Exam 3V0-21.21 All QuestionsBrowse all questions from this exam
Go to Exam
Question 46

During a requirements gathering workshop to design a physical to virtual migration, the customer provides the following information:

✑ There is no physical firewall in the data center with no anticipated plans for a future network refresh.

✑ Leveraging the virtual infrastructure to mitigate the lack of network security must be addressed in the design.

✑ All physical servers to be migrated exist on the same VLAN.

Which recommendation should the architect make to address the customer requirement with regard to virtual networking?

A.

✑ Split the virtual machines into several VLANs

✑ Use tag actions

B.

✑ Create port groups with different names and same VLAN IDs

✑ Enable traffic shaping for ingress and egress traffic

C.

✑ Enable traffic filtering and marking

✑ Use allow or drop actions

D.

Disable traffic filtering and marking

✑ Use tag actions

    Correct Answer:

    Given the customer requirements, the lack of a physical firewall in the data center, and the need to leverage the virtual infrastructure for network security, the recommendation should focus on enhancing virtual network security without creating additional VLANs. Since all physical servers are on the same VLAN and there are no plans for a network refresh, it is more practical to use internal virtual networking features to provide security. Enabling traffic filtering and marking to use allow or drop actions directly addresses the need for network security by allowing the virtual infrastructure to control and filter traffic. This is why option C (Enable traffic filtering and marking, and use allow or drop actions) is the best recommendation to meet the customer's requirements.

Discussion
unofficial_official

"...All physical servers to be migrated exist on the same VLAN..." I think it's A - Split the virtual machines into several VLANs

hamadakota

Answer is C

Alchot

After checking this feature I wiped out of my head on my lab. I agree C is the answer

68c4b07

Answer is C

diegof1

The answer is C "In a vSphere distributed switch, by using the traffic filtering and marking policy, you can protect the virtual network from unwanted traffic and security attacks or apply a QoS tag to a certain type of traffic." https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.networking.doc/GUID-67CA4C18-4F18-4E23-A5C7-BC33112D4433.html https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.networking.doc/GUID-D304F0E5-BC7B-407B-8010-166FA73F3F1E.html

MrGat

i mean C, agree there is no need to create another VLANs

MrGat

See requirement from Customer, no firewall plans ahead, but they want network security and the question need us to give recommendation, i will go with A.

tayab

since "All physical servers to be migrated exist on the same VLAN " there is no need to separated with more vlans , i think c is correct

purulence

Question seems like to test your knowledge about VLANs. I`d go with "A" also.