VMware NSX-T Data Center Security exam (5V0-41.21) which leads to VMware NSX-T Data Center Security Skills badge is a 70-item exam, with a passing score of 300 using a scaled scoring method. Candidates are given 130 minutes to complete the exam, which includes adequate time to complete the exam for non-native English speakers.
Exam Delivery
This is a proctored exam delivered through Pearson VUE. For more information, visit the Pearson VUE website.
Certification Information
For details and a complete list of requirements and recommendations for attainment, please reference the VMware Education Services – Certification website.
Minimally Qualified Candidate
The minimally qualified candidate (MQC) understands network security concepts and can describe VMware’s Intrinsic Security vision. They can administer and troubleshoot NSX-T Data Center 3.1 security features and functions, including User and Role Management, Distributed Firewall, Gateway Firewall, IDS/IPS, and URL Analysis. The candidate should have 1 year experience working in IT, hands-on experience working with NSX-T, and basic knowledge of KVM and vSphere. The MQC should have all the knowledge contained in the exam sections below.
Examkingdom VMware 5V0-41.21 Exam pdf,
Best VMware 5V0-41.21 Free downloads , VMware 5V0-41.21 Dumps at Certkingdom.com
Exam Sections
VMware exam blueprint sections are now standardized to the seven sections below, some of which may NOT be included in the final exam blueprint depending on the exam objectives.
Section 1 – Architecture and Technologies
Section 2 – Products and Solutions
Section 3 – Planning and Designing
Section 4 – Installing, Configuring, and Setup
Section 5 – Performance-tuning, Optimization, and Upgrades
Section 6 – Troubleshooting and Repairing
Section 7 – Administrative and Operational Tasks
If a section does not have testable objectives in this version of the exam, it will be noted below, accordingly. The objective numbering may be referenced in your score report at the end of your testing event, for further preparation, should a retake of the exam be necessary.
Sections Included in this Exam
Section 1 – Architectures and Technologies
Objective 1.1 – Describe information management security
Objective 1.2 – Describe firewalls and their function
Objective 1.3 – Describe IDS/IPS
Objective 1.4 – Describe Zero-Trust Security
Objective 1.5 – Describe AAA and CIA
Section 2 – VMware Products and Solutions
Objective 2.1 – Describe VMware Security portfolio
Objective 2.2 – Describe NSX Distributed Firewall
Objective 2.3 – Describe NSX Distributed IDS/IPS
Objective 2.4 – Describe NSX Intelligence
Objective 2.5 – Describe NSX Edge Security (Gateway Firewall and URL Analysis)
Objective 2.6 – Describe NSX Segmentation
Objective 2.7 – Describe North-South insertion
Objective 2.8 – Describe East-West insertion
Section 3 – There are no testable objectives for this section.
Section 4 – Installing, Configuring, and Setup
Objective 4.1 – Manage users and roles (LDAP, RBAC, Active Directory, etc.)
Objective 4.2 – Configure and manage distributed firewall policies and rules
Objective 4.3 – Configure manage time based firewalls rules
Objective 4.4 – Configure identity firewalls rules
Objective 4.5 – Configure gateway firewalls rules
Objective 4.6 – Configure and manage distributed IDS/IPS (signatures, profiles, rules)
Objective 4.7 – Configure and manage URL analysis
Objective 4.8 – Install and configure Guest Introspection agent components in VMTools
Objective 4.9 – Deploy NSX Intelligence appliance
Objective 4.10 – Visualize traffic flows and create security recommendations using NSX Intelligence
Objective 4.11 – Create and manage security groups
Objective 4.12 – Enable logging on hosts and Edge transport nodes
Objective 4.13 – Configure logging for specific security features (IDS, Distributed Firewall, Gateway Firewall)
Section 5 – There are no testable objectives for this section.
Section 6 – Troubleshooting and Repairing
Objective 6.1 – Validate guest introspection is operational
Objective 6.2 – Validate North-South and East-West network introspection is operational
Objective 6.3 – Verify the operation of Distributed Firewall
Objective 6.4 – Verify the operation of Gateway Firewall rules
Objective 6.5 – Verify the operation of IDS/IPS
Objective 6.6 – Verify the operation of URL analysis
Objective 6.7 – Identify and review log files and events related to firewalls, IDS/IPS, URL Analysis
Objective 6.8 – Verify logging is enabled on hosts and Edge transport nodes
Section 7 – There are no testable objectives for this section.
Recommended Courses
NSX-T Data Center Install, Config, Manage [3.X]
NSX-T Data Center Security
NSX-T Data Center Security Advanced
References*
In addition to the recommended courses, item writers used the following references for information when writing exam questions. It is recommended that you study the reference content as you prepare to take the exam, in addition to any recommended training.
QUESTION 1
Which esxcli command lists the firewall configuration on ESXi hosts?
A. esxcli network firewall ruleset list
B. vsipioct1 getrules -filter <filter-name>
C. esxcli network firewall rules
D. vsipioct1 getrules -f <filter-name>
Answer: A
QUESTION 2
Which three are required by URL Analysis? (Choose three.)
A. NSX Enterprise or higher license key
B. Tier-1 gateway
C. Tier-0 gateway
D. OFW rule allowing traffic OUT to Internet
E. Medium-sized edge node (or higher), or a physical form factor edge
F. Layer 7 DNS firewall rule on NSX Edge cluster
Answer: B, D, F
QUESTION 3
Which two are requirements for URL Analysis? (Choose two.)
A. The ESXi hosts require access to the Internet to download category and reputation definitions.
B. A layer 7 gateway firewall rule must be configured on the tier-0 gateway uplink to capture DNS traffic.
C. A layer 7 gateway firewall rule must be configured on the tier-1 gateway uplink to capture DNS traffic,
D. The NSX Edge nodes require access to the Internet to download category and reputation definitions.
E. The NSX Manager requires access to the Internet to download category and reputation definitions.
Answer: CD
QUESTION 4
What is the VMware recommended number of NSX Manager Nodes to additionally deploy to form an NSX-T Manager Cluster?
A. 4
B. 3
C. 2
D. 5
Answer: B
QUESTION 5
In a brownfield environment with NSX-T Data Center deployed and configured, a customer is interested in Endpoint Protection integrations. What recommendation should be provided to the
customer when it comes to their existing virtual machines?
A. Virtual machine must be protected by vSphere HA.
B. Virtual machine hardware should be version 10 or higher.
C. A minimum installation of VMware tools is required.
D. A custom install of VMware tools is required to select the drivers.
Answer: D