VMware vSAN 8.x Administrator — Question 24

A customer is designing a new VMware Cloud Foundation stretched cluster using L2 non-uniform connectivity, where due to a past incident an attacker was able to inject some false routes into their dynamic global routing table.
What design decision can be taken to prevent this when configuring the Tier-0 gateway?

Answer options

• A. Gateway Firewall with ECMP
• B. BGP peer password
• C. OSPF MD5 authentication
• D. Implicit deny for any traffic

Correct answer: B

Explanation

The correct answer is B, as implementing a BGP peer password helps to secure BGP sessions, preventing unauthorized route injections. Options A, C, and D do not directly address the issue of securing BGP sessions against route manipulation; thus, they are not effective solutions in this context.