Question 1

An administrator creates a new VPC in No NAT mode to allow VMs in a web tier to reach an external firewall. After deployment... none of the VMs can reach external IP addresses... Which action should the administrator take to restore routed north-south connectivity from the VPC?

Options :

A : Configure a Flow Security Policy to allow egress traffic from the VPC subnet.

B : Create an Externally Routable Prefix (ERP) entry for the overlay subnet in the VPC.

C : Change the VPC mode to NAT so that outbound traffic is automatically translated.

D : Add a default static route in each VM pointing to the external firewall's IP address.

Answer: B

Question 2

How can the administrator discover the root cause of the issue?

Options :

A : Confirm that Inter-VM connectivity is enabled within the VM networking settings and that VMs in the Database tier are configured correctly to accept inbound traffic.

B : Check if traffic isolation has been configured on the Database tier and ensure that there is no policy preventing App tier communication with the Database tier.

C : Check the security policies again to ensure that the rule allowing port 3306 from Web -> Database is applied and active, then check the policy enforcement mode to ensure it is in Enforcement Mode.

D : Verify that the port 3306 is open on the external gateway and that SNAT is not being applied for internal communication.

Answer: C

Question 3

An administrator needs to configure a security policy that controls VM-to-VM communication within a category defined as secured entity. Which configuration action should the administrator take to restrict all intra-tier communication between the VMs within a category defined as secured entity?

Options :

A : Apply the policy with inbound rules that block all inter-VM communication.

B : Configure the security policy with allow-all intra-tier traffic.

C : Set the security policy to allow-specific traffic for intra-tier communication.

D : Use deny-all intra-tier traffic configuration in the policy.

Answer: D

Question 4

An administrator configures a VPN gateway with eBGP for dynamic route exchange. After setup, routes are not advertised to the remote peer. Which configuration is most likely missing?

Options :

A : DHCP options for assigning IP addresses to remote endpoints.

B : ASN configuration for the local gateway to identify its autonomous system.

C : VLAN ID alignment between local and remote networks.

D : Peer IP address required for establishing the BGP session.

Answer: B

Question 5

When configuring an Application policy, an administrator defines a VM Category Application:MySQL as a Secured Entity. The administrator wants to ensure that traffic between VMs in the Secured Entity is kept to only required replication traffic on the default mysql service port. How should the administrator best accomplish this?

Options :

A : Create an Inter-Tier Rule specifying the mysql service as the allowed traffic.

B : Create an Intra-Tier Rule specifying the mysql service as the allowed traffic.

C : Create an Inbound Rule specifying the mysql service as the allowed traffic.

D : Create an Outbound Rule specifying the mysql service as the allowed traffic.

Answer: B

Free NCP-NS-7.5 Mock Exam – Practice Online Confidently

Buying Options: