replication to the monitoring software for your Tampa web overlay segments with bi-directional traffic, you need to follow these steps:

• Log in to the NSX Manager UI with admin credentials. The default URL is https://<nsx-manager-ip-address>.
• Navigate to Networking > Segments and select the Tampa web overlay segment that you want to replicate the traffic from. For example, select Web-01 segment that you created in Task 2.
• Click Port Mirroring > Set > Add Session and enter a name and an optional description for the port mirroring session. For example, enter Tampa-Web-Monitoring.
• In the Direction section, select Bi-directional as the direction from the drop-down menu. This will replicate both ingress and egress traffic from the source to the destination.
• In the Source section, click Set and select the VMs or logical ports that you want to use as the source of the traffic. For example, select Web-VM-01 and Web-VM-02 as the source VMs. Click Apply.
• In the Destination section, click Set and select Remote L3 SPAN as the destination type from the drop-down menu. This will allow you to replicate the traffic to a remote destination outside of the NSX-T environment.
• Enter the IP address of the destination device where you have installed the network monitoring software, such as 10.10.10.200.
• Select an existing service profile from the drop-down menu or create a new one by clicking New Service Profile. A service profile defines the encapsulation type and other parameters for the replicated traffic.
• Optionally, you can configure advanced settings such as TCP/IP stack, snap length, etc., for the port mirroring session.
• Click Save and then Close to create the port mirroring session. You have successfully configured traffic replication to the monitoring software for your Tampa web overlay segments with bi-directional traffic using NSX-T Manager UI. 3.Task 5 You are asked to configure a micro-segmentation policy for a new 3-tier web application that will be deployed to the production environment. You need to:

Notes: Passwords are contained in the user_readme.txt. Do not wait for configuration changes to be applied in this task as processing may take some time. The task steps are not dependent on one another. Subsequent tasks may require completion of this task. This task should take approximately 25 minutes to complete. See the Explanation part of the Complete Solution and step by step instructions. 4.Task 15 You have been asked to enable logging so that the global operations team can view inv Realize Log Insight that their Service Level Agreements are being met for all network traffic that is going in and out of the NSX environment. This NSX environment is an Active / Active two Data Center design utilizing N-VDS

server. Multiple facilities or message IDs can be specified as a comma delimited list, without spaces. set logging-server <hostname-or-ip-address [:port]> proto level [facility ] [messageid ] [serverca ] [clientca ] [certificate ] [key ] [structured-data <structured-data>]

• Validate logs are generated on each selected appliance by reviewing the "/var/log/syslog”. You can use thecatortailcommands to view the contents of the /var/log/syslog file on each appliance. For example, you can use the following command to view the last 10 lines of the sfo01w01en01 edge transport node:tail -n 10 /var/log/syslog. You should see log messages similar to this: 2023-04-06T12:34:56+00:00 sfo01w01en01 user.info nsx-edge[1234]: 2023-04-06T12:34:56Z nsx-edge[1234]: INFO: [nsx@6876 comp="nsx-edge" subcomp="nsx-edge" level="INFO" security="False"] Message from nsx-edge You have successfully enabled logging for the production NSX-T environment. 5.Task 11 upon testing the newly configured distributed firewall policy for the Boston application. it has been discovered that the Boston-Web virtual machines can be “pinged" via ICMP from the main console. Corporate policy does not allow pings to the Boston VMs. You need to:
• Troubleshoot ICMP traffic and make any necessary changes to the Boston application security policy. Complete the requested task. Notes: Passwords are contained in the user _readme.txt. This task is dependent on Task 5. See the Explanation part of the Complete Solution and step by step instructions. Answer: To troubleshoot ICMP traffic and make any necessary changes to the Boston application security policy, you need to follow these steps:
• Log in to the NSX Manager UI with admin credentials. The default URL is https://<nsx-manager-ip-address>.
• Navigate to Security > Distributed Firewall and select the firewall policy that applies to the Boston application. For example, select Boston-web-Application.
• Click Show IPSec Statistics and view the details of the firewall rule hits and logs. You can see which rules are matching the ICMP traffic and which actions are taken by the firewall.
• If you find that the ICMP traffic is allowed by a rule that is not intended for it, you can edit the rule and change the action to Drop or Reject. You can also modify the source, destination, or service criteria of the rule to make it more specific or exclude the ICMP traffic.
• If you find that the ICMP traffic is not matched by any rule, you can create a new rule and specify the action as Drop or Reject. You can also specify the source, destination, or service criteria of the rule to match only the ICMP traffic from the main console to the Boston web VMs.
• After making the changes, click Publish to apply the firewall policy.
• Verify that the ICMP traffic is blocked by pinging the Boston web VMs from the main console again.You should see a message saying “Request timed out” or “Destination unreachable”.