[Dec 22, 2021] Pass VMware 3V0-643 Exam Info and Free Practice Test
3V0-643 Exam Dumps PDF Updated Dump from Actual4dump Guaranteed Success
Objective 6.3 â Configure and Manage Universal Logical Security Objects:
- Configure Universal security groups
- Configure Universal MAC sets
- Configure Universal firewall rules
- Configure Universal IP sets
- Configure Universal services and service groups
7. Perform Advanced VMware NSX Troubleshooting
Objectives covered by this section:
NEW QUESTION 10
Configure the Layer 3 connectivity between the newly created Dev-segments by assigning them to a new DLR named Dev-DLR-NEW.
Requirements:
vCenter: vcsa-01a.corp.local
Ccredentials: [email protected] . VMware1!
Default GW for Dev-subnets:
Dev-Web-Tier-01-NEW172.16.10.1/24
Dev-App-Tier-01-NEW172.16.20.1/24
Dev-DB-Tier-01-NEW172.16.30.1/24
DLR Settings:
DLR Name: Dev-DLR-NEW
Uplink IP Address: 192.168.6.5/30
Interface: Dev-Transit
Password: VMware1!WMware1!
Cluster: Management & Edge Cluster
Ensure east-west routing has been optimized.
The control plane failover should begin 15 seconds on logical switch HA-VXLAN.
Ensure secure shell is available.
Connect the Web, App and DB virtual machines to their respective dev tiers.
Dev-web-01, Dev-web-02a, Dev-web-04a
Dev-app-01a
Dev-db-01a
HOL LAB for Practice:
also deploy Distributed logical router DLR in the same way the lab.
See the explanation part for complete solution.
Answer:
Explanation:
SOLUTION:
Add VMs to respective Logical Switches:
No need for below
To change the control plane failover within 15 seconds use the RESTClient as shown below or the Postman application in Chrome.
Open Firefox
Open RESTClient from Firefox
Authentication
Basic Authenticaion
Admin
VMware1!
Headers
Custom Headers
Content-Type
Application/xml
Note down the edge id of newly created DLR (in exam its edge-12)
There will be a NSX API guide on desktop and look for "declaredeadtime".
Or memorize below string:
URL: https://192.168.110.15/api/4.0/edges/edge-10/highavailability/config Note: in exam its edge-12 but make sure!
Change the value to 15
Body:
<highAvailability>
<declareDeadTime>15</declareDeadTime>
</highAvailability>
NEW QUESTION 11
Enable and configure cross vCenter support for and NSX implementation that contains two vCenter Servers:
vcsa-01a.corp.local and vcsa-01b.corp.local
Requirements:
vCenter: vcsa-01a.corp.local and vcsa-01b.corp.local
Credentials: [email protected] / VMware1!
NSX Manager Credentials: admin/VMware1!
The NSX Manager registered to vcsa-01a.corp.local should be responsible for all universal NSX objects.
A segment ID range of 16789-17563 is available for use with this exercise.
NOTE:
Allow time for synchronization to complete.
HOL LAB for Practice:
See the explanation part for complete solution.
Answer:
Explanation:
SOLUTION:
(1) select home. select installation select NsManager - b. select
logical network preparation tab. select segment ID. edit and enter pool id 6001-7000 do the same for Nsx MAnager -a and put pool id 5001-6000. be sure there is no overlaping of segment id in both the nsx managers.
(2) open Nsx Manager a and Nsx Manager B and start the universal synchoraniztion service from summary.
note: you can start the services in the beging to avoid any delay
Assign Primary Role to 192.168.110.15
Add Secondary NSX Manager
NEW QUESTION 12
Enable load balancing for the development environment allowing HTTPS access to the Dev-Web-01a and Dev-Web-02a servers.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected]
Self-signed certificate parameters:
Common Name: 192.168.5.100
Organization Name: ABC Medical
Organization Unit: IT
Locality: Palo Alto
State: CA
Country: United States
Message Algorithm: RSA
Key Size: 2048
Number of Days: 365
Web Servers: Dev-Web-01a, Dev-Web-02a
Use the secondary IP address of 192.168.5.100
New connections should consider current connections among all available members of the pool.
The web servers will not have SSL certificates installed. The web team has indicated that analytics based on source IP should be available.
Ensure all requirements have been met.
HOL LAB for Practice:
Load Balancer and other questions 7, 8, 9
See the explanation part for complete solution.
Answer:
Explanation:
SOLUTION:
Create Secondary address on Uplink Interface.
Generate CSR using the give details.
Enable Load-Balancer, create Profile, create Virtual Server.
Dev-Edge -> Manage -> Settings -> Interfaces -> Edit and add secondary IP address: 192.168.5.100
Create CSR as per given details from the question:
Dev-Edge -> Manage -> Settings -> Certificate -> Actions -> Generate CSR
Dev-Edge -> Manage -> Settings -> Certificate -> Actions -> Self Sign Certificate: Days = 365
Dev-Edge -> Manage -> Load Balancer -> Global Configuration -> Edit
Enable Load Balancer
Create Application Profile:
Check box for inser-forward-for-httpheader also below
Create new Pool:
Add both Web member servers:
Add Virtual Servers:
NEW QUESTION 13
Complete the configuration of Dev-Edge to allow north-south routing connectivity for the new Dev-segment.
Workloads will have overlapping IP addressing with production workloads. The developers will RDP into a jump host server (Dev-Jumphost) on the Dev-Web segment. An RDP shortcut named To Dev-JumpHost.rdp has been created on the ControlCenter Desktop.
The following has been preconfigured on Dev-Edge:
The uplink interface on the Dev-Edge has been pre-configured to communicate the upstream Gateways and attached to Dev-to-PGs-Transit.
Dev-DLR-NEW and Dev-Edge interfaces have been preconfigured to communicate with each other.
ECMP has been disabled.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Dev-Jumphost information:
Credentials: administrator / VMware1!
Internal IP of Dev-Jumphost: 172.16.10.100
External IP of Dev-Jumphost: 192.168.5.100
Connection Information:
Dev-Edge-Uplink IP: 192.168.5.3/24
Dev-Edge-Internal IP : 192.168.6.6/30
Preimeter-Gateway-01-Internal IP: 192.168.5.1/24
Preimeter-Gateway-02-Internal IP: 192.168.5.2/24
Logical switch: Dev-to-PGs-Transit
ECMP: Enabled.
BGP AS: 65001
Credentials for all Edge Devices: admin / VMware1!VMware1!
The networking team requires BGP as a routing protocol with an AS of 65001 for North-bound access for the Dev-environment.
Use the fewest number of static routes and utilize network prefixes to ensure accessibility to the Dev-Web-Tier-01-NEW within the Dev-environment.
Ensure Dev-Jumphost is on Dev-Web-Tier-01-NEW.
Ensure the ability to RDP into the Dev-Jumphost server from the production network (ControlCenter).
HOL LAB for Practice:
module, it will be use full for other question like 20 and 22
See the explanation part for complete solution.
Answer:
Explanation:
SOLUTION:
Static Routes on Dev-Edge:
Network:172.16.0.0/16
Next Hop:192.168.6.5
Interface:Dev-Transit
Uplink
192.168.5.100
Tcp
3389
172.16.10.100
3389
(1) Go to Vcenter-a. select network & Security. select NsX Edge.
(2) check the PGW01 configuration if everything is ok no need to do any changes specially ip address and routing. if not than select PGW01. select Manage. select routing select global configuration and enable routing. click publish changes.
be sure ECMP is enabled.
select BGP Configuration. click edit. select enable BGP, select Enable Graceful restart (select enable Default originate). enter AS 65001 click ok click publish changes
SSH to both Perimeter Routers and verify BGP neighborship.
Username: admin
Password: VMware1!VMware1!
Add jumphost VM to Dev-Web-Tier-01-NEW Logical Switch
NOTE:
192.168.5.100 interface is created in the next task only. So after testing the next task output, you should be able to get the RDP login.
NEW QUESTION 14
Management requires you to build a new logical topology for a new application that will include a hardware search appliance (HAS). The new application must contain a web tier and database tier on separate IP domains. Use the existing App01-DLR to complete the task.
Requirements:
vCenter: vcsa-01.corp.local
Credentials: [email protected] / VMware1!
vDS: vds-mgt-edge-a
Existing DLR Name: App01-DLR
New object prefix - App01
New object suffic - New
Create a new distributed port group for this task named vds-HSA-NEW.
The HAS must reside on the same IP subnet as the database.
The new application must contain a web tier and database tier on separate domains to be used at a future date.
Once deployed the HAS will be connected to a network with VLAN ID 500.
The proper physical switch ports for the uplinks have already been trunked to include VLAN 500.
VLANs configured in the compute racks are isolated to a single rack.
Any objects/items created must be named with a prefix of App01 and a suffix containing their function with NEW (for example: App01-Function-NEW) NOTE:
The hardware appliance and application virtual machines have not been deployed. Attempts to connectivity to the appliance will not succeed.
HOL LAB for Practice:
Bridging and other questions 7, 8, 9 and LAB - HOL-1925-02 Module 1
See the explanation part for complete solution.
Answer:
Explanation:
SOLUTION:
Step 1: From SiteA vCenter web client -> Networking -> Data Center SiteA -> create a new distribution port group named vds-HAS-NEW with VLAN ID 500 in vds-mgmt-edge.
Create LS on 192.168.110.15 = App01-WebTier-NEW
Create LS on 192.168.110.15 = App01-DBTier-NEW
NSX Edges -> App01-DLR
8) got NsX Edge and select App01-DLR. select Manage, select settings and click on + Sign (9) Enter interface name App01-Web-New, select type internal. select App01-Webtier-New LS Enter ip address 192.168.1.1/24. repeat the same steps for App01-DBtier-New but take ip addres
192.168.2.1 /24
Name: App01-Bridge-NEW
Logical Switch: App01-DBTier-NEW
Distributed Port Group: vds-HAS-NEW
(11) be sure under App01-DB-New the bridging is enable.
NEW QUESTION 15
Create a security policy for specific web-based applications.
Requirements:
vCenter: vcsa-01a.corp.local
NSX Manager: 192.168.110.15
Credentials: [email protected] . VMware1!
New Security Policy Name: Web-Policy-NEW
New Web Security Group Name: Secure-Web-NEW
New NSX Tag: web-security-NEW
New App Security Group Names: Secure-App-NEW
Create a new security policy to deny HTTP/HTTPS from App server to the Web Server.
Create a new Security Group for the Web servers to meet the following requirements:
Existing and future virtual machines that have in their name dev-web should be added.
Any VM with a NSX tag of web-security-NEW should be added to this policy.
Ensure virtual machine dev-web-04a has been then tagged.
Create a new security group for the App server that has virtual machine dev-app-01a added.
HOL LAB for Practice:
See the explanation part for complete solution.
Answer:
Explanation:
SOLUTION:
Requirements:
Create new Security Group = Secure-Web-NEW
In security tag put equal
Create new Security Policy as per given details:
Right Click -> Apply Policy ->
NEW QUESTION 16
Management has approved an expansion of the virtual infrastructure. You have been tasked to prepare Cross vCenter configuration with the second vCenter Server. Another administrator has provided a pre-configured vDS configuration file located on the Control Center Server. All identifiers must be maintained.
Requirements:
vCenterB server: vcsa-01b.corp.local
Credentials: [email protected] / VMware1!
vCenterB VAMI Credentials: root / VMware1!
Cluster: Computer Cluster 1B
ESXI Hosts: esx-01b.corp.local, esx-02.corp.local
Platform service controller: psc-01a.corp.local(192.168.110.9)
NSX Manager: nsmgr-01b.corp.local (192.168.210.15)
Credentials: admin / VMware1!
Time Zone: US/Pacific
*Configure nsmgr-01b.corp.local for vCenterB and psc-01a.corp.local
*Ensure nsxmgr-01b.corp.local uses the same NTP server as psc-01a.corp.local with a US/Pacific TimeZone.
*Import the new vDS configuration vds-site-b-Compute-New.zip
All identifiers must be maintained.
*Assign the remaining two used vmnics for the ESXi hosts to the newly imported vDS.
NOTE:
Do not migrate VMkernels from the standard switches on the hosts.
HOL LAB for Practice:
a http://docs.hol.vmware.com/hol-isim/HOL-2019/hol-1903-01-nsxinstall-p1.htm HOL-1903-01 Page 16 or you can directly Open a NSX manager in the lab and edit the existing settings bOpen PSC and NSX manager in HOL-1903-01 and look for NTP Server loand cation cExport existing vDS config and Import back the config for practice in HOL-1903-01 dNo Lab Module available See the explanation part for complete solution.
Answer:
Explanation:
SOLUTION:
Step 1: Login to PSC using VAMI credentials and note down the time zone and server details and use the same in SiteB NSX Manager time settings.
Step 2: Update the time settings, complete lookup service configuration, associate SiteB NSX manager to SiteB vCenter. Check the status from SiteA vCenter Webclient -> Networking & Security -> Installation -> Management.
Step 3: Import the Distributed switch to Cluster B, add the hosts & assign the interfaces.
Login to https://psc-01a.corp.local:5480/ to check the NTP server details and note it down. Use the VAMI credentials given to login. Need to click on Edit to see the server details in here as it is not showing up in the main page (In exam, it is showing in the main page itself).
Important NOTE:
In exam change Lookup Service Port according to NSX Manager of Site A which is working one.
It's 7444 in exam.
Click refresh if in case it shows as disconnected.
Login to SiteA vCenter using Web Client and confirm the status of both the NSX Managers: Installation -> Management.
NEW QUESTION 17
The security team has requested that [email protected] have the ability to fully manage NSX Manager (192.168.210.15) for Site B.
Requirements:
vCenter: vcsa-01b.corp.local
Credentials: [email protected] / VMware1!
Ensure [email protected] has the ability to fully manage NSX Manager in SiteB.
NOTE:
You may have to log out of the web client and back in for 192.168.210.15 to show in web client.
HOL LAB for Practice:
See the explanation part for complete solution.
Answer:
Explanation:
SOLUTION:
NSX Manager in SiteB
[email protected]
go to Nsx manager - b. select Manage Vcenter registration. check if lookup service is configured if not configured it will the details.
lookup service ip = Nsx Manager - a IP Address
Lookup service port = 7444
Lookup service= https://192.168.110.15:7444/lookupservice/sdk
SSO administrator = [email protected]
password = VMware1!
click on ok. click on yes.
NOTE: it will show u connected. if not connected. logout and login again
NEW QUESTION 18
You have been tasked with creating a new Layer 2 network toplogy for test and development systems which mirrors the existing production environment.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Transport Zone: Local-Transport-Zone-A
New Dev Segments:
Dev-Web-Tier-01-NEW
Dev-App-Tier-01-NEW
Dev-DB-Tier-01-NEW
Create Layer 2 network topology for the test and development systems.
NOTE:
The routing components will be addressed in subsequent scenarios.
HOL LAB for Practice:
See the explanation part for complete solution.
Answer:
Explanation:
SOLUTION:
Create 3 Logical Switches on NSX Manager A (192.168.110.15)
HOL 1903-01 Page 37-38
Dev-Web-Tier-01-NEW
Dev-App-Tier-01-NEW
Dev-DB-Tier-01-NEW
(3) Dont Forget to create a Dev-Transit Switch if its not there.
NEW QUESTION 19
......
Objective 5.1 â Backup and Restore Network Configurations:
- Export/Restore vSphere Distributed Switch configuration
- Save/Export/Import/Load Distributed Firewall configurations
- Schedule/Backup/Restore NSX Manager data
- Export/Import Service Composer profiles
The benefit of obtaining the VMware 3V0-643: VMware Certified Advanced Professional 6 - Network Virtualization Deployment (VCAP6-NV Deploy) Exam Certification
- VMware certified professionals are able to manage complex projects and issues
- When an company recruits or promotes an employee, human resources are responsible for the decision. Now, although applicants may have an IT history, they make their decisions in a way that records several different variables. One thing is that applicants, like the VMware Certified Advanced Professional, have formal qualifications.
- VMware certifications improve earning
- VMware certifications improve job productivity
- VMware certifications echance credibility of certified professionals
Pass Your VMware Exam with 3V0-643 Exam Dumps: https://examsforall.actual4dump.com/VMware/3V0-643-actualtests-dumps.html