Which three methods can be used by the NSX Distributed Firewall to discover IP addresses? (Choose three.)
A.
DHCP Snooping
B.
IP Sets
C.
Spoofguard configured for Trust on First Use.
D.
VMware Tools installed on every guest virtual machine.
E.
ARP Snooping
Explanation:
https://kb.vmware.com/selfservice/microsites/search.do?
language=en_US&cmd=displayKC&externalId=2125437
VMware NSX for vSphere 6.2.0 introduced the option to discover the virtual machine IP address using DHCP snooping or ARP snooping. These new discovery mechanisms enable NSX to enforce IP address-based security rules on virtual machines that do not have VMware Tools installed.
2
0
Older versions of NSX (before 6.2) used VMTools to discover the IP. Based on NSX 6.2 A-C-E is correct
0
2
Spoofguard collect IP address from Vmware tools. So D is preferred over C
1
0
Ensure that VMware Tools is running on the virtual machines if firewall rules do not use IP addresses. For more information, see Distributed Firewall Rules in VMware NSX for vSphere 6.0.x continues to apply with virtual machines even if VMware Tools is stopped or removed (2084048).
VMware NSX for vSphere 6.2.0 introduced the option to discover the virtual machine IP address using DHCP snooping or ARP snooping. These new discovery mechanisms enable NSX to enforce IP address-based security rules on virtual machines that do not have VMware Tools installed. For more information, see the NSX for vSphere 6.2.0 Release Notes
2
0
This set is still valid. Took and pass 470/500 on 23rd July 2018
1
0
Correct are:
-DHCP Snooping
-VMware Tools installed on every guest virtual machine.
-ARP Snooping
3
0