2021 100% Free 3V0-643 Daily Practice Exam With 23 Questions
3V0-643 exam torrent VMware study guide
NEW QUESTION 12
Configure the Layer 3 connectivity between the newly created Dev-segments by assigning them to a new DLR named Dev-DLR-NEW.
Requirements:
vCenter: vcsa-01a.corp.local
Ccredentials: [email protected] . VMware1!
Default GW for Dev-subnets:
Dev-Web-Tier-01-NEW172.16.10.1/24
Dev-App-Tier-01-NEW172.16.20.1/24
Dev-DB-Tier-01-NEW172.16.30.1/24
DLR Settings:
DLR Name: Dev-DLR-NEW
Uplink IP Address: 192.168.6.5/30
Interface: Dev-Transit
Password: VMware1!WMware1!
Cluster: Management & Edge Cluster
Ensure east-west routing has been optimized.
The control plane failover should begin 15 seconds on logical switch HA-VXLAN.
Ensure secure shell is available.
Connect the Web, App and DB virtual machines to their respective dev tiers.
Dev-web-01, Dev-web-02a, Dev-web-04a
Dev-app-01a
Dev-db-01a
HOL LAB for Practice:
also deploy Distributed logical router DLR in the same way the lab.
See the explanation part for complete solution.
Answer:
Explanation:
SOLUTION:
Add VMs to respective Logical Switches:
No need for below
To change the control plane failover within 15 seconds use the RESTClient as shown below or the Postman application in Chrome.
Open Firefox
Open RESTClient from Firefox
Authentication
Basic Authenticaion
Admin
VMware1!
Headers
Custom Headers
Content-Type
Application/xml
Note down the edge id of newly created DLR (in exam its edge-12)
There will be a NSX API guide on desktop and look for "declaredeadtime".
Or memorize below string:
URL: https://192.168.110.15/api/4.0/edges/edge-10/highavailability/config Note: in exam its edge-12 but make sure!
Change the value to 15
Body:
<highAvailability>
<declareDeadTime>15</declareDeadTime>
</highAvailability>
NEW QUESTION 13
Create a backup of only the vDS portgroup the NSX controllers utilize along with the NSX Firewall configuration. Also, the security team had identified a missing security policy that needs to be added.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Components to backup:
vDS Portgroup that the controllers utilize.
NSX Firewall configuration.
Backup file name: vdsPortGroup-backup-NEW.zip, nsxfw-backup-NEW.xml
Backup file location: Desktop of the ControlCenter.
Security Policy:
File to import: sec-policy-blueprint located on the desktop of the ControlCenter.
Backup only the vDS portgroup that the NSX Controllers utilize.
Backup the NSX Firewall configuration.
Import the sec-policy.blueprint file
Ensure requirements are met.
HOL LAB for Practice:
See the explanation part for complete solution.
Answer:
Explanation:
SOLUTION:
select Network & Security. select service composer. select 192.168.110.15.
select security policy tab. click on + sign enter name sec-policy-blueprint.
click next 3 times. click finish. select sec-policy-blueprint. click right mouse button select export configuration. enter name sec-policy-blueprint. click next select sec-policy-blueprint. click next. click finish. select desktop location.
enter name sec-policy-blueprint. click save. select sec-policy-web and delete it.
Verify NSX Controllers' vDS Portgroup
Vds-mgmt-a_Management network (under site A vcenter networking)
NEW QUESTION 14
Enable load balancing for the development environment allowing HTTPS access to the Dev-Web-01a and Dev-Web-02a servers.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected]
Self-signed certificate parameters:
Common Name: 192.168.5.100
Organization Name: ABC Medical
Organization Unit: IT
Locality: Palo Alto
State: CA
Country: United States
Message Algorithm: RSA
Key Size: 2048
Number of Days: 365
Web Servers: Dev-Web-01a, Dev-Web-02a
Use the secondary IP address of 192.168.5.100
New connections should consider current connections among all available members of the pool.
The web servers will not have SSL certificates installed. The web team has indicated that analytics based on source IP should be available.
Ensure all requirements have been met.
HOL LAB for Practice:
Load Balancer and other questions 7, 8, 9
See the explanation part for complete solution.
Answer:
Explanation:
SOLUTION:
Create Secondary address on Uplink Interface.
Generate CSR using the give details.
Enable Load-Balancer, create Profile, create Virtual Server.
Dev-Edge -> Manage -> Settings -> Interfaces -> Edit and add secondary IP address: 192.168.5.100
Create CSR as per given details from the question:
Dev-Edge -> Manage -> Settings -> Certificate -> Actions -> Generate CSR
Dev-Edge -> Manage -> Settings -> Certificate -> Actions -> Self Sign Certificate: Days = 365
Dev-Edge -> Manage -> Load Balancer -> Global Configuration -> Edit
Enable Load Balancer
Create Application Profile:
Check box for inser-forward-for-httpheader also below
Create new Pool:
Add both Web member servers:
Add Virtual Servers:
NEW QUESTION 15
Build a multi-tier network capable of supporting application virtual machines deployed across multiple vCenter instances.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Resource Pools: Management and Edge Cluster 1A
The underlying physical network does not support multicast.
All new items created must have a prefix of "U" followed by their function name and a suffix of "New".
i.e. U-App-Tier-NEW.
Create a LS for HA management interface calle U-HA-VXLAN=NEW but do not enable HA on any of the edge devices deployed.
Deploy logical switches using separate subnets for the three tier application shared by both NSX Manager instances.
Deploy the required east-west routing component used across multiple vCenter instances for the multi-tier network.
Utilize a default gateway up to the Perimeter-Gateway02 (tenant router) from the east/west router.
Utilize a static route from the tenant router to reach the three tiers of the application.
Subnets for the tiers:
172.7.10.0/24 for the Web Tier.
172.17.20.1/24 for the App Tier.
172.17.30.0/24 for the Database Teir.
Use the first available IP address for the router on each of the tiers.
Subnet for the Transit VXLAN uplink from the application tier routing to the tenant router.
192.168.190.0/29
Uplink IP address of the application tier should be the first available IP address.
Downlink from the tenant router will use the second available IP addresses.
The password for new edge device(s) must be VMware1!VMware1!
Add all virtual machines with a prefix "universal-" to their respective segments.
Ensure all LIFs are reachable from ControlCenter.
HOL LAB for Practice:
See the explanation part for complete solution.
Answer:
Explanation:
SOLUTION:
universal transport zone
logical switches
U-HA-VXLAN-NEW
U-Transit-NEW
U-Web-Tier-NEW
U-App-Tier-New
U-DB-Tier-New
New DLR U-DLR-NEW
HA Interface - U-HA-VXLAN-NEW
Interface below
- U-Transit-NEW uplink 192.168.190.1
- U-Web-Tier-NEW internal 172.17.10.1
- U-App-Tier-NEW internal 172.17.20.1
- U-Db-Tier-NEW internal 172.17.30.1
Gateway
-U-Transit-NEW
Ip 192.168.190.2
PGW02 vnic4 U-Transit-NEW 192.168.190.2
Create 5 logical switches
U-Transit-NEW
U-Web-Tier-NEW
U-App-Tier-NEW
U-DB-Tier-NEW
Add VMs to relevant newly created Logical Switches.
No need
Create new Universal Logical (Distributed) Router:
U-DLR-NEW
U-Uplink-NEW(U-Transit-NEW)
Select U-Transit-NEW logical swicth here
Perimeter-Gateway-02
To-Universal-DLR
Select U-Transit-NEW
172.17.0.0/16
192.168.190.1
To-Universal-DLR
NEW QUESTION 16
Create a security policy for specific web-based applications.
Requirements:
vCenter: vcsa-01a.corp.local
NSX Manager: 192.168.110.15
Credentials: [email protected] . VMware1!
New Security Policy Name: Web-Policy-NEW
New Web Security Group Name: Secure-Web-NEW
New NSX Tag: web-security-NEW
New App Security Group Names: Secure-App-NEW
Create a new security policy to deny HTTP/HTTPS from App server to the Web Server.
Create a new Security Group for the Web servers to meet the following requirements:
Existing and future virtual machines that have in their name dev-web should be added.
Any VM with a NSX tag of web-security-NEW should be added to this policy.
Ensure virtual machine dev-web-04a has been then tagged.
Create a new security group for the App server that has virtual machine dev-app-01a added.
HOL LAB for Practice:
See the explanation part for complete solution.
Answer:
Explanation:
SOLUTION:
Requirements:
Create new Security Group = Secure-Web-NEW
In security tag put equal
Create new Security Policy as per given details:
Right Click -> Apply Policy ->
NEW QUESTION 17
In the Dev environment, you have the application and database servers on separate networks created previously. Configure inbound only network security to allow only Dev application servers access to Dev database servers using MYSQL service port.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Service Port: MYSQL
Networks: Dev-App-Tier-01-NEW and Dev-DB-Tier-01-NEW
Credentials for Dev VMs: root / VMware1!
This rule should be in its own "DB security-NEW" section.
Ensure inbound only network security allows Dev application servers access to Dev database servers.
This rule should not be prpogated to all NSX prepared clusters.
This rule should be created in a way that any new virtual machines on App and DB segments will be secured.
This rule should be created with the fewest rule(s) possible.
All other servers should be denied.
Ensure inbound security requirements are met.
HOL LAB for Practice:
See the explanation part for complete solution.
Answer:
Explanation:
SOLUTION:
Firewall -> add new Section:
Add new Rule under newly created Section:
Edit Rule Name:
Source = Dev-App-Tier-01-NEW (LS)
Destination = Dev-DB-Tier-01-NEW (LS)
Service = MySQL
Allow - In
Applied To: Logical Switch = Dev-DB-Tier-01-NEW
Add another rule = To Deny
Set destination: Logical Switch = Dev-DB-Tier-01-NEW
Bring to last the Deny rule:
NEW QUESTION 18
The security team has requested that [email protected] have the ability to fully manage NSX Manager (192.168.210.15) for Site B.
Requirements:
vCenter: vcsa-01b.corp.local
Credentials: [email protected] / VMware1!
Ensure [email protected] has the ability to fully manage NSX Manager in SiteB.
NOTE:
You may have to log out of the web client and back in for 192.168.210.15 to show in web client.
HOL LAB for Practice:
See the explanation part for complete solution.
Answer:
Explanation:
SOLUTION:
NSX Manager in SiteB
[email protected]
go to Nsx manager - b. select Manage Vcenter registration. check if lookup service is configured if not configured it will the details.
lookup service ip = Nsx Manager - a IP Address
Lookup service port = 7444
Lookup service= https://192.168.110.15:7444/lookupservice/sdk
SSO administrator = [email protected]
password = VMware1!
click on ok. click on yes.
NOTE: it will show u connected. if not connected. logout and login again
NEW QUESTION 19
Provide automatic IP assignment for the servers on the DEV-DB-Tier-01-NEW segment.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Edge: Dev-Edge
Automatically allocate IP addreesses in the 172.16.30.100-149 range.
Lease time: 1 hour
Ensure hosts that receive an IP assignment will be able to reach the other Dev subnets.
The legacyhost-NEW with the MAC address 40:00:00:00:00:01 must always be assigned 172.16.30.99 Ensure other parameters match those of the dynamic allocation mechanism (Task1).
Enable logging with the highest level of detail for automatic IP allocations.
Ensure all requirements have been met.
NOTE:
Do not configure DHCP Relay agent on the Dev-DLR-NEW as this will be done by another administrator.
HOL LAB for Practice:
DHCP and other questions 7, 8, 9
See the explanation part for complete solution.
Answer:
Explanation:
SOLUTION:
Add Pool as per given details:
Add Pool as per given details:
NEW QUESTION 20
The security team has submitted two requests to change or limit access in NSX for Site A's vCenter groups.
Requirements:
NSX Manager: nsxmgr-01a.corp.local
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Grant all members of vCenter group AuditTeam the minimal access necessary to view NSX Data Security policy configurations for all objects in Site A.
Grant all members of vCenter group ScanTeam the minimal access necessary to enable them to start and stop data security scans in Site A.
Ensure that the principles of least privilege are adhered to.
NOTE:
The Active Directory groups associated with the vCenter groups has already been preconfigured.
HOL LAB for Practice:
See the explanation part for complete solution.
Answer:
Explanation:
SOLUTION:
select Home. select administrator. select domain vsphere.local. select groups.
click + sign. enter group name AuditTeam click ok. do same for ScanTeam.
[email protected]
[email protected]
select datacenter A.
select manage select permission click on + Sign.
select Assign role read only. select all privileges click on Add
select AuditTeam and select ScanTeam. check propagate to childern. and click ok
NEW QUESTION 21
......
VMware 3V0-643: VMware Certified Advanced Professional 6 - Network Virtualization Deployment (VCAP6-NV Deploy) Exam Certified Professional salary
The estimated average salary of VMware 3V0-643 Certified Advanced Professional 6 - Network Virtualization Deployment (VCAP6-NV Deploy) certified professional is listed below:
- Europe: 88,000 EURO
- India: 7,768,000 INR
- England: 79,000 POUND
- United States: 105,000 USD
Who should take the VMware 3V0-643: VMware Certified Advanced Professional 6 - Network Virtualization Deployment (VCAP6-NV Deploy) Exam
The VMware 3V0-643 Certified Advanced Professional 6 - Network Virtualization Deployment (VCAP6-NV Deploy) Exam certification is intended for applicants who have at least two years of experience deploying virtualization solutions for the VMware network. Usually, people who are infrastructure staff capable of deploying, optimising and troubleshooting a VMware NSX 6.x solution that operates on the architecture of vSphere 6.x should take this exam. People with an understanding of the fundamental principles of the network, including layer2 switching, layer3 routing and other standard network services will best suit for the exam. Both VMware NSX components can be deployed and managed by the candidate. People with prior experience, including configuration and management functions, operating with vSphere infrastructures are highly encouraged for the exam. Before attempting this credential, applicants are expected to obtain a valid VMware Certified Professional 6 certification.
Use Valid New 3V0-643 Test Notes & 3V0-643 Valid Exam Guide: https://www.itcertmagic.com/VMware/real-3V0-643-exam-prep-dumps.html