VMware 3V0-643 Daily Practice Exam New 2021 Updated 23 Questions
Use Valid 3V0-643 Exam - Actual Exam Question & Answer
Objective 4.1 â Configure and Manage Logical Firewall Services:
- Create/configure Identity-based firewall (IDFW) for specific users/groups
- Configure Edge and Distributed Firewall rules according to a deployment plan
- Create/configure Firewall rule sections for specific departments
- Configure SpoofGuard policies to enhance security
- Filter firewall rules to narrow a scope
Objective 1.2 â Prepare Host Clusters for Network Virtualization:
- Configure VXLAN Transport parameters according to a deployment plan
- Prepare a cluster for NSX
- Configure the appropriate teaming policy for a given implementation
- Prepare vSphere Distributed Switching for NSX
- Add/Remove Hosts from cluster
NEW QUESTION 11
In the previous scenario, vCenter vcsa-b.corp.local was configured for NSX. Now the hosts must be prepared for NSX and the initial VXLAN configuration should be completed.
Requirements:
vCenter: vcsa-01b.corp.local
Credentials: [email protected] / VMware1!
Cluster: Compute Cluster 1B
ESXi Hosts: esx-01b.corp.local, esx-02b.corp.local
VTEP Information:
VMKNic Teaming Policy: Fail Over
VLAN: 0
MTU: 1600
IP Pools for VTEP:
* Name: Compute_1B_VTEP_Pool-New
* Gateway: 192.168.230.1
* Prefix Length: 24
* Static IP Pool: 192.168.230.51 - 192.168.230.60
* Segment ID Pool: 6001-7000 - HOL 1903-01 Page 26-36
* VXLAN Span: Compute Cluster 1B - HOL 1903-01 Page 26-36
* Transport Zone: Local-Transport-Zone-B-New - HOL 1903-01 Page 26-36
* Host must be prepared for NSX
* Use provided information to complete the initial VXLAN configuration.
* The underlying physical network does not support multicast.
* Ensure that requirements are met:
* Create the IP Pool as given:
* Do the Host preparation.
* Create a Local Transport Zone as given. - HOL 1903-01 Page 26-36
* Create the segment ID as given. - HOL 1903-01 Page 26-36
HOL LAB for Practice:
http://docs.hol.vmware.com/hol-isim/HOL-2019/hol-1903-01-nsxinstall-p2.htm and LAB - HOL 1903-01 Page 26-36 See the explanation part for complete solution.
Answer:
Explanation:
SOLUTION:
HOL 1903-01 Page 26-36
Login to vCenter b Web Client and from Networking and Security -> Installation -> select to SiteB NSX Manager -> Host Preparation and prepare the hosts as below:
Add Static Pool as per give details in the QUESTION
NEW QUESTION 12
Routing through TS-Edge-01 is not working. The service provider (SP) has confirmed their configuration is correct.
Requirements:
vCenter: vcsa01a.corp.local
Credential: [email protected] / VMware1!
Edge: TS-Edge-01
Credential: admin / VMware1!VMware1!
Problem Edge: TS-Edge01
Local IP Address: 192.168.100.202
SP provided configuration:
Area ID: 10
Type: Normal
Authentication: None
Ensure the OSPF session is established.
Ensure all learned OSPF routes appear.
Copy OSPF routing table information and output to file on ControlCenter Desktop named TS-Edge-01_OSPF.txt NOTE:
Do not use static route or configure Default Gateway on any Edge.
HOL LAB for Practice:
See the explanation part for complete solution.
Answer:
Explanation:
SOLUTION:
(1) select Home. select Network & Security. select NsX Edge. select Nsx Manager-a.
select TS-EDGE-01. select manage tab and select settings.
select interface. check ip address and mask of the vnic.
open putty. enter ip address 192.168.100.202.
enter command show ip route ospf. copy the ouput and save in a text file name TS-Edge-01.txt.
Copy and save OSPF route table in notepad.
NEW QUESTION 13
Provide automatic IP assignment for the servers on the DEV-DB-Tier-01-NEW segment.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Edge: Dev-Edge
Automatically allocate IP addreesses in the 172.16.30.100-149 range.
Lease time: 1 hour
Ensure hosts that receive an IP assignment will be able to reach the other Dev subnets.
The legacyhost-NEW with the MAC address 40:00:00:00:00:01 must always be assigned 172.16.30.99 Ensure other parameters match those of the dynamic allocation mechanism (Task1).
Enable logging with the highest level of detail for automatic IP allocations.
Ensure all requirements have been met.
NOTE:
Do not configure DHCP Relay agent on the Dev-DLR-NEW as this will be done by another administrator.
HOL LAB for Practice:
DHCP and other questions 7, 8, 9
See the explanation part for complete solution.
Answer:
Explanation:
SOLUTION:
Add Pool as per given details:
Add Pool as per given details:
NEW QUESTION 14
Management requires you to build a new logical topology for a new application that will include a hardware search appliance (HAS). The new application must contain a web tier and database tier on separate IP domains. Use the existing App01-DLR to complete the task.
Requirements:
vCenter: vcsa-01.corp.local
Credentials: [email protected] / VMware1!
vDS: vds-mgt-edge-a
Existing DLR Name: App01-DLR
New object prefix - App01
New object suffic - New
Create a new distributed port group for this task named vds-HSA-NEW.
The HAS must reside on the same IP subnet as the database.
The new application must contain a web tier and database tier on separate domains to be used at a future date.
Once deployed the HAS will be connected to a network with VLAN ID 500.
The proper physical switch ports for the uplinks have already been trunked to include VLAN 500.
VLANs configured in the compute racks are isolated to a single rack.
Any objects/items created must be named with a prefix of App01 and a suffix containing their function with NEW (for example: App01-Function-NEW) NOTE:
The hardware appliance and application virtual machines have not been deployed. Attempts to connectivity to the appliance will not succeed.
HOL LAB for Practice:
Bridging and other questions 7, 8, 9 and LAB - HOL-1925-02 Module 1
See the explanation part for complete solution.
Answer:
Explanation:
SOLUTION:
Step 1: From SiteA vCenter web client -> Networking -> Data Center SiteA -> create a new distribution port group named vds-HAS-NEW with VLAN ID 500 in vds-mgmt-edge.
Create LS on 192.168.110.15 = App01-WebTier-NEW
Create LS on 192.168.110.15 = App01-DBTier-NEW
NSX Edges -> App01-DLR
8) got NsX Edge and select App01-DLR. select Manage, select settings and click on + Sign (9) Enter interface name App01-Web-New, select type internal. select App01-Webtier-New LS Enter ip address 192.168.1.1/24. repeat the same steps for App01-DBtier-New but take ip addres
192.168.2.1 /24
Name: App01-Bridge-NEW
Logical Switch: App01-DBTier-NEW
Distributed Port Group: vds-HAS-NEW
(11) be sure under App01-DB-New the bridging is enable.
NEW QUESTION 15
Create a security policy for specific web-based applications.
Requirements:
vCenter: vcsa-01a.corp.local
NSX Manager: 192.168.110.15
Credentials: [email protected] . VMware1!
New Security Policy Name: Web-Policy-NEW
New Web Security Group Name: Secure-Web-NEW
New NSX Tag: web-security-NEW
New App Security Group Names: Secure-App-NEW
Create a new security policy to deny HTTP/HTTPS from App server to the Web Server.
Create a new Security Group for the Web servers to meet the following requirements:
Existing and future virtual machines that have in their name dev-web should be added.
Any VM with a NSX tag of web-security-NEW should be added to this policy.
Ensure virtual machine dev-web-04a has been then tagged.
Create a new security group for the App server that has virtual machine dev-app-01a added.
HOL LAB for Practice:
See the explanation part for complete solution.
Answer:
Explanation:
SOLUTION:
Requirements:
Create new Security Group = Secure-Web-NEW
In security tag put equal
Create new Security Policy as per given details:
Right Click -> Apply Policy ->
NEW QUESTION 16
You have been tasked with creating a new Layer 2 network toplogy for test and development systems which mirrors the existing production environment.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Transport Zone: Local-Transport-Zone-A
New Dev Segments:
Dev-Web-Tier-01-NEW
Dev-App-Tier-01-NEW
Dev-DB-Tier-01-NEW
Create Layer 2 network topology for the test and development systems.
NOTE:
The routing components will be addressed in subsequent scenarios.
HOL LAB for Practice:
See the explanation part for complete solution.
Answer:
Explanation:
SOLUTION:
Create 3 Logical Switches on NSX Manager A (192.168.110.15)
HOL 1903-01 Page 37-38
Dev-Web-Tier-01-NEW
Dev-App-Tier-01-NEW
Dev-DB-Tier-01-NEW
(3) Dont Forget to create a Dev-Transit Switch if its not there.
NEW QUESTION 17
The security team has requested that [email protected] have the ability to fully manage NSX Manager (192.168.210.15) for Site B.
Requirements:
vCenter: vcsa-01b.corp.local
Credentials: [email protected] / VMware1!
Ensure [email protected] has the ability to fully manage NSX Manager in SiteB.
NOTE:
You may have to log out of the web client and back in for 192.168.210.15 to show in web client.
HOL LAB for Practice:
See the explanation part for complete solution.
Answer:
Explanation:
SOLUTION:
NSX Manager in SiteB
[email protected]
go to Nsx manager - b. select Manage Vcenter registration. check if lookup service is configured if not configured it will the details.
lookup service ip = Nsx Manager - a IP Address
Lookup service port = 7444
Lookup service= https://192.168.110.15:7444/lookupservice/sdk
SSO administrator = [email protected]
password = VMware1!
click on ok. click on yes.
NOTE: it will show u connected. if not connected. logout and login again
NEW QUESTION 18
Build a multi-tier network capable of supporting application virtual machines deployed across multiple vCenter instances.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Resource Pools: Management and Edge Cluster 1A
The underlying physical network does not support multicast.
All new items created must have a prefix of "U" followed by their function name and a suffix of "New".
i.e. U-App-Tier-NEW.
Create a LS for HA management interface calle U-HA-VXLAN=NEW but do not enable HA on any of the edge devices deployed.
Deploy logical switches using separate subnets for the three tier application shared by both NSX Manager instances.
Deploy the required east-west routing component used across multiple vCenter instances for the multi-tier network.
Utilize a default gateway up to the Perimeter-Gateway02 (tenant router) from the east/west router.
Utilize a static route from the tenant router to reach the three tiers of the application.
Subnets for the tiers:
172.7.10.0/24 for the Web Tier.
172.17.20.1/24 for the App Tier.
172.17.30.0/24 for the Database Teir.
Use the first available IP address for the router on each of the tiers.
Subnet for the Transit VXLAN uplink from the application tier routing to the tenant router.
192.168.190.0/29
Uplink IP address of the application tier should be the first available IP address.
Downlink from the tenant router will use the second available IP addresses.
The password for new edge device(s) must be VMware1!VMware1!
Add all virtual machines with a prefix "universal-" to their respective segments.
Ensure all LIFs are reachable from ControlCenter.
HOL LAB for Practice:
See the explanation part for complete solution.
Answer:
Explanation:
SOLUTION:
universal transport zone
logical switches
U-HA-VXLAN-NEW
U-Transit-NEW
U-Web-Tier-NEW
U-App-Tier-New
U-DB-Tier-New
New DLR U-DLR-NEW
HA Interface - U-HA-VXLAN-NEW
Interface below
- U-Transit-NEW uplink 192.168.190.1
- U-Web-Tier-NEW internal 172.17.10.1
- U-App-Tier-NEW internal 172.17.20.1
- U-Db-Tier-NEW internal 172.17.30.1
Gateway
-U-Transit-NEW
Ip 192.168.190.2
PGW02 vnic4 U-Transit-NEW 192.168.190.2
Create 5 logical switches
U-Transit-NEW
U-Web-Tier-NEW
U-App-Tier-NEW
U-DB-Tier-NEW
Add VMs to relevant newly created Logical Switches.
No need
Create new Universal Logical (Distributed) Router:
U-DLR-NEW
U-Uplink-NEW(U-Transit-NEW)
Select U-Transit-NEW logical swicth here
Perimeter-Gateway-02
To-Universal-DLR
Select U-Transit-NEW
172.17.0.0/16
192.168.190.1
To-Universal-DLR
NEW QUESTION 19
Configure a solution that extends an IP subnet between two data centers. The solution must ensure secure communication between two data centers. A standalone Edge Appliance has already been deployed and preconfigured in Site-B on the Compute Cluster.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
HQ Site Information:
Edge: Preimeter-Gateway-01
Logical Segment: Extend-LS-01
Connected to: vds-mgt-a_Trunk_Network
VPN Server settings: 192.168.100.3
Use the system generated certificate.
Preconfigured Standalone Edge Appliance: NSX l2vpn
Edge: 192.168.200.5
L2VPN Server Information:
Name: Peer-Site-NEW
Trunk ID = 10
User ID = peeruser1
Password = VMware1!
Encryption = AES256-SHA
The solution must ensure secure communication between the data centers.
NOTE:
No virtual machines are attached to the Logical switch Application-Tier-01, so there is no need to test communication across the tunnel.
Ensure that L2VPN server statistics shows Tunnel status of UP.
HOL LAB for Practice:
L2VPN and other questions 7, 8, 9
See the explanation part for complete solution.
Answer:
Explanation:
SOLUTION:
Add new Logical Switch: "Application-Tier-01"
NSX Edges -> Perimeter-Gateway-01 -> Manage -> Settings -> Interfaces -> edit vNIC4
Name: Extend-LS-01
Type: Trunk
Connected To:
Distributed Portgroup: vds-mgmt-a_trunknetwork
Add Sub Interface:
L2VPN Settings:
( select VPN under manage and enable L2VPN. click publish changes..
Then below
In actual exam, encryption is = AES256-SHA
(8) go to Vcenter b select datacenter - b. select Nsxl2vpn Edge under datacenter B click on Action select Power and click on Power on.
(9) check after few minutes the VPN Status by clicking Show L2VPN Statistic.
be sure its up. select PGW01 select VPN under Manage select L2VPN enable and click on publish changes.
NEW QUESTION 20
......
Test Engine to Practice 3V0-643 Test Questions: https://torrentpdf.guidetorrent.com/3V0-643-dumps-questions.html