Key Concepts
Review these important points before starting the quiz
Distributed Firewall (DFW) for East-West: Enforces security at hypervisor level without centralized bottlenecks
Separate Tier-0 per domain: Isolates North-South routing changes and failures to minimize blast radius
Configuration drift is the enemy: Manual NSX changes break lifecycle operations and upgrade compliance
Overlay segments for L2 adjacency: Provide logical Layer 2 connectivity without extending physical VLANs
Edge Nodes sized for North-South: Throughput and centralized services drive Edge Node requirements
Security Groups enable mobility: Policies follow workloads based on attributes, not location
Microsegmentation is default: Zero-trust security inside the data center limits lateral movement
Tier-0 is the demarcation point: Connects NSX logical networking to physical network infrastructure
Overlay networking decouples logic from physical: Abstracts networking from physical constraints for agility
Policy-based networking enables agility: Supports frequent changes while maintaining control and consistency
Tier-1 Gateway for internal routing: Handles routing within workload domains, not North-South
Transport Zones define scope: Logical boundary for overlay networking, not connectivity
East-West traffic is distributed: Handled by Distributed Router at hypervisor level, not Edge Nodes
Security and networking are policy-driven: Automation and consistency trump manual configuration