Pre-Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

Before creating a new Application Security Policy in Prism Central, what prerequisite must exist?

A.

A category key/value pair must be defined for use in the policy.

B.

Flow Network Security must be enabled on all registered clusters.

C.

Targeted VMs must have category assignments.

D.

The Network Controller must be deployed on each cluster in the policy's scope.

An administrator needs to use Prism Central to identify a subnet belonging to a VPC. How can the administrator identify networks associated with a VPC within Prism Central?

A.

There will be a valid IP Prefix for the subnet.

B.

The subnet will reference multiple clusters.

C.

The subnet will have a non-zero VLAN ID.

D.

The subnet will be identified as type Overlay.

Which policy mode blocks all traffic that is not explicitly allowed by the policy?

A.

Monitor Mode

B.

Save Mode

C.

Block Mode

D.

Enforce Mode

Which step is required to prepare an AHV cluster for Flow Virtual Networking?

A.

Assign all VMs to a single VLAN before enabling Flow.

B.

Configure static routes for all overlay networks before enabling Flow.

C.

Disable all existing microsegmentation policies to allow virtual networking.

D.

Ensure all CVMs have network connectivity to Prism Central.

An administrator has created a VPC with the following subnets: 10.1.1.0/24 10.1.2.0/24 10.1.3.0/24 What action must be taken for these networks to be externally routable?

A.

Assign a No-NAT External Network & ERP 10.1.0.0/22

B.

Assign a No-NAT External Network & ERP 10.1.0.0/23

C.

Assign a NAT External Network & ERP 10.1.0.0/22

D.

Assign a NAT external network & ERP 10.1.0.0/23

When creating a VPC, enabling the Transit VPC toggle changes the role of the VPC. What does the Transit VPC toggle do?

A.

Forces NAT for all external subnets

B.

Creates a hub-and-spoke VPC for routing

C.

Converts all Overlay subnets into VLAN subnets

D.

Enables DHCP relay for routed subnets

When configuring an Application policy, an administrator defines a VM Category Application:MySQL as a Secured Entity. The administrator wants to ensure that traffic between VMs in the Secured Entity is kept to only required replication traffic on the default mysql service port. How should the administrator best accomplish this?

A.

Create an Inter-Tier Rule specifying the mysql service as the allowed traffic.

B.

Create an Intra-Tier Rule specifying the mysql service as the allowed traffic.

C.

Create an Inbound Rule specifying the mysql service as the allowed traffic.

D.

Create an Outbound Rule specifying the mysql service as the allowed traffic.

An administrator receives a ticket reporting unwanted traffic between production and development servers. The administrator reviews the Flow Network Security logs and finds the following:

How can the administrator resolve the issue?

A.

Update the policy to disallow the unwanted traffic.

B.

Move the servers to separate IP subnets.

C.

Enable the Network Controller for the policy

D.

Change the enforcement mode for the policy

An administrator is deploying a multi-tier (web, app, database) application on a Nutanix cluster using AHV. The administrator needs to allow internal communication between tiers and provide external access to the web tier. How should the administrator satisfy this requirement?

A.

Create separate VLAN networks for each tier and configure routing on the physical network.

B.

Create a VPC with a single subnet and assign workloads of each tier to this subnet.

C.

Create separate VPCs for each tier and connect them to the same external NAT network and configure routing policies for inter-tier traffic.

D.

Create a VPC with subnets for each tier and configure the Externally Routable Prefix to include only web subnets.

Which policy mode records traffic without enforcing rule actions?

A.

Enforce

B.

Monitor

C.

Isolate

D.

Save