3V0-643 Exam Question 6
Provide cross vCenter security functionality for the Universal Web Multi-Tiered network application.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
New Section Name: Universal-Rules-New
Networks:
Web-Tier: 172.17.10.0/24
App-Tier: 172.17.20.0/24
DB-Tier: 172.17.30.0/24
Secure east/west network communication for each of the three tiers allowing only.
Firewall Rule section Name: Universal-Rules-NEW
Web Tier: any source address incoming on TCP port 80 and 443
Application Tier: access from the web tier on the incoming TCP port 8443 Database Tier: access from the application tier on the incoming TCP port 3306 Traffic that does not meet the above requirements should be blocked.
NOTE:
This rule must only affect the universal tiers.
HOL LAB for Practice:
See the explanation part for complete solution.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
New Section Name: Universal-Rules-New
Networks:
Web-Tier: 172.17.10.0/24
App-Tier: 172.17.20.0/24
DB-Tier: 172.17.30.0/24
Secure east/west network communication for each of the three tiers allowing only.
Firewall Rule section Name: Universal-Rules-NEW
Web Tier: any source address incoming on TCP port 80 and 443
Application Tier: access from the web tier on the incoming TCP port 8443 Database Tier: access from the application tier on the incoming TCP port 3306 Traffic that does not meet the above requirements should be blocked.
NOTE:
This rule must only affect the universal tiers.
HOL LAB for Practice:
See the explanation part for complete solution.
3V0-643 Exam Question 7
You have been tasked with modifying an existing NSX API call to capture flow information for an organization. The existing API call is located on the ControlCenter desktop in a file name flowapi.txt.
The API call should be modified to collect Layer3 flow statistics between the dev-web-01a and the ControlCenter virtual machine.
Requirements:
vCenter: vcsa01a.corp.local
Credential: [email protected] / VMware1!
File location: flowapi.txt on the desktop of ControlCenter.
Modify and Save the existing API call to capture the requested information.
A REST Client has been added to Chrome and Firefox for this exercise.
Output the Response Body to a text file called apiresults.txt on the desktop of ControlCenter.
******************flowapi.txt***********************
https://<nsxmgr-ip>/api/2.1/app/flow/flowstats?contextId=datacenter-21&flowType=TCP_UDP&startTime
=0&endTime=
https://192.168.110.15/api/2.1/app/flow/flowstats?contextId=vm-26&flowType=Layer3&startTime=0&endT ime=1320917094000&
******************flowapi.txt***********************
HOL LAB for Practice:
See the explanation part for complete solution.
The API call should be modified to collect Layer3 flow statistics between the dev-web-01a and the ControlCenter virtual machine.
Requirements:
vCenter: vcsa01a.corp.local
Credential: [email protected] / VMware1!
File location: flowapi.txt on the desktop of ControlCenter.
Modify and Save the existing API call to capture the requested information.
A REST Client has been added to Chrome and Firefox for this exercise.
Output the Response Body to a text file called apiresults.txt on the desktop of ControlCenter.
******************flowapi.txt***********************
https://<nsxmgr-ip>/api/2.1/app/flow/flowstats?contextId=datacenter-21&flowType=TCP_UDP&startTime
=0&endTime=
https://192.168.110.15/api/2.1/app/flow/flowstats?contextId=vm-26&flowType=Layer3&startTime=0&endT ime=1320917094000&
******************flowapi.txt***********************
HOL LAB for Practice:
See the explanation part for complete solution.
3V0-643 Exam Question 8
Configure a solution that extends an IP subnet between two data centers. The solution must ensure secure communication between two data centers. A standalone Edge Appliance has already been deployed and preconfigured in Site-B on the Compute Cluster.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
HQ Site Information:
Edge: Preimeter-Gateway-01
Logical Segment: Extend-LS-01
Connected to: vds-mgt-a_Trunk_Network
VPN Server settings: 192.168.100.3
Use the system generated certificate.
Preconfigured Standalone Edge Appliance: NSX l2vpn
Edge: 192.168.200.5
L2VPN Server Information:
Name: Peer-Site-NEW
Trunk ID = 10
User ID = peeruser1
Password = VMware1!
Encryption = AES256-SHA
The solution must ensure secure communication between the data centers.
NOTE:
No virtual machines are attached to the Logical switch Application-Tier-01, so there is no need to test communication across the tunnel.
Ensure that L2VPN server statistics shows Tunnel status of UP.
HOL LAB for Practice:
L2VPN and other questions 7, 8, 9
See the explanation part for complete solution.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
HQ Site Information:
Edge: Preimeter-Gateway-01
Logical Segment: Extend-LS-01
Connected to: vds-mgt-a_Trunk_Network
VPN Server settings: 192.168.100.3
Use the system generated certificate.
Preconfigured Standalone Edge Appliance: NSX l2vpn
Edge: 192.168.200.5
L2VPN Server Information:
Name: Peer-Site-NEW
Trunk ID = 10
User ID = peeruser1
Password = VMware1!
Encryption = AES256-SHA
The solution must ensure secure communication between the data centers.
NOTE:
No virtual machines are attached to the Logical switch Application-Tier-01, so there is no need to test communication across the tunnel.
Ensure that L2VPN server statistics shows Tunnel status of UP.
HOL LAB for Practice:
L2VPN and other questions 7, 8, 9
See the explanation part for complete solution.
