Examice

Exam 2v0-4123 All QuestionsBrowse all questions from this exam

Question 62

A company is deploying NSX micro-segmentation in their vSphere environment to secure a simple application composed of web, app, and database tiers.

The naming convention will be:

WKS-WEB-SRV-XXX -

WKY-APP-SRR-XXX -

WKI-DB-SRR-XXX -

What is the optimal way to group them to enforce security policies from NSX?

Use Edge as a firewall between tiers.

Group all by means of tags membership.

Create an Ethernet based security policy.

Do a service insertion to accomplish the task.

Correct Answer: B

The optimal way to group the servers to enforce security policies from NSX is by using tags membership. In this approach, each server can be tagged based on its role (web, app, or database). This allows for the creation of dynamic security groups and policies that automatically apply to any server with the corresponding tag. It provides flexibility and scalability in managing security policies as the infrastructure grows or changes without the need to manually update the configurations for each server.

Discussion

lotsoOption: B

Answer: B A: no edge required. DFW is used. B: no need for third parties to accomplish this basic task D: Doesn't mention any way of isolation. Also, these rules should be applied in the Application tab as per the best practices

zeleleOption: B

Reference: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/nsx-security-quick-start/GUID-60921EB6-9514-4295-9325-AFEEAA5B1417.html