VMware NSX-T Data Center (VCP-NV 2019) — Question 63

Which command is used to verify the application of Distributed Firewall Rules applied to a VM on a KVM transport node?

Answer options

• A. esxcli network firewall get
• B. esxcli network ip connection list
• C. ovs-vsctl add-br br-int
• D. ovs-appctl -t /var/run/openvswitch/nsxa-ctl dfw/rules <Vif ID>

Correct answer: D

Explanation

The correct answer is D because it specifically targets the Distributed Firewall rules applied to a VM by using the Open vSwitch (OVS) command relevant to the KVM environment. The other options do not pertain to verifying Distributed Firewall rules; for instance, A and B relate to general network firewall status and IP connections, while C is about adding a bridge, which is unrelated to rule verification.