Free VMware Certified Advanced Professional - Network Virtualization DesignPractice Test

An organization is designing an NSX environment for a multi-tenant datacenter. Each tenant requires complete network isolation, separate IP address spaces that may overlap, and the ability to define their own network services. Which NSX construct best satisfies these requirements?

A company needs to design an NSX solution that provides active-active datacenter connectivity with optimal traffic distribution. The design must support VM mobility between sites and maintain network services during site failures. Which NSX Federation topology should be recommended?

During the design phase of an NSX deployment, what is the primary purpose of defining security zones?

An enterprise is designing a micro-segmentation strategy for a three-tier application consisting of web, application, and database tiers. The security team requires that only the web tier can initiate connections to the application tier, and only the application tier can initiate connections to the database tier. Which NSX security design approach best implements this requirement?

A designer needs to integrate NSX with an existing physical network infrastructure. The physical network uses BGP for dynamic routing and requires redundant connectivity. What is the recommended minimum number of uplinks required per NSX Edge node for a highly available design?

An organization requires that all north-south traffic be inspected by a third-party firewall appliance before reaching external networks. The solution must minimize latency and support elastic scaling. Which NSX service insertion method should be designed?

When designing NSX Manager sizing for a large enterprise deployment with 10,000 VMs and 500 ESXi hosts, which deployment model provides the best balance of performance and availability?

A company's security policy requires that all inter-zone traffic be logged for compliance auditing, while intra-zone traffic should not be logged to reduce storage overhead. How should the Distributed Firewall logging be designed?

What is the primary advantage of using a Tier-1 Gateway in NSX architecture compared to connecting workload segments directly to a Tier-0 Gateway?

During a design review, a customer asks about protecting east-west traffic between VMs in the same segment. They want to prevent lateral movement during a potential security breach. Which NSX feature should be recommended?

An organization is designing disaster recovery for their NSX environment. They need to replicate NSX configuration and ensure rapid recovery time objectives (RTO). Which approach provides the most comprehensive NSX configuration backup and recovery capability?

A financial services company requires network segmentation that meets PCI-DSS compliance standards. The design must ensure that cardholder data environment (CDE) workloads are completely isolated from non-CDE workloads with all traffic logged and inspected. Which NSX design components are essential for this requirement?

When designing NSX Edge cluster sizing, what is the primary factor that determines the required number of Edge nodes in the cluster?

A global enterprise is designing an NSX deployment across multiple geographic locations with centralized management and policy enforcement. Each location has its own vCenter Server. Which NSX design approach should be recommended?

During an NSX design, the customer requires integration with their existing SIEM solution for centralized security event monitoring. Which NSX capability should be configured to meet this requirement?

A company plans to implement NSX Advanced Load Balancer (formerly Avi) for application delivery. The design must support auto-scaling of load balancer capacity based on traffic patterns and provide analytics. Which deployment model best satisfies these requirements?

An organization is experiencing performance issues in their NSX environment where the Distributed Firewall appears to be a bottleneck. During the design review, what is the most likely root cause that should be investigated?

When designing an NSX deployment methodology, what is the recommended approach for implementing network and security changes in a production environment?

A design requires implementing NSX in an environment with existing physical firewalls that must remain in the traffic path for compliance reasons. Which integration pattern allows NSX to work alongside physical firewalls while still providing micro-segmentation benefits?

A retail company needs to design network segmentation for a cloud-native application running in containers on Kubernetes. The design must provide consistent security policy enforcement across VMs and containers. Which NSX component enables this unified policy approach?