VMware NSX 4.x Professional (2023) — Question 75

A company is deploying NSX micro-segmentation in their vSphere environment to secure a simple application composed of web, app, and database tiers.
The naming convention will be:

WKS-WEB-SRV-XXX -

WKY-APP-SRR-XXX -

WKI-DB-SRR-XXX -
What is the optimal way to group them to enforce security policies from NSX?

Answer options

• A. Use Edge as a firewall between tiers.
• B. Group all by means of tags membership.
• C. Create an Ethernet based security policy.
• D. Do a service insertion to accomplish the task.

Correct answer: B

Explanation

The correct answer is B because using tags allows for dynamic grouping and policy enforcement based on application needs and attributes, which is essential for NSX micro-segmentation. Option A is incorrect as using Edge as a firewall does not provide the granular control that tagging does. Option C is not suitable as Ethernet-based policies are less flexible than tag membership for this purpose. Option D is also not applicable, as service insertion is not the best method for grouping these application tiers for security.