Question 6
Create a security policy for specific web-based applications.
Requirements:
vCenter: vcsa-01a.corp.local
NSX Manager: 192.168.110.15
Credentials: [email protected] . VMware1!
New Security Policy Name: Web-Policy-NEW
New Web Security Group Name: Secure-Web-NEW
New NSX Tag: web-security-NEW
New App Security Group Names: Secure-App-NEW
Create a new security policy to deny HTTP/HTTPS from App server to the Web Server.
Create a new Security Group for the Web servers to meet the following requirements:
Existing and future virtual machines that have in their name dev-web should be added.
Any VM with a NSX tag of web-security-NEW should be added to this policy.
Ensure virtual machine dev-web-04a has been then tagged.
Create a new security group for the App server that has virtual machine dev-app-01a added.
HOL LAB for Practice:
See the explanation part for complete solution.
Question 7
Provide cross vCenter security functionality for the Universal Web Multi-Tiered network application.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
New Section Name: Universal-Rules-New
Networks:
Web-Tier: 172.17.10.0/24
App-Tier: 172.17.20.0/24
DB-Tier: 172.17.30.0/24
Secure east/west network communication for each of the three tiers allowing only.
Firewall Rule section Name: Universal-Rules-NEW
Web Tier: any source address incoming on TCP port 80 and 443
Application Tier: access from the web tier on the incoming TCP port 8443 Database Tier: access from the application tier on the incoming TCP port 3306 Traffic that does not meet the above requirements should be blocked.
NOTE:
This rule must only affect the universal tiers.
HOL LAB for Practice:
See the explanation part for complete solution.
Question 8
Management requires you to build a new logical topology for a new application that will include a hardware search appliance (HAS). The new application must contain a web tier and database tier on separate IP domains. Use the existing App01-DLR to complete the task.
Requirements:
vCenter: vcsa-01.corp.local
Credentials: [email protected] / VMware1!
vDS: vds-mgt-edge-a
Existing DLR Name: App01-DLR
New object prefix - App01
New object suffic - New
Create a new distributed port group for this task named vds-HSA-NEW.
The HAS must reside on the same IP subnet as the database.
The new application must contain a web tier and database tier on separate domains to be used at a future date.
Once deployed the HAS will be connected to a network with VLAN ID 500.
The proper physical switch ports for the uplinks have already been trunked to include VLAN 500.
VLANs configured in the compute racks are isolated to a single rack.
Any objects/items created must be named with a prefix of App01 and a suffix containing their function with NEW (for example: App01-Function-NEW) NOTE:
The hardware appliance and application virtual machines have not been deployed. Attempts to connectivity to the appliance will not succeed.
HOL LAB for Practice:
Bridging and other questions 7, 8, 9 and LAB - HOL-1925-02 Module 1
See the explanation part for complete solution.
