Pre-Summer Special Sale - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: spcl70

Practice Free NCP-NS-7.5 Nutanix Certified Professional - Network and Security (NCP-NS) 7.5 Exam Questions Answers With Explanation

We at Crack4sure are committed to giving students who are preparing for the Nutanix NCP-NS-7.5 Exam the most current and reliable questions . To help people study, we've made some of our Nutanix Certified Professional - Network and Security (NCP-NS) 7.5 exam materials available for free to everyone. You can take the Free NCP-NS-7.5 Practice Test as many times as you want. The answers to the practice questions are given, and each answer is explained.

Question # 6

What is the first step in preparing a Nutanix cluster for Flow Virtual Networking?

A.

Enable the Network Controller in Prism Central.

B.

Install the latest version of Acropolis OS (AOS) on all nodes.

C.

Install the Nutanix Flow Controller on all cluster nodes.

D.

Configure the VLANs on the physical network switches.

Question # 7

An administrator has a requirement to capture application flow data for a policy in Monitor mode and export those events to an external SIEM for correlation with other logs. Which two actions are required to achieve this? (Choose two.)

A.

Enable IPFIX export on the monitored policy.

B.

Enable Policy Hit Logging on the monitored policy.

C.

Create a Flow Audit Policy on the monitored policy.

D.

Configure a remote syslog destination in Prism Central.

Question # 8

An administrator recently deployed a new set of virtual machines... 3-tier web application... restricted as follows: Only application VMs can talk to database VMs on port 3306 Frontend VMs should only communicate with application VMs on port 8080 Which action will correctly create and configure the Security Policies in Nutanix Flow to satisfy this task?

A.

Create VLANs for each tier and configure ACLs to restrict communication.

B.

Create IP-based rules for each VM category within a Security Policy.

C.

Configure a global "Allow All" Security Policy and rely on guest OS firewalls for tier-based restrictions.

D.

Create categories for each tier then define an Application Policy allowing specific ports between them.

Question # 9

What does placing a policy in Monitor mode accomplish?

A.

Visualizes discovered traffic that matches the policy.

B.

Blocks traffic that does not match the policy.

C.

Enables hitlogs for traffic that matches the policy.

D.

Redirects discovered traffic to a monitoring device.

Question # 10

An administrator is deploying a multi-tier (web, app, database) application on a Nutanix cluster using AHV. The administrator needs to allow internal communication between tiers and provide external access to the web tier. How should the administrator satisfy this requirement?

A.

Create separate VLAN networks for each tier and configure routing on the physical network.

B.

Create a VPC with a single subnet and assign workloads of each tier to this subnet.

C.

Create separate VPCs for each tier and connect them to the same external NAT network and configure routing policies for inter-tier traffic.

D.

Create a VPC with subnets for each tier and configure the Externally Routable Prefix to include only web subnets.

Question # 11

Which step is required before placing the Flow Network Security software bundle on a local web server?

A.

Perform an inventory on the Nutanix cluster before transferring any bundle files to the web server.

B.

Extract the downloaded bundle using 7zip and upload it directly to Prism Central.

C.

Enable Direct Upload in Life Cycle Manager so the bundles can be transferred automatically to the Nutanix cluster.

D.

Set up a local web server and download both the required software LCM bundle and compatibility bundle.

Question # 12

When creating a VPC, enabling the Transit VPC toggle changes the role of the VPC. What does the Transit VPC toggle do?

A.

Forces NAT for all external subnets

B.

Creates a hub-and-spoke VPC for routing

C.

Converts all Overlay subnets into VLAN subnets

D.

Enables DHCP relay for routed subnets

Question # 13

An administrator needs to delegate the management of security policies to a dedicated SecOps team. To enforce the principle of least privilege, the administrator assigns the predefined Flow Policy Author role to a user on the team. The user confirms they can create, monitor, and enforce security policies. However, when attempting to build a new application security policy for a set of newly deployed VMs, the user reports they are unable to create a new category to group these VMs. The option is not available in the Prism Central UI. Which statement explains this behavior?

A.

The Flow Policy Author role must be cloned into a custom role before it can be used.

B.

The user's role must be assigned with a scope for the specific projects they manage.

C.

The user is missing the Flow Admin role, which is required for category management.

D.

The Flow Policy Author role can only apply policies to existing categories by design.

Question # 14

An administrator has two user VPCs connected via a Transit VPC. Routing works for most subnets, but one overlay subnet cannot reach external networks. What is the most probable cause?

A.

Incorrect ASN in the BGP configuration in the Transit VPC

B.

Mismatch in ERP configuration in user and Transit VPC

C.

Floating IP not assigned to the gateway

D.

DHCP configuration is disabled on the overlay subnet in the user VPC

Question # 15

An administrator creates an Isolation Policy in Prism Central to prevent communication between the Prod and Staging environments. The policy is in Enforce mode... but VMs in the two environments can still communicate. Which configuration issue most likely explains why the Isolation Policy is not blocking the traffic?

A.

The Isolation Policy does not specify any services/ports, so no traffic is matched for enforcement.

B.

Isolation Policies restrict north-south communication when associated with a VPC gateway, not east-west traffic between categories.

C.

An Application Policy allows traffic between the same categories, overriding this policy.

D.

The Prod and Staging categories have not been assigned to the VMs, so the policy does not apply.

Question # 16

An administrator has observed the following message: Which two statements most accurately describe the security hitlog captured above? (Choose two.)

A.

This is a security hit log on the rule name "Production-External-WebTier".

B.

The source ip address is 10.38.174.5 and source port is TCP/123.

C.

86.108.190.23 is sending a packet on UDP 123.

D.

10.38.174.57 is sending a packet destined to UDP 123.

Question # 17

An administrator has configured two VPCs with overlapping externally routable prefixes (ERPs). The two VPCs are associated to separate external networks that are part of the same physical routing domain. What outcome should the administrator expect?

A.

Routing conflicts and unreachable external paths

B.

NAT is always automatically enforced

C.

Prefixes are merged into a single advertised route

D.

The larger prefix takes priority automatically

Question # 18

An administrator observes a Network Controller Unreachable alert in Prism Central for a specific AHV cluster. All other management tasks for the cluster from Prism Central are succeeding and the cluster itself reports a healthy status. Which step is the most appropriate to investigate the cause of this specific alert?

A.

On the affected Prism Element cluster, verify that the Network Controller service is enabled and healthy on all CVMs.

B.

Verify physical network connectivity and MTU settings between Prism Central and the affected AHV hosts.

C.

Check for and restart any unhealthy Flow Virtual Networking microservices within the Prism Central scale-out architecture.

D.

Unregister and then re-register the affected cluster in Prism Central to force a full synchronization of the network controller state.

Question # 19

The alert details mention a specific external network. Attempts to assign new Floating IPs to VMs fail, but existing Floating IPs continue to work. What is the cause of this alert?

A.

A firewall is blocking communication between Prism Central and the VPC's virtual router.

B.

The VPC's connection to the external network is down.

C.

A firewall is blocking communication between Prism Central and the VPC's virtual router.

D.

There are no more available IP addresses in the address pool configured for Floating IPs in that external network.

Question # 20

An administrator needs to configure a security policy that controls VM-to-VM communication within a category defined as secured entity. Which configuration action should the administrator take to restrict all intra-tier communication between the VMs within a category defined as secured entity?

A.

Apply the policy with inbound rules that block all inter-VM communication.

B.

Configure the security policy with allow-all intra-tier traffic.

C.

Set the security policy to allow-specific traffic for intra-tier communication.

D.

Use deny-all intra-tier traffic configuration in the policy.

Question # 21

An administrator needs to ensure all web traffic (HTTP/HTTPS) from a specific subnet (10.100.20.0/24) is redirected through a third-party virtual firewall inside the VPC for Layer 7 inspection before reaching the internet. The firewall VM has an IP of 10.100.30.5 and is connected to a different subnet. What should be done to enforce this specific traffic path?

A.

Configure a Policy-Based Route (PBR) on the VPC with a re-route IP 10.100.30.5.

B.

Create a FNS policy with an allow rule for the FW IP 10.100.30.5.

C.

Move the Firewall VM into the same subnet and set the default GW of the web servers to 10.100.30.5.

D.

Create a Network Policy with a high priority with the source 10.100.20.0/24, destination of 10.100.30.5 on port 80 & 443.

Question # 22

When setting up a Network Function VM for Service Insertion, an administrator needs to configure the vNICs that will be used for redirecting traffic. What is the correct configuration for the vNICs on the Network Function VM?

A.

Two specific Network Function vNICs must be created, one for inbound traffic and the other for outbound traffic.

B.

A single vNIC of type Network Function is required, which handles both ingress and egress traffic.

C.

Two Network Function vNICs are required that must be assigned static IP addresses from a managed IPAM network.

D.

Two standard vNICs are required, one for ingress and one for egress and must be on a trunked VLAN.

Question # 23

In a Nutanix deployment, when is the Network Controller automatically enabled?

A.

When the Small Prism Central deployment is scaled out to three PCVM's

B.

When the Network Controller is manually configured from the Prism Central settings page

C.

When the Network Controller is enabled on a Hyper-V cluster

D.

When the X-Large Prism Central deployment is installed or upgraded

Question # 24

A junior network operator is assigned two predefined roles in Prism Central... Role A: Prism Viewer Role B: VPC Admin The operator reports being able to successfully create, update, and delete Virtual Private Clouds (VPCs). However, the operator is unable to create a VM into the VPC. How does Prism Central determine the operator's effective permissions?

A.

The system applies the principle of "most privilege," granting the highest level of access from any assigned role.

B.

The permissions of the VPC Admin role override the more restrictive Prism Viewer role.

C.

The Prism Viewer role's permissions take precedence, preventing any write operations from the VPC Admin role.

D.

The permissions are the union of both roles, granting VPC management rights and global read-only access.

Question # 25

An administrator must delegate management of a single tenant VPC to a junior engineer. The engineer should be able to modify that VPC but must not see or change any other VPCs or networking configurations in Prism Central. The administrator wants to meet this requirement using RBAC. Which action should the administrator take to meet this requirement?

A.

Assign the Network Infrastructure Admin role and restrict its scope to the desired VPC.

B.

Assign the VPC Admin role and restrict its scope to the desired VPC.

C.

Assign a Custom Role cloned from Network Infrastructure Admin and restrict its scope to the desired VPC.

D.

Assign a Custom Role cloned from VPC Admin and restrict its scope to the desired VPC.

Question # 26

An administrator plans to upgrade a Nutanix cluster running AHV and Prism Central. The current cluster is on AOS 6.10, and the administrator wants to move to AOS 7.3 while ensuring all components remain compatible. What is the correct upgrade order to minimize downtime and maintain cluster functionality?

A.

Upgrade CVMs - > Upgrade cluster AOS - > Upgrade Prism Central - > Upgrade AHV hosts

B.

Upgrade cluster AOS - > Upgrade AHV hosts - > Upgrade Prism Central - > Upgrade CVMs

C.

Upgrade Prism Central - > Upgrade AHV hosts - > Upgrade CVMs - > Upgrade cluster AOS

D.

Upgrade AHV hosts - > Upgrade cluster AOS - > Upgrade Prism Central - > Upgrade CVMs

Question # 27

Refer to Exhibit:

NCP-NS-7.5 question answer

In the AD-VDI Departmental SecPol policy shown in the exhibit, ADGroup: Engineering is configured as a secured entity in a VDI Security Policy. Prism Central shows 2 / 2 active sessions under this group, but the administrator confirms that three Engineering users are currently logged in to persistent VDI desktops. The third user's VM shows no ADGroup assignment in its VM details in Prism Central, even after the user has successfully logged in. All three users are members of the same AD group, and the Domain Controller event logs confirm a successful interactive login for the third user. Which condition explains why the third user's VM is not being assigned the ADGroup: Engineering category?

A.

The Active Directory Service account used by Prism Central is locked.

B.

The third user's VM has been assigned an AppType category, preventing ID-Based categorization.

C.

The Flow Identity Service has been disabled in Prism Central for the VM the third user is logging in to.

D.

The Flow Network Security policy scope does not include the VLAN where the third user's VM resides.

Question # 28

Which policy is used to isolate a compromised VM in the most efficient way possible?

A.

Isolation Policy

B.

Quarantine Policy

C.

Shared Service Policy

D.

Application Policy

Question # 29

A customer wants to extend a VLAN subnet to a remote data center using VTEP. The administrator configures a Subnet Extension which shows UP in the Prism Interface, yet traffic fails to pass. Which setting is most likely misconfigured?

A.

Route Policy for VTEP has not been configured.

B.

VLAN ID does not match in the remote data center.

C.

Remote gateway IP address has not been configured.

D.

VXLAN UDP port is set to 4789.

Question # 30

Refer to Exhibit:

NCP-NS-7.5 question answer

An administrator is reviewing an enforced security policy "Secure 3-VM Inventory App", as shown in the exhibit. The policy's inbound rules are configured to allow traffic from specific sources to each tier of the application. The visualization shows one blocked traffic flow. Based on the information presented in the exhibit, which statement best describes this behavior?

A.

The AppTier: FrontEnd and AppTier: AppLogic entities are on different subnets.

B.

The Inventory App VM is being blocked from initiating a connection to the AppTier: Database category.

C.

The AppTier: Database category is being blocked from initiating a connection to the Inventory App VM.

D.

The security policy is blocking traffic because the Inventory App VM is using a port not allowed by the policy.

Question # 31

A service-insertion firewall VM protects user VMs access to the internet. The virtual and physical switches, as well as all user VMs, currently use the default MTU size of 1500. Everything functions normally until a user VM is migrated to another host. After the migration, the user reports that some websites fail to load while ping to those same sites still succeeds. Routing and security policies appear normal. Which two configuration changes could resolve the issue? (Choose two.)

A.

Increase the MTU across all vSwitch and physical uplinks on the relevant network path to 1558 or greater.

B.

Lower the MTU across all vSwitch and physical uplinks on the relevant network path to 1442 or lower.

C.

Decrease the MTU on the user VM's vNIC to 1442 or lower.

D.

Increase the MTU on the user VM's vNIC to 1558 or greater.

NCP-NS-7.5 PDF

$33

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

NCP-NS-7.5 PDF + Testing Engine

$52.8

$175.99

3 Months Free Update

  • Exam Name: Nutanix Certified Professional - Network and Security (NCP-NS) 7.5
  • Last Update: Apr 26, 2026
  • Questions and Answers: 106
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

NCP-NS-7.5 Engine

$39.6

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included