VMware vSphere 8.x Advanced Design (VCAP-DCV Design) — Question 37

An architect has been tasked with designing a greenfield hosting platform.
As part of a workshop, it is identified that the new solution must support the following:
Provide a centralized way to enforce virtual network security policy
Provide network security for both virtual machines and containerized applications
Deny network access between all workloads by default
Linked services should be connected to the same virtual port groups by default
Support for the security teams network monitoring solution
Which elements should the architect include in the design to meet the identified requirements?

Answer options

• A. VMware Standard Switches, Access Lists and Promiscuous mode
• B. Distributed Virtual Switches, Access Lists and Promiscuous mode
• C. VMware Carbon Black, Distributed Virtual Switches and Traffic Filtering
• D. VMware NSX, Distributed Firewalls and Port Mirroring

Correct answer: D

Explanation

The correct answer is D because VMware NSX provides advanced network security features like Distributed Firewalls that can enforce security policies centrally, and Port Mirroring is essential for monitoring network traffic. The other options do not offer the same level of integration and capabilities required for both virtual machines and containers, nor do they fulfill the requirement for default denial of network access.