5V0-41.21試験問題集でPDF問題とテストエンジン
5V0-41.21問題集で必ず試験合格させる
VMware NSX-T Data Center 3.1 Security試験は、70問の多肢選択問題で構成されており、120分以内に完了する必要があります。この試験は英語と日本語で利用可能であり、オンラインまたはPearson VUEテストセンターで受験することができます。試験に合格するためには、候補者は100〜500のスケールで少なくとも300点を獲得する必要があります。
VMware 5V0-41.21試験は、VMware NSX-T Data Center 3.1セキュリティの専門知識を検証するための認定試験です。VMware NSX-T Data Centerは、仮想ネットワークの作成を可能にし、これらのネットワークを保護する包括的なセキュリティ機能を提供するネットワーク仮想化およびセキュリティプラットフォームです。この試験は、VMware NSX-T Data Center 3.1でセキュリティソリューションを構成、管理、トラブルシューティングするための候補者の知識とスキルをテストします。
質問 # 14
An NSX administrator is trying to find the dvfilter name of the sa-web-01 virtual machine to capture the sa-web-01 VM traffic. What could be a reason the sa-web-01 VM dvfilter name is missing from the command output?
- A. ESXi host has 5SH disabled.
- B. sa-web-01 VM has the no firewall rules configured.
- C. sa-web-01 is powered Off on ESXi host.
- D. ESXi host has the firewall turned off.
正解:C
解説:
The most likely reason the sa-web-01 VM dvfilter name is missing from the command output is that the sa-web-01 VM is powered off on the ESXi host. The dvfilter name is associated with the VM when it is powered on, and is removed when the VM is powered off. Therefore, if the VM is powered off, then the dvfilter name will not be visible in the command output. Other possible reasons could be that the ESXi host has the firewall turned off, the ESXi host has 5SH disabled, or that the sa-web-01 VM has no firewall rules configured. Reference: [1] https://kb.vmware.com/s/article/2143718 [2] https://docs.vmware.com/en/VMware-NSX-T/3.0/vmware-nsx-t-30-administration-guide/GUID-AC3CC8A3-B2DE-4A53-8F09-B8EEE3E3C7D1.html
質問 # 15
Which two are used to define dynamic groups for an NSX Distributed Firewall? (Choose two.)
- A. machine name
- B. physical servers
- C. segment's port
- D. segment
- E. tags
正解:A、E
解説:
For further reading, see the VMware NSX-T Data Center Administration Guide (https://pubs.vmware.com/NSX-T-Data-Center/index.html#com.vmware.nsxt.admin.doc/GUID-BEDA8D9F-ACBC-42B1-B7F5-FEEF0E0D899C.html) for more information on configuring dynamic groups.
質問 # 16
What is the default action of the Default Layer 3 distributed firewall rule?
- A. Drop
- B. Forward
- C. Allow
- D. Reject
正解:A
解説:
The Default Layer 3 distributed firewall rule is a system-defined rule in NSX-T Data Center that applies to all distributed firewall sections. By default, this rule is set to drop all traffic, meaning that any traffic that does not match a specific rule will be dropped.
For more information on the Default Layer 3 distributed firewall rule and how to configure it, please refer to the NSX-T Data Center documentation: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/nsx-t-3.0-firewall/GUID-B6B835F2-B6F2-4468-8F8E-6F7B9B9D6E91.html
質問 # 17
Which three are required by URL Analysis? (Choose three.)
- A. Medium-sized edge node (or higher), or a physical form factor edge
- B. NSX Enterprise or higher license key
- C. Tier-1 gateway
- D. OFW rule allowing traffic OUT to Internet
- E. Tier-0 gateway
- F. Layer 7 DNS firewall rule on NSX Edge cluster
正解:A、C、D
質問 # 18
What must an administrator deploy to provide Linux based VMs with antivirus protection?
- A. Antivirus Agent in NSX
- B. Antivirus Agent in vCenter
- C. Guest Customization Agent
- D. Guest Introspection Thin Agent
正解:D
解説:
NSX provides a feature called Guest Introspection that allows administrators to provide security services to virtual machines, including antivirus protection. One of the components of Guest Introspection is the Guest Introspection Thin Agent, which must be deployed to provide Linux-based VMs with antivirus protection. The Thin Agent is a lightweight agent that runs inside the guest operating system of virtual machines and communicates with the NSX Manager to provide security services.
Once the Guest Introspection Thin Agent is deployed, the administrator can configure the antivirus service to scan virtual machines for malware and take action on any threats that are detected.
Reference:
VMware NSX Guest Introspection documentation https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/com.vmware.nsxt.guest_introspection.doc/GUID-A86FBAF1-A8D9-4E12-8F3D-04B3D89B8F7E.html VMware NSX Guest Introspection Thin Agent documentation https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/com.vmware.nsxt.guest_introspection.doc/GUID-A86FBAF1-A8D9-4E12-8F3D-04B3D89B8F7E.html
質問 # 19
Which is the port number used by transport nodes to export firewall statistics to NSX Manager?
- A. 0
- B. 1
- C. 2
- D. 3
正解:D
質問 # 20
An administrator is creating the first distributed firewall rules for a company's salts department. What is the first object that must be created in the distributed firewall'
- A. firewall policy
- B. firewall folder
- C. firewall service
- D. firewall file
正解:B
質問 # 21
To which object can time based rules be applied?
- A. Gateway Firewall only
- B. DFW only
- C. DFW and Gateway Firewall both
- D. DFW or Gateway Firewall, but not both at the same time
正解:C
質問 # 22
Which three criteria help to determine the severity for a Distributed IDS/IPS? (Choose three.)
- A. The Common Vulnerability Scoring System score specified in the signature.
- B. The Distributed Intrusion Detection and Intrusion Prevention rules.
- C. The type-rating associated with the classification type.
- D. The severity specified in the signature itself
- E. The load balancer deployment type.
正解:A、C、D
解説:
For further reading, see the VMware NSX-T Data Center Administration Guide (https://pubs.vmware.com/NSX-T-Data-Center/index.html#com.vmware.nsxt.admin.doc/GUID-E6B25C6F-1F25-4B0F-B8AF-6B8C00F9C3A3.html) for more information on configuring the Distributed IDS/IPS.
質問 # 23
Which of the following describes the main concept of Zero-Trust Networks for network connected devices?
- A. Network connected devices should only be trusted if their identity and integrity can be verified continually.
- B. Network connected devices should only be trusted if they are issued by the organization.
- C. Network connected devices should only be trusted if the user can be successfully authenticated.
- D. Network connected devices should only be trusted if they are within the organizational boundary.
正解:A
解説:
Zero-Trust Networks is a security concept that assumes that all devices, users, and networks are untrusted until they can be verified. This means that all network-connected devices must be verified for their identity and integrity before they are granted access to resources. This is done continually, meaning that devices are verified every time they try to access a resource, rather than being trusted permanently.
1. Network connected devices should only be trusted if their identity and integrity can be verified continually. This is the main concept of Zero-Trust Networks, every device that wants to access the network should be authenticated and verified its identity and integrity.
Reference:
Zero Trust Networks, Forrester Research https://www.forrester.com/report/Zero+Trust+Networks/-/E-RES146810 Zero Trust Security: From Theory to Practice, NIST https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800
質問 # 24
Refer to the exhibit.
An administrator is reviewing NSX Intelligence information as shown in the exhibit.
What does the red dashed line for the UDP:137 flow represent?
- A. Allowed communication
- B. Unprotected communication
- C. Blocked communication
- D. Discovered communication
正解:C
解説:
The red dashed line for the UDP:137 flow in the NSX Intelligence information represents blocked communication. This indicates that the NSX Distributed Firewall has blocked the communication between the source and destination IP addresses on port 137.
For more information on NSX Intelligence and how to use it, please refer to the NSX-T Data Center documentation: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/nsx-t-3.0-intelligence/GUID-C2B2AF2E-A76A-46B8-A67A-42D7A9E924A9.html
質問 # 25
An NSX administrator has turned on logging for the distributed firewall rule. On an ESXi host, where will the logs be stored?
- A. /var/log/hostd.log
- B. /var/log/dfwpktlogs.log
- C. /var/log/esxupdate.log
- D. /var/log/vmkerntl.log
正解:B
解説:
The NSX administrator has enabled logging for the distributed firewall rule, and the logs are stored in the /var/log/dfwpktlogs.log file on the ESXi host. This log file stores the packet logs for the distributed firewall rules, and the logs can be used for auditing and troubleshooting the distributed firewall.
質問 # 26
A company's CTO has requested that all logging should be enabled for all NSX-T Data Center Distributed Firewall rules. What should be considered prior to executing this request?
- A. Logging can only be enabled for sections and not for single rules.
- B. Large amounts of log information will likely affect performance.
- C. Large amounts of log information can fill up the vSphere Server database.
- D. Once logging is enabled for all rules it cannot be disabled afterwards.
正解:C
質問 # 27
A security administrator is required to protect East-West virtual machine traffic with the NSX Distributed Firewall.What must be completed with the virtual machine's vNIC before applying the rules'
- A. It is connected to a transport zone.
- B. It is connected to the underlay.
- C. It is connected to an NSX managed segment.
- D. It must be connected to a vSphere Standard Switch.
正解:C
質問 # 28
When configuring members of a Security Group, which membership criteria art permitted?
- A. Virtual Interface, Segment, Physical Machine, and IP Set
- B. Virtual Interface, Segment, Cloud Native Service Instance, and IP Set.
- C. Segment Port, Segment, Virtual Machine, and IP Set
- D. Virtual Machine, Physical Machine, Cloud Native Service Instance, and IP Set
正解:D
解説:
When configuring members of a Security Group, the permitted membership criteria are Virtual Machine, Physical Machine, Cloud Native Service Instance, and IP Set.
For more information on configuring members of a Security Group, please refer to the NSX-T Data Center documentation: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/nsx-t-3.0-security/GUID-C0F9A9A7-9A1E-41D9-A237-FED7A6F20A0A.html
質問 # 29
An NSX administrator has been tasked with configuring a remote logging server (192.168.110.60) to send FW connections and packets logs to a remote logging server. The administrator is using this command syntax found in the NSX-T 3.1 documentation:
Which of the following commands does the administrator use to complete the configuration task?
- A. set logging-server 192.168.110.60 proto udp level info facility syslog message Id FIREWALL-CONNECTION
- B. set logging-server 192.168.110.60 proto udp level info facility syslog message Id FIREWALL-PKTLOG
- C. set logging-server 192.168.110.60 proto udp levelinfo facility syslog message Id system,fabric
- D. set logging-server 192.168.110.60 proto udp level info facility syslog message!-monitor. Firewall
正解:B
質問 # 30
An administrator needs to send FW connections logs to a remote server.
Which sequence of commands does the administrator need to apply on their ESXi Host?
A)
B)
C)
D)
- A. Option B
- B. Option C
- C. Option A
- D. Option D
正解:B
質問 # 31
A security administrator has configured NSX Intelligence for discovery. They would like to get recommendations based on the changes in the scope of the input entities every hour.
What needs to be configured to achieve the requirement?
- A. Adjust the time range to 1 hour.
- B. Toggle the monitoring option on.
- C. Start a new recommendation.
- D. Publish the recommendations.
正解:A
解説:
NSX Intelligence uses machine learning algorithms to analyze network traffic and provide recommendations for security and compliance. The administrator can configure the time range of the input entities to be analyzed, so that the recommendations are based on changes in the scope of the input entities over that period of time.
To achieve the requirement of getting recommendations based on the changes in the scope of the input entities every hour, the administrator needs to adjust the time range to 1 hour. This will ensure that the analysis and recommendations are based on the most recent hour of network traffic.
Reference:
VMware NSX Intelligence documentation https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/com.vmware.nsxt.intelligence.doc/GUID-F2F1D7E8-F6B2-4870-9E38-7C8D3D3F9B1E.html VMware NSX Intelligence Configuration documentation https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/com.vmware.nsxt.intelligence.config.doc/GUID-7F44F3D3-3A3C-4EBE-A5D5-F1E3E3F59A8B.html
質問 # 32
An administrator needs to configure their NSX-T logging to audit changes on firewall security policy. The administrator Is using the following command from NSX-T3.1 documentation :
Which Message ID from the following list will allow the administrator to track changes on firewall security rules?
- A. MONITOR
- B. SYSTEM
- C. FABRIC
- D. FIREWALL
正解:D
解説:
The message ID that will allow the administrator to track changes on firewall security rules is "FIREWALL". This message ID is part of the NSX-T3.1 documentation and will be used to log any changes made to the firewall security policy. This will allow the administrator to easily audit and track any changes made to the policy. Reference: [1] https://docs.vmware.com/en/VMware-NSX-T/3.1/nsx_31_logging_guide/GUID-ADEDE32F-0606-4C2F-81B2-71914EEDA11F.html [2] https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/nsx/vmware-nsx-data-center-logging-guide.pdf
質問 # 33
At which two intervals are NSX-T IDS/IPS updates through VMware's cloud based internet service provided for threat signature files? (Choose two.)
- A. weekly periodic updates
- B. monthly periodic updates
- C. bi-weekly periodic updates
- D. daily periodic updates
- E. off-schedule for 0-day updates
正解:D、E
解説:
The NSX-T IDS/IPS updates are provided through VMware's cloud-based internet service at two different intervals: daily periodic updates, and off-schedule for 0-day updates. Daily periodic updates are provided on a daily basis to ensure the latest threat signature files. Off-schedule updates are provided as needed when a 0-day threat is identified, allowing customers to have the most up-to-date protection from the latest threats. Reference: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/nsxt_31_ids_ips/GUID-D0F3F66C-FF83-4B3C-B0A3-C12F19D7A8AD.html https://blogs.vmware.com/networkvirtualization/2020/02/nsx-t-ids-and-ips-threat-protection.html
質問 # 34
A security administrator is verifying the health status of an NSX Service Instance.
Which two parameters must be functioning for the health status to show as Up? (Choose two.)
- A. VMs must have at least one vNIC.
- B. VMs must be available on the host.
- C. VMs must not have existing endpoint protection rules.
- D. VMs must be powered on.
- E. VMs must have virtual hardware version 9 or higher.
正解:B、E
質問 # 35
Which two are requirements for URL Analysis? (Choose two.)
- A. A layer 7 gateway firewall rule must be configured on the tier-1 gateway uplink to capture DNS traffic,
- B. The NSX Manager requires access to the Internet to download category and reputation definitions.
- C. The NSX Edge nodes require access to the Internet to download category and reputation definitions.
- D. A layer 7 gateway firewall rule must be configured on the tier-0 gateway uplink to capture DNS traffic.
- E. The ESXi hosts require access to the Internet to download category and reputation definitions.
正解:A、C
解説:
The NSX Edge nodes require access to the Internet to download category and reputation definitions, and a layer 7 gateway firewall rule must be configured on the tier-1 gateway uplink to capture DNS traffic. This will allow the URL Analysis service to analyze incoming DNS traffic and block malicious requests. For more information, please see this VMware Documentation article[1], which explains how to configure URL Analysis on NSX.
[1] https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/nsxt_31_url_analysis/GUID-46BC65F3-7A45-4A9F-B444-E4A1A7E0AC4A.html
質問 # 36
......
合格させるVMware 5V0-41.21試験最速合格にはFast2test:https://jp.fast2test.com/5V0-41.21-premium-file.html
5V0-41.21試験問題(更新されたのは2023年)100%リアル問題解答:https://drive.google.com/open?id=1MRRlZr5fhHegqRp8atkKTrcA1ijH5FI2