Which three VMware guidelines are recommended when designing VLANs and subnets for a single
region and single availability zone? (Choose three.)
A, D, E
Explanation:
Recommended Network Design Guidelines:
(A - Use RFC1918 Addressing):
VMware NSX-T recommends using RFC1918 private address space for internal networks to avoid
public address conflicts.
(D - Use /24 Subnets):
/24 subnets are preferred as they provide 256 usable IPs, simplifying management and subnetting.
(E - Floating Interface for VRRP/HSRP):
NSX Gateway HA uses VRRP (Virtual Router Redundancy Protocol) or HSRP (Hot Standby Routing
Protocol) for gateway failover, ensuring redundancy.
Incorrect Options:
(B - Use IPv6 RFC2460 Addressing) → IPv6 is optional in NSX, but IPv4 remains the primary
addressing method.
(C - Use /16 Subnets) → Using /16 subnets results in large broadcast domains and unnecessary
complexity.
VMware NSX 4.x Reference:
NSX-T Network Design Best Practices
NSX-T Gateway HA & VRRP Configuration Guide
A large multinational company is expanding its data center due to increased demand for online
services.
The company is considering shifting from an NSX Edge VM design to a bare-metal NSX Edge design to
accommodate new hardware acquisitions and maximize performance.
Which is a potential benefit for the company in shifting from an NSX Edge VM design to a bare-metal
NSX Edge design?
A
Explanation:
Performance Benefits of Bare-Metal NSX Edge (Correct Answer - A):
Bare-metal NSX Edge Nodes provide higher performance by eliminating the virtualization overhead
associated with Edge VMs running inside ESXi/KVM hosts.
This increases throughput and reduces latency, making it ideal for high-bandwidth applications (e.g.,
Load Balancing, VPN, and NAT).
Incorrect Options:
(B - More VLANs):
The number of VLANs is not limited by the NSX Edge type. VLAN scalability depends on physical
network design.
(C - Automatic Stateful Service Distribution):
Stateful services (NAT, FW, LB, VPN) do not auto-distribute. Stateful HA must be manually configured.
(D - Eliminates Stateful Services):
Stateful services (e.g., NAT, Load Balancer, Firewall) are still required, regardless of Edge deployment
mode.
VMware NSX 4.x Reference:
VMware NSX-T Bare-Metal Edge Deployment Guide
NSX-T Edge Node Performance Optimization
What are the design considerations for segment and transport zone design?
D
Explanation:
NSX-T Segment and Transport Zone Design Considerations (Correct Answer - D):
Network topology influences how segments and transport zones are structured.
Availability ensures failover and redundancy are properly planned in transport zones.
Scalability is crucial when designing segments to accommodate growth without redesign.
Incorrect Options:
(A - Server hardware, OS, and application requirements):
These impact workload performance but are not primary factors in transport zone design.
(B - VLAN design, subnet design, and routing design):
These are part of traditional network design, but NSX-T segments use overlay networks instead.
(C - Number of VMs, network performance, and security):
While relevant, these factors alone do not define transport zone and segment architecture.
VMware NSX 4.x Reference:
NSX-T Data Center Logical Design Best Practices
Transport Zone and Overlay Segment Design Guide
Which combination of stateful services are available in an NSX Gateway?
A
Explanation:
Stateful Services in NSX Gateway (Correct Answer - A):
NSX-T Gateways (T0/T1) support the following stateful services:
NAT (Network Address Translation)
DHCP (Dynamic Host Configuration Protocol)
Load Balancing
Incorrect Options:
(B - Reflexive NAT instead of Stateful NAT):
Reflexive NAT is a stateless service, whereas stateful NAT is required for advanced networking.
(C - DNS Service on Gateway):
NSX Gateways do not provide DNS services; they rely on external DNS servers.
(D - TLS Inspection and DNS on Gateway):
TLS inspection is an IDS/IPS feature, not an NSX-T gateway service.
VMware NSX 4.x Reference:
NSX-T Edge and Gateway Services Guide
VMware NSX-T Advanced Load Balancer Documentation
What is the effect of stateful services placement on NSX Edge design?
B
Explanation:
Impact of Stateful Services on NSX Edge Cluster (Correct Answer - B):
Stateful services (NAT, FW, LB, VPN) require additional processing power, impacting Edge node
performance.
More stateful services means higher CPU and memory utilization, affecting scalability.
Edge Cluster design must balance stateful workloads to avoid performance degradation.
Incorrect Options:
(A - Stateless services cannot run with stateful applications):
Stateful and stateless services can coexist on NSX Edge, but require careful placement.
(C - Reduces the need for load balancing):
Load balancing is still needed, even if stateful services exist.
(D - Determines complexity of Edge cluster size):
While it adds complexity, the primary impact is on performance and scalability.
VMware NSX 4.x Reference:
NSX-T Edge Cluster Design and Performance Best Practices
VMware NSX-T Scaling Stateful Services Guide
A customer has two sites and is looking to deploy NSX with stretched security. The customer wants to
ensure that only authorized traffic can traverse the stretched security perimeter.
What is the VMware recommended approach for implementing micro-segmentation in this scenario?
A
Explanation:
Micro-Segmentation Across Stretched Security (Correct Answer - A):
NSX Distributed Firewall (DFW) enforces security at the workload level across both sites.
DFW provides East-West traffic control, preventing unauthorized lateral movement.
Enforcement remains consistent across sites, maintaining Zero Trust Security.
Incorrect Options:
(B - Service Composer Policies):
Service Composer is deprecated in NSX-T and not used for micro-segmentation.
(C - Identity Firewalling):
Identity-Based Firewall (IDFW) applies user-based security, not network segmentation.
(D - Group Firewall Policies):
Group-based policies work with DFW, but DFW is the primary enforcement mechanism.
VMware NSX 4.x Reference:
NSX-T Micro-Segmentation Security Best Practices
Distributed Firewall Design Guide for Stretched Security
Which of the following should be taken into account when designing the uplink profile and transport
node profile?
A
Explanation:
NIC Type Selection for Uplink & Transport Node Profile (Correct Answer - A):
The performance and capacity of the physical NICs impact the overlay and VLAN transport traffic.
High-performance NICs (25G, 40G, 100G) enhance throughput and reduce latency.
DPU-based NICs (Data Processing Units) improve performance by offloading packet processing.
Incorrect Options:
(B - CPU & Memory Considerations):
While CPU/memory impact overall NSX performance, they do not determine uplink/transport profile
design.
(C - Number of VMs Per Host):
VM density affects overlay traffic, but uplink profile design depends on NIC configuration.
(D - Physical Location of ESXi Hosts):
Location is important for high availability, but it does not directly define uplink profiles.
VMware NSX 4.x Reference:
NSX-T Uplink Profile & Transport Zone Design Guide
NIC Performance Optimization for NSX-T
A global logistics company is planning to expand its operations to multiple locations across
continents. Their existing on-premises network is unable to scale to meet the demands of the
growing number of sites and the increasing volume of East-West traffic within their data center. The
company has chosen VMware NSX as their preferred network virtualization platform, aiming to
simplify network management and improve intra-data center routing.
Which of the following would be part of the optimal recommended design?
C
Explanation:
Tier-1 Gateways for East-West Traffic (Correct Answer - C):
East-West traffic refers to communication within the data center (e.g., between workloads).
Tier-1 Gateways are optimized for East-West routing, ensuring efficient intra-data center traffic
handling.
This minimizes unnecessary traffic to external routers, reducing latency and improving performance.
Incorrect Options:
(A - Centralized Service Ports for East-West Routing):
Centralized Service Ports (CSPs) are used for stateful services, not for general East-West routing.
(B - Aria Operations for Networks for North-South Routing):
Aria Operations for Networks (formerly vRealize Network Insight) is a monitoring and analytics tool,
not a routing solution.
(D - Tier-0 for East-West Routing):
Tier-0 Gateways handle North-South routing (external connectivity), not East-West traffic.
VMware NSX 4.x Reference:
NSX-T Data Center Routing Design Guide
NSX-T Multi-Tier Gateway Architecture Best Practices
Which three of the following are components of switch fabric design? (Choose three.)
A, C, D
Explanation:
Spine-Leaf Architecture (Correct Answers - A, C, D):
Top-of-Rack (ToR) Switch: Connects ESXi hosts and NSX transport nodes within a rack.
Spine Switch: Acts as the core switch layer, interconnecting all leaf switches for high-performance
network fabric.
Leaf Switch: Connects ToR switches and compute nodes to the spine layer, forming a scalable fabric.
Incorrect Options:
(B - Middle-of-Rack Switch):
This is not a standard networking design term.
(E - End-of-Rack Switch):
Similar to Top-of-Rack switches, but typically not used in modern Spine-Leaf designs.
VMware NSX 4.x Reference:
NSX-T Physical Networking Guide
NSX-T Spine-Leaf Fabric Architecture Best Practices
Which two of the following are constraints that may impact the design of an NSX solution? (Choose
two.)
A, B
Explanation:
Common Constraints in NSX Design (Correct Answers - A, B):
Network Bandwidth: Limited bandwidth can impact Geneve overlay performance, East-West traffic
flow, and multi-site connectivity.
Available Hardware: The number and type of ESXi hosts, NICs, and Edge nodes affect performance,
scalability, and HA capabilities.
Incorrect Options:
(C - Security Requirements):
Security requirements are design considerations, not constraints.
(D - Product Knowledge):
Product knowledge affects deployment efficiency, but is not a technical constraint.
VMware NSX 4.x Reference:
NSX-T Deployment Constraints & Considerations
VMware NSX Design Best Practices Guide