If a Security Group is the Source for a General Logical Firewall Rule, which Virtual Machines will
be affected by the rule?
A.
Each Virtual Machine defined in the Security Group.
B.
Each Virtual Machine defined in the Source and Destination fields of the Logical Firewall Rule.
C.
Each Virtual Machine identified in the Applied To field of the Logical Firewall Rule.
D.
Each Virtual Machine identified in the Destination field of the Logical Firewall Rule.
C
?? In the “Applied To” field I can choose which firewall I want to apply the rule: Edge or distributed firewall or both. The question does not tell us if the destination is a virtual machine. So if you make a Security group you can “define dynamic membership”. So virtual machines with a tag can be a member of the Security group and affected by the rule. Answer: A is correct not C
I think C is still correct. This was the best explanation I could find:
https://telecomoccasionally.wordpress.com/2014/04/17/distributed-firewall-dfw-in-nsx-for-vsphere-and-applied-to/
Just because there is security group identified in the Source, it really doesn’t have anything to do with where it’s actually applied (and thus, the VMs being impacted).
C. is correct. https://pubs.vmware.com/NSX-6/index.jsp#com.vmware.nsx.admin.doc/GUID-C7A0093A-4AFA-47EC-9187-778BDDAD1C65.html