VCAP6-NV (VCIX6-NV) Sample Question 10

Posted on May 18, 2017 by josh@sostechblog.com

Sample Question Intro
HOL: HOL-1703-SDC-1 – VMware NSX: Introduction and Feature Tour
Prerequisites: none
Lab: Module 5 : Distributed Firewall

Question 10

The security team has requested new rules to protect an externally-facing three-tier app.

Requirements:
VMware web client login: administrator@vsphere.local / VMware1!

Web Servers:
web-01a.corp.local
web-01a.corp.local

New rule group:
Customer DB-app

New traffic type:
Name: MyApp
Protocol: TCP
Port: 8443

Rules:
Allow any external or internal system scan access the web servers for HTTPS or SSH traffic
Allow the web servers to access any system on the application network using the application port.
Allow any system on the application network to access any system on the database network for MySQL traffic.

1) Without creating a new object, ensure all traffic not covered by a firewall rule is denied.
2) Create a new object named “Web-Tier” to group the two web servers.
3) Create a new object for the application traffic so that rules are more readable.
4) Create the rules as described and group them as Customer DB-app.
5) Functionality can be tested using the Customer DB-App Direct Connect favorite in Chrome along with pinging between the app layers.

This entry was posted in Certification, Network, NSX, Security, Virtualization, VMware and tagged , , , , . Bookmark the permalink.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.