VMware
6V0-22.2/VMware Avi Load Balancer 30.x
Administrator practice EXAM.
Latest Version: 6.1
Question: 1
Which SSL cipher type provides the best security?
A. EC without PFS
B. EC with PFS C. RSA without PFS
D. RSA with PFS
Answer: B
Explanation:
VMware Avi Load Balancer documentation recommends EC with PFS because RSA 2K keys are
more computationally expensive than EC, and EC with PFS provides the best performance and
the best possible security. Therefore, the strongest and preferred cipher type among the listed
options is EC with PFS.
Question: 2
Which file type will the default WAF Profile bypass for inspection?
,A. .batch
B. .exe
C. .ico
D. .yml
Answer: C
Explanation:
The Avi WAF Policy includes an option to bypass WAF inspection for static file extensions.
VMware Avi documentation notes that static content file extensions can be bypassed from WAF
checks. Among the listed options, .ico is the static web file type that matches this behavior;
.batch, .exe, and .yml are not appropriate default static web bypass file types.
Question: 3
The Server RTT in the End-to-End Timing graph has increased significantly while Client RTT and
App Response times have remained unchanged. What is the most likely explanation for the
issue?
A. One or more pool servers are experiencing very high CPU utilization
B. A database server used by the application is experiencing a performance issue
C. The Service Engine where the Virtual Service is placed has become overloaded
D. A networking issue has developed between the Service Engine and one or more pool servers
Answer: D
Explanation:
In Avi analytics, Server RTT represents the round-trip latency between the Service Engine and
the backend pool servers. VMware Avi documentation states that an abnormally high Server RTT
can indicate a network issue between the Service Engine and the servers. Because Client RTT
and App Response remain unchanged, the issue is most likely on the network path between the
Service Engine and one or more pool servers.
Question: 4
What action should be taken to increase the number of active Service Engines utilized by a
Virtual Service?
A. Use the Migrate button in the Virtual Service popup
B. Use the Scale Out button in the Virtual Service popup
C. Use the Scale Out button in the Service Engine Group configuration
D. No action is necessary since the data plane is scaled automatically
, Answer: B
Explanation:
VMware Avi Load Balancer supports scaling a Virtual Service across multiple Service Engines. The
documentation for automatic scaling of Virtual Services references using the Scale Out action for
a Virtual Service to increase the number of Service Engines actively supporting that Virtual
Service. Therefore, the correct action is to use the Scale Out button in the Virtual Service popup.
Question: 5
Which statement is true for Avi to compress an HTTP response?
A. Caching must be disabled
B. The Web Application Firewall must be disabled
C. Client round-trip time must be greater than 100 ms
D. The client’s Accept-Encoding header must be in the request
Answer: D
Explanation:
HTTP compression depends on whether the client indicates support for compressed content. In
Avi Load Balancer compression configuration, the Accept-Encoding request header is relevant
because it tells the system what compression encodings the client can accept. Therefore, for Avi
to compress an HTTP response, the client request must include an appropriate Accept-Encoding
header.
, uestion 6
Which two statements about the NSX Gateway Firewall are true? (Choose two)
A. It inspects north-south traffic only
B. It runs on the ESXi hypervisor
C. It can be deployed on Active/Standby Edge clusters
D. It supports L7 application identification for east-west traffic
Correct Answers: A, C
*Explanation: Gateway Firewall inspects north-south traffic (in/out of data center). It runs on NSX
Edge nodes, not ESXi. Active/Standby deployment is supported for redundancy. L7 application
identification for east-west traffic is a Distributed Firewall feature, not Gateway Firewall.*
Question 7
An administrator needs to block malicious outbound DNS queries from a VM. Which
vDefend feature should be used?
A. Distributed Firewall with DNS service object
B. Gateway Firewall with FQDN filter
C. IDPS with DNS signature
D. Malware Prevention with file reputation
Correct Answer: B
*Explanation: Gateway Firewall on the Tier-0 or Tier-1 Gateway can filter outbound north-south
DNS traffic using FQDN or DNS snooping. Distributed Firewall focuses on east-west. IDPS may
detect but not primarily block DNS queries by FQDN. Malware Prevention handles files, not
DNS.*
6V0-22.2/VMware Avi Load Balancer 30.x
Administrator practice EXAM.
Latest Version: 6.1
Question: 1
Which SSL cipher type provides the best security?
A. EC without PFS
B. EC with PFS C. RSA without PFS
D. RSA with PFS
Answer: B
Explanation:
VMware Avi Load Balancer documentation recommends EC with PFS because RSA 2K keys are
more computationally expensive than EC, and EC with PFS provides the best performance and
the best possible security. Therefore, the strongest and preferred cipher type among the listed
options is EC with PFS.
Question: 2
Which file type will the default WAF Profile bypass for inspection?
,A. .batch
B. .exe
C. .ico
D. .yml
Answer: C
Explanation:
The Avi WAF Policy includes an option to bypass WAF inspection for static file extensions.
VMware Avi documentation notes that static content file extensions can be bypassed from WAF
checks. Among the listed options, .ico is the static web file type that matches this behavior;
.batch, .exe, and .yml are not appropriate default static web bypass file types.
Question: 3
The Server RTT in the End-to-End Timing graph has increased significantly while Client RTT and
App Response times have remained unchanged. What is the most likely explanation for the
issue?
A. One or more pool servers are experiencing very high CPU utilization
B. A database server used by the application is experiencing a performance issue
C. The Service Engine where the Virtual Service is placed has become overloaded
D. A networking issue has developed between the Service Engine and one or more pool servers
Answer: D
Explanation:
In Avi analytics, Server RTT represents the round-trip latency between the Service Engine and
the backend pool servers. VMware Avi documentation states that an abnormally high Server RTT
can indicate a network issue between the Service Engine and the servers. Because Client RTT
and App Response remain unchanged, the issue is most likely on the network path between the
Service Engine and one or more pool servers.
Question: 4
What action should be taken to increase the number of active Service Engines utilized by a
Virtual Service?
A. Use the Migrate button in the Virtual Service popup
B. Use the Scale Out button in the Virtual Service popup
C. Use the Scale Out button in the Service Engine Group configuration
D. No action is necessary since the data plane is scaled automatically
, Answer: B
Explanation:
VMware Avi Load Balancer supports scaling a Virtual Service across multiple Service Engines. The
documentation for automatic scaling of Virtual Services references using the Scale Out action for
a Virtual Service to increase the number of Service Engines actively supporting that Virtual
Service. Therefore, the correct action is to use the Scale Out button in the Virtual Service popup.
Question: 5
Which statement is true for Avi to compress an HTTP response?
A. Caching must be disabled
B. The Web Application Firewall must be disabled
C. Client round-trip time must be greater than 100 ms
D. The client’s Accept-Encoding header must be in the request
Answer: D
Explanation:
HTTP compression depends on whether the client indicates support for compressed content. In
Avi Load Balancer compression configuration, the Accept-Encoding request header is relevant
because it tells the system what compression encodings the client can accept. Therefore, for Avi
to compress an HTTP response, the client request must include an appropriate Accept-Encoding
header.
, uestion 6
Which two statements about the NSX Gateway Firewall are true? (Choose two)
A. It inspects north-south traffic only
B. It runs on the ESXi hypervisor
C. It can be deployed on Active/Standby Edge clusters
D. It supports L7 application identification for east-west traffic
Correct Answers: A, C
*Explanation: Gateway Firewall inspects north-south traffic (in/out of data center). It runs on NSX
Edge nodes, not ESXi. Active/Standby deployment is supported for redundancy. L7 application
identification for east-west traffic is a Distributed Firewall feature, not Gateway Firewall.*
Question 7
An administrator needs to block malicious outbound DNS queries from a VM. Which
vDefend feature should be used?
A. Distributed Firewall with DNS service object
B. Gateway Firewall with FQDN filter
C. IDPS with DNS signature
D. Malware Prevention with file reputation
Correct Answer: B
*Explanation: Gateway Firewall on the Tier-0 or Tier-1 Gateway can filter outbound north-south
DNS traffic using FQDN or DNS snooping. Distributed Firewall focuses on east-west. IDPS may
detect but not primarily block DNS queries by FQDN. Malware Prevention handles files, not
DNS.*
