[Q11-Q29] Real Exam Questions 3V0-643 Dumps Exam Questions in here [Jan-2022]

Real Exam Questions 3V0-643 Dumps Exam Questions in here [Jan-2022]

Get Latest Jan-2022 Conduct effective penetration tests using 3V0-643

For more info read reference:

Exam Guide FAQs and Guide

Objective 1.3 - Configure and Manage Transport Zones

Create Transport Zones according to a deployment plan
Add clusters to Transport Zones
Remove clusters from Transport Zones
Configure the control plane mode for a Transport Zone

2. Create and Manage VMware NSX Virtual Networks

Objectives covered by this section:

Objective 6.2 - Configure and Manage Universal Logical Network Objects:

Create/configure Universal Distributed Logical Routers
Create/configure Universal Logical Switches
Configure local egress

NEW QUESTION 11
In the previous scenario, vCenter vcsa-b.corp.local was configured for NSX. Now the hosts must be prepared for NSX and the initial VXLAN configuration should be completed.
Requirements:
vCenter: vcsa-01b.corp.local
Credentials: [email protected] / VMware1!
Cluster: Compute Cluster 1B
ESXi Hosts: esx-01b.corp.local, esx-02b.corp.local
VTEP Information:
VMKNic Teaming Policy: Fail Over
VLAN: 0
MTU: 1600
IP Pools for VTEP:
* Name: Compute_1B_VTEP_Pool-New
* Gateway: 192.168.230.1
* Prefix Length: 24
* Static IP Pool: 192.168.230.51 - 192.168.230.60
* Segment ID Pool: 6001-7000 - HOL 1903-01 Page 26-36
* VXLAN Span: Compute Cluster 1B - HOL 1903-01 Page 26-36
* Transport Zone: Local-Transport-Zone-B-New - HOL 1903-01 Page 26-36
* Host must be prepared for NSX
* Use provided information to complete the initial VXLAN configuration.
* The underlying physical network does not support multicast.
* Ensure that requirements are met:
* Create the IP Pool as given:
* Do the Host preparation.
* Create a Local Transport Zone as given. - HOL 1903-01 Page 26-36
* Create the segment ID as given. - HOL 1903-01 Page 26-36
HOL LAB for Practice:
http://docs.hol.vmware.com/hol-isim/HOL-2019/hol-1903-01-nsxinstall-p2.htm and LAB - HOL 1903-01 Page 26-36 See the explanation part for complete solution.

Answer:

Explanation:
SOLUTION:
HOL 1903-01 Page 26-36
Login to vCenter b Web Client and from Networking and Security -> Installation -> select to SiteB NSX Manager -> Host Preparation and prepare the hosts as below:

Add Static Pool as per give details in the QUESTION

NEW QUESTION 12
Provide automatic IP assignment for the servers on the DEV-DB-Tier-01-NEW segment.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Edge: Dev-Edge
Automatically allocate IP addreesses in the 172.16.30.100-149 range.
Lease time: 1 hour
Ensure hosts that receive an IP assignment will be able to reach the other Dev subnets.
The legacyhost-NEW with the MAC address 40:00:00:00:00:01 must always be assigned 172.16.30.99 Ensure other parameters match those of the dynamic allocation mechanism (Task1).
Enable logging with the highest level of detail for automatic IP allocations.
Ensure all requirements have been met.
NOTE:
Do not configure DHCP Relay agent on the Dev-DLR-NEW as this will be done by another administrator.
HOL LAB for Practice:
DHCP and other questions 7, 8, 9
See the explanation part for complete solution.

Answer:

Explanation:
SOLUTION:

Add Pool as per given details:

Add Pool as per given details:

NEW QUESTION 13
The troubleshooting NSX deployment is growing and running out of compute capacity. An additional ESXi host is being added for VXLAN.
Host preparation has failed on esx-05a.corp.local on several attempts and the Compute Cluster 2A was left in an error state, determine and resolve the issue.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Cluster: Compute Cluster 2A
IP Pool: Compute-2A
Transport Zone: Local-Transport-Zone-A
Esx-05a.corp.local IP information:
IP: 192.168.110.58
Netmask: 255.255.255.0
Gateway: 192.168.110.1
DNS: 192.168.110.10
1-Resolve deployment issue.
2-Prepare esx-05-a.corp.local for NSX in Compute Cluster 2A.
3-Ensure once the issue is resolved with the Compute Cluster 2A cluster, that it is connected to Local-Transport-Zone-A.
HOL LAB for Practice:
No Lab Module available
See the explanation part for complete solution.

Answer:

Explanation:
SOLUTION:
Follow the steps as:

NEW QUESTION 14
Enable and configure cross vCenter support for and NSX implementation that contains two vCenter Servers:
vcsa-01a.corp.local and vcsa-01b.corp.local
Requirements:
vCenter: vcsa-01a.corp.local and vcsa-01b.corp.local
Credentials: [email protected] / VMware1!
NSX Manager Credentials: admin/VMware1!
The NSX Manager registered to vcsa-01a.corp.local should be responsible for all universal NSX objects.
A segment ID range of 16789-17563 is available for use with this exercise.
NOTE:
Allow time for synchronization to complete.
HOL LAB for Practice:
See the explanation part for complete solution.

Answer:

Explanation:
SOLUTION:
(1) select home. select installation select NsManager - b. select
logical network preparation tab. select segment ID. edit and enter pool id 6001-7000 do the same for Nsx MAnager -a and put pool id 5001-6000. be sure there is no overlaping of segment id in both the nsx managers.
(2) open Nsx Manager a and Nsx Manager B and start the universal synchoraniztion service from summary.
note: you can start the services in the beging to avoid any delay
Assign Primary Role to 192.168.110.15

Add Secondary NSX Manager

NEW QUESTION 15
Create a security policy for specific web-based applications.
Requirements:
vCenter: vcsa-01a.corp.local
NSX Manager: 192.168.110.15
Credentials: [email protected] . VMware1!
New Security Policy Name: Web-Policy-NEW
New Web Security Group Name: Secure-Web-NEW
New NSX Tag: web-security-NEW
New App Security Group Names: Secure-App-NEW
Create a new security policy to deny HTTP/HTTPS from App server to the Web Server.
Create a new Security Group for the Web servers to meet the following requirements:
Existing and future virtual machines that have in their name dev-web should be added.
Any VM with a NSX tag of web-security-NEW should be added to this policy.
Ensure virtual machine dev-web-04a has been then tagged.
Create a new security group for the App server that has virtual machine dev-app-01a added.
HOL LAB for Practice:
See the explanation part for complete solution.

Answer:

Explanation:
SOLUTION:
Requirements:

Create new Security Group = Secure-Web-NEW

In security tag put equal

Create new Security Policy as per given details:

Right Click -> Apply Policy ->

NEW QUESTION 16
Management requires you to build a new logical topology for a new application that will include a hardware search appliance (HAS). The new application must contain a web tier and database tier on separate IP domains. Use the existing App01-DLR to complete the task.
Requirements:
vCenter: vcsa-01.corp.local
Credentials: [email protected] / VMware1!
vDS: vds-mgt-edge-a
Existing DLR Name: App01-DLR
New object prefix - App01
New object suffic - New
Create a new distributed port group for this task named vds-HSA-NEW.
The HAS must reside on the same IP subnet as the database.
The new application must contain a web tier and database tier on separate domains to be used at a future date.
Once deployed the HAS will be connected to a network with VLAN ID 500.
The proper physical switch ports for the uplinks have already been trunked to include VLAN 500.
VLANs configured in the compute racks are isolated to a single rack.
Any objects/items created must be named with a prefix of App01 and a suffix containing their function with NEW (for example: App01-Function-NEW) NOTE:
The hardware appliance and application virtual machines have not been deployed. Attempts to connectivity to the appliance will not succeed.
HOL LAB for Practice:
Bridging and other questions 7, 8, 9 and LAB - HOL-1925-02 Module 1
See the explanation part for complete solution.

Answer:

Explanation:
SOLUTION:
Step 1: From SiteA vCenter web client -> Networking -> Data Center SiteA -> create a new distribution port group named vds-HAS-NEW with VLAN ID 500 in vds-mgmt-edge.

Create LS on 192.168.110.15 = App01-WebTier-NEW

Create LS on 192.168.110.15 = App01-DBTier-NEW

NSX Edges -> App01-DLR

8) got NsX Edge and select App01-DLR. select Manage, select settings and click on + Sign (9) Enter interface name App01-Web-New, select type internal. select App01-Webtier-New LS Enter ip address 192.168.1.1/24. repeat the same steps for App01-DBtier-New but take ip addres
192.168.2.1 /24

Name: App01-Bridge-NEW
Logical Switch: App01-DBTier-NEW
Distributed Port Group: vds-HAS-NEW

(11) be sure under App01-DB-New the bridging is enable.

NEW QUESTION 17
You have been tasked with creating a new Layer 2 network toplogy for test and development systems which mirrors the existing production environment.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Transport Zone: Local-Transport-Zone-A
New Dev Segments:
Dev-Web-Tier-01-NEW
Dev-App-Tier-01-NEW
Dev-DB-Tier-01-NEW
Create Layer 2 network topology for the test and development systems.
NOTE:
The routing components will be addressed in subsequent scenarios.
HOL LAB for Practice:
See the explanation part for complete solution.

Answer:

Explanation:
SOLUTION:
Create 3 Logical Switches on NSX Manager A (192.168.110.15)
HOL 1903-01 Page 37-38
Dev-Web-Tier-01-NEW

Dev-App-Tier-01-NEW

Dev-DB-Tier-01-NEW

(3) Dont Forget to create a Dev-Transit Switch if its not there.

NEW QUESTION 18
The security team has submitted two requests to change or limit access in NSX for Site A's vCenter groups.
Requirements:
NSX Manager: nsxmgr-01a.corp.local
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Grant all members of vCenter group AuditTeam the minimal access necessary to view NSX Data Security policy configurations for all objects in Site A.
Grant all members of vCenter group ScanTeam the minimal access necessary to enable them to start and stop data security scans in Site A.
Ensure that the principles of least privilege are adhered to.
NOTE:
The Active Directory groups associated with the vCenter groups has already been preconfigured.
HOL LAB for Practice:
See the explanation part for complete solution.

Answer:

Explanation:
SOLUTION:
select Home. select administrator. select domain vsphere.local. select groups.
click + sign. enter group name AuditTeam click ok. do same for ScanTeam.

[email protected]

[email protected]

select datacenter A.
select manage select permission click on + Sign.
select Assign role read only. select all privileges click on Add
select AuditTeam and select ScanTeam. check propagate to childern. and click ok

NEW QUESTION 19
Routing through TS-Edge-01 is not working. The service provider (SP) has confirmed their configuration is correct.
Requirements:
vCenter: vcsa01a.corp.local
Credential: [email protected] / VMware1!
Edge: TS-Edge-01
Credential: admin / VMware1!VMware1!
Problem Edge: TS-Edge01
Local IP Address: 192.168.100.202
SP provided configuration:
Area ID: 10
Type: Normal
Authentication: None
Ensure the OSPF session is established.
Ensure all learned OSPF routes appear.
Copy OSPF routing table information and output to file on ControlCenter Desktop named TS-Edge-01_OSPF.txt NOTE:
Do not use static route or configure Default Gateway on any Edge.
HOL LAB for Practice:
See the explanation part for complete solution.

Answer:

Explanation:
SOLUTION:
(1) select Home. select Network & Security. select NsX Edge. select Nsx Manager-a.
select TS-EDGE-01. select manage tab and select settings.
select interface. check ip address and mask of the vnic.

open putty. enter ip address 192.168.100.202.
enter command show ip route ospf. copy the ouput and save in a text file name TS-Edge-01.txt.

Copy and save OSPF route table in notepad.