VMware vRealize Network Insight — Question 42

An architect is designing a machine blueprint containing web, application and database servers utilizing NSX-T for networking. Upon provisioning, network traffic must be automatically restricted to allow the web server to communicate only with the application server, the application server to communicate with both the web and database servers, and the database server to be blocked from communicating with the other servers.
Which methods can be used to accomplish this?

Answer options

• A. Add an appropriate security group to the blueprint from within the Blueprint Properties, under NSX Settings.
• B. Specify an appropriate NSX-T Existing Network and Security (NS) Group in the blueprint and assign it to each machine.
• C. Create or update an appropriate security group within NSX-T to include the provisioned machines.
• D. Assign an appropriate security group to the entitled items or entitled service with the entitlement.

Correct answer: C

Explanation

The correct answer is C because creating or updating a security group in NSX-T allows for specific traffic rules to be applied to the provisioned machines based on their roles. Options A and B do not provide the necessary control over traffic flow, while option D pertains to entitlement management rather than direct traffic restrictions between servers.