Which statement describes the traffic throughput of the NSX Distributed Firewall?
A.
By decoupling the firewall services from the virtualization layer, traffic is directed to the
distribution layer for firewall processing within a service module.
B.
By deploying firewall software on a per virtual machine basis, firewall services will be distributed
across multiple compute nodes.
C.
Firewall services are implemented as kernel modules and provide traffic filtering between the
virtual machine’s vNIC and the vSwitch.
D.
Firewall services are distributed as a software firewall appliance and may be deployed on more
than one ESXi host for scalability and high availability.
A: INCORRECT: because there is no interaction of NSX with distribution layer.
B: INCORRECT – FW services are not per virtual machine based, they reside on the kernel module of hypervisor
C: CORRECT: DFW services are in kernel module, and used for filtering traffic on the VMs connected to the port groups of VDS, i.e. VM to VM / East West traffic
D: INCORRECT: Firewall services are not available on a separate appliance
Agree to C.
Answer C
https://pubs.vmware.com/NSX-6/index.jsp#com.vmware.nsx.admin.doc/GUID-A55B66B2-0781-44DF-A3BF-97DDC9062042.html