VMware Certified Advanced Professional 6 - Network Virtualization Deployment - 3V0-643 Exam Questions
QUESTION NO: 1
Complete the configuration of Dev-Edge to allow north-south routing connectivity for the new Dev-segment.
Workloads will have overlapping IP addressing with production workloads. The developers will RDP into a jump host server (Dev-Jumphost) on the Dev-Web segment. An RDP shortcut named To Dev-JumpHost.rdp has been created on the ControlCenter Desktop.
The following has been preconfigured on Dev-Edge:
The uplink interface on the Dev-Edge has been pre-configured to communicate the upstream Gateways and attached to Dev-to-PGs-Transit.
Dev-DLR-NEW and Dev-Edge interfaces have been preconfigured to communicate with each other.
ECMP has been disabled.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Dev-Jumphost information:
Credentials: administrator / VMware1!
Internal IP of Dev-Jumphost: 172.16.10.100
External IP of Dev-Jumphost: 192.168.5.100
Connection Information:
Dev-Edge-Uplink IP: 192.168.5.3/24
Dev-Edge-Internal IP : 192.168.6.6/30
Preimeter-Gateway-01-Internal IP: 192.168.5.1/24
Preimeter-Gateway-02-Internal IP: 192.168.5.2/24
Logical switch: Dev-to-PGs-Transit
ECMP: Enabled.
BGP AS: 65001
Credentials for all Edge Devices: admin / VMware1!VMware1!
The networking team requires BGP as a routing protocol with an AS of 65001 for North-bound access for the Dev-environment.
Use the fewest number of static routes and utilize network prefixes to ensure accessibility to the Dev-Web-Tier-01-NEW within the Dev-environment.
Ensure Dev-Jumphost is on Dev-Web-Tier-01-NEW.
Ensure the ability to RDP into the Dev-Jumphost server from the production network (ControlCenter).
HOL LAB for Practice:
module, it will be use full for other question like 20 and 22
See the explanation part for complete solution.
Complete the configuration of Dev-Edge to allow north-south routing connectivity for the new Dev-segment.
Workloads will have overlapping IP addressing with production workloads. The developers will RDP into a jump host server (Dev-Jumphost) on the Dev-Web segment. An RDP shortcut named To Dev-JumpHost.rdp has been created on the ControlCenter Desktop.
The following has been preconfigured on Dev-Edge:
The uplink interface on the Dev-Edge has been pre-configured to communicate the upstream Gateways and attached to Dev-to-PGs-Transit.
Dev-DLR-NEW and Dev-Edge interfaces have been preconfigured to communicate with each other.
ECMP has been disabled.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Dev-Jumphost information:
Credentials: administrator / VMware1!
Internal IP of Dev-Jumphost: 172.16.10.100
External IP of Dev-Jumphost: 192.168.5.100
Connection Information:
Dev-Edge-Uplink IP: 192.168.5.3/24
Dev-Edge-Internal IP : 192.168.6.6/30
Preimeter-Gateway-01-Internal IP: 192.168.5.1/24
Preimeter-Gateway-02-Internal IP: 192.168.5.2/24
Logical switch: Dev-to-PGs-Transit
ECMP: Enabled.
BGP AS: 65001
Credentials for all Edge Devices: admin / VMware1!VMware1!
The networking team requires BGP as a routing protocol with an AS of 65001 for North-bound access for the Dev-environment.
Use the fewest number of static routes and utilize network prefixes to ensure accessibility to the Dev-Web-Tier-01-NEW within the Dev-environment.
Ensure Dev-Jumphost is on Dev-Web-Tier-01-NEW.
Ensure the ability to RDP into the Dev-Jumphost server from the production network (ControlCenter).
HOL LAB for Practice:
module, it will be use full for other question like 20 and 22
See the explanation part for complete solution.
Correct Answer:
SOLUTION:
Static Routes on Dev-Edge:
Network:172.16.0.0/16
Next Hop:192.168.6.5
Interface:Dev-Transit
Uplink
192.168.5.100
Tcp
3389
172.16.10.100
3389
(1) Go to Vcenter-a. select network & Security. select NsX Edge.
(2) check the PGW01 configuration if everything is ok no need to do any changes specially ip address and routing. if not than select PGW01. select Manage. select routing select global configuration and enable routing. click publish changes.
be sure ECMP is enabled.
select BGP Configuration. click edit. select enable BGP, select Enable Graceful restart (select enable Default originate). enter AS 65001 click ok click publish changes
SSH to both Perimeter Routers and verify BGP neighborship.
Username: admin
Password: VMware1!VMware1!
Add jumphost VM to Dev-Web-Tier-01-NEW Logical Switch
NOTE:
192.168.5.100 interface is created in the next task only. So after testing the next task output, you should be able to get the RDP login.
Static Routes on Dev-Edge:
Network:172.16.0.0/16
Next Hop:192.168.6.5
Interface:Dev-Transit
Uplink
192.168.5.100
Tcp
3389
172.16.10.100
3389
(1) Go to Vcenter-a. select network & Security. select NsX Edge.
(2) check the PGW01 configuration if everything is ok no need to do any changes specially ip address and routing. if not than select PGW01. select Manage. select routing select global configuration and enable routing. click publish changes.
be sure ECMP is enabled.
select BGP Configuration. click edit. select enable BGP, select Enable Graceful restart (select enable Default originate). enter AS 65001 click ok click publish changes
SSH to both Perimeter Routers and verify BGP neighborship.
Username: admin
Password: VMware1!VMware1!
Add jumphost VM to Dev-Web-Tier-01-NEW Logical Switch
NOTE:
192.168.5.100 interface is created in the next task only. So after testing the next task output, you should be able to get the RDP login.
QUESTION NO: 2
Create a security policy for specific web-based applications.
Requirements:
vCenter: vcsa-01a.corp.local
NSX Manager: 192.168.110.15
Credentials: [email protected] . VMware1!
New Security Policy Name: Web-Policy-NEW
New Web Security Group Name: Secure-Web-NEW
New NSX Tag: web-security-NEW
New App Security Group Names: Secure-App-NEW
Create a new security policy to deny HTTP/HTTPS from App server to the Web Server.
Create a new Security Group for the Web servers to meet the following requirements:
Existing and future virtual machines that have in their name dev-web should be added.
Any VM with a NSX tag of web-security-NEW should be added to this policy.
Ensure virtual machine dev-web-04a has been then tagged.
Create a new security group for the App server that has virtual machine dev-app-01a added.
HOL LAB for Practice:
See the explanation part for complete solution.
Create a security policy for specific web-based applications.
Requirements:
vCenter: vcsa-01a.corp.local
NSX Manager: 192.168.110.15
Credentials: [email protected] . VMware1!
New Security Policy Name: Web-Policy-NEW
New Web Security Group Name: Secure-Web-NEW
New NSX Tag: web-security-NEW
New App Security Group Names: Secure-App-NEW
Create a new security policy to deny HTTP/HTTPS from App server to the Web Server.
Create a new Security Group for the Web servers to meet the following requirements:
Existing and future virtual machines that have in their name dev-web should be added.
Any VM with a NSX tag of web-security-NEW should be added to this policy.
Ensure virtual machine dev-web-04a has been then tagged.
Create a new security group for the App server that has virtual machine dev-app-01a added.
HOL LAB for Practice:
See the explanation part for complete solution.
Correct Answer:
SOLUTION:
Requirements:
Create new Security Group = Secure-Web-NEW
In security tag put equal
Create new Security Policy as per given details:
Right Click -> Apply Policy ->
Requirements:
Create new Security Group = Secure-Web-NEW
In security tag put equal
Create new Security Policy as per given details:
Right Click -> Apply Policy ->
QUESTION NO: 3
You have been tasked with creating a new Layer 2 network toplogy for test and development systems which mirrors the existing production environment.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Transport Zone: Local-Transport-Zone-A
New Dev Segments:
Dev-Web-Tier-01-NEW
Dev-App-Tier-01-NEW
Dev-DB-Tier-01-NEW
Create Layer 2 network topology for the test and development systems.
NOTE:
The routing components will be addressed in subsequent scenarios.
HOL LAB for Practice:
See the explanation part for complete solution.
You have been tasked with creating a new Layer 2 network toplogy for test and development systems which mirrors the existing production environment.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Transport Zone: Local-Transport-Zone-A
New Dev Segments:
Dev-Web-Tier-01-NEW
Dev-App-Tier-01-NEW
Dev-DB-Tier-01-NEW
Create Layer 2 network topology for the test and development systems.
NOTE:
The routing components will be addressed in subsequent scenarios.
HOL LAB for Practice:
See the explanation part for complete solution.
Correct Answer:
SOLUTION:
Create 3 Logical Switches on NSX Manager A (192.168.110.15)
HOL 1903-01 Page 37-38
Dev-Web-Tier-01-NEW
Dev-App-Tier-01-NEW
Dev-DB-Tier-01-NEW
(3) Dont Forget to create a Dev-Transit Switch if its not there.
Create 3 Logical Switches on NSX Manager A (192.168.110.15)
HOL 1903-01 Page 37-38
Dev-Web-Tier-01-NEW
Dev-App-Tier-01-NEW
Dev-DB-Tier-01-NEW
(3) Dont Forget to create a Dev-Transit Switch if its not there.
