VMware NSX 4.x Professional (2023) — Question 11

Which three data collection sources are used by NSX Network Detection and Response to create correlations/intrusion campaigns? (Choose three.)

Answer options

• A. Distributed Firewall flow data from the ESXi hosts
• B. East-West anti-malware events from the ESXi hosts
• C. Files and anti-malware file events from the NSX Edge nodes and the Security Analyzer
• D. IDS/IPS events from the ESXi hosts and NSX Edge nodes
• E. Suspicious Traffic Detection events from NSX Intelligence

Correct answer: C, D, E

Explanation

The correct answers, C, D, and E, represent key data sources that NSX Network Detection and Response leverages for identifying and correlating threats. Option A is incorrect because while Distributed Firewall flow data is valuable, it is not specifically utilized for the correlation of intrusion campaigns. Option B is also incorrect as East-West anti-malware events do not play a direct role in creating these correlations.