Online Access Free 3V0-643 Exam Questions

Provide cross vCenter security functionality for the Universal Web Multi-Tiered network application.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
New Section Name: Universal-Rules-New
Networks:
Web-Tier: 172.17.10.0/24
App-Tier: 172.17.20.0/24
DB-Tier: 172.17.30.0/24
Secure east/west network communication for each of the three tiers allowing only.
Firewall Rule section Name: Universal-Rules-NEW
Web Tier: any source address incoming on TCP port 80 and 443
Application Tier: access from the web tier on the incoming TCP port 8443 Database Tier: access from the application tier on the incoming TCP port 3306 Traffic that does not meet the above requirements should be blocked.
NOTE:
This rule must only affect the universal tiers.
HOL LAB for Practice:
See the explanation part for complete solution.

Correct Answer:

SOLUTION:
Add new Section under Firewall.

Universal-Rules-NEW

Add rules:






Add another Rule:





Add another Rule:





Add Deny Rule:



Lower down the Deny rule to the end in this section:

In the previous scenario, vCenter vcsa-b.corp.local was configured for NSX. Now the hosts must be prepared for NSX and the initial VXLAN configuration should be completed.
Requirements:
vCenter: vcsa-01b.corp.local
Credentials: [email protected] / VMware1!
Cluster: Compute Cluster 1B
ESXi Hosts: esx-01b.corp.local, esx-02b.corp.local
VTEP Information:
VMKNic Teaming Policy: Fail Over
VLAN: 0
MTU: 1600
IP Pools for VTEP:
* Name: Compute_1B_VTEP_Pool-New
* Gateway: 192.168.230.1
* Prefix Length: 24
* Static IP Pool: 192.168.230.51 - 192.168.230.60
* Segment ID Pool: 6001-7000 - HOL 1903-01 Page 26-36
* VXLAN Span: Compute Cluster 1B - HOL 1903-01 Page 26-36
* Transport Zone: Local-Transport-Zone-B-New - HOL 1903-01 Page 26-36
* Host must be prepared for NSX
* Use provided information to complete the initial VXLAN configuration.
* The underlying physical network does not support multicast.
* Ensure that requirements are met:
* Create the IP Pool as given:
* Do the Host preparation.
* Create a Local Transport Zone as given. - HOL 1903-01 Page 26-36
* Create the segment ID as given. - HOL 1903-01 Page 26-36
HOL LAB for Practice:
http://docs.hol.vmware.com/hol-isim/HOL-2019/hol-1903-01-nsxinstall-p2.htm and LAB - HOL 1903-01 Page 26-36 See the explanation part for complete solution.

Correct Answer:

SOLUTION:
HOL 1903-01 Page 26-36
Login to vCenter b Web Client and from Networking and Security -> Installation -> select to SiteB NSX Manager -> Host Preparation and prepare the hosts as below:




Add Static Pool as per give details in the QUESTION

Create a security policy for specific web-based applications.
Requirements:
vCenter: vcsa-01a.corp.local
NSX Manager: 192.168.110.15
Credentials: [email protected] . VMware1!
New Security Policy Name: Web-Policy-NEW
New Web Security Group Name: Secure-Web-NEW
New NSX Tag: web-security-NEW
New App Security Group Names: Secure-App-NEW
Create a new security policy to deny HTTP/HTTPS from App server to the Web Server.
Create a new Security Group for the Web servers to meet the following requirements:
Existing and future virtual machines that have in their name dev-web should be added.
Any VM with a NSX tag of web-security-NEW should be added to this policy.
Ensure virtual machine dev-web-04a has been then tagged.
Create a new security group for the App server that has virtual machine dev-app-01a added.
HOL LAB for Practice:
See the explanation part for complete solution.

Correct Answer:

SOLUTION:
Requirements:







Create new Security Group = Secure-Web-NEW

In security tag put equal






Create new Security Policy as per given details:










Right Click -> Apply Policy ->