Home » VMware » VCP550D » Which configuration will block communication between two virtual machines on the same DMZ network?
Which configuration will block communication between two virtual machines on the same DMZ network?
A. An isolated Private VLAN configured on a distributed switch and the two DMZ server virtual machines connected to the same port group
B. Two different port groups created on a distributed switch and 1 DMZ server virtual machine connected to each port group
C. Two different port groups created on a standard switch and 1 DMZ server virtual machine connected to each port group
D. The security policy exception set to Reject for the switch to which the two DMZ server virtual machines will be connected
Correct Answer: A
Explanation/Reference:
Explanation:
A node attached to a port in an isolated PVLAN can only communicate with the promiscuous PVLAN. It may not communicate with other ports in the same isolated PVLAN or with other ports in a community PVLAN.
Incorrect Answers:
B: This configuration will allow communication between the DMZ server virtual machines.
C: This configuration will allow communication between the DMZ server virtual machines.
D: There are three security policy exceptions that can be configured.
Promiscuous Mode: When set to reject, the guest adapter has no effect on which frames are received by the adapter.
MAC Address Changes: When set to reject, all inbound frames are dropped if the guest operating system changes the MAC address of the adapter to anything other than what is in the .vmx configuration file Forged Transmits: Any outbound frame with a source MAC address that is different from the one currently set on the adapter are dropped.
References:
Guthrie, Forbes and Scott Lowe, VMware vSphere Design, Second Edition, Sybex, Indianapolis, 2013, p 149
https://pubs.vmware.com/vsphere-51/index.jsp#com.vmware.vsphere.networking.doc/GUID-EE43CB38-2F0A-4436-A0D7-1FAC528D0C58.html