An administrator is deploying NSX Edge nodes on bare-metal servers to maximize throughput for north-south traffic. The servers have multiple physical NICs. To ensure high availability and optimal performance for BGP peering with the physical fabric, which uplink profile configuration is recommended for the fast path interfaces?
A virtual machine is unable to communicate with its default gateway, which is a Service Router (SR) component on a Tier-1 Gateway. A Traceflow from the VM's vNIC shows the packet being delivered to the destination host but dropped at the `firewall-out` stage. The Distributed Firewall is disabled for the segment the VM is connected to. What is the most likely cause of this issue?
A security architect is designing a micro-segmentation strategy for a three-tier application (Web, App, DB). The goal is to enforce a zero-trust model while simplifying rule management as the application scales. Which TWO of the following design choices best achieve this goal? (Select TWO)
A junior administrator needs to grant a user the ability to view all network configurations and firewall rules within NSX but prevent them from making any changes. Which built-in role should be assigned to this user?
A financial services company is modernizing its data center using VMware NSX 4.1. They have a requirement to offload network and security processing from host CPUs to improve application performance and increase security inspection throughput. The environment consists of a mix of new servers equipped with Data Processing Units (DPUs) and older servers without DPUs. All servers are part of the same vSphere cluster. The network team has created a single overlay transport zone for the entire cluster. The security team wants to apply consistent Distributed IDS/IPS policies across all workloads, regardless of the underlying server hardware. The primary goal is to maximize the benefits of the DPUs while maintaining operational consistency and security posture across the mixed-hardware environment. The current configuration uses the standard N-VDS on all hosts. The architects are concerned about how NSX will handle traffic between VMs on DPU-enabled hosts and VMs on non-DPU hosts within the same segment. They must ensure seamless communication and consistent policy enforcement. Which design approach should the architect recommend to meet all requirements?
During an NSX health check, an administrator notices high CPU utilization on the NSX Edge nodes that are handling a large volume of north-south traffic. To improve performance, they decide to enable the Enhanced Datapath mode. What is a key prerequisite for enabling this feature on an Edge VM?
An administrator is configuring a Tier-0 Gateway to connect to the physical network. They need to ensure that any routes learned from their eBGP peers are not advertised back to other eBGP peers. Which BGP feature, configured on the Tier-0, prevents this behavior by default?
A developer reports that a newly deployed web server VM cannot be reached from the internet. The administrator has verified the following: 1. The Tier-0 Gateway has a valid external interface with BGP peering established. 2. A DNAT rule is configured on the Tier-0 Gateway to translate a public IP to the web server's private IP. 3. A Gateway Firewall rule exists to allow HTTP/HTTPS traffic to the web server. 4. Traceflow from an external source fails. What is the most common misconfiguration that would cause this issue?
True or False: When designing an NSX environment with NSX Federation, it is a recommended best practice to stretch a Tier-1 Gateway across sites to provide a consistent default gateway for workloads, but to keep Tier-0 Gateways local to each site for optimized north-south routing.
An administrator is configuring NSX Guest Introspection (GI) for a partner agentless anti-virus solution. After deploying the Guest Introspection service virtual machine (SVM) on each host in the cluster, they notice that protection is not being applied to the workload VMs. What is the next critical configuration step within NSX that must be performed?