New 2021 Realistic 3V0-643 Dumps Test Engine Exam Questions in here [Q12-Q35]

New 2021 Realistic 3V0-643 Dumps Test Engine Exam Questions in here

Updated Official licence for 3V0-643 Certified by 3V0-643 Dumps PDF

Objective 1.3 â Configure and Manage Transport Zones

Create Transport Zones according to a deployment plan
Configure the control plane mode for a Transport Zone
Add clusters to Transport Zones
Remove clusters from Transport Zones

2. Create and Manage VMware NSX Virtual Networks

Objectives covered by this section:

Objective 2.2 â Configure and Manage Layer 2 Bridging:

Connect Layer 2 Bridging to the appropriate distributed virtual port group
Add Layer 2 Bridging

NEW QUESTION 12
In the previous scenario, vCenter vcsa-b.corp.local was configured for NSX. Now the hosts must be prepared for NSX and the initial VXLAN configuration should be completed.
Requirements:
vCenter: vcsa-01b.corp.local
Credentials: [email protected] / VMware1!
Cluster: Compute Cluster 1B
ESXi Hosts: esx-01b.corp.local, esx-02b.corp.local
VTEP Information:
VMKNic Teaming Policy: Fail Over
VLAN: 0
MTU: 1600
IP Pools for VTEP:
* Name: Compute_1B_VTEP_Pool-New
* Gateway: 192.168.230.1
* Prefix Length: 24
* Static IP Pool: 192.168.230.51 - 192.168.230.60
* Segment ID Pool: 6001-7000 - HOL 1903-01 Page 26-36
* VXLAN Span: Compute Cluster 1B - HOL 1903-01 Page 26-36
* Transport Zone: Local-Transport-Zone-B-New - HOL 1903-01 Page 26-36
* Host must be prepared for NSX
* Use provided information to complete the initial VXLAN configuration.
* The underlying physical network does not support multicast.
* Ensure that requirements are met:
* Create the IP Pool as given:
* Do the Host preparation.
* Create a Local Transport Zone as given. - HOL 1903-01 Page 26-36
* Create the segment ID as given. - HOL 1903-01 Page 26-36
HOL LAB for Practice:
http://docs.hol.vmware.com/hol-isim/HOL-2019/hol-1903-01-nsxinstall-p2.htm and LAB - HOL 1903-01 Page 26-36 See the explanation part for complete solution.

Answer:

Explanation:
SOLUTION:
HOL 1903-01 Page 26-36
Login to vCenter b Web Client and from Networking and Security -> Installation -> select to SiteB NSX Manager -> Host Preparation and prepare the hosts as below:

Add Static Pool as per give details in the QUESTION

NEW QUESTION 13
Create a security policy for specific web-based applications.
Requirements:
vCenter: vcsa-01a.corp.local
NSX Manager: 192.168.110.15
Credentials: [email protected] . VMware1!
New Security Policy Name: Web-Policy-NEW
New Web Security Group Name: Secure-Web-NEW
New NSX Tag: web-security-NEW
New App Security Group Names: Secure-App-NEW
Create a new security policy to deny HTTP/HTTPS from App server to the Web Server.
Create a new Security Group for the Web servers to meet the following requirements:
Existing and future virtual machines that have in their name dev-web should be added.
Any VM with a NSX tag of web-security-NEW should be added to this policy.
Ensure virtual machine dev-web-04a has been then tagged.
Create a new security group for the App server that has virtual machine dev-app-01a added.
HOL LAB for Practice:
See the explanation part for complete solution.

Answer:

Explanation:
SOLUTION:
Requirements:

Create new Security Group = Secure-Web-NEW

In security tag put equal

Create new Security Policy as per given details:

Right Click -> Apply Policy ->

NEW QUESTION 14
Provide cross vCenter security functionality for the Universal Web Multi-Tiered network application.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
New Section Name: Universal-Rules-New
Networks:
Web-Tier: 172.17.10.0/24
App-Tier: 172.17.20.0/24
DB-Tier: 172.17.30.0/24
Secure east/west network communication for each of the three tiers allowing only.
Firewall Rule section Name: Universal-Rules-NEW
Web Tier: any source address incoming on TCP port 80 and 443
Application Tier: access from the web tier on the incoming TCP port 8443 Database Tier: access from the application tier on the incoming TCP port 3306 Traffic that does not meet the above requirements should be blocked.
NOTE:
This rule must only affect the universal tiers.
HOL LAB for Practice:
See the explanation part for complete solution.

Answer:

Explanation:
SOLUTION:
Add new Section under Firewall.

Universal-Rules-NEW

Add rules:

Add another Rule:

Add another Rule:

Add Deny Rule:

Lower down the Deny rule to the end in this section:

NEW QUESTION 15
An NSX administrator has been troubleshooting a communication issue between Edge device TS-Comm-Edge-01 and the TS-Comm-DLR-01 logical router with no success and has reached out to you for further assistance. The following troubleshooting has already been performed.
Temporarily disabled the firewall between both devices.
Unsuccessful ping from TS-Comm-Edge-01 to TS-Comm-DLR-01
Unsuccessful ping from TS-Comm-DLR-01 to TS-Comm-Edge-01
Determine and resolve the communication issue between the two devices.
Requirements:
vCenter: vcsa01a.crop.local
Credentials: [email protected] / VMware1!
Troubleshooting Information:
Edge: TS-Comm-Edge-01 (192.168.33.1)
DLR: TS-Comm-DLR-01 (192.168.33.8)
Transit Network: TS-Comm-Transit
IP Subnet: 192.168.33.0/29
Ensure communication between both devices is successful.
NOTE:
IP addresses must remain unchanged.
HOL LAB for Practice:
See the explanation part for complete solution.

Answer:

Explanation:
SOLUTION:
Troubleshooting:
TS-Comm-Edge-01
Interfaces -> TS-Comm-Transit (change the subnet mask to 28)
Verification:
SSH to TS-Comm-Edge-01 (192.168.7.2) and ping 192.168.33.8

(2) select Ts-Comm-DLR-01 from Nsx Edge. select Manage tab. select Settings.
select interface. check the ip address and mask. and change the mask to /28.
click ok.
(3) select Manage Tab. select Routing. select global configuration. click edit.
select OSPF enter router ID 192.168.33.8 click ok. click on enable
click on publish changes.
(4) select OSPF. click edit. enable OSPF. Enter Protocol Address 192.168.33.7 enter forwarding address 192.168.33.8 (ip address of the vnic). click enable graceful restart. click ok.
(5) under area. click + Sign and add area 0. select type normal. select authentication none. click ok.
(6) under area to interface mapping. click on + sign. select interface uplink enter area 0. enter hello interval 10. dear interval 40. enter priority 128 enter cost 1. click ok. click publish changes.
(7) select TS-Comm-Edge-01. select manage select routing. select global configuration.
click edit under dynamic routing configuration.enter router id ts-comm 192.168.33.
click ok. click publish changes.
(8) select OSPF. click edit. enable OSPF. enable graceful restart. click ok.
select vnic transit. enter area 0. click on blue icon. change the subnet mastk to /28. click ok.
(9) select Firewall under manage Tab. click disable. click publish changes.
do the same steps for Ts-comm-DLR-01. and disable the firewall.

NEW QUESTION 16
In the Dev environment, you have the application and database servers on separate networks created previously. Configure inbound only network security to allow only Dev application servers access to Dev database servers using MYSQL service port.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Service Port: MYSQL
Networks: Dev-App-Tier-01-NEW and Dev-DB-Tier-01-NEW
Credentials for Dev VMs: root / VMware1!
This rule should be in its own "DB security-NEW" section.
Ensure inbound only network security allows Dev application servers access to Dev database servers.
This rule should not be prpogated to all NSX prepared clusters.
This rule should be created in a way that any new virtual machines on App and DB segments will be secured.
This rule should be created with the fewest rule(s) possible.
All other servers should be denied.
Ensure inbound security requirements are met.
HOL LAB for Practice:
See the explanation part for complete solution.

Answer:

Explanation:
SOLUTION:
Firewall -> add new Section:

Add new Rule under newly created Section:

Edit Rule Name:

Source = Dev-App-Tier-01-NEW (LS)

Destination = Dev-DB-Tier-01-NEW (LS)

Service = MySQL

Allow - In

Applied To: Logical Switch = Dev-DB-Tier-01-NEW

Add another rule = To Deny

Set destination: Logical Switch = Dev-DB-Tier-01-NEW

Bring to last the Deny rule:

NEW QUESTION 17
Build a multi-tier network capable of supporting application virtual machines deployed across multiple vCenter instances.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Resource Pools: Management and Edge Cluster 1A
The underlying physical network does not support multicast.
All new items created must have a prefix of "U" followed by their function name and a suffix of "New".
i.e. U-App-Tier-NEW.
Create a LS for HA management interface calle U-HA-VXLAN=NEW but do not enable HA on any of the edge devices deployed.
Deploy logical switches using separate subnets for the three tier application shared by both NSX Manager instances.
Deploy the required east-west routing component used across multiple vCenter instances for the multi-tier network.
Utilize a default gateway up to the Perimeter-Gateway02 (tenant router) from the east/west router.
Utilize a static route from the tenant router to reach the three tiers of the application.
Subnets for the tiers:
172.7.10.0/24 for the Web Tier.
172.17.20.1/24 for the App Tier.
172.17.30.0/24 for the Database Teir.
Use the first available IP address for the router on each of the tiers.
Subnet for the Transit VXLAN uplink from the application tier routing to the tenant router.
192.168.190.0/29
Uplink IP address of the application tier should be the first available IP address.
Downlink from the tenant router will use the second available IP addresses.
The password for new edge device(s) must be VMware1!VMware1!
Add all virtual machines with a prefix "universal-" to their respective segments.
Ensure all LIFs are reachable from ControlCenter.
HOL LAB for Practice:
See the explanation part for complete solution.

Answer:

Explanation:
SOLUTION:
universal transport zone
logical switches
U-HA-VXLAN-NEW
U-Transit-NEW
U-Web-Tier-NEW
U-App-Tier-New
U-DB-Tier-New
New DLR U-DLR-NEW
HA Interface - U-HA-VXLAN-NEW
Interface below
- U-Transit-NEW uplink 192.168.190.1
- U-Web-Tier-NEW internal 172.17.10.1
- U-App-Tier-NEW internal 172.17.20.1
- U-Db-Tier-NEW internal 172.17.30.1
Gateway
-U-Transit-NEW
Ip 192.168.190.2
PGW02 vnic4 U-Transit-NEW 192.168.190.2

Create 5 logical switches
U-Transit-NEW

U-Web-Tier-NEW

U-App-Tier-NEW

U-DB-Tier-NEW

Add VMs to relevant newly created Logical Switches.

No need

Create new Universal Logical (Distributed) Router:

U-DLR-NEW

U-Uplink-NEW(U-Transit-NEW)

Select U-Transit-NEW logical swicth here

Perimeter-Gateway-02

To-Universal-DLR

Select U-Transit-NEW

172.17.0.0/16
192.168.190.1
To-Universal-DLR

NEW QUESTION 18
Routing through TS-Edge-01 is not working. The service provider (SP) has confirmed their configuration is correct.
Requirements:
vCenter: vcsa01a.corp.local
Credential: [email protected] / VMware1!
Edge: TS-Edge-01
Credential: admin / VMware1!VMware1!
Problem Edge: TS-Edge01
Local IP Address: 192.168.100.202
SP provided configuration:
Area ID: 10
Type: Normal
Authentication: None
Ensure the OSPF session is established.
Ensure all learned OSPF routes appear.
Copy OSPF routing table information and output to file on ControlCenter Desktop named TS-Edge-01_OSPF.txt NOTE:
Do not use static route or configure Default Gateway on any Edge.
HOL LAB for Practice:
See the explanation part for complete solution.

Answer:

Explanation:
SOLUTION:
(1) select Home. select Network & Security. select NsX Edge. select Nsx Manager-a.
select TS-EDGE-01. select manage tab and select settings.
select interface. check ip address and mask of the vnic.

open putty. enter ip address 192.168.100.202.
enter command show ip route ospf. copy the ouput and save in a text file name TS-Edge-01.txt.

Copy and save OSPF route table in notepad.

NEW QUESTION 19
Provide automatic IP assignment for the servers on the DEV-DB-Tier-01-NEW segment.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Edge: Dev-Edge
Automatically allocate IP addreesses in the 172.16.30.100-149 range.
Lease time: 1 hour
Ensure hosts that receive an IP assignment will be able to reach the other Dev subnets.
The legacyhost-NEW with the MAC address 40:00:00:00:00:01 must always be assigned 172.16.30.99 Ensure other parameters match those of the dynamic allocation mechanism (Task1).
Enable logging with the highest level of detail for automatic IP allocations.
Ensure all requirements have been met.
NOTE:
Do not configure DHCP Relay agent on the Dev-DLR-NEW as this will be done by another administrator.
HOL LAB for Practice:
DHCP and other questions 7, 8, 9
See the explanation part for complete solution.

Answer:

Explanation:
SOLUTION:

Add Pool as per given details:

Add Pool as per given details:

NEW QUESTION 20
Complete the configuration of Dev-Edge to allow north-south routing connectivity for the new Dev-segment.
Workloads will have overlapping IP addressing with production workloads. The developers will RDP into a jump host server (Dev-Jumphost) on the Dev-Web segment. An RDP shortcut named To Dev-JumpHost.rdp has been created on the ControlCenter Desktop.
The following has been preconfigured on Dev-Edge:
The uplink interface on the Dev-Edge has been pre-configured to communicate the upstream Gateways and attached to Dev-to-PGs-Transit.
Dev-DLR-NEW and Dev-Edge interfaces have been preconfigured to communicate with each other.
ECMP has been disabled.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Dev-Jumphost information:
Credentials: administrator / VMware1!
Internal IP of Dev-Jumphost: 172.16.10.100
External IP of Dev-Jumphost: 192.168.5.100
Connection Information:
Dev-Edge-Uplink IP: 192.168.5.3/24
Dev-Edge-Internal IP : 192.168.6.6/30
Preimeter-Gateway-01-Internal IP: 192.168.5.1/24
Preimeter-Gateway-02-Internal IP: 192.168.5.2/24
Logical switch: Dev-to-PGs-Transit
ECMP: Enabled.
BGP AS: 65001
Credentials for all Edge Devices: admin / VMware1!VMware1!
The networking team requires BGP as a routing protocol with an AS of 65001 for North-bound access for the Dev-environment.
Use the fewest number of static routes and utilize network prefixes to ensure accessibility to the Dev-Web-Tier-01-NEW within the Dev-environment.
Ensure Dev-Jumphost is on Dev-Web-Tier-01-NEW.
Ensure the ability to RDP into the Dev-Jumphost server from the production network (ControlCenter).
HOL LAB for Practice:
module, it will be use full for other question like 20 and 22
See the explanation part for complete solution.

Answer:

Explanation:
SOLUTION:

Static Routes on Dev-Edge:
Network:172.16.0.0/16
Next Hop:192.168.6.5
Interface:Dev-Transit

Uplink
192.168.5.100
Tcp
3389
172.16.10.100
3389

(1) Go to Vcenter-a. select network & Security. select NsX Edge.
(2) check the PGW01 configuration if everything is ok no need to do any changes specially ip address and routing. if not than select PGW01. select Manage. select routing select global configuration and enable routing. click publish changes.
be sure ECMP is enabled.
select BGP Configuration. click edit. select enable BGP, select Enable Graceful restart (select enable Default originate). enter AS 65001 click ok click publish changes

SSH to both Perimeter Routers and verify BGP neighborship.
Username: admin
Password: VMware1!VMware1!

Add jumphost VM to Dev-Web-Tier-01-NEW Logical Switch

NOTE:
192.168.5.100 interface is created in the next task only. So after testing the next task output, you should be able to get the RDP login.