VMware

VMware Certified Professional 6 - Network Virtualization (NSX v6.2) Exam

Exam Number: 2V0-642 Duration (minutes): 120 Minutes
Associated Certification: VCP6-NV Number of Questions: 77
Exam Product: VMware NSX for vSphere v6.2 Passing Score: 300
Recommended Training: VMware NSX: Install, Configure, Manage [V6.2] Validated Against: VMware NSX for vSphere v6
Exam Price: $250.00 USD, More on Pricing Exam Languages: English, Japanese
First Available Appointment: 24 January 2017 Format: Single and Multiple Choice, Proctored
Exam Details Information Last Updated: 31 January 2017

This exam tests your skills and abilities installing, configuring and administering a VMware NSX 6.x environment. Download the exam guide now.



Exam Topics How to Prepare Additional Resources
+ Section 1: Understand VMware NSX Technology and Architecture
+ Objective 1.1: Compare and Contrast the Benefits of a VMware NSX Implementation
Knowledge
  • Determine challenges with physical network implementations
  • Understand common VMware NSX terms
  • Differentiate NSX network and security functions and services
  • Differentiate common use cases for VMware NSX
Tools
+ Objective 1.2: Understand VMware NSX Architecture
Knowledge
  • Differentiate component functionality of NSX stack infrastructure components
  • Compare and contrast with advantages/disadvantages of topologies (star, ring, etc.) as well as scaling limitations
  • Compare and contrast VMware NSX data center deployment models
  • Prepare a vSphere implementation for NSX
Tools
+ Objective 1.3: Differentiate Physical and Virtual Network Technologies
Knowledge
  • Differentiate logical and physical topologies, components and services
  • Differentiate logical and physical security constructs
    • Endpoint Security
    • Data Security
    • Flow Monitoring
    • Activity Monitoring
    • Distributed Firewall
    • Perimeter Firewall
Tools
+ Objective 1.4: Understand VMware NSX Integration with Third-Party Products and Services
Knowledge
  • Understand integration with third-party partner tools and systems using NSX REST APIs
  • Determine integration with third-party services
    • Network services
    • Security services
    • Load Balancing
    • Anti-malware
    • IDS/IPS
  • Determine integration with third-party hardware
    • Network Interface Cards (NICs)
    • Terminating overlay networks
    • HW VTEP
    • VXLAN offload
    • RSS
  • Install/register a third-party service with NSX
Tools
+ Objective 1.5: Understand VMware NSX Integration with vRealize Automation (vRA)
Knowledge
  • Understand integration with vRealize Automation
  • Demonstrate NSX deployment capabilities built into vRealize Automation
  • Compare and contrast Network Profiles available in vRealize Automation
  • Understand NSX preparation tasks for attaching a network profile to a blueprint
  • Discern vRealize Automation preparation tasks for deploying a machine with on-demand network services
Tools
+ Section 2: Understand VMware NSX Physical Infrastructure Requirements
+Objective 2.1: Compare and Contrast the Benefits of Running VMware NSX on Physical Network Fabrics Fabrics
Knowledge
  • Differentiate physical network topologies
    • Differentiate physical network trends
    • Understand the purpose of a Spine node
    • Understand the purpose of a Leaf node
  • Differentiate virtual network topologies
    • Enterprise
    • Service Provider Multi-Tenant
    • Multi-Tenant Scalable
  • Given a specific physical topology, determine what challenges could be addressed by a VMware NSX implementation.
  • Differentiate physical/virtual QoS implementation
  • Differentiate single/multiple vSphere Distributed Switch (vDS)/Distributed Logical Router implementations
  • Differentiate NSX Edge High Availability (HA)/Scale-out implementations
  • Differentiate Separate/Collapsed vSphere Cluster topologies
  • Differentiate Layer 3 and Converged cluster infrastructures
Tools
+Objective 2.2: Determine Physical Infrastructure Requirements for a VMware NSX Implementation
Knowledge
  • Discern management and edge cluster requirements
  • Differentiate minimum/optimal physical infrastructure requirements for a VMware NSX implementation
  • Determine how traffic types are handled in a physical infrastructure
  • Determine use cases for available virtual architectures
  • Describe ESXi host vmnic requirements
  • Differentiate virtual to physical switch connection methods
  • Compare and contrast VMkernel networking scenarios
Tools
+ Section 3: Configure and Manage vSphere Networking
+ Objective 3.1:Configure and Manage vSphere Distributed Switches (vDS)
Knowledge
  • Compare and contrast vDS capabilities
  • Create/Delete a vDS
  • Add/Remove ESXi hosts from a vDS
  • Edit general vSphere vDS settings
  • Add/Configure/Remove dvPortgroups
  • Configure dvPort settings
  • Add/Remove uplink adapters to dvUplinkgroups
  • Create/Configure/Remove virtual adapters
  • Migrate virtual machines to/from a vDS
  • Monitor dvPort state
  • Determine use cases for a vDS
Tools
+ Objective 3.2:Configure and Manage vDS Policies
Knowledge
  • Compare and contrast common vDS policies
  • Configure dvPortgroup blocking policies
  • Explain benefits of Multi-Instance TCP/IP stack
  • Configure load balancing and failover policies
  • Configure VLAN settings
  • Configure traffic shaping policies
  • Enable TCP Segmentation Offload (TOE) support for a virtual machine
  • Enable Jumbo Frame support on appropriate components
  • Determine appropriate VLAN configuration for a vSphere implementation
  • Understand how DSCP is handled in a VXLAN frame
Tools
+ Section 4: Install and Upgrade VMware NSX
+ Objective 4.1: Configure Environment for Network Virtualization
Knowledge
  • Comprehend physical infrastructure configuration for NSX Compute, Edge and Management clusters (MTU, Dynamic Routing for Edge, etc.)
  • Prepare a Greenfield vSphere Infrastructure for NSX Deployment
  • Configure Quality of Service (QoS)
  • Configure Link Aggregation Control Protocol (LACP)
  • Configure a Brownfield vSphere Infrastructure for NSX
  • Determine how IP address assignments work in VMware NSX
  • Determine minimum permissions required to perform an NSX deployment task in a vSphere implementation
Tools
+ Objective 4.2: Deploy VMware NSX Components
Knowledge
  • Install/Register NSX Manager
  • Prepare ESXi hosts
  • Deploy NSX Controllers
  • Understand assignment of Segment ID Pool and appropriate need for Multicast addresses
  • Install vShield Endpoint
  • Create an IP pool
  • Understand when to use IP Pools versus DHCP for NSX Controller Deployment
Tools
+ Objective 4.3: Upgrade Existing vCNS/NSX Implementation
Knowledge
  • Based on a given upgrade scenario, identify requisite steps and components for upgrading to NSX 6.x
  • Upgrade vCNS 5.5 to NSX 6.x
  • Upgrade vCNS Virtual Wires to NSX Logical Switches
  • Upgrade to NSX Components
    • Upgrade to NSX Firewall
    • Upgrade to NSX Edge
    • Upgrade vShield Endpoint from 5.5 to 6.x
    • Upgrade to NSX Data Security
  • Upgrade NSX Manager from 6.0 to 6.x
  • Update vSphere Clusters after NSX upgrade
  • Understand the impact of availability to the aspects of NSX during an upgrade
Tools
+ Objective 4.4: Expand Transport Zone to Include New Cluster(s)
Knowledge
  • Explain the function of a Transport Zone
  • Understand proper addition of a Transport Zone
  • Understand necessity to expand or contract a Transport Zone
  • Edit a Transport Zone
  • Understand appropriate use of Control Plane mode modification of a Transport zone
Tools
+ Section 5: Configure VMware NSX Virtual Networks
+ Objective 5.1: Create and Administer Logical Switches
Knowledge
  • Given a scenario, demonstrate the proper way to add/remove a logical switch
  • Determine use case for and contrast the three Control Plane Modes
    • Multi-cast
    • Hybrid
    • Unicast
  • Determine use case for connecting a logical switch to an NSX Edge gateway
  • Deploy services to a logical switch
  • Demonstrate multiple ways of adding or removing virtual machines from a logical switch
  • Test logical switch connectivity
Tools
+ Objective 5.2: Configure VXLAN
Knowledge
  • Describe and understand areas where VXLANs should be configured
  • Understand physical network requirements for virtual topologies with VXLANs
  • Understand how to prepare a vSphere cluster for VXLAN
  • Determine the appropriate teaming policy for a given implementation
  • Understand how to configure and modify the options of a Transport Zone
  • Understand how prepare VXLAN Tunnel End Points (VTEPs) on vSphere clusterss
Tools
+ Objective 5.3: Configure and Manage Layer 2 Bridging
Knowledge
  • Given a scenario, determine an appropriate High Availability configuration for Layer 2 Bridging
  • Understand how to add a Layer 2 Bridge to an NSX Edge device
  • Determine when Layer 2 Bridging would be required for a given NSX implementation
  • Determine use cases for multiple Layer 2 Bridges
  • Compare and contrast software and hardware bridging
Tools
+ Objective 5.4: Configure and Manage Logical Routers
Knowledge
  • Install NSX Edge
  • Understand how to connect/disconnect a logical switch from a logical router
  • Understand and describe the different types of router interfaces
  • Determine NSX components needed to build out topologies with logical routers
  • Understand how to add and configure a new logical router
  • Determine use case for and configure a management interface
  • Determine use case for and configure High Availability for a logical router
  • Configure routing protocols
    • Static
    • OSPF
    • BGP
    • IS-IS
  • Configure default gateway
  • Determine if cross-protocol route sharing is needed for a given NSX implementation
  • Understand how to configure administrative distances for routing
  • Understand configuration differences between iBGP and eBGP
  • Understand and configure route redistribution
Tools
+ Section 6: Configure and Manage NSX Network Services
+ Objective 6.1: Configure and Manage Logical Load Balancing
Knowledge
  • Differentiate when to use the two topologies for load balancing
  • Understand how to configure load balancing
  • Configure and understand service monitors
  • Understand how to Add/Edit/Delete a server pool
  • Understand how to Add/Edit/Delete an application profile
  • Understand how to Add/Edit/Delete virtual servers
  • Determine appropriate NSX Edge instance size based on load balancing requirements
Tools
+ Objective 6.2: Configure and Manage Logical Virtual Private Networks (VPN)
Knowledge
  • Understand how to configure IPSec VPN
    • Configure IPSec VPN parameters
    • Enable logging
  • Understand how to configure Layer 2 VPN
    • Add Layer 2 VPN Client/Server
    • View Layer 2 VPN Statistics
  • Configure Network Access/Web Access SSL VPN-Plus
    • Edit Client Configurations
    • Edit General Settings
    • Edit Web Portal Designs
    • Add/Edit/Delete IP Pools
    • Add/Edit/Delete Private Networks
    • Add/Edit/Delete Installation Packages
    • Add/Edit/Delete Users
    • Add/Edit/Delete Login/Logoff script
  • Determine appropriate VPN service type for a given NSX implementation
Tools
+ Objective 6.3: Configure and Manage DHCP/DNS/NAT
Knowledge
  • Understand proper use and addition of a DHCP IP Pool
  • Enable a DHCP IP pool
  • Describe use and proper implementation of DNS services
  • Describe when and how to configure Source NAT
  • Describe when and how to configure Destination NAT
  • Given a scenario, compare and contrast proper DHCP uses
Tools
+ Objective 6.4: Configure and Manage Edge Services High Availability
Knowledge
  • Given a scenario, compare and contrast proper HA uses
  • Determine service availability during an Edge High Availability failover
  • Differentiate NSX Edge High Availability and vSphere High Availability
  • Configure NSX Edge High Availability
    • Configure heartbeat settings
    • Configure management IP addresses
  • Modify and existing Edge High Availability deployment
  • Determine resource pool requirements for a given Edge High Availability configuration
  • Configure Equal-Cost Multi-Path Routing (ECMP)
    • Determine ECMP timers
    • Understand process flows
  • Combine ECMP with other stateful services
Tools
+ Section 7: Configure and Administer Network Security
+ Objective 7.1: Configure and Administer Logical Firewall Services
Knowledge
  • Add/Edit/Delete an Edge Firewall rule
  • Configure Source/Destination/Service/Action rule components
  • Compare and contrast between Edge Rule Types (Pre Rules/Internal/User Rules/Default Rules)
  • Change the order of an Edge User Firewall rule
  • Demonstrate how to configure an Edge Firewall Pre Rule
  • Understand the limitations of ECMP and Edge Firewall Policy
Tools
+ Objective 7.2: Configure Distributed Firewall Services
Knowledge
  • Describe VM IP Address learning for the purposes of DFW vCenter attribute learning
  • Differentiate between Layer 2 and Layer 3 rules
  • Differentiate between entity-based and identity-based rules
  • Identify firewall rule entities
  • Explain rule processing order
  • Explain rule segregation
  • Demonstrate steps to Add/Delete a Distributed Firewall rule
  • Demonstrate configuration of Source/Destination/Service/Action rule components
  • Change the order of a Distributed Firewall rule
  • Add/Merge/Delete a Distributed Firewall rule section
  • Determine publishing requirements for rules in a given NSX implementation
  • Demonstrate Import/Export Distributed Firewall Configuration
  • Load Distributed Firewall configuration
  • Determine need for excluding virtual machines from distributed firewall protection
  • Describe SpoofGuard Operation and Default Policy and Actions
  • Describe SpoofGuard IP Address Learning
  • Identify requirements for a Spoofguard Policy
  • Demonstrate how to Create and Edit a SpoofGuard Policy
    • IP Local Addresses
    • Approve IP addresses
    • Edit/Clear IP addresses
Tools
+ Objective 7.3: – Configure and Manage Service Composer
Knowledge
  • Identify assets that can be used with a Security Group
  • Describe and differentiate services contained in a Security Policy
  • Explain common Service Composer use cases
  • Describe third party integration and service redirection
  • Differentiate Security Groups and Security Policies
  • Demonstrate the ability to redirect specific flows (e.g. 80) to network introspection services
  • Differentiate between vCenter attribute based Firewall rules (including IP Sets) vs Active Directory identity-based rule
  • Create/Edit a Security Group in Service Composer
  • Create/Edit/Delete a Security Policy in Service Composer
  • Map a Security Policy to a Security Group
  • Add/Edit/Delete a Security Tag
  • Assign and view a Security Tag
Tools
+ Section 8: Deploy a Cross-vCenter NSX Environment
+ Objective 8.1: Differentiate single and Cross-vCenter NSX deployments
Knowledge
  • Understand the benefits/use cases for Cross-vCenter NSX
  • Contrast single and Cross-vCenter deployment models
  • Determine the appropriate NSX topology for a given use case
  • Understand options for ingress and egress traffic flows in a multi-site topology
  • Describe and differentiate Universal components
    • Universal Firewall rules
    • Universal Network and Security objects
    • Universal Logical Switches
  • Universal Distributed Logical Routers
Tools
+ Objective 8.2: Determine Cross-vCenter Requirements and Configurations
Knowledge
  • Deploy a Cross-vCenter NSX environment
    • Create and configure the Primary NSX Manager
    • Create and configure the Secondary NSX Manager
  • Migrate an NSX deployment to Cross-vCenter
  • Create and configure Cross-vCenter components
    • Universal Segment ID Pool
    • Universal Transport Zone
    • Universal Logical Switch
    • Universal Distributed Logical Router
  • Compare and contrast Local and Universal Firewall Rules
Tools
+ Section 9: Perform Operations Tasks in a VMware NSX Environment
+ Objective 9.1: Configure Roles, Permissions, and Scope
Knowledge
  • Understand default roles
  • Understand Single Sign-On (SSO) integration
  • Configure SSO
  • Assign a role to a vCenter Server user or group
  • Compare and contrast the uses for the various NSX Security Roles
  • Determine how roles can be applied to a subset of the vCenter infrastructure for multi Tenancy purposes
  • Understand how to apply NSX Roles to an AD group
  • Assign objects to a user
  • Enable/Disable a user account
  • Edit/Delete a user account
Tools
+ Objective 9.2: Understand NSX Automation
Knowledge
  • Discern common use cases that require the NSX REST API
  • Compare and contrast how the NSX REST API works and how it is used with a support browser
  • Understand how NSX REST API Calls are sent to the NSX Manager
  • Differentiate common NSX REST API verbs
  • Determine how to use NSX REST API calls to learn the network topology
Tools
+ Objective 9.3: Monitor a VMware NSX Implementation
Knowledge
  • Compare and contrast available monitoring methods (UI, CLI, API, etc.)
  • Monitor infrastructure components
    • Control Cluster Health
    • Manager Health
    • Hypervisor Health
  • Perform Inbound/Outbound activity monitoring
  • Enable data collection for single/multiple virtual machines
  • Perform virtual machine activity monitoring
  • Monitor activity between inventory containers (security groups, AD groups)
  • Analyze network and security metrics in vRealize Operations
  • Monitor logical networks and services
    • Identify available statistics/counters
    • Network/service health
    • Configure and collect data from network
Tools
+ Objective 9.4: Perform Auditing and Compliance
Knowledge
  • Given an auditing scenario, determine where applicable log information can be located
  • Differentiate permissions for auditing
  • Differentiate common data security regulations supported by NSX Data Security
  • Differentiate information available in audit logs
  • Use flow monitoring to audit firewall rules
  • Audit deleted users
  • Audit infrastructure changes
  • View NSX Manager audit logs and change data
  • Configure NSX Data Security
  • Create a Data Security policy
  • Install Data Security
  • Run a Data Security scan
  • View and download compliance reports
  • Create a regular expression
  • Configure Guest Introspection (Install vShield Endpoint)
Tools
+ Objective 9.5: Administer Logging
Knowledge
  • Given a scenario, utilize information contained in technical support bundles/logs to assist in troubleshooting
  • Explain usage of CLI for logging
  • Configure Syslog(s)
  • Configure logging for Dynamic Routing information
  • Log Distributed Firewall rule processing information
  • Log Edge Firewall rule processing information
  • Log address translation information
  • Log VPN traffic
  • Configure basic/advanced Load Balancer logging
  • Log DHCP assignments
  • Log DNS resolutions
  • Log security policy session information
  • Download NSX Edge tech support logs
  • Generate NSX Manager tech support logs
Tools
+ Objective 9.6: Backup and Recover Configurations
Knowledge
  • Understand how to backup and recover various components
  • Schedule backups
  • Export/Restore vSphere Distributed Switch configuration
  • Import/Export Service Composer profiles
  • Perform NSX Manager backup and restore operations
Tools
+ Section 10: Troubleshoot a VMware Network Virtualization Implementation
+ Objective 10.1: Compare and Contrast Tools Available for Troubleshooting
Knowledge
  • Capture and trace uplink, vmknic, and physical NIC packets
  • Audit NSX infrastructure changes
  • Output packet data for use by a protocol analyzer
  • Capture and analyze traffic flows
  • Mirror network traffic for analysis
  • Perform a network health check
  • Configure vSphere Distributed Switch alarms
Tools
+ Objective 10.2: Troubleshoot Common NSX Installation/Configuration Issues
Knowledge
  • Troubleshoot lookup service configuration
  • Troubleshoot vCenter Server link
  • Troubleshoot licensing issues
  • Troubleshoot permissions issues
  • Troubleshoot host preparation issues
  • Troubleshoot IP pool issues
Tools
+ Objective 10.3: Troubleshoot Common NSX Component Issues
Knowledge
  • Differentiate NSX Edge logging and troubleshooting commands
  • Verify NSX Controller cluster status and roles
  • Verify NSX Controller node connectivity
  • Check NSX Controller API service
  • Validate VXLAN and Logical Router mapping tables
  • List Logical Router instances and statistics
  • Verify Logical Router interface and route mapping tables
  • Verify active controller connections
  • View Bridge instances and learned MAC addresses
  • Display Logical Router instances
  • Verify NSX Manager services status
  • View Logical Interfaces and routing tables
  • Analyze NSX Edge statistics
Tools
+ Objective 10.4: Troubleshoot Common Connectivity Issues
Knowledge
  • Review netcpa logs for control plane connectivity issues
  • Verify VXLAN, VTEP, MAC, and ARP mapping tables
  • List VNI configuration
  • View VXLAN connection tables and statistics
  • Perform VTEP connectivity tests
Tools
+ Objective 10.5: Troubleshoot Common vSphere Networking Issues
Knowledge
  • Verify network configuration
  • Verify a given virtual machine is configured with the correct network resources
  • Troubleshoot virtual switch and port group configuration issues
  • Troubleshoot physical network adapter configuration issues
  • Determine the root cause of a network issue based on troubleshooting information
Tools
+ Exam Contributors
Josh Batey
Jason Smith
Brian Recore
Suman Sharma
Amol Tipnis
Irish Spring
Mo Sabourian
Mike Griego
Wade Holmes
Don Zajic
Preeti Kumari
Kiran Bhalgat
Fernando Macias
John Whitman
Brian Wilson
John Krueger