[2022] Pass VMware 3V0-643 Premium Files Test Engine pdf - Free Dumps Collection [Q11-Q30]

[2022] Pass VMware 3V0-643 Premium Files Test Engine pdf - Free Dumps Collection

New 2022 Realistic 3V0-643 Dumps Test Engine Exam Questions in here

NEW QUESTION 11
Enable load balancing for the development environment allowing HTTPS access to the Dev-Web-01a and Dev-Web-02a servers.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected]
Self-signed certificate parameters:
Common Name: 192.168.5.100
Organization Name: ABC Medical
Organization Unit: IT
Locality: Palo Alto
State: CA
Country: United States
Message Algorithm: RSA
Key Size: 2048
Number of Days: 365
Web Servers: Dev-Web-01a, Dev-Web-02a
Use the secondary IP address of 192.168.5.100
New connections should consider current connections among all available members of the pool.
The web servers will not have SSL certificates installed. The web team has indicated that analytics based on source IP should be available.
Ensure all requirements have been met.
HOL LAB for Practice:
Load Balancer and other questions 7, 8, 9
See the explanation part for complete solution.

Answer:

Explanation:
SOLUTION:
Create Secondary address on Uplink Interface.
Generate CSR using the give details.
Enable Load-Balancer, create Profile, create Virtual Server.
Dev-Edge -> Manage -> Settings -> Interfaces -> Edit and add secondary IP address: 192.168.5.100

Create CSR as per given details from the question:
Dev-Edge -> Manage -> Settings -> Certificate -> Actions -> Generate CSR

Dev-Edge -> Manage -> Settings -> Certificate -> Actions -> Self Sign Certificate: Days = 365

Dev-Edge -> Manage -> Load Balancer -> Global Configuration -> Edit

Enable Load Balancer

Create Application Profile:

Check box for inser-forward-for-httpheader also below

Create new Pool:

Add both Web member servers:

Add Virtual Servers:

NEW QUESTION 12
Routing through TS-Edge-01 is not working. The service provider (SP) has confirmed their configuration is correct.
Requirements:
vCenter: vcsa01a.corp.local
Credential: [email protected] / VMware1!
Edge: TS-Edge-01
Credential: admin / VMware1!VMware1!
Problem Edge: TS-Edge01
Local IP Address: 192.168.100.202
SP provided configuration:
Area ID: 10
Type: Normal
Authentication: None
Ensure the OSPF session is established.
Ensure all learned OSPF routes appear.
Copy OSPF routing table information and output to file on ControlCenter Desktop named TS-Edge-01_OSPF.txt NOTE:
Do not use static route or configure Default Gateway on any Edge.
HOL LAB for Practice:
See the explanation part for complete solution.

Answer:

Explanation:
SOLUTION:
(1) select Home. select Network & Security. select NsX Edge. select Nsx Manager-a.
select TS-EDGE-01. select manage tab and select settings.
select interface. check ip address and mask of the vnic.

open putty. enter ip address 192.168.100.202.
enter command show ip route ospf. copy the ouput and save in a text file name TS-Edge-01.txt.

Copy and save OSPF route table in notepad.

NEW QUESTION 13

Questions HOL LAB Modules and Pages for practice
1
http://docs.hol.vmware.com/hol-isim/HOL-2019/hol-1903-01-nsxinstall-p1.htm HOL-1903-01 Page 16 or you can directly Open a NSX manager in the lab and edit the existing settings bOpen PSC and NSX manager in HOL-1903-01 and look for NTP Server loand cation cExport existing vDS config and Import back the config for practice in HOL-1903-01 dNo Lab Module available
2
http://docs.hol.vmware.com/hol-isim/HOL-2019/hol-1903-01-nsxinstall-p2.htm and LAB - HOL 1903-01 Page 26-36
3LAB - HOL 1903-01 Module 2 - Page 37-38
4LAB - HOL 1903-01 Module 4 - Practice and understand whole module Bridging and other questions 7,
8, 9 and LAB - HOL-1925-02 Module 1
5LAB - HOL 1903-01 Module 4 - shows how to deploy NSX Edge, you can also deploy Distributed logical router DLR in the same way the lab.
6LAB - HOL 1903-01 Module 3 - Practice and understand the whole module, it will be use full for other question like 20 and 22
7LAB - HOL 1903-01 Module 4 - Practice and understand whole module Bridging and other questions 7,
8, 9
8LAB - HOL 1903-01 Module 4 - Practice and understand whole module Bridging and other questions 7,
8, 9
9LAB - HOL 1903-01 Module 4 - Practice and understand whole module Bridging and other questions 7,
8, 9
10LAB - HOL-1903-02 Module 1 and 2
11LAB - HOL-1903-02 Module 1 and 2
12LAB - HOL-1903-02 directly follow the steps in this document for practice
13LAB - HOL 1903-01 - open an NSX manager in LAB and directly follow the steps in this document.
14LAB - HOL 1903-01 - open postman in the lab and directly follow the steps in this document.
15LAB - HOL 1903-01 - directly follow the steps in this document for practice.
16LAB - HOL 1903-01 - directly follow the steps in this document for practice.
17LAB - HOL-1925-02 Module 1
18LAB - HOL-1925-02 Module 1
19 LAB - HOL-1925-02 - directly follow the steps in this document for practice.
20LAB - HOL 1903-01 Module 3 - Practice and understand the whole module.
21No Lab Module available
22LAB - HOL 1903-01 Module 3 - Practice and understand the whole module.
23LAB - HOL 1903-01 - open postman in the lab and directly follow the steps in this document.
(Exam Topic 1)
Two administrators (John and Chris) share admin responsibilities for an NSX deployment that is leveraging Centralized CLI as part of their management. Security requirements prohibit use of shared admin accounts in Site A.
Requirements:
NSX Manager: nsxmgr-01a.crop.local
New administrator accounts: "John" and "Chris"
Default password: VMware1!
Create accounts for John and Chris.
Use one of the newly created accounts to display all clusters enabled for the distributed firewall.
Use Putty's "Copy All to Clipboard" feature to paste the command and output to a text file dfw-NEW.txt on the ControlCenter desktop.
NOTE:
Screenshot is shown on how to use Putty's Copy all to Clipboard feature.
HOL LAB for Practice:
See the explanation part for complete solution.

Answer:

Explanation:
SOLUTION:
13:(1) select vccenter - a. select datacenter A and click right mouse button select administrator. select user and groups click on + sign. select user tab enter user name john password VMware1!. click ok . do same for chris.
(2) select datacenter A.
select manage tab. select permission. click + Sign. select Read Only from Assign Role. select All Privileges click on Add. select John and chris.checked Propagate to childern and click on OK.
(3) go NsX Manager. select Nsx Manage-a. select manage select user from tab. click + sign. select identity user. check specify vcenter user. enter user name [email protected] click next. select role Nsx Administrator. click finish. do same for chris. but use [email protected] and assign role of NsX administrator click finish.
6 of 336
Enable
VMware1!
Conf t
User john password plaintext VMware1!
User chris password plaintext VMWare1!
Exit
Write memory

Open new Putty session or Duplicate Session:

john
VMware1!
Show dfw cluster all

Ctrl+V don't work in exam.

NEW QUESTION 14
In the Dev environment, you have the application and database servers on separate networks created previously. Configure inbound only network security to allow only Dev application servers access to Dev database servers using MYSQL service port.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Service Port: MYSQL
Networks: Dev-App-Tier-01-NEW and Dev-DB-Tier-01-NEW
Credentials for Dev VMs: root / VMware1!
This rule should be in its own "DB security-NEW" section.
Ensure inbound only network security allows Dev application servers access to Dev database servers.
This rule should not be prpogated to all NSX prepared clusters.
This rule should be created in a way that any new virtual machines on App and DB segments will be secured.
This rule should be created with the fewest rule(s) possible.
All other servers should be denied.
Ensure inbound security requirements are met.
HOL LAB for Practice:
See the explanation part for complete solution.

Answer:

Explanation:
SOLUTION:
Firewall -> add new Section:

Add new Rule under newly created Section:

Edit Rule Name:

Source = Dev-App-Tier-01-NEW (LS)

Destination = Dev-DB-Tier-01-NEW (LS)

Service = MySQL

Allow - In

Applied To: Logical Switch = Dev-DB-Tier-01-NEW

Add another rule = To Deny

Set destination: Logical Switch = Dev-DB-Tier-01-NEW

Bring to last the Deny rule:

NEW QUESTION 15
Build a multi-tier network capable of supporting application virtual machines deployed across multiple vCenter instances.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Resource Pools: Management and Edge Cluster 1A
The underlying physical network does not support multicast.
All new items created must have a prefix of "U" followed by their function name and a suffix of "New".
i.e. U-App-Tier-NEW.
Create a LS for HA management interface calle U-HA-VXLAN=NEW but do not enable HA on any of the edge devices deployed.
Deploy logical switches using separate subnets for the three tier application shared by both NSX Manager instances.
Deploy the required east-west routing component used across multiple vCenter instances for the multi-tier network.
Utilize a default gateway up to the Perimeter-Gateway02 (tenant router) from the east/west router.
Utilize a static route from the tenant router to reach the three tiers of the application.
Subnets for the tiers:
172.7.10.0/24 for the Web Tier.
172.17.20.1/24 for the App Tier.
172.17.30.0/24 for the Database Teir.
Use the first available IP address for the router on each of the tiers.
Subnet for the Transit VXLAN uplink from the application tier routing to the tenant router.
192.168.190.0/29
Uplink IP address of the application tier should be the first available IP address.
Downlink from the tenant router will use the second available IP addresses.
The password for new edge device(s) must be VMware1!VMware1!
Add all virtual machines with a prefix "universal-" to their respective segments.
Ensure all LIFs are reachable from ControlCenter.
HOL LAB for Practice:
See the explanation part for complete solution.

Answer:

Explanation:
SOLUTION:
universal transport zone
logical switches
U-HA-VXLAN-NEW
U-Transit-NEW
U-Web-Tier-NEW
U-App-Tier-New
U-DB-Tier-New
New DLR U-DLR-NEW
HA Interface - U-HA-VXLAN-NEW
Interface below
- U-Transit-NEW uplink 192.168.190.1
- U-Web-Tier-NEW internal 172.17.10.1
- U-App-Tier-NEW internal 172.17.20.1
- U-Db-Tier-NEW internal 172.17.30.1
Gateway
-U-Transit-NEW
Ip 192.168.190.2
PGW02 vnic4 U-Transit-NEW 192.168.190.2

Create 5 logical switches
U-Transit-NEW

U-Web-Tier-NEW

U-App-Tier-NEW

U-DB-Tier-NEW

Add VMs to relevant newly created Logical Switches.

No need

Create new Universal Logical (Distributed) Router:

U-DLR-NEW

U-Uplink-NEW(U-Transit-NEW)

Select U-Transit-NEW logical swicth here

Perimeter-Gateway-02

To-Universal-DLR

Select U-Transit-NEW

172.17.0.0/16
192.168.190.1
To-Universal-DLR

NEW QUESTION 16
Management has approved an expansion of the virtual infrastructure. You have been tasked to prepare Cross vCenter configuration with the second vCenter Server. Another administrator has provided a pre-configured vDS configuration file located on the Control Center Server. All identifiers must be maintained.
Requirements:
vCenterB server: vcsa-01b.corp.local
Credentials: [email protected] / VMware1!
vCenterB VAMI Credentials: root / VMware1!
Cluster: Computer Cluster 1B
ESXI Hosts: esx-01b.corp.local, esx-02.corp.local
Platform service controller: psc-01a.corp.local(192.168.110.9)
NSX Manager: nsmgr-01b.corp.local (192.168.210.15)
Credentials: admin / VMware1!
Time Zone: US/Pacific
*Configure nsmgr-01b.corp.local for vCenterB and psc-01a.corp.local
*Ensure nsxmgr-01b.corp.local uses the same NTP server as psc-01a.corp.local with a US/Pacific TimeZone.
*Import the new vDS configuration vds-site-b-Compute-New.zip
All identifiers must be maintained.
*Assign the remaining two used vmnics for the ESXi hosts to the newly imported vDS.
NOTE:
Do not migrate VMkernels from the standard switches on the hosts.
HOL LAB for Practice:
a http://docs.hol.vmware.com/hol-isim/HOL-2019/hol-1903-01-nsxinstall-p1.htm HOL-1903-01 Page 16 or you can directly Open a NSX manager in the lab and edit the existing settings bOpen PSC and NSX manager in HOL-1903-01 and look for NTP Server loand cation cExport existing vDS config and Import back the config for practice in HOL-1903-01 dNo Lab Module available See the explanation part for complete solution.

Answer:

Explanation:
SOLUTION:
Step 1: Login to PSC using VAMI credentials and note down the time zone and server details and use the same in SiteB NSX Manager time settings.
Step 2: Update the time settings, complete lookup service configuration, associate SiteB NSX manager to SiteB vCenter. Check the status from SiteA vCenter Webclient -> Networking & Security -> Installation -> Management.
Step 3: Import the Distributed switch to Cluster B, add the hosts & assign the interfaces.
Login to https://psc-01a.corp.local:5480/ to check the NTP server details and note it down. Use the VAMI credentials given to login. Need to click on Edit to see the server details in here as it is not showing up in the main page (In exam, it is showing in the main page itself).

Important NOTE:
In exam change Lookup Service Port according to NSX Manager of Site A which is working one.
It's 7444 in exam.

Click refresh if in case it shows as disconnected.
Login to SiteA vCenter using Web Client and confirm the status of both the NSX Managers: Installation -> Management.

NEW QUESTION 17
Provide automatic IP assignment for the servers on the DEV-DB-Tier-01-NEW segment.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Edge: Dev-Edge
Automatically allocate IP addreesses in the 172.16.30.100-149 range.
Lease time: 1 hour
Ensure hosts that receive an IP assignment will be able to reach the other Dev subnets.
The legacyhost-NEW with the MAC address 40:00:00:00:00:01 must always be assigned 172.16.30.99 Ensure other parameters match those of the dynamic allocation mechanism (Task1).
Enable logging with the highest level of detail for automatic IP allocations.
Ensure all requirements have been met.
NOTE:
Do not configure DHCP Relay agent on the Dev-DLR-NEW as this will be done by another administrator.
HOL LAB for Practice:
DHCP and other questions 7, 8, 9
See the explanation part for complete solution.

Answer:

Explanation:
SOLUTION:

Add Pool as per given details:

Add Pool as per given details:

NEW QUESTION 18
The security team has requested that [email protected] have the ability to fully manage NSX Manager (192.168.210.15) for Site B.
Requirements:
vCenter: vcsa-01b.corp.local
Credentials: [email protected] / VMware1!
Ensure [email protected] has the ability to fully manage NSX Manager in SiteB.
NOTE:
You may have to log out of the web client and back in for 192.168.210.15 to show in web client.
HOL LAB for Practice:
See the explanation part for complete solution.

Answer:

Explanation:
SOLUTION:
NSX Manager in SiteB

[email protected]

go to Nsx manager - b. select Manage Vcenter registration. check if lookup service is configured if not configured it will the details.
lookup service ip = Nsx Manager - a IP Address
Lookup service port = 7444
Lookup service= https://192.168.110.15:7444/lookupservice/sdk
SSO administrator = [email protected]
password = VMware1!
click on ok. click on yes.
NOTE: it will show u connected. if not connected. logout and login again

NEW QUESTION 19
Configure a solution that extends an IP subnet between two data centers. The solution must ensure secure communication between two data centers. A standalone Edge Appliance has already been deployed and preconfigured in Site-B on the Compute Cluster.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
HQ Site Information:
Edge: Preimeter-Gateway-01
Logical Segment: Extend-LS-01
Connected to: vds-mgt-a_Trunk_Network
VPN Server settings: 192.168.100.3
Use the system generated certificate.
Preconfigured Standalone Edge Appliance: NSX l2vpn
Edge: 192.168.200.5
L2VPN Server Information:
Name: Peer-Site-NEW
Trunk ID = 10
User ID = peeruser1
Password = VMware1!
Encryption = AES256-SHA
The solution must ensure secure communication between the data centers.
NOTE:
No virtual machines are attached to the Logical switch Application-Tier-01, so there is no need to test communication across the tunnel.
Ensure that L2VPN server statistics shows Tunnel status of UP.
HOL LAB for Practice:
L2VPN and other questions 7, 8, 9
See the explanation part for complete solution.

Answer:

Explanation:
SOLUTION:
Add new Logical Switch: "Application-Tier-01"

NSX Edges -> Perimeter-Gateway-01 -> Manage -> Settings -> Interfaces -> edit vNIC4

Name: Extend-LS-01
Type: Trunk

Connected To:
Distributed Portgroup: vds-mgmt-a_trunknetwork

Add Sub Interface:

L2VPN Settings:
( select VPN under manage and enable L2VPN. click publish changes..

Then below

In actual exam, encryption is = AES256-SHA

(8) go to Vcenter b select datacenter - b. select Nsxl2vpn Edge under datacenter B click on Action select Power and click on Power on.
(9) check after few minutes the VPN Status by clicking Show L2VPN Statistic.
be sure its up. select PGW01 select VPN under Manage select L2VPN enable and click on publish changes.