EMT Practice Test

1. Question Content...


Question List

Question1: To which network operations does a user with the Security Engineer role have full access permission?

Question2: A security administrator recently enabled Guest Introspection on NSX-T Data Center.
Which would be a reason none of the Microsoft Windows based VMs are reporting any information?

Question3: An NSX administrator is trying to find the dvfilter name of the sa-web-01 virtual machine to capture the sa-web-01 VM traffic. What could be a reason the sa-web-01 VM dvfilter name is missing from the command output?

Question4: Where is a partner security virtual machine (Partner SVM) deployed to process the redirected North-South traffic in an efficient manner?

Question5: As part of an audit, an administrator is required to demonstrate that measures have been taken to prevent critical vulnerabilities from being exploited. Which Distributed IDS/IPS event filter can the administrator show as proof?

Question6: What type of IDS/IPS system deployment allows an administrator to block a known attack?

Question7: Which dot color indicates an on-going attack of medium severity in the IDS/IPS events tab of NSX-T Data Center'

Question8: When using URL Analysis In NSX-T, which two services must be set in the URL rule to capture traffic over TCP and UDP? (Choose two.)

Question9: In a brownfield environment with NSX-T Data Center deployed and configured, a customer is interested in Endpoint Protection integrations. What recommendation should be provided to the customer when it comes to their existing virtual machines?

Question10: A customer has a requirement to achieve Zero-Trust Security and minimize operational overhead. Which VMware solution can be used by the customer to achieve the requirement?

Question11: An organization wants to add security controls for contractor virtual desktops. Which statement Is true when configuring an NSX Identity firewall rule?

Question12: Which vCenter component is used by the NSX Manager to deploy the Partner Service VM on every host of a cluster configured for guest introspection?

Question13: What type of IDS/IPS system deployment allows an administrator to block a known attack?

Question14: Which esxcli command lists the firewall configuration on ESXi hosts?

Question15: To which object can time based rules be applied?

Question16: Which three criteria help to determine the severity for a Distributed IDS/IPS? (Choose three.)

Question17: An organization wants to add security controlsfor contractor virtual desktops.Which statement Is true when configuring an NSX Identity firewall rule?

Question18: A security administrator is required to protect East-West virtual machine traffic with the NSX Distributed Firewall.What must be completed with the virtual machine's vNIC before applying the rules'

Question19: An administrator wants to use Distributed Intrusion Detection. How is this implemented in an NSX-T Data Center?

Question20: An NSX administrator has been tasked with deploying a NSX Edge Virtual machine through an ISO image.
Which virtual network interface card (vNIC) type must be selected while creating the NSX Edge VM allow participation in overlay and VLAN transport zones?

Question21: A Security Administrator needs to update their NSX Distributed IDS/IPS policy to detect new attacks with critical CVSS scoring that leads to credential theft from targeted systems.
Which actions should you take?

Question22: Refer to the exhibit.

A security administrator is configuring a time window to create a time-based distributed firewall rule. While configuring the time window, an error displayed as shown in the exhibit. Which action will resolve the problem?

Question23: Which are the four use cases for NSX Tags?

Question24: Refer to the exhibit.

An administrator needs to configure a security policy with a firewall rule allowing a group of applications to retrieve the correct time from an NTP server. Which is the category to configure this security policy and firewall rule?

Question25: Which two are true of the NSX Gateway Firewall? (Choose two.)

Question26: Which two criteria would an administrator use to filter firewall connection logs on NSX?

Question27: Which vCenter component is used by the NSX Manager to deploy the Partner Service VM on every host of a cluster configured for guest introspection?

Question28: An administrator has configured a new firewall rule but needs to change the Applied-To parameter. Which two are valid options that the administrator can configure? (Choose two.)

Question29: Which dot color indicates an on-going attack of medium severity in the IDS/IPS events tab of NSX-T Data Center?

Question30: A security administrator has configured NSX Intelligence for discovery. They would like to get recommendations based on the changes in the scope of the input entities every hour.
What needs to be configured to achieve the requirement?

Question31: How does N5X Distributed IDS/IPS keep up to date with signatures?

Question32: In a brownfield environment with NSX-T Data Center deployed and configured, acustomer is interested in Endpoint Protection integrations. What recommendation should be provided to the customer when it comes to their existing virtual machines?

Question33: To which object can time based rules be applied?

Question34: Which two statements are true about IDS/IPS signatures? (Choose two.)

Question35: Which is an insertion point for East-West service insertion?

Question36: An administrator needs to configure their NSX-T logging to audit changes on firewall security policy. The administrator Is using the following command from NSX-T3.1 documentation :

Which Message ID from the following list will allow the administrator to track changes on firewall security rules?

Question37: An administrator needs to send FW connections logs to a remote server.
Which sequence of commands does the administrator need to apply on their ESXi Host?
A)

B)

C)

D)

Question38: Refer to the exhibit.

An administrator configured a firewall rule on their Edge Gateway to allow access to web servers.
What is missing in the Gateway Firewall policy to have the firewall rule applied?

Question39: An administrator is creating the first distributed firewall rules for a company's salts department. What is the first object that must be created in the distributed firewall'

Question40: What component in a transport node receives the firewall configuration from the central control plane?

Question41: An administrator wants to use Distributed Intrusion Detection. How is this implemented in an NSX-T Data Center?

Question42: A security administrator is verifying the health status of an NSX Service Instance.
Which two parameters must be functioning for the health status to show as Up? (Choose two.)

Question43: How does N5X Distributed IDS/IPS keep up to date with signatures?

Question44: As part of an audit, an administrator is required to demonstrate that measures have been taken to prevent critical vulnerabilities from being exploited. Which Distributed IDS/IPS event filter can the administrator show as proof?

Question45: A company's CTO has requested that all logging should be enabled for all NSX-T Data Center Distributed Firewall rules. What should be considered prior to executing this request?

Question46: Which of the following describes the main concept of Zero-Trust Networks for network connected devices?