1. Home
  2. Nutanix
  3. NCP-NS Exam Syllabus

Nutanix NCP-NS Exam Syllabus

Start Free NCP-NS Exam Practice After Reviewing the Topics

Before starting your NCP-NS exam preparation, it is recommended to review the complete Nutanix Certified Professional Network & Security v7.5 exam syllabus and carefully go through the exam objectives listed below. Once you understand the exam structure and objectives, you should practice using our free NCP-NS questions. We also provide premium NCP-NS practice test, fully updated according to the latest exam objectives, to help you accurately assess your preparedness for the actual exam.

Nutanix
Vendor
NCP-NS
Exam Code
106
Total Questions
5
Total Exam Domains

START FREE NCP-NS EXAM PRACTICE

NO SIGNUP REQUIRED  •  100% FREE TO START

NCP-NS EXAM QUESTIONS

Nutanix NCP-NS Exam Objectives

Section 1: Configure Flow Virtual Networking
Weight:
-
Objective 1.1: Create a VPC and Overlay Networks

Knowledge
  • Determine whether tenant or a transit VPC is required 
  • Recognize the purpose or usage of ERP in the VPC 
  • Identify the VPC Gateway nodes 
  • Associate routed and private CIDRs 
Objective 1.2: Create and Manage VPC External Networks 

Knowledge
  • Determine when overlapping ERPs is necessary 
  • Associate Scale-out VPC Gateway nodes to a VPC 
  • Determine when to set the default route
  • Determine routes to be set during VPC creation 
  • Assign a specific Router IP/ SNAT IP to a VPC
  • Change the external network for a VPC 
  • Create a Overlay External Network
  • Associate a VPC to a transit VPC Overlay External Network 
  • Determine when to connect a VPC to a NAT or a No-NAT network 
Objective 1.3: Configure Connectivity Options 

Knowledge 
  • Create network load balancer with a target group of VMs 
  • Analyze the status of BGP peering sessions, including advertised & received routes 
  • Define a Policy Based Routing policy to redirect traffic via a security appliance for inspection 
  • Assign a floating IP address to a workload for external access when using NAT external connectivity 
  • Create resiliency within BGP neighbors 
Section 2: Configure Flow Network Security
Weight:
-
Objective 2.1: Analyze and Document Application Flows 

Knowledge
  • Determine when monitoring mode is appropriate for policy creation 
  • Configure syslog to ship logs to an external source for analysis/enable policy logging 
  • Define and/or update a policy rule set using the flow visualization/captured traffic
  • Recognize the purpose and use case for a shared services policy 
Objective 2.2: Create and Configure Security Policies 

Knowledge
  • Determine the appropriate policy type based on business needs 
  • Configure Isolation policies between two or more entities 
  • Configure Application Policies with appropriate Secured Entities 
  • Configure Group ID lookup for Active Directory 
  • Configure VDI Policies 
  • Explain the use case for the quarantine function 
Objective 2.3: Manage Policy Lifecycle and Modes

Knowledge
  • Create a policy in Monitor mode and identify discovered traffic 
  • Enforce a policy currently applied in Monitor mode 
  • Clone a policy and apply to a different Scope 
  • Identify the number of entities potentially impacted by enforcing a monitored policy 
  • Describe the different policy lifecycle modes 

 
Section 3: Troubleshoot Flow Virtual Networking
Weight:
-
Objective 3.1: Troubleshoot Connectivity Issues 

Knowledge
  • Determine why a VM inside a VPC cannot reach the Internet
  • Determine why two VMs within the same VPC cannot communicate with each other 
  • Determine why a VM within a VPC cannot access the external network  
  • Determine why the BGP neighbor is not receiving expected routes from the VPC 
  • Identify and resolve network gateway status issues 
  • Determine if a Gateway VM (VTEP, VPN, or BGP) is unhealthy 
  • Verify that the subnet extension is active and in a healthy state 
Objective 3.2: Analyze Alerts and Logs to Address Virtual Networking Issues 

Knowledge
  • Diagnose BGP state using session logs 
  • Determine which user made a particular change and when 
  • Analyze IPFIX exports to identify network connectivity issues 
  • Interpret alerts and take corrective actions 
Objective 3.3: Analyze the Health of Infrastructure System Components 

Knowledge
  • Describe how to check the Network Controller’s health 
  • Recognize which actions can be performed (or not) when a Network Controller is unhealthy 
  • Interpret network controller and Flow Network Security alerts 
Section 4: Troubleshoot Flow Network Security
Weight:
-
Objective 4.1: Troubleshoot Undesired Network Communication

Knowledge 
  • Determine if desired traffic is being prevented by a security policy 
  • Verify VM membership in a policy component 
  • Assess Security Policy Hitlogs to identify allowed and denied traffic 
  • Identify policy priority conflicts (including prioritization of intra-tier rules vs. inbound/outbounds) 
  • Determine the root cause of packet loss when service insertion is in use 
  • Troubleshoot an issue where routes are present but North/South traffic is broken (MTU) 
Objective 4.2: Analyze Logs to Address Flow Network Security Issues

Knowledge
  • Describe how to pipe FNS Security Hit logs to external syslog server 
  • Determine the status of the conntrack table through NCC healthchecks 
  • Interpret FNS audit logs to diagnose an FNS issue 
Objective 4.3: Troubleshoot Identity-Based Policy Failure Related to User Group Mapping

Knowledge 
  • Verify that AD is properly configured (URL, service account, credentials, etc.) 
  • Enable ID Based Security and configure/manage referenced AD groups 
  • Validate dynamic category assignment at login time 
  • Validate that group memberships have been applied to a policy
Section 5: Deploy and Upgrade a Flow Environment
Weight:
-
Objective 5.1: Prepare a Cluster for Flow Network Security

Knowledge

Enable FNS from Prism Central 
Create categories and associate to VMs 
Confirm versions are supported and up-to-date before enablement 
Identify the resources needed on nodes and Prism Central 

Objective 5.2: Prepare a Cluster for Flow Virtual Networking

Knowledge 
  • Confirm that network controller is enabled and is the right version 14
  • Ensure all clusters compatible prior to enabling FVN 
  • Set MTU on virtual switch 
  • Confirm that Prism Central has adequate resources for the deployme
Objective 5.3: Determine Order of Upgrades and Upgrade Paths

Knowledge 
  • Identify and take actions on incompatible clusters 
  • Determine if the Network Controller can be updated and identify dependencies 
  • Determine if the FNS version can be upgraded and identify dependencies 
Objective 5.4: Configure Virtual Switches and MTU

Knowledge 
  • Modify MTU size to allow subnet extension or other features to be used
  • Segregate East-West and North-South Traffic 
  • Segregate UVM and Management and/or replication traffic 
Objective 5.5: Configure and Manage User Roles 

Knowledge 
  • Recognize which User roles can and cannot create a VPC 
  • Create a custom Role 
  • Limit Custom-Admin to specific VPCs 
  • Determine the appropriate System defined FNS RBAC role for a given user 
  • Create an Authorization policy for FNS 
  • Create an FNS RBAC custom role with granular permissions 
  • Determine the pre-configured permissions for system defined FNS RBAC roles
Info
https://www.nutanix.com/viewer/content/dam/nutanix/en/resources/datasheets/ds-ebg-ncp-ns.pdf