If Negate Source is selected, the rule is applied to traffic coming from all sources except for the source identified under the object type. This means that the specified source is excluded from the rule. If Negate Source is not selected, the rule is applied to traffic coming from the specified source. Therefore, selecting Negate Source effectively inverts the selection criteria for the specified source.

The vSphere network object that abstracts the physical network, provides access-level switching in the hypervisor, and enables support for overlay networking is the Logical Switch. Logical Switches in VMware NSX create an abstraction that maps to a VLAN and enable the creation of virtual networks independent of the underlying physical infrastructure, facilitating overlay networking.

To deploy a 3-tier application across two data centers with the described configuration, a universal transport zone is required to span both data centers. The universal distributed logical router (UDLR) helps in providing routing abilities across these data centers. Additionally, a universal logical switch is necessary to ensure that both data centers are part of the same overlay network. Finally, creating two local logical switches connected to the UDLR in each data center is necessary to allow for local communication within each tier of the application that is specific to each data center.

The service virtual machine performs data security and activity monitoring through Guest Introspection, which is one of its primary functions. Additionally, the installation process of Guest Introspection involves deploying a virtual machine to hosts that are prepared for VMware NSX. These statements correctly reflect the installation and functionality of Guest Introspection.

In a Cross-vCenter NSX deployment, the objects supported for universal synchronization are IP Pools, IP Sets, and Transport Zones. IP Pools allow for centralized management and allocation of IP addresses across multiple vCenters. IP Sets provide a grouping mechanism for IP addresses which can be used in firewall rules and other security measures. Transport Zones define the scope of network connectivity and are crucial for ensuring that the same network policies are applied across different vCenter environments. Therefore, the three correct objects for universal synchronization in a Cross-vCenter NSX deployment are IP Pools, IP Sets, and Transport Zones.