Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. VMware
  3. 5V0-41.21

VMware 5V0-41.21 Exam (page: 2)
VMware NSX-T Data Center 3.1 Security
Updated on: 25-Dec-2025

Viewing Page 2 of 15
5V0-41.21 PDF 70 Questions

Which two are true of the NSX Gateway Firewall? (Choose two.)

  1. Firewall rules in System category cannot be edited.
  2. Firewall rules in Pre Rule category are applied to all gateways.
  3. NAT service can be configured in NSX Gateway Firewall policy.
  4. Security Groups can be used in Applied-To column.
  5. Applied-To can be configured at Firewall Policy level.

Answer(s): B,D

Explanation:

NSX Gateway Firewall is a distributed firewall that provides security for east-west traffic within a virtual environment.
1. Firewall rules in Pre Rule category are applied to all gateways. This category contains system- defined rules that are always applied first to all gateways and cannot be modified. These rules include the default deny all rule and others that control basic connectivity.
2. Security Groups can be used in Applied-To column. Security groups allow you to group together VMs that have similar security requirements and then apply firewall policies to those groups. This way you can apply the same security rules to multiple VMs at once, instead of configuring the rules on each individual VM.


Reference:

VMware NSX-T Data Center documentation https://docs.vmware.com/en/VMware-NSX-T-Data- Center/index.html
VMware NSX-T Data Center Gateway Firewall documentation https://docs.vmware.com/en/VMware- NSX-T-Data-Center/3.1/com.vmware.nsxt.firewall.doc/GUID-4C5D5A5F-8FDF-4F2A-9C5A- 2C1903A3E5A5.html



At which two intervals are NSX-T IDS/IPS updates through VMware's cloud based internet service provided for threat signature files? (Choose two.)

  1. weekly periodic updates
  2. off-schedule for 0-day updates
  3. monthly periodic updates
  4. daily periodic updates
  5. bi-weekly periodic updates

Answer(s): B,D

Explanation:

The NSX-T IDS/IPS updates are provided through VMware's cloud-based internet service at two different intervals: daily periodic updates, and off-schedule for 0-day updates. Daily periodic updates are provided on a daily basis to ensure the latest threat signature files. Off-schedule updates are provided as needed when a 0-day threat is identified, allowing customers to have the most up-to- date protection from the latest threats.


Reference:

https://docs.vmware.com/en/VMware-NSX-T- Data-Center/3.1/nsxt_31_ids_ips/GUID-D0F3F66C-FF83-4B3C-B0A3- C12F19D7A8AD.html https://blogs.vmware.com/networkvirtualization/2020/02/nsx-t-ids-and-ips- threat-protection.html



Which two are the insertion points for North-South service insertion? (Choose two.)

  1. Partner Service VM
  2. Uplink of tier-1 gateway
  3. Transport Node NIC
  4. Guest VM vNIC
  5. Uplink of tier-0 gateway

Answer(s): D,E

Explanation:

The tier-0 gateway is the entry point of the NSX-T Data Center network, and it is where the North- South service insertion takes place. The uplink of the tier-0 gateway is the point of connection between the NSX-T Data Center network and the external network. The guest VM vNIC is the interface card inside the guest virtual machine, which is used to connect the guest VM to the NSX-T Data Center network. North-South services can be inserted at this point as well.


Reference:

https://docs.vmware.com/en/VMware-NSX-T-Data- Center/3.1/nsxt_31_admin_guide/GUID-A3A6C7E1-8F5E-4A17-9B79- A3D836E3A6D3.html https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/nsxt



Which are two use-cases for the NSX Distributed Firewall' (Choose two.)

  1. Zero-Trust with segmentation
  2. Security Analytics
  3. Lateral Movement of Attacks prevention
  4. Software defined networking
  5. Network Visualization

Answer(s): A,C

Explanation:

Zero-Trust with segmentation is a security strategy that uses micro-segmentation to protect a network from malicious actors. By breaking down the network into smaller segments, the NSX Distributed Firewall can create a zero-trust architecture which limits access to only users and devices that have been authorized. This reduces the risk of a malicious actor gaining access to sensitive data and systems.
Lateral Movement of Attacks prevention is another use-case for the NSX Distributed Firewall. Lateral movement of attacks are when an attacker is already inside the network and attempts to move laterally between systems. The NSX Distributed Firewall can help protect the network from these attacks by controlling the flow of traffic between systems and preventing unauthorized access.


Reference:

https://www.vmware.com/products/nsx/distributed- firewall.html https://searchsecurity.techtarget.com/definition/zero-trust-network



An administrator wants to configure NSX-T Security Groups inside a distributed firewall rule.
Which menu item would the administrator select to configure the Security Groups?

  1. System
  2. Inventory
  3. Security
  4. Networking

Answer(s): C

Explanation:

To configure NSX-T Security Groups inside a distributed firewall rule, the administrator would select the "Security" menu item in the NSX-T Manager user interface. Within the Security menu, the administrator would navigate to the "Groups" option, where they can create, edit, and manage security groups. These groups can then be used in the "Applied To" column when creating or editing firewall rules.
In the Security menu, administrator can also configure other security features such as firewall, micro- segmentation, intrusion detection and prevention, and endpoint protection.


Reference:

VMware NSX-T Data Center documentation https://docs.vmware.com/en/VMware-NSX-T-Data- Center/index.html
VMware NSX-T Data Center Security Groups documentation https://docs.vmware.com/en/VMware- NSX-T-Data-Center/3.1/com.vmware.nsxt.groups.doc/GUID-8C8DDC52-0B91-4E9F-8D8E- E1649D3C3BBD.html



Viewing Page 2 of 15



Share your comments for VMware 5V0-41.21 exam with other users:

Neha 9/28/2023 1:58:00 PM

its helpful
Anonymous


Desmond 1/5/2023 9:11:00 PM

i just took my oracle exam and let me tell you, this exam dumps was a lifesaver! without them, iam not sure i would have passed. the questions were tricky and the answers were obscure, but the exam dumps had everything i needed. i would recommend to anyone looking to pass their oracle exams with flying colors (and a little bit of cheating) lol.
SINGAPORE


Davidson OZ 9/9/2023 6:37:00 PM

22. if you need to make sure that one computer in your hot-spot network can access the internet without hot-spot authentication, which menu allows you to do this? answer is ip binding and not wall garden. wall garden allows specified websites to be accessed with users authentication to the hotspot
Anonymous


381 9/2/2023 4:31:00 PM

is question 1 correct?
Anonymous


Laurent 10/6/2023 5:09:00 PM

good content
Anonymous


Sniper69 5/9/2022 11:04:00 PM

manged to pass the exam with this exam dumps.
UNITED STATES


Deepak 12/27/2023 2:37:00 AM

good questions
SINGAPORE


dba 9/23/2023 3:10:00 AM

can we please have the latest exam questions?
Anonymous


Prasad 9/29/2023 7:27:00 AM

please help with jn0-649 latest dumps
HONG KONG


GTI9982 7/31/2023 10:15:00 PM

please i need this dump. thanks
CANADA


Elton Riva 12/12/2023 8:20:00 PM

i have to take the aws certified developer - associate dva-c02 in the next few weeks and i wanted to know if the questions on your website are the same as the official exam.
Anonymous


Berihun Desalegn Wonde 7/13/2023 11:00:00 AM

all questions are more important
Anonymous


gr 7/2/2023 7:03:00 AM

ques 4 answer should be c ie automatically recover from failure
Anonymous


RS 7/27/2023 7:17:00 AM

very very useful page
INDIA


Blessious Phiri 8/12/2023 11:47:00 AM

the exams are giving me an eye opener
Anonymous


AD 10/22/2023 9:08:00 AM

3rd so far, need to cover more
Anonymous


Matt 11/18/2023 2:32:00 AM

aligns with the pecd notes
Anonymous


Sri 10/15/2023 4:38:00 PM

question 4: b securityadmin is the correct answer. https://docs.snowflake.com/en/user-guide/security-access-control-overview#access-control-framework
GERMANY


H.T.M. D 6/25/2023 2:55:00 PM

kindly please share dumps
Anonymous


Satish 11/6/2023 4:27:00 AM

it is very useful, thank you
Anonymous


Chinna 7/30/2023 8:37:00 AM

need safe rte dumps
FRANCE


1234 6/30/2023 3:40:00 AM

can you upload the cis - cpg dumps
Anonymous


Did 1/12/2024 3:01:00 AM

q6 = 1. download odt application 2. create a configuration file (xml) 3. setup.exe /download to download the installation files 4. setup.exe /configure to deploy the application
FRANCE


John 10/12/2023 12:30:00 PM

great material
Anonymous


Dinesh 8/1/2023 2:26:00 PM

could you please upload sap c_arsor_2302 questions? it will be very much helpful.
Anonymous


LBert 6/19/2023 10:23:00 AM

vraag 20c: rsa veilig voor symmtrische cryptografie? antwoord c is toch fout. rsa is voor asymmetrische cryptogafie??
NETHERLANDS


g 12/22/2023 1:51:00 PM

so far good
UNITED STATES


Milos 8/4/2023 9:33:00 AM

question 31 has obviously wrong answers. tls and ssl are used to encrypt data at transit, not at rest.
Serbia And Montenegro


Diksha 9/25/2023 2:32:00 AM

pls provide dump for 1z0-1080-23 planning exams
Anonymous


H 7/17/2023 4:28:00 AM

could you please upload the exam?
Anonymous


Anonymous 9/14/2023 4:47:00 AM

please upload this
UNITED STATES


Naveena 1/13/2024 9:55:00 AM

good material
Anonymous


WildWilly 1/19/2024 10:43:00 AM

lets see if this is good stuff...
Anonymous


Lavanya 11/2/2023 1:53:00 AM

useful information
UNITED STATES