Exam 5V0-11.21 All QuestionsBrowse all questions from this exam
Go to Exam
Question 64

Refer to the exhibit.

How would an administrator accomplish the given configuration leveraging the firewall capabilities within VMware Cloud on AWS?

A.

✑ Create a gateway firewall rule permitting bi-directional traffic to Subnet A from the Internet.

✑ Create a gateway firewall rule denying bi-directional traffic to Subnet B and Suubnet C from the Internet.

✑ Create a distributed firewall rule under the Application category to permit bi-directional traffic from Subnet A to Subnet B and from Subnet B to Subnet C.

B.

✑ Create a gateway firewall rule permitting bi-directional traffic to Subnet A from the Internet.

✑ Create a distributed firewall rule denying bi-directional traffic to Subnet B and Subnet C from the Internet.

✑ Create a distributed firewall rule under the Ethernet category to permit bi-directional traffic from Subnet A to Subnet B and from Subnet B to Subnet C.

C.

✑ Create a gateway firewall rule permitting bi-directional traffic to Subnet A from the Internet.

✑ Create a gateway firewall rule denying bi-directional traffic from the Internet to all subnets.

✑ Create a distributed firewall rule under the Infrastructure category to permit bi-directional traffic from Subnet A to Subnet B and from Subnet B to Subnet C.

D.

✑ Create a gateway firewall rule permitting bi-directional traffic to Subnet A from the Internet.

✑ Create a gateway firewall rule denying bi-directional traffic to Subnet B and Subnet C from the Internet.

Create a gateway firewall rule to permit bi-directional traffic from Subnet A to Subnet B and from Subnet B to Subnet C.

    Correct Answer:

    To achieve the described configuration in VMware Cloud on AWS, the following steps should be taken: 1. Create a gateway firewall rule permitting bi-directional traffic from the Internet to Subnet A to allow external access to the web servers. 2. Create a gateway firewall rule denying bi-directional traffic from the Internet to Subnet B and Subnet C to ensure these subnets remain protected from external access. 3. To allow internal communication, create a distributed firewall rule under the Application category permitting bi-directional traffic from Subnet A to Subnet B and from Subnet B to Subnet C, enabling necessary application-level interactions between these subnets. Therefore, the correct answer aligns with option A, which comprehensively uses both gateway and distributed firewall rules to manage both north-south and east-west traffic within the network.

Discussion
Rabbit117

I think the correct answer is A. Use the GW firewall to protect N-S traffic and the Distributed Firewall to protect E-W traffic.

BoDaddy

I agree with A

Cccb35

The correct is B, https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-6AB240DB-949C-4E95-A9A7-4AC6EF5E3036.html

amit88

According to the Picture it shows N-S traffic. Then How it can Fall under Distributed Firewall???

Cccb35

Its true, correct answer is A

SDDC_Guy

Application network... Answer A

n20d

the correct answer is D, distributed firewall does not perform L3 routing which is needed to route between subnets

n20d

I correct my answer, routing is done by distributed routing hence the application category. Answer is A

Kakashigo

I agree with A