VMware vDefend Security for VCF 5.x Administrator Questions and Answers
Question 21
Which of the following is true regarding the vDefend Gateway Firewall?
Options:
A.
Supported only on the T0 Gateway
B.
Supported only on the T1 Gateway
C.
Supported on both T0 and T1 Gateway
D.
Supported only when IPSec VPN is configured
Answer:
C
Explanation:
The VMware vDefend Gateway Firewall provides stateful perimeter firewalling capabilities for the software-defined data center. Architecturally, it is supported and can be instantiated on both Tier-0 (T0) and Tier-1 (T1) Edge nodes.
On a Tier-0 Gateway: The firewall acts as the primary North-South boundary, inspecting and securing traffic entering and leaving the entire physical data center.
On a Tier-1 Gateway: The firewall acts as an inter-tenant or inter-zone boundary, providing advanced security (like Gateway Identity Firewall or Gateway IDS/IPS) closer to the workloads before traffic ever reaches the main T0 edge.
=========================
Question 22
In the context of Role-Based access control which of the following is NOT a built-in vDefend Role?
Options:
A.
Privileged Admin
B.
Auditor
C.
Network Admin
D.
Security Admin
Answer:
A
Explanation:
VMware vDefend includes several pre-configured, built-in roles to enforce the principle of least privilege and separation of duties. Valid out-of-the-box built-in roles include Enterprise Admin, Network Admin, Security Admin, and Auditor. "Privileged Admin" is a fabricated term in this context and is NOT a standard, built-in role within the vDefend RBAC architecture.
