VMware vRealize Operations Manager Advanced — Question 21

An architect has been tasked with designing a blueprint containing web, application and database machines utilizing NSX for networking.
Upon provisioning, network traffic must be automatically restricted to allow:
✑ The web server to communicate only to the application server
✑ The application server to communicate to both the web and database servers
✑ The database server to be blocked from communicating to the other servers
Which two methods could the architect use to accomplish this? (Choose two.)

Answer options

• A. Assign an appropriate security group to the entitled items or entitled service within the entitlement.
• B. Add an appropriate security group to the blueprint from within the blueprint properties, under NSX Settings.
• C. Create or update an appropriate security group within NSX to include the provisioned machines.
• D. Specify an appropriate security group in the blueprint and assign it to each machine.
• E. Use an Event Broker subscription to ensure that provisioned machines are receiving the appropriate security group assignment.

Correct answer: C, D

Explanation

The correct answers are C and D. Option C allows for the creation or modification of a security group to include the provisioned machines, ensuring they are appropriately grouped for communication restrictions. Option D permits the specification of a security group directly in the blueprint, allowing for control over the communication paths between the servers. Options A, B, and E do not directly address the specific configuration needs outlined in the question.