VMware Certified Professional 6 Network Virtualization 2V0-641 Exam Outline
- Exam Code: 2V0-641
- Exam Name: VMware Certified Professional 6 – Network Virtualization Beta
- Updated: 2024-04-20
- Q&A: 110 Questions and Answers
- PDF Price: $36.99
VMware Certified Professional 6 Network Virtualization 2V0-641 Exam Outline
+ Section 1: Define VMware NSX Technology and Architecture
+ Objective 1.1: Describe the Benefits of a VMware NSX Implementation
Knowledge
Define and differentiate challenges with physical network implementations
Explain common VMware NSX terms
Describe and differentiate NSX network and security functions and services
Explain common use cases for VMware NSX
+ Objective 1.2: Describe VMware NSX Architecture
Knowledge
Differentiate component functionality of NSX stack infrastructure components
Compare and contrast with advantages/disadvantages of topologies (star, ring, etc.) as well as scaling limitations
Compare and contrast VMware NSX data center deployment models
Prepare a vSphere implementation for NSX
+ Objective 1.3: Differentiate VMware Network and Security Technologies
Knowledge
Explain the benefits of NSX architecture components
Given a scenario, determine the appropriate steps required to upgrade a vSphere implementation
Describe core vSphere networking technologies
Describe vCloud Networking and Security technologies
Describe and differentiate VMware NSX for vSphere and VMware NSX for third-party hypervisors
+ Objective 1.4: Contrast Physical and Virtual Network Technologies
Knowledge
Differentiate logical and physical topologies
Differentiate logical and physical components (i.e. switches, routers, etc.)
Differentiate logical and physical services (i.e. firewall, NAT, etc.)
Differentiate between physical and logical security constructs
Service Composer
Endpoint Security
Data Security
+ Objective 1.5: Explain VMware NSX Integration with Third-Party Products and Services
Knowledge
Explain integration with third-party partner tools and systems using NSX REST APIs
Explain integration with third-party services
Network services
Security services
Load Balancing
Anti-malware
IDS/IPS
Explain integration with third-party hardware
Network Interface Cards (NICs)
Terminating overlay networks
HW VTEP
VXLAN offload
RSS
Install/register a third-party service with NSX
+ Objective 1.6: Explain VMware NSX Integration with vRealize Automation (vRA)
Knowledge
Explain integration with vRealize Automation
Explain NSX deployment capabilities built into vRealize Automation
Describe Network Profiles available in vRealize Automation
Explain NSX preparation tasks for attaching a network profile to a blueprint
Explain vRealize Automation preparation tasks for deploying a machine with on-demand network services
+ Section 2: Describe VMware NSX Physical Infrastructure Requirements
+Objective 2.1: Define Benefits of Running VMware NSX on Physical Network Fabrics
Knowledge
Describe and differentiate physical network topologies
Differentiate physical network trends
Explain the purpose of a Spine node
Explain the purpose of a Leaf node
Describe and differentiate virtual network topologies
Enterprise
Service Provider Multi-Tenant
Multi-Tenant Scalable
Given a specific physical topology, determine what challenges could be addressed by a VMware NSX implementation.
Differentiate physical/virtual QoS implementation
Differentiate single/multiple vSphere Distributed Switch (vDS)/Distributed Logical Router implementations
Differentiate NSX Edge High Availability (HA)/Scale-out implementations
Differentiate Separate/Collapsed vSphere Cluster topologies
Differentiate Layer 3 and Converged cluster infrastructures
+Objective 2.2: Describe Physical Infrastructure Requirements for a VMware NSX Implementation
Knowledge
Differentiate management and edge cluster requirements
Describe and differentiate minimum/optimal physical infrastructure requirements for a VMware NSX implementation
Explain how traffic types are handled in a physical infrastructure
Determine use cases for available virtual architectures
Describe ESXi host vmnic requirements
Differentiate virtual to physical switch connection methods
Describe and differentiate VMkernel networking scenarios
+ Section 3: Configure and Manage vSphere Networking
+ Objective 3.1: Configure and Manage vSphere Standard Switches (vSS)
Knowledge
Explain vSS capabilities
Add/Configure/Remove vmnics on a vSS
Configure vmkernel ports for network services
Add/Edit/Remove port groups on a vSS
Determine use cases for a vSphere Standard Switch
+ Objective 3.2: Configure and Manage vSphere Distributed Switches (vDS)
Knowledge
Compare and contrast vDS capabilities
Create/Delete a vDS
Add/Remove ESXi hosts from a vDS
Edit general vSphere vDS settings
Add/Configure/Remove dvPortgroups
Configure dvPort settings
Add/Remove uplink adapters to dvUplinkgroups
Create/Configure/Remove virtual adapters
Migrate virtual machines to/from a vDS
Monitor dvPort state
Determine use cases for a vDS
+ Objective 3.3: Configure and Manage vSS and vDS Policies
Knowledge
Compare and contrast common vDS policies
Configure dvPortgroup blocking policies
Explain benefits of Multi-Instance TCP/IP stack
Configure load balancing and failover policies
Configure VLAN settings
Configure traffic shaping policies
Enable TCP Segmentation Offload (TOE) support for a virtual machine
Enable Jumbo Frame support on appropriate components
Determine appropriate VLAN configuration for a vSphere implementation
Understand how DSCP is handled in a VXLAN frame
+ Section 4: Install and Upgrade VMware NSX
+ Objective 4.1: Configure Environment for Network Virtualization
Knowledge
Identify and understand physical infrastructure configuration for NSX Compute, Edge and Management clusters (MTU, Dynamic Routing for Edge, etc.)
Prepare a Greenfield vSphere Infrastructure for NSX Deployment
Configure Quality of Service (QoS)
Configure Link Aggregation Control Protocol (LACP)
Configure a Brownfield vSphere Infrastructure for NSX
Explain how IP address assignments work in VMware NSX
Determine minimum permissions required to perform an NSX deployment task in a vSphere implementation
+ Objective 4.2: Deploy VMware NSX Components
Knowledge
Install/Register NSX Manager
Prepare ESXi hosts
Deploy NSX Controllers
Understand assignment of Segment ID Pool and appropriate need for Multicast addresses
Install vShield Endpoint
Create an IP pool
Understand when to use IP Pools versus DHCP for NSX Controller Deployment
+ Objective 4.3: Upgrade Existing vCNS/NSX Implementation
Knowledge
Based on a given upgrade scenario, identify requisite steps and components for upgrading to NSX 6.x
Upgrade vCNS 5.5 to NSX 6.x
Upgrade vCNS Virtual Wires to NSX Logical Switches
Upgrade to NSX Components
Upgrade to NSX Firewall
Upgrade to NSX Edge
Upgrade vShield Endpoint from 5.5 to 6.x
Upgrade to NSX Data Security
Upgrade NSX Manager from 6.0 to 6.x
Update vSphere Clusters after NSX upgrade
Understand the impact of availability to the aspects of NSX during an upgrade
+ Objective 4.4: Expand Transport Zone to Include New Cluster(s)
Knowledge
Explain the function of a Transport Zone
Understand proper addition of a Transport Zone
Understand necessity to expand or contract a Transport Zone
Edit a Transport Zone
Understand appropriate use of Control Plane mode modification of a Transport zone
+ Section 5: Configure VMware NSX Virtual Networks
+ Objective 5.1: Create and Administer Logical Switches
Knowledge
Given a scenario, demonstrate the proper way to add/remove a logical switch
Determine use case for and contrast the three Control Plane Modes
Multi-cast
Hybrid
Unicast
Determine use case for connecting a logical switch to an NSX Edge gateway
Deploy services to a logical switch
Demonstrate multiple ways of adding or removing virtual machines from a logical switch
Test logical switch connectivity
+ Objective 5.2: Configure VXLAN
Knowledge
Describe and understand areas where VXLANs should be configured
Understand physical network requirements for virtual topologies with VXLANs
Understand how to prepare a vSphere cluster for VXLAN
Determine the appropriate teaming policy for a given implementation
Understand how to configure and modify the options of a Transport Zone
Understand how prepare VXLAN Tunnel End Points (VTEPs) on vSphere clusterss
+ Objective 5.3: Configure and Manage Layer 2 Bridging
Knowledge
Given a scenario, determine an appropriate High Availability configuration for Layer 2 Bridging
Understand how to add a Layer 2 Bridge to an NSX Edge device
Determine when Layer 2 Bridging would be required for a given NSX implementation
Determine use cases for multiple Layer 2 Bridges
Compare and contrast software and hardware bridging
+ Objective 5.4: Configure and Manage Logical Routers
Knowledge
Install NSX Edge
Understand how to connect/disconnect a logical switch from a logical router
Understand and describe the different types of router interfaces
Determine NSX components needed to build out topologies with logical routers
Understand how to add and configure a new logical router
Determine use case for and configure a management interface
Determine use case for and configure High Availability for a logical router
Configure routing protocols
Static
OSPF
BGP
IS-IS
Configure default gateway
Determine if cross-protocol route sharing is needed for a given NSX implementation
Understand how to configure administrative distances for routing
Understand configuration differences between iBGP and eBGP
Understand and configure route redistribution
+ Section 6: Configure and Manage NSX Network Services
+ Objective 6.1: Configure and Manage Logical Load Balancing
Knowledge
Describe and understand when to use the two topologies for load balancing
Understand how to configure load balancing
Configure and understand service monitors
Understand how to Add/Edit/Delete a server pool
Understand how to Add/Edit/Delete an application profile
Understand how to Add/Edit/Delete virtual servers
Determine appropriate NSX Edge instance size based on load balancing requirements
+ Objective 6.2: Configure and Manage Logical Virtual Private Networks (VPN)
Knowledge
Understand how to configure IPSec VPN
Configure IPSec VPN parameters
Enable logging
Understand how to configure Layer 2 VPN
Add Layer 2 VPN Client/Server
View Layer 2 VPN Statistics
Configure Network Access/Web Access SSL VPN-Plus
Edit Client Configurations
Edit General Settings
Edit Web Portal Designs
Add/Edit/Delete IP Pools
Add/Edit/Delete Private Networks
Add/Edit/Delete Installation Packages
Add/Edit/Delete Users
Add/Edit/Delete Login/Logoff script
Determine appropriate VPN service type for a given NSX implementation
+ Objective 6.3: Configure and Manage DHCP/DNS/NAT
Knowledge
Understand proper use and addition of a DHCP IP Pool
Enable a DHCP IP pool
Describe use and proper implementation of DNS services
Describe when and how to configure Source NAT
Describe when and how to configure Destination NAT
Given a scenario, compare and contrast proper DHCP uses
+ Objective 6.4: Configure and Manage Edge Services High Availability
Knowledge
Given a scenario, compare and contrast proper HA uses
Describe service availability during an Edge High Availability failover
Differentiate NSX Edge High Availability and vSphere High Availability
Configure NSX Edge High Availability
Configure heartbeat settings
Configure management IP addresses
Modify and existing Edge High Availability deployment
Determine resource pool requirements for a given Edge High Availability configuration
Configure Equal-Cost Multi-Path Routing (ECMP)
Determine ECMP timers
Understand process flows
Combine ECMP with other stateful services
+ Section 7: Configure and Administer Network Security
+ Objective 7.1: Configure and Administer Logical Firewall Services
Knowledge
Add/Edit/Delete an Edge Firewall rule
Configure Source/Destination/Service/Action rule components
Describe the differences between Edge Rule Types (Pre Rules/Internal/User Rules/Default Rules)
Change the order of an Edge User Firewall rule
Describe/Demonstrate how to configure an Edge Firewall Pre Rule
Describe the limitations of ECMP and Edge Firewall Policy
+ Objective 7.2: Configure Distributed Firewall Services
Knowledge
Describe VM IP Address learning for the purposes of DFW vCenter attribute learning
Differentiate between Layer 2 and Layer 3 rules
Differentiate between entity-based and identity-based rules
Identify firewall rule entities
Explain rule processing order
Explain rule segregation
Demonstrate steps to Add/Delete a Distributed Firewall rule
Demonstrate configuration of Source/Destination/Service/Action rule components
Change the order of a Distributed Firewall rule
Add/Merge/Delete a Distributed Firewall rule section
Determine publishing requirements for rules in a given NSX implementation
Demonstrate Import/Export Distributed Firewall Configuration
Load Distributed Firewall configuration
Determine need for excluding virtual machines from distributed firewall protection
Describe SpoofGuard Operation and Default Policy and Actions
Describe SpoofGuard IP Address Learning
Identify requirements for a Spoofguard Policy
Demonstrate how to Create and Edit a SpoofGuard Policy
IP Local Addresses
Approve IP addresses
Edit/Clear IP addresses
+ Objective 7.3: 鈥?Configure and Manage Service Composer
Knowledge
Identify assets that can be used with a Security Group
Describe and differentiate services contained in a Security Policy
Explain common Service Composer use cases
Describe third party integration and service redirection
Differentiate Security Groups and Security Policies
Demonstrate the ability to redirect specific flows (e.g. 80) to network introspection services
Differentiate between vCenter attribute based Firewall rules (including IP Sets) vs Active Directory identity-based rule
Create/Edit a Security Group in Service Composer
Create/Edit/Delete a Security Policy in Service Composer
Map a Security Policy to a Security Group
Add/Edit/Delete a Security Tag
Assign and view a Security Tag
+ Section 8: Perform Operations Tasks in a VMware NSX Environment
+ Objective 8.1: Configure Roles, Permissions, and Scopes
Knowledge
Identify default roles
Explain Single Sign-On (SSO) integration
Configure SSO
Assign a role to a vCenter Server user or group
Describe the uses for the various NSX Security Roles
Describe how roles can be applied to a subset of the vCenter infrastructure for multi Tenancy purposes
Explain how to apply NSX Roles to an AD group
Assign objects to a user
Enable/Disable a user account
Edit/Delete a user account
+ Objective 8.2: Describe NSX Automation
Knowledge
Explain common use cases that require the NSX REST API
Describe how the NSX REST API works and how it is used with a support browser
Explain how NSX REST API Calls are sent to the NSX Manager
Describe and differentiate common NSX REST API verbs
Describe how to use NSX REST API calls to learn the network topology
+ Objective 8.3: Monitor a VMware NSX Implementation
Knowledge
Compare and contrast available monitoring methods (UI, CLI, API, etc.)
Monitor infrastructure components
Control Cluster Health
Manager Health
Hypervisor Health
Perform Inbound/Outbound activity monitoring
Enable data collection for single/multiple virtual machines
Perform virtual machine activity monitoring
Monitor activity between inventory containers (security groups, AD groups)
Analyze network and security metrics in vRealize Operations
Monitor logical networks and services
Identify available statistics/counters
Network/service health
Configure and collect data from network
+ Objective 8.4: Perform Auditing and Compliance
Knowledge
Given an auditing scenario, determine where applicable log information can be located
Describe and differentiate permissions for auditing
Describe and differentiate common data security regulations supported by NSX Data Security
Describe and differentiate information available in audit logs
Use flow monitoring to audit firewall rules
Audit deleted users
Audit infrastructure changes
View NSX Manager audit logs and change data
Configure NSX Data Security
Create a Data Security policy
Install Data Security
Run a Data Security scan
View and download compliance reports
Create a regular expression
Configure Guest Introspection (Install vShield Endpoint)
+ Objective 8.5: Administer Logging
Knowledge
Given a scenario, utilize information contained in technical support bundles/logs to assist in troubleshooting
Explain usage of CLI for logging
Configure Syslog(s)
Configure logging for Dynamic Routing information
Log Distributed Firewall rule processing information
Log Edge Firewall rule processing information
Log address translation information
Log VPN traffic
Configure basic/advanced Load Balancer logging
Log DHCP assignments
Log DNS resolutions
Log security policy session information
Download NSX Edge tech support logs
Generate NSX Manager tech support logs
+ Objective 8.6: Backup and Recover Configurations
Knowledge
Explain how to backup and recover various components
Schedule backups
Export/Restore vSphere Distributed Switch configuration
Import/Export Service Composer profiles
Perform NSX Manager backup and restore operations
+ Section 9: Troubleshoot a VMware Network Virtualization Implementation
+ Objective 9.1: Identify Tools Available for Troubleshooting
Knowledge
Capture and trace uplink, vmknic, and physical NIC packets
Audit NSX infrastructure changes
Output packet data for use by a protocol analyzer
Capture and analyze traffic flows
Mirror network traffic for analysis
Perform a network health check
Configure vSphere Distributed Switch alarms
Tools
NSX Administration Guide
vSphere Networking Guide
vSphere Command-Line Interface Concepts and Examples
vSphere Web Client
NSX Ticket Logger
ESXi Host CLI
pktcap-uw
Netflow
RSPAN/ERSPAN
VDS Health Check
+ Objective 9.2: Troubleshoot Common NSX Installation/Configuration Issues
Knowledge
Troubleshoot lookup service configuration
Troubleshoot vCenter Server link
Troubleshoot licensing issues
Troubleshoot permissions issues
Troubleshoot host preparation issues
Troubleshoot IP pool issues
+ Objective 9.3: Troubleshoot Common NSX Component Issues
Knowledge
Differentiate NSX Edge logging and troubleshooting commands
Verify NSX Controller cluster status and roles
Verify NSX Controller node connectivity
Check NSX Controller API service
Validate VXLAN and Logical Router mapping tables
List Logical Router instances and statistics
Verify Logical Router interface and route mapping tables
Verify active controller connections
View Bridge instances and learned MAC addresses
Display Logical Router instances
Verify NSX Manager services status
View Logical Interfaces and routing tables
Analyze NSX Edge statistics
Tools
NSX Administration Guide
NSX Command Line Interface Reference Guide
NSX API Guide
NSX Controller CLI
NSX Edge CLI
NSX API
vSphere Web Client
VDS Health Check
net-dvr
+ Objective 9.4: Troubleshoot Common Connectivity Issues
Knowledge
Review netcpa logs for control plane connectivity issues
Verify VXLAN, VTEP, MAC, and ARP mapping tables
List VNI configuration
View VXLAN connection tables and statistics
Perform VTEP connectivity tests