Nutanix Certified Professional Network & Security v6.10 (NCP-NS) Free Practice Test

Question 1

An administrator is tasked with configuring an application policy for a two-tier public website with Web and DB components. The database servers need to communicate with each other for replication, but the web servers should not be able to communicate with each other. The administrator configures the policy... and sets it to Enforce mode.
Later testing reveals that the web servers are able to communicate with each other.
What should the administrator do to resolve this?

A. Ensure the PubSite-Prod-Web servers are in different Subnets.

B. Create an isolation policy for the PubSite-Prod-Web entity group.

C. Edit the PubSite-Prod-Web entity group's intra-tier rule.

D. Configure a VPC Network Policy to deny the traffic.

Correct Answer: C

Question 2

While configuring a new security policy in a Nutanix microsegmentation environment, an administrator wants the policy to remain flexible even if virtual machines change subnets or obtain new IP addresses.
Which configuration approach should the administrator use when defining the policy scope?

A. Apply the policy after setting static routes for each VM.

B. Configure the policy only on specific VLAN IDs.

C. Use VM categories to define the secured and allowed entities.

D. Assign IP addresses manually to all VMs included in the policy.

Correct Answer: C

Question 3

An administrator needs to allow communication between several VPCs without requiring to configure routes in the physical network or using a dynamic routing protocol like BGP.
How should the administrator satisfy this requirement?

A. Merge all the subnets into a single VPC.

B. Peer the VPCs directly.

C. Configure a VPN network between each of the VPCs.

D. Connect the VPCs to a single Transit VPC.

Correct Answer: D

Question 4

When configuring an Application policy, an administrator defines a VM Category Application:MySQL as a Secured Entity. The administrator wants to ensure that traffic between VMs in the Secured Entity is kept to only required replication traffic on the default mysql service port.
How should the administrator best accomplish this?

A. Create an Inter-Tier Rule specifying the mysql service as the allowed traffic.

B. Create an Intra-Tier Rule specifying the mysql service as the allowed traffic.

C. Create an Outbound Rule specifying the mysql service as the allowed traffic.

D. Create an Inbound Rule specifying the mysql service as the allowed traffic.

Correct Answer: B

Question 5

An administrator recently deployed a new set of virtual machines... 3-tier web application... restricted as follows:
Only application VMs can talk to database VMs on port 3306
Frontend VMs should only communicate with application VMs on port 8080
Which action will correctly create and configure the Security Policies in Nutanix Flow to satisfy this task?

A. Configure a global "Allow All" Security Policy and rely on guest OS firewalls for tier-based restrictions.

B. Create VLANs for each tier and configure ACLs to restrict communication.

C. Create categories for each tier then define an Application Policy allowing specific ports between them.

D. Create IP-based rules for each VM category within a Security Policy.

Correct Answer: C

Question 6

Refer to the exhibit.

In the AD-VDI Departmental SecPol policy shown in the exhibit, ADGroup: Engineering is configured as a secured entity in a VDI Security Policy. Prism Central shows 2 / 2 active sessions under this group, but the administrator confirms that three Engineering users are currently logged in to persistent VDI desktops. The third user's VM shows no ADGroup assignment in its VM details in Prism Central, even after the user has successfully logged in. All three users are members of the same AD group, and the Domain Controller event logs confirm a successful interactive login for the third user. Which condition explains why the third user's VM is not being assigned the ADGroup: Engineering category?

A. The Flow Identity Service has been disabled in Prism Central for the VM the third user is logging in to.

B. The Flow Network Security policy scope does not include the VLAN where the third user's VM resides.

C. The third user's VM has been assigned an AppType category, preventing ID-Based categorization.

D. The Active Directory Service account used by Prism Central is locked.

Correct Answer: C

Question 7

Refer to the exhibit.

An administrator has been tasked with troubleshooting why the servers in the Web Category are not able to ping the servers in the App Category. Why is this issue occurring?

A. The firewall on the App Servers is blocking Ping packets.

B. Ping is not installed in the Web Servers.

C. The servers are not in the same category.

D. ICMP is not allowed between the Web and App categories.

Correct Answer: D

Question 8

Flow Network Security Next-Gen is supported in which two environments? (Choose two.)

A. NC2 Overlay Networks

B. NC2 VLAN Networks

C. On-Premises Overlay Networks

D. On-Premises VLAN Basic Networks

Correct Answer: A,C

Question 9

Which statement best describes the function of an External Network in Flow Virtual Networking?

A. It enables communication between subnets within a VPC.

B. It acts as the entry and exit point for traffic to and from a VPC.

C. Each VPC requires a dedicated External Network that cannot be shared.

D. It enables communication between VPCs.

Correct Answer: B

Welcome to TestSimulate

Nutanix Certified Professional Network & Security v6.10 (NCP-NS) Free Practice Test