The security team has submitted two requests to change or limit access in NSX for Site A's vCenter groups.
Requirements:
NSX Manager: nsxmgr-01a.corp.local
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Grant all members of vCenter group AuditTeam the minimal access necessary to view NSX Data Security policy configurations for all objects in Site A.
Grant all members of vCenter group ScanTeam the minimal access necessary to enable them to start and stop data security scans in Site A.
Ensure that the principles of least privilege are adhered to.
NOTE:
The Active Directory groups associated with the vCenter groups has already been preconfigured.
HOL LAB for Practice:
See the explanation part for complete solution.

Correct Answer:

SOLUTION:
select Home. select administrator. select domain vsphere.local. select groups.
click + sign. enter group name AuditTeam click ok. do same for ScanTeam.


[email protected]




[email protected]



select datacenter A.
select manage select permission click on + Sign.
select Assign role read only. select all privileges click on Add
select AuditTeam and select ScanTeam. check propagate to childern. and click ok

Comment: *

Name: *

Email: *

Verification: *

Management requires you to build a new logical topology for a new application that will include a hardware search appliance (HAS). The new application must contain a web tier and database tier on separate IP domains. Use the existing App01-DLR to complete the task.
Requirements:
vCenter: vcsa-01.corp.local
Credentials: [email protected] / VMware1!
vDS: vds-mgt-edge-a
Existing DLR Name: App01-DLR
New object prefix - App01
New object suffic - New
Create a new distributed port group for this task named vds-HSA-NEW.
The HAS must reside on the same IP subnet as the database.
The new application must contain a web tier and database tier on separate domains to be used at a future date.
Once deployed the HAS will be connected to a network with VLAN ID 500.
The proper physical switch ports for the uplinks have already been trunked to include VLAN 500.
VLANs configured in the compute racks are isolated to a single rack.
Any objects/items created must be named with a prefix of App01 and a suffix containing their function with NEW (for example: App01-Function-NEW) NOTE:
The hardware appliance and application virtual machines have not been deployed. Attempts to connectivity to the appliance will not succeed.
HOL LAB for Practice:
Bridging and other questions 7, 8, 9 and LAB - HOL-1925-02 Module 1
See the explanation part for complete solution.

Correct Answer:

SOLUTION:
Step 1: From SiteA vCenter web client -> Networking -> Data Center SiteA -> create a new distribution port group named vds-HAS-NEW with VLAN ID 500 in vds-mgmt-edge.




Create LS on 192.168.110.15 = App01-WebTier-NEW

Create LS on 192.168.110.15 = App01-DBTier-NEW

NSX Edges -> App01-DLR

8) got NsX Edge and select App01-DLR. select Manage, select settings and click on + Sign (9) Enter interface name App01-Web-New, select type internal. select App01-Webtier-New LS Enter ip address 192.168.1.1/24. repeat the same steps for App01-DBtier-New but take ip addres
192.168.2.1 /24

Name: App01-Bridge-NEW
Logical Switch: App01-DBTier-NEW
Distributed Port Group: vds-HAS-NEW


(11) be sure under App01-DB-New the bridging is enable.

Comment: *

Name: *

Email: *

Verification: *