Nutanix Updated NCP-CI-AWS Exam Questions and Answers by mikael

To ensure that every NC2 on AWS cluster deployed allows full access from the on-premises CVM subnet efficiently, the administrator should create a custom AWS Network Security Group.

Use a key value oftag:nutanix:clusters:externalfor the security group, and set the inbound allow address to the on-premises subnet.

This approach leverages AWS tags to manage security group rules dynamically and ensures that the necessary access permissions are applied automatically to all clusters with the specified tag.

This method reduces the need for manual configuration of each cluster's security group, streamlining the process for a test/dev environment where clusters are frequently created and destroyed.

References:Refer to the AWS documentation on Network Security Groups and Nutanix documentation on best practices for securing NC2 clusters.

To determine which subnets would be able to receive inbound traffic from AWS instances on a 10.0.0.0/22 network segment, we need to look at the configured subnets and their CIDR ranges, as well as the custom network security group's inbound rules.

Available CIDR ranges in VPC:

70.73.0.0/16

10.79.107.0/24

10.0.0.0/22

Configured Subnets in NC2 AWS VPC:

VDI: 10.78.130.0/22

SQL: 10.78.3.0/24

Server01: 10.78.2.0/24

Server02: 10.79.120.0/24

Tier01: 10.19.101.0/24

Custom Network Security Group Inbound Rule:

Allows all inbound traffic from 10.0.0.0/22.

Given that the custom network security group is allowing inbound traffic from the 10.0.0.0/22 network, we need to identify which of the configured subnets fall within this allowed range.

Analysis:

The subnets 10.78.130.0/22, 10.78.3.0/24, 10.78.2.0/24, 10.79.120.0/24, and 10.19.101.0/24 do not overlap with 10.0.0.0/22. Therefore, none of these subnets would naturally fall within the 10.0.0.0/22 range directly.

However, since the question is about receiving inbound trafficfromthe 10.0.0.0/22 network and considering security group rules, all subnets mentioned can technically receive traffic if the inbound rules are configured correctly, but since we are strictly asked about the configuration from the image and the overlap in the ranges:

Server01 (10.78.2.0/24)andTier01 (10.19.101.0/24)will receive traffic because their CIDR ranges do not conflict with the 10.0.0.0/22 range, thus allowing traffic without additional restrictions.

References:

Nutanix Clusters on AWS Administration Guide

AWS VPC and Subnet documentation

Network Security Group rules configuration in Nutanix documentation

After the NC2 free trial expires, to continue using all features of NC2 on existing clusters, the administrator needs to switch to a paid subscription plan.

A paid subscription ensures uninterrupted access to the full range of features and support for NC2 clusters.

Without switching to a paid plan, the features might be limited, and support may not be available, impacting the cluster's operations and management.

References:Refer to the Nutanix billing and subscription documentation for details on switching from a trial to a paid plan and the benefits associated with paid subscriptions.