VMware Certified Professional - Network Virtualization Practice Exam 2025: Latest Questions

An administrator needs to ensure NSX management traffic remains available even if one NSX Manager node fails. Which design best meets this requirement?

A team wants to apply security policies to workloads that move frequently between clusters. Which object selection method is the best practice for maintaining dynamic policy membership?

An administrator must provide east-west routing between multiple overlay segments in the same NSX environment with minimal latency. Which component provides distributed routing for this use case?

A firewall policy should log only the traffic that matches a specific rule for auditing, without enabling verbose logging for the entire environment. Where should logging be enabled?

A company must provide outbound internet access for workloads on multiple overlay segments. The design requires source NAT and centralized services. Which component should perform this function?

Two workloads on the same overlay segment cannot ping each other. The distributed firewall policy is known to allow ICMP. What is the most likely additional configuration issue to verify first?

An administrator wants to reduce the number of firewall rules by defining a policy that allows only HTTPS from a specific app tier to a web tier while denying all other traffic between tiers. Which approach is most appropriate?

A deployment includes multiple transport nodes. An administrator needs to confirm whether Geneve encapsulated traffic is reaching a specific transport node during troubleshooting. Which data source is most directly useful?

A customer requires traffic between two overlay segments to remain fully stateful for firewalling, but they also want routing between the segments. They notice that some flows are not being inspected as expected. Which design choice most commonly ensures stateful inspection for inter-segment traffic?

After adding new ESXi hosts to a cluster, VMs on those hosts cannot communicate over overlay segments, while existing hosts work normally. The new hosts appear in vCenter but show no overlay connectivity. Which NSX configuration is MOST likely missing on the new hosts?

An administrator needs to allow east-west traffic between two application tiers while enforcing micro-segmentation rules at the vNIC level for each VM. Which NSX-T component provides this enforcement point?

A team wants to connect a new segment to the rest of the environment but must ensure that routing is performed by the hypervisor (not by Edge Nodes) for optimal east-west performance. What is the correct attachment point for the segment?

Which NSX-T feature is primarily used to automatically apply security policy based on VM attributes such as tags, rather than relying on static IP addresses?

An organization needs to extend Layer 2 connectivity between two sites over an IP underlay for a migration project. They require a control-plane mechanism to replicate BUM traffic efficiently. Which NSX-T capability best fits this requirement?

A troubleshooting session shows that VMs on the same overlay segment cannot communicate across hosts, but they can communicate with VMs on the same host. Underlay connectivity is verified. Which item is the MOST likely cause?

A customer needs to provide north-south connectivity for multiple tenant Tier-1 gateways while keeping tenant routing isolated. Which design is recommended?

A security team requires a rule that allows access to a web application only from users in a specific Active Directory group, regardless of the users' IP addresses. Which NSX-T feature should be used?

An administrator creates a Distributed Firewall policy but observes that traffic is still permitted, even though a drop rule exists. They confirm the correct source and destination groups. What is the MOST likely reason?

A company wants to use NSX Advanced Load Balancer to provide application delivery to workloads on NSX segments. They also need the load balancer service to remain available during an Edge Node failure. Which architecture best meets this requirement?

After adding new ESXi transport nodes, an administrator notices that some hosts show as "Up" but do not participate in overlay networking. VM traffic on overlay segments fails only on those hosts. Which verification is MOST appropriate to identify the root cause?

An administrator needs to create a logical switch for a new application tier and wants to ensure the segment can be attached to VMs and also provide services (e.g., DHCP/metadata) from the NSX infrastructure. Which NSX-T construct should be used to connect the segment to a gateway for north-south connectivity and centralized services?

A security team requires that all east-west traffic between two application tiers be blocked by default, but allows the application owner to open only specific ports as needed. Which NSX-T security approach best meets this requirement with least operational overhead?

An operations engineer is troubleshooting intermittent connectivity to workloads on an overlay segment. They suspect an MTU mismatch causing packet fragmentation or drops. Which is the most appropriate NSX-T troubleshooting action to validate end-to-end path MTU for overlay traffic?

A company is designing NSX-T for multiple tenants. They want centralized north-south connectivity with consistent external routing, but require each tenant to have isolated routing domains and the ability to manage their own segments and policies. Which architecture best meets these requirements?

After migrating a workload from one cluster to another, the VM can no longer reach resources on a remote segment. Local same-segment communication still works. The administrator confirms the VM's security policy and DFW rules are unchanged. Which component or configuration is the MOST likely cause in NSX-T?