A cloud administrator needs to provide the security team with the ability to query and audit events and provide custom real-time alerts for the VMware NSX firewall running In VMware Cloud on AWS. Which solution would the administrator use to accomplish this goal?
Correct Answer: B
Explanation VMware vRealize Log Insight Cloud is a cloud-based log management and analytics solution that provides real-time visibility and analytics for VMware Cloud on AWS [1]. It allows security teams to query and audit events and set up custom real-time alerts. Additionally, it provides detailed insights into the activity of the VMware NSX firewall, allowing administrators to quickly identify suspicious activity and take action.
Question 42
A cloud administrator successfully configures a policy-based VPN between an on-premises data center and an instance of VMware Cloud Software-defined data center (SDDC). Although the workloads are reachable from both locations over the IP network, the cloud virtual machines cannot access an on-premises web service. What should the cloud administrator check first to resolve this issue?
Correct Answer: A
Question 43
A cloud administrator wants to migrate a virtual machine using VMware vSphere vMotlon from their on-premises data center to their VMware Cloud on AWS software-defined data center (SDDC), using an existing private line to the cloud SDDC. Which two requirements must be met before the migration can occur? (Choose two.)
Correct Answer: C,D
https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws-operations/GUID-1A175E91-2317-4261-A63E-B398D92ECE8D.html vMotion Requirements for SDDCs With NSX: Networking speed and latency: Migration with vMotion requires sustained minimum bandwidth of 250 Mbps between source and destination vMotion vMkernel interfaces, and a maximum latency of 100 ms round trip between source and destination. On-premises vSphere version: Your on-premises vSphere installation must be vSphere 6.7U2 or higher. See VMware Knowledge Base article 56991 for more information. On-premises DVS version: 6.0 or higher. On-premises NSX version: any Note: SDDCs configured with NSX do not support hot vMotion to or from on-premises VXLAN encapsulated networks (NSX for vSphere) or Geneve Datacenter Overlay networks (NSX). IPsec VPN: Configure an IPsec VPN for the management gateway. See Configure a VPN Connection Between Your SDDC and On-Premises Data Center in the VMware Cloud on AWS Networking and Security guide. Direct Connect: Direct Connect over a private virtual interface between your on-premise data center and your VMware Cloud on AWS SDDC is required for migration with vMotion. See Using AWS Direct Connect with VMware Cloud on AWS. Hybrid Linked Mode: Hybrid Linked Mode is required to initiate migration from the vSphere Client. It is not required to initiate migration using the API or PowerCLI. See "Hybrid Linked Mode" in Managing the VMware Cloud on AWS Data Center. L2 VPN: Configure a Layer 2 VPN to extend virtual machine networks between your on-premises data center and cloud SDDC. Routed networks are not supported. See VMware Cloud on AWS Networking and Security. VMware Cloud on AWS firewall rules Ensure that you have created the necessary firewall rules as described in Required Firewall Rules for vMotion. On-premises firewall rules: Ensure that you have created the necessary firewall rules as described in Required Firewall Rules for vMotion. Virtual machine hardware and settings: Ensure that these requirements are met for virtual machine hardware. Virtual machine hardware version 9 or later is required for migration with vMotion from the on-premises data center to the cloud SDDC. EVC is not supported in the VMware Cloud on AWS SDDC. VMs that are created in the cloud SDDC or that have been power-cycled after migration to the cloud SDDC can't be migrated back to the on-premises data center with vMotion unless the on-premises EVC baseline is Broadwell. You can relocate these VMs after powering them off, as long as their virtual machine hardware version is compatible with the on-premises data center. Migration of VMs with DRS or HA VM overrides is not supported. For more information on VM overrides, see Customize an Individual Virtual Machine. Important: Source switch configurations (including NIOC, spoofguard, distributed firewall, and Switch Security) and runtime state are not applied at the destination as part of migration in either direction. Before you initiate vMotion, apply the source switch configuration to the destination network. In order for a virtual machine to be migrated using VMware vSphere vMotion, the versions of VMware vSphere need to match between the on-premises data center and the cloud SDDC, and a Layer 2 connection needs to be configured between them. Additionally, cluster-level Enhanced vMotion Compatibility (EVC) must be configured in both the on-premises data center and the cloud SDDC. IPsec VPN and AWS Direct Connect do not need to be configured for the migration to occur.
Question 44
A cloud administrator is managing a VMware Cloud on AWS environment containing of a single cluster with three hosts. Which acts recovery site for the on-premises environment. The on-premises environment consists of eight hosts. what should the cloud administrator configure to optimize scaling for full disaster recovery?
Correct Answer: C
Explanation According to the VMware official documentation, in order to optimize scaling for full disaster recovery in a VMware Cloud on AWS environment, it is necessary to configure an Elastic DRS policy and select 'Optimize for Rapid scale-out' as the policy type. This option allows for a rapid increase in the number of hosts within the cluster, which is necessary for full disaster recovery. For more information, please refer to the VMware Cloud on AWS Disaster Recovery Guide, which can be found here:https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/VMware-Cloud-on-AWS-Disaster-Recover
Question 45
A cloud administrator wants to enable administrator wants to enable Enterprise Federation to the Cloud Services Portal in order to be able to authenticate with the on-premises Active Directory. The Administrator Already deployed the on-premises VMware Workspace One Access Connector. Through which port does the Cloud Service Portal communicate with Workspace ONE Access Connector?
Correct Answer: C
Explanation https://docs.vmware.com/en/VMware-Workspace-ONE-Access/20.10/workspace_one_access_install/GUID-E81 The Cloud Services Portal communicates with the Workspace ONE Access Connector via port 443 (HTTPS). According to the VMware documentation [1], the Cloud Services Portal connects to the Access Connector on port 443 to authenticate users and authorize access to the cloud service. The Access Connector listens on port 443 and communicates with the Active Directory using LDAP over TLS (LDAPS) on port 636. Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-Access/services/com.vmware.access.admin.c
