Nutanix NCP-NS-7.5 Dumps

What makes this a strong certification question is that several answers look technically related, but only one aligns with the exact behavior of Flow networking or Flow security. The correct response is D, meaning “It manages configuration, monitoring, and optimization of network resources.”. With BGP in Flow Virtual Networking, route exchange depends on both gateway objects and a correctly defined peering session. A healthy gateway alone is not enough; the session, peer parameters, and advertised prefixes must all align. A VPN showing an “Up” state confirms tunnel establishment, but it does not guarantee end-to-end reachability. Actual traffic flow still depends on route advertisement or static routing, proper prefixes, and correct MTU considerations. In practice, this falls into virtual network design: VPC structure, subnet type, external network behavior, routing intent, and address exposure are what determine the result. By contrast, A does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. B does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. In practice, administrators who anchor their decisions to.

The most professional way to evaluate this question is to map the symptom to the Nutanix feature responsible for that function rather than reacting to secondary details in the prompt. The correct response is D, meaning “Destination prefix: 172.16.2.0/24, Next-Hop: Ext_Net_Internal”. The winning option is the one tied to the native Nutanix object or control that governs the outcome described in the scenario. Operationally, Flow Virtual Networking should be checked from the control plane outward: gateway health, peering state, route advertisement, ERP coverage, external path, and MTU when encapsulation is involved.

Seen from a design perspective, the correct answer is the least ambiguous and most supportable implementation path inside Prism Central and AHV. Notice that A is not appropriate because NAT changes addressing behavior and does not solve the routing or policy condition described in the scenario. B is not appropriate because NAT changes addressing behavior and does not solve the routing or policy condition described in the scenario. Seen operationally, the correct response is the least disruptive and most deterministic one. It changes the exact Nutanix setting that governs the outcome instead of introducing workarounds elsewhere in the stack.

From a Nutanix exam perspective, this question is really testing whether the administrator understands the control point that actually governs the behavior shown in the scenario. The correct response is B, meaning “On the AHV host's physical network interfaces”. MTU planning matters because encapsulation adds overhead. When overlay, Geneve, VXLAN, or IPSec is present, a path that looks healthy at 1500 bytes can still fragment or drop larger frames unless the underlay and endpoints are sized correctly. This is a Flow policy design question, so categories, secured entities, rule direction, policy mode, and policy precedence matter more than simple IP connectivity assumptions. By contrast, A does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. C does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. The key takeaway is that Flow is intentionally modular. Networking objects determine reachability, security objects determine permission, and lifecycle steps determine supportability. Mixing those layers usually produces the distractor answers. A strong exam habit is to ask which Nutanix construct would have to.

The most professional way to evaluate this question is to map the symptom to the Nutanix feature responsible for that function rather than reacting to secondary details in the prompt. The correct response is C, meaning “4 GB of memory and 3 vCPUs”. The winning option is the one tied to the native Nutanix object or control that governs the outcome described in the scenario. In lifecycle terms, Nutanix expects administrators to respect prerequisites, compatibility, and dependency order before enabling or upgrading Flow-related services. A strong exam habit is to ask which Nutanix construct would have to change for the symptom or requirement to change. That mental shortcut usually separates the real answer from distractors that mention generic networking steps, disruptive resets, or unrelated configuration objects.

Notice that A does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. B does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. In practice, administrators who anchor their decisions to Prism Central constructs—such as VPCs, external networks, ERPs, categories, and policy modes—arrive at the correct answer faster and avoid unnecessary changes.

From a Nutanix exam perspective, this question is really testing whether the administrator understands the control point that actually governs the behavior shown in the scenario. The correct response is C, meaning “Isolation Policy”. An Isolation Policy is built to stop communication between defined groups. Unlike an application policy, it is intended to create a hard boundary, making it the correct choice when the requirement is “no traffic between these entities.” Quarantine is the fastest containment mechanism in Flow Network Security. It is specifically intended for suspected or compromised workloads that must be isolated immediately without redesigning broader application rules. This is a Flow policy design question, so categories, secured entities, rule direction, policy mode, and policy precedence matter more than simple IP connectivity assumptions. By contrast, A does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. B does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. For exam preparation, remember that Nutanix usually separates discovery from enforcement, routing from NAT, and access policy from identity mapping..

What makes this a strong certification question is that several answers look technically related, but only one aligns with the exact behavior of Flow networking or Flow security. The correct response is D, meaning “Connect the VPCs to a single Transit VPC.”. With BGP in Flow Virtual Networking, route exchange depends on both gateway objects and a correctly defined peering session. A healthy gateway alone is not enough; the session, peer parameters, and advertised prefixes must all align. A VPN showing an “Up” state confirms tunnel establishment, but it does not guarantee end-to-end reachability. Actual traffic flow still depends on route advertisement or static routing, proper prefixes, and correct MTU considerations. In practice, this falls into virtual network design: VPC structure, subnet type, external network behavior, routing intent, and address exposure are what determine the result. By contrast, A does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. B does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. For exam preparation, remember that Nutanix usually separates discovery.

The clean way to read this scenario is to separate what is merely present in the environment from the single Nutanix construct that actually satisfies the requirement. The correct response is B, meaning “The third user's VM has been assigned an AppType category, preventing ID-Based categorization.”. Identity-based controls in Flow depend on accurate mapping between Active Directory information and the categories or groups referenced by policy. If that mapping is wrong, the policy logic can be correct and access will still fail. From a troubleshooting standpoint, the validation path is policy scope first, then categories or identity mapping, then hitlog evidence, service definition, and finally policy precedence. By contrast, A does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. C does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. Seen operationally, the correct response is the least disruptive and most deterministic one. It changes the exact Nutanix setting that governs the outcome instead of introducing workarounds elsewhere in the stack. A strong exam habit is to ask.

From a Nutanix exam perspective, this question is really testing whether the administrator understands the control point that actually governs the behavior shown in the scenario. The correct response is B, meaning “Assign the VPC Admin role and restrict its scope to the desired VPC.”. The winning option is the one tied to the native Nutanix object or control that governs the outcome described in the scenario. In practice, this falls into virtual network design: VPC structure, subnet type, external network behavior, routing intent, and address exposure are what determine the result. By contrast, A does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. C does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. Seen operationally, the correct response is the least disruptive and most deterministic one. It changes the exact Nutanix setting that governs the outcome instead of introducing workarounds elsewhere in the stack. A strong exam habit is to ask which Nutanix construct would have to change for the symptom or requirement to change. That.

This item is best solved by thinking like an operator in Prism Central: first identify whether the problem is design, control-plane state, or policy logic, then pick the option tied to that layer. The correct response is C, meaning “Targeted VMs must have category assignments.”. The Network Controller supplies the control-plane services required for Flow Virtual Networking. Without it, Prism Central cannot build and manage overlays, gateways, and related virtual networking constructs consistently across the cluster. In lifecycle terms, Nutanix expects administrators to respect prerequisites, compatibility, and dependency order before enabling or upgrading Flow-related services. By contrast, A sounds plausible, but it does not align with the specific Flow policy object or precedence rule that controls this case. B does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. The key takeaway is that Flow is intentionally modular. Networking objects determine reachability, security objects determine permission, and lifecycle steps determine supportability. Mixing those layers usually produces the distractor answers. A strong exam habit is to ask which Nutanix construct would have to change for the symptom or requirement to change. That mental.

This item is best solved by thinking like an operator in Prism Central: first identify whether the problem is design, control-plane state, or policy logic, then pick the option tied to that layer. The correct response is A, meaning “MTU on guest VMs exceeds recommended size for IPSec.”. A Floating IP is the normal mechanism for exposing a workload in an overlay-backed VPC to external clients. It preserves internal VM addressing while publishing a reachable external address through the VPC’s north-south path. A VPN showing an “Up” state confirms tunnel establishment, but it does not guarantee end-to-end reachability. Actual traffic flow still depends on route advertisement or static routing, proper prefixes, and correct MTU considerations. Operationally, Flow Virtual Networking should be checked from the control plane outward: gateway health, peering state, route advertisement, ERP coverage, external path, and MTU when encapsulation is involved. By contrast, B does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. C does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. For exam.

What makes this a strong certification question is that several answers look technically related, but only one aligns with the exact behavior of Flow networking or Flow security. The correct response is B, meaning “Upgrade all nodes to the same version of AOS before proceeding with any other components.”. The winning option is the one tied to the native Nutanix object or control that governs the outcome described in the scenario. In lifecycle terms, Nutanix expects administrators to respect prerequisites, compatibility, and dependency order before enabling or upgrading Flow-related services. A strong exam habit is to ask which Nutanix construct would have to change for the symptom or requirement to change. That mental shortcut usually separates the real answer from distractors that mention generic networking steps, disruptive resets, or unrelated configuration objects. Notice that A does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. C does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. That is the underlying Nutanix principle being validated: solve the issue at the.

From a Nutanix exam perspective, this question is really testing whether the administrator understands the control point that actually governs the behavior shown in the scenario. The correct response is A, meaning “2058 Bytes”. MTU planning matters because encapsulation adds overhead. When overlay, Geneve, VXLAN, or IPSec is present, a path that looks healthy at 1500 bytes can still fragment or drop larger frames unless the underlay and endpoints are sized correctly. In practice, this falls into virtual network design: VPC structure, subnet type, external network behavior, routing intent, and address exposure are what determine the result. By contrast, B does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. C does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. Seen operationally, the correct response is the least disruptive and most deterministic one. It changes the exact Nutanix setting that governs the outcome instead of introducing workarounds elsewhere in the stack. A strong exam habit is to ask which Nutanix construct would have to change for the symptom.

A reliable method here is to translate the scenario into Nutanix terms—VPC routing, external connectivity, policy scope, identity mapping, or upgrade readiness—and then choose the answer that directly addresses that domain. The correct response is A, meaning “Enable microsegmentation and network controller on the cluster.”. The Network Controller supplies the control-plane services required for Flow Virtual Networking. Without it, Prism Central cannot build and manage overlays, gateways, and related virtual networking constructs consistently across the cluster. In lifecycle terms, Nutanix expects administrators to respect prerequisites, compatibility, and dependency order before enabling or upgrading Flow-related services.

In other words, this is less about broad infrastructure suspicion and more about finding the exact Nutanix decision point that explains the behavior. Notice that B does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. C does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. In practice, administrators who anchor their decisions to Prism Central constructs—such as VPCs, external networks, ERPs, categories, and policy modes—arrive at the correct answer faster and avoid unnecessary changes.

A reliable method here is to translate the scenario into Nutanix terms—VPC routing, external connectivity, policy scope, identity mapping, or upgrade readiness—and then choose the answer that directly addresses that domain. The correct response is D, meaning “Create a VPC with subnets for each tier and configure the Externally Routable Prefix to include only web subnets.”. The winning option is the one tied to the native Nutanix object or control that governs the outcome described in the scenario. In lifecycle terms, Nutanix expects administrators to respect prerequisites, compatibility, and dependency order before enabling or upgrading Flow-related services. A strong exam habit is to ask which Nutanix construct would have to change for the symptom or requirement to change. That mental shortcut usually separates the real answer from distractors that mention generic networking steps, disruptive resets, or unrelated configuration objects. Notice that A does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. B does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. Seen operationally, the correct response is.

From a Nutanix exam perspective, this question is really testing whether the administrator understands the control point that actually governs the behavior shown in the scenario. The correct response is C, meaning “Routing Protocol Logs for the specific BGP session”. With BGP in Flow Virtual Networking, route exchange depends on both gateway objects and a correctly defined peering session. A healthy gateway alone is not enough; the session, peer parameters, and advertised prefixes must all align. Operationally, Flow Virtual Networking should be checked from the control plane outward: gateway health, peering state, route advertisement, ERP coverage, external path, and MTU when encapsulation is involved.

Notice that A does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. B does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. In practice, administrators who anchor their decisions to Prism Central constructs—such as VPCs, external networks, ERPs, categories, and policy modes—arrive at the correct answer faster and avoid unnecessary changes.

What makes this a strong certification question is that several answers look technically related, but only one aligns with the exact behavior of Flow networking or Flow security. The correct response is D, meaning “Create categories for each tier then define an Application Policy allowing specific ports between them.”. Application Policies are the most appropriate way to model legitimate workload communication in a tiered application. They allow administrators to express which sources, destinations, and services are required instead of relying on broad network access. This is a Flow policy design question, so categories, secured entities, rule direction, policy mode, and policy precedence matter more than simple IP connectivity assumptions.

Notice that A does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. B sounds plausible, but it does not align with the specific Flow policy object or precedence rule that controls this case. That is the underlying Nutanix principle being validated: solve the issue at the feature that owns the behavior, not by changing unrelated infrastructure settings that happen to sound network-oriented.

From a Nutanix exam perspective, this question is really testing whether the administrator understands the control point that actually governs the behavior shown in the scenario. The correct response is B, meaning “Clone”. Monitor mode is designed for observation rather than enforcement. In Nutanix Flow, it discovers and visualizes matching traffic so an administrator can validate real application behavior before converting the policy to active enforcement. That is why the correct response focuses on visibility, not blocking. Enforce mode is the stage where Flow stops acting like a discovery tool and starts behaving like a stateful control point. Traffic allowed by the policy continues normally, while traffic that does not match an allowed rule is denied according to policy logic. This is a Flow policy design question, so categories, secured entities, rule direction, policy mode, and policy precedence matter more than simple IP connectivity assumptions. By contrast, A does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. C does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here..

This item is best solved by thinking like an operator in Prism Central: first identify whether the problem is design, control-plane state, or policy logic, then pick the option tied to that layer. The correct response is AD, which corresponds to Increase the MTU across all vSwitch and physical uplinks on the relevant network path to 1558 or greater. and Increase the MTU on the user VM's vNIC to 1558 or greater.. MTU planning matters because encapsulation adds overhead. When overlay, Geneve, VXLAN, or IPSec is present, a path that looks healthy at 1500 bytes can still fragment or drop larger frames unless the underlay and endpoints are sized correctly. Operationally, Flow Virtual Networking should be checked from the control plane outward: gateway health, peering state, route advertisement, ERP coverage, external path, and MTU when encapsulation is involved. By contrast, B does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. C does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. Seen operationally, the correct response is the.

From a Nutanix exam perspective, this question is really testing whether the administrator understands the control point that actually governs the behavior shown in the scenario. The correct response is A, meaning “Create the requisite Authorization Polices from custom or built-in roles.”. The winning option is the one tied to the native Nutanix object or control that governs the outcome described in the scenario. This is a Flow policy design question, so categories, secured entities, rule direction, policy mode, and policy precedence matter more than simple IP connectivity assumptions. By contrast, B does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. C does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. The key takeaway is that Flow is intentionally modular. Networking objects determine reachability, security objects determine permission, and lifecycle steps determine supportability. Mixing those layers usually produces the distractor answers. A strong exam habit is to ask which Nutanix construct would have to change for the symptom or requirement to change. That mental shortcut usually separates.

The most professional way to evaluate this question is to map the symptom to the Nutanix feature responsible for that function rather than reacting to secondary details in the prompt. The correct response is C, meaning “Increase the MTU by an additional 58 bytes for the Geneve header.”. MTU planning matters because encapsulation adds overhead. When overlay, Geneve, VXLAN, or IPSec is present, a path that looks healthy at 1500 bytes can still fragment or drop larger frames unless the underlay and endpoints are sized correctly. Service insertion introduces an additional dataplane hop through a network function VM. That makes correct vNIC pairing, health monitoring, and MTU sizing essential, because steering can fail even when the firewall appliance itself appears powered on. This is a Flow policy design question, so categories, secured entities, rule direction, policy mode, and policy precedence matter more than simple IP connectivity assumptions. In other words, this is less about broad infrastructure suspicion and more about finding the exact Nutanix decision point that explains the behavior. Notice that A does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome.

From a Nutanix exam perspective, this question is really testing whether the administrator understands the control point that actually governs the behavior shown in the scenario. The correct response is C, meaning “Create the Policy in Monitor mode, review the discovered traffic, allow the required traffic flows, and move Policy to Enforce mode.”. Monitor mode is designed for observation rather than enforcement. In Nutanix Flow, it discovers and visualizes matching traffic so an administrator can validate real application behavior before converting the policy to active enforcement. That is why the correct response focuses on visibility, not blocking. Enforce mode is the stage where Flow stops acting like a discovery tool and starts behaving like a stateful control point. Traffic allowed by the policy continues normally, while traffic that does not match an allowed rule is denied according to policy logic. This is a Flow policy design question, so categories, secured entities, rule direction, policy mode, and policy precedence matter more than simple IP connectivity assumptions. Notice that A sounds plausible, but it does not align with the specific Flow policy object or precedence rule that controls this case. B sounds plausible, but it does not.

This item is best solved by thinking like an operator in Prism Central: first identify whether the problem is design, control-plane state, or policy logic, then pick the option tied to that layer. The correct response is A, meaning “Enable the Network Controller in Prism Central.”. The Network Controller supplies the control-plane services required for Flow Virtual Networking. Without it, Prism Central cannot build and manage overlays, gateways, and related virtual networking constructs consistently across the cluster. In lifecycle terms, Nutanix expects administrators to respect prerequisites, compatibility, and dependency order before enabling or upgrading Flow-related services.

In other words, this is less about broad infrastructure suspicion and more about finding the exact Nutanix decision point that explains the behavior. Notice that B does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. C does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. The key takeaway is that Flow is intentionally modular. Networking objects determine reachability, security objects determine permission, and lifecycle steps determine supportability. Mixing those layers usually produces the distractor answers.

This item is best solved by thinking like an operator in Prism Central: first identify whether the problem is design, control-plane state, or policy logic, then pick the option tied to that layer. The correct response is A, meaning “The cloned policy's secured entities reference the intended categories.”. Enforce mode is the stage where Flow stops acting like a discovery tool and starts behaving like a stateful control point. Traffic allowed by the policy continues normally, while traffic that does not match an allowed rule is denied according to policy logic. This is a Flow policy design question, so categories, secured entities, rule direction, policy mode, and policy precedence matter more than simple IP connectivity assumptions.

Notice that B sounds plausible, but it does not align with the specific Flow policy object or precedence rule that controls this case. C sounds plausible, but it does not align with the specific Flow policy object or precedence rule that controls this case. The key takeaway is that Flow is intentionally modular. Networking objects determine reachability, security objects determine permission, and lifecycle steps determine supportability. Mixing those layers usually produces the distractor answers.

The most professional way to evaluate this question is to map the symptom to the Nutanix feature responsible for that function rather than reacting to secondary details in the prompt. The correct response is B, meaning “The MTU on the physical or virtual switch layer is set too low.”. MTU planning matters because encapsulation adds overhead. When overlay, Geneve, VXLAN, or IPSec is present, a path that looks healthy at 1500 bytes can still fragment or drop larger frames unless the underlay and endpoints are sized correctly. Operationally, Flow Virtual Networking should be checked from the control plane outward: gateway health, peering state, route advertisement, ERP coverage, external path, and MTU when encapsulation is involved. By contrast, A does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. C does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. Seen operationally, the correct response is the least disruptive and most deterministic one. It changes the exact Nutanix setting that governs the outcome instead of introducing workarounds elsewhere in the.

From a Nutanix exam perspective, this question is really testing whether the administrator understands the control point that actually governs the behavior shown in the scenario. The correct response is B, meaning “Apply a Security policy in Monitor mode to discover all traffic between the application tiers.”. Monitor mode is designed for observation rather than enforcement. In Nutanix Flow, it discovers and visualizes matching traffic so an administrator can validate real application behavior before converting the policy to active enforcement. That is why the correct response focuses on visibility, not blocking. Enforce mode is the stage where Flow stops acting like a discovery tool and starts behaving like a stateful control point. Traffic allowed by the policy continues normally, while traffic that does not match an allowed rule is denied according to policy logic. This is a Flow policy design question, so categories, secured entities, rule direction, policy mode, and policy precedence matter more than simple IP connectivity assumptions. By contrast, A does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. C sounds plausible, but it does not align with the.

The most professional way to evaluate this question is to map the symptom to the Nutanix feature responsible for that function rather than reacting to secondary details in the prompt. The correct response is A, meaning “Upgrade CVMs - > Upgrade cluster AOS - > Upgrade Prism Central - > Upgrade AHV hosts”. The winning option is the one tied to the native Nutanix object or control that governs the outcome described in the scenario. In lifecycle terms, Nutanix expects administrators to respect prerequisites, compatibility, and dependency order before enabling or upgrading Flow-related services.

Seen from a design perspective, the correct answer is the least ambiguous and most supportable implementation path inside Prism Central and AHV. Notice that B does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. C does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. In practice, administrators who anchor their decisions to Prism Central constructs—such as VPCs, external networks, ERPs, categories, and policy modes—arrive at the correct answer faster and avoid unnecessary changes.

The most professional way to evaluate this question is to map the symptom to the Nutanix feature responsible for that function rather than reacting to secondary details in the prompt. The correct response is A, meaning “Visualizes discovered traffic that matches the policy.”. Monitor mode is designed for observation rather than enforcement. In Nutanix Flow, it discovers and visualizes matching traffic so an administrator can validate real application behavior before converting the policy to active enforcement. That is why the correct response focuses on visibility, not blocking. Policy hitlogs provide precise evidence of what Flow evaluated, including source, destination, protocol, and rule outcome. In troubleshooting, that makes hitlogs one of the best places to confirm whether traffic matched an allow or deny decision. This is a Flow policy design question, so categories, secured entities, rule direction, policy mode, and policy precedence matter more than simple IP connectivity assumptions. Notice that B does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. C does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing.

The most professional way to evaluate this question is to map the symptom to the Nutanix feature responsible for that function rather than reacting to secondary details in the prompt. The correct response is D, meaning “Enforce Mode”. Monitor mode is designed for observation rather than enforcement. In Nutanix Flow, it discovers and visualizes matching traffic so an administrator can validate real application behavior before converting the policy to active enforcement. That is why the correct response focuses on visibility, not blocking. Enforce mode is the stage where Flow stops acting like a discovery tool and starts behaving like a stateful control point. Traffic allowed by the policy continues normally, while traffic that does not match an allowed rule is denied according to policy logic. This is a Flow policy design question, so categories, secured entities, rule direction, policy mode, and policy precedence matter more than simple IP connectivity assumptions. Seen from a design perspective, the correct answer is the least ambiguous and most supportable implementation path inside Prism Central and AHV. Notice that A does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing.

This item is best solved by thinking like an operator in Prism Central: first identify whether the problem is design, control-plane state, or policy logic, then pick the option tied to that layer. The correct response is B, meaning “The policy type can be changed while cloning a policy.”. The winning option is the one tied to the native Nutanix object or control that governs the outcome described in the scenario. This is a Flow policy design question, so categories, secured entities, rule direction, policy mode, and policy precedence matter more than simple IP connectivity assumptions. A strong exam habit is to ask which Nutanix construct would have to change for the symptom or requirement to change. That mental shortcut usually separates the real answer from distractors that mention generic networking steps, disruptive resets, or unrelated configuration objects. Notice that A sounds plausible, but it does not align with the specific Flow policy object or precedence rule that controls this case. C sounds plausible, but it does not align with the specific Flow policy object or precedence rule that controls this case. For exam preparation, remember that Nutanix usually separates discovery from enforcement, routing from.

From a Nutanix exam perspective, this question is really testing whether the administrator understands the control point that actually governs the behavior shown in the scenario. The correct response is C, meaning “The AppTier: Database category is being blocked from initiating a connection to the Inventory App VM.”. The winning option is the one tied to the native Nutanix object or control that governs the outcome described in the scenario. From a troubleshooting standpoint, the validation path is policy scope first, then categories or identity mapping, then hitlog evidence, service definition, and finally policy precedence. By contrast, A does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. B does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. For exam preparation, remember that Nutanix usually separates discovery from enforcement, routing from NAT, and access policy from identity mapping. Choosing the layer that truly owns the function is what leads to the right answer. A strong exam habit is to ask which Nutanix construct would have to change for.

A reliable method here is to translate the scenario into Nutanix terms—VPC routing, external connectivity, policy scope, identity mapping, or upgrade readiness—and then choose the answer that directly addresses that domain. The correct response is AC, which corresponds to Subnet Category and VPC Category. The winning option is the one tied to the native Nutanix object or control that governs the outcome described in the scenario. This is a Flow policy design question, so categories, secured entities, rule direction, policy mode, and policy precedence matter more than simple IP connectivity assumptions.

Seen from a design perspective, the correct answer is the least ambiguous and most supportable implementation path inside Prism Central and AHV. Notice that B does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. D does not fit because it targets a different layer of the Nutanix networking and security stack than the one causing the outcome here. That is the underlying Nutanix principle being validated: solve the issue at the feature that owns the behavior, not by changing unrelated infrastructure settings that happen to sound network-oriented.