nerdexam
Broadcom-VMware

2V0-622 · Question #218

Refer to the Exhibit. An administrator has configured a firewall rule as shown in the Exhibit. Which statement best describes the ESXi 6.x firewall rule?

The correct answer is B. Connections coming from IP addresses from the 192.168.1.0 network and 192.168.2.220 on port. ESXi 6.x firewall rules define inbound or outbound traffic direction, source/destination IPs, and ports. The exhibit shows an inbound rule allowing connections from specific IP sources.

Section 1 – Configure and Administer vSphere 6.5 Security

Question

Refer to the Exhibit. An administrator has configured a firewall rule as shown in the Exhibit. Which statement best describes the ESXi 6.x firewall rule?

Exhibit

2V0-622 question #218 exhibit

Options

  • AConnections from the ESXi host to all devices on the 192.168.1.0 network and 192.168.2.220 on
  • BConnections coming from IP addresses from the 192.168.1.0 network and 192.168.2.220 on port
  • CTCP Connections coming from IP addresses from the 192.168.1.0 network and 192.168.2.220 on
  • DTCP Connections from the ESXi host to all devices on the 192.168.1.0 network and

How the community answered

(40 responses)
  • A
    15% (6)
  • B
    73% (29)
  • C
    10% (4)
  • D
    3% (1)

Why each option

ESXi 6.x firewall rules define inbound or outbound traffic direction, source/destination IPs, and ports. The exhibit shows an inbound rule allowing connections from specific IP sources.

AConnections from the ESXi host to all devices on the 192.168.1.0 network and 192.168.2.220 on

This incorrectly reverses the traffic direction, describing outbound connections from the ESXi host to those addresses rather than inbound connections from them.

BConnections coming from IP addresses from the 192.168.1.0 network and 192.168.2.220 on portCorrect

ESXi firewall rules specify direction, and the rule in the exhibit is configured for inbound traffic - connections arriving at the ESXi host from the source IPs listed. The rule permits traffic originating from the 192.168.1.0 network and the individual host 192.168.2.220 on the specified port, which matches the standard inbound rule configuration in the ESXi 6.x Security Profile.

CTCP Connections coming from IP addresses from the 192.168.1.0 network and 192.168.2.220 on

This incorrectly restricts the protocol to TCP only, but the rule as configured is not limited exclusively to TCP traffic.

DTCP Connections from the ESXi host to all devices on the 192.168.1.0 network and

This incorrectly describes the traffic as outbound from the ESXi host and omits the specific individual host 192.168.2.220 that is included in the rule.

Concept tested: ESXi 6.x host firewall inbound rule configuration

Source: https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.security.doc/GUID-7A8BEFC8-BF86-49B5-AE2D-E400AAD81BA3.html

Topics

#ESXi firewall#firewall rules#IP address filtering#inbound connections

Community Discussion

No community discussion yet for this question.

Full 2V0-622 Practice