Prepare for VMware vDefend Certification in 1 Week

A Conversation About Preparing for the VMware vDefend Security Certification (6V0-21.25)

CuriousTechie: Hello IT Guy! I need to prepare for and attempt for the VMware vDefend Security certification within a week’s time. Is that doable? What’s your opinion?

ITGuy: The answer is subjective. It depends on your current skill set, how much time you have spent working on NSX vDefend and how many hours you can commit to the lab over the next 7 days.

CuriousTechie: I have been a NSX admin for a few years now, and I work with the Distributed Firewall (DFW) daily. Does that put me in a good spot to crack the exam in one week?

ITGuy: That’s a great start! Let’s look at the exam blueprint. The VMware vDefend Security exam (6V0-21.25) is currently based on VCF 5.x (NSX 4.x). Here are a few pointers:

• This is an Administrator-level exam so you can expect low level questions on configuration options for a feature
• It tests core NSX basics, the Security Services Platform (SSP), and the Advanced Threat Prevention (ATP) suite.

CuriousTechie: I have extensive experience with DFW but I am just starting new with the ATP suite. Can you help me with a study plan which I can follow to learn and prepare myself for the exam.

ITGuy: Definitely. Focus on these 10 pillars. Since it’s an admin exam, doing the labs is non-negotiable.

1. NSX Core Architecture
2. Distributed Firewall
3. Gateway Firewall
4. Security Services Platform
5. Security Intelligence
6. Intrusion Detection & Prevention
7. Network Traffic Analysis
8. Malware Detection & Prevention
9. Network Detection & Response
10. Antrea CNI with vDefend

CuriousTechie: NSX as a whole is a very big topic and Antrea in itself is a very complex topic for my current level. It doesn’t seem feasible to do all these in a week’s time.

ITGuy: I can understand the challenge, let’s build sub topics which you can focus on specific to vDefend Security which is the focus of this exam.

NSX – Brush up on the topics around NSX security operations. For example NSX RBAC capabilities & configurations, in-built tools which can be used to Troubleshoot Distributed Firewalls. A basic idea of supported automation platforms and High level NSX architecture will be very helpful to know.

Firewall – I understand you have experience with DFW but often in real world we don’t use many features of a product but from exam point of view we must know pretty much all the features. I would recommend you doing this VMware Hand-On Labs VMware vDefend Securing Applications and Infrastructure with vDefend Firewall ( HOL-2670-02-ANS-L). While doing this lab be curious and try to click every configuration option you see while following the lab guide.

Security Services Platform – A high level overview of this platform will be helpful. You can check out this blog for a quick overview and can definitely check the official Broadcom documentation for complete details here. Please be mindful that the exam will have questions only about SSP 5.0

Advanced Threat Prevention – Have an understanding of which ATP feature needs SSP to run and which can run without SSP. I would very strongly recommend to do this HOL lab VMware vDefend Firewall w/ Advanced Threat Protection (HOL-2670-04-ANS-L). Like I said earlier be very curious about all the configuration knobs you see in the lab. For example

1. Check for the default values of the IDPS configurations
2. Understand the different options to run IDPS Distributed/Gateway
3. Check all the 14 NTA detectors available, their respective individual configuration options and learning periods.
4. For Malware Prevention, take a note of the different file types supported. Understand the types of Analysis which can be done and where it can be done(Distributed/Gateway, T0/T1 etc. )
5. For NDR, go through MITRE ATT&CK on a high level to understand the how NDR campaigns are correlated with the framework. Know what different type of events are sent to NDR for correlation. Check this blog for a casual read!

Antrea CNI with vDefend – This topic can be little complex if you don’t have much background on Containers and Kubernetes. But there is a simple solution, do a LAB!! You can do just Module 9 of this HOL lab Container Services Security with Avi AKO and Antrea-vDefend (HOL-2571-04-ANS-L). This will give you enough information to build a basic understanding of Antrea and how it works with vDefend.

CuriousTechie: Great! Just to sum it up I must do the below three HOL labs with full attention and be mindful of all the configuration options.

1. VMware vDefend Securing Applications and Infrastructure with vDefend Firewall ( HOL-2670-02-ANS-L)
2. VMware vDefend Firewall w/ Advanced Threat Protection (HOL-2670-04-ANS-L)
3. Container Services Security with Avi AKO and Antrea-vDefend (HOL-2571-04-ANS-L)- Module 9 only

ITGuy: Right! Doing this doesn’t guarantee passing the exam but will definitely give you the knowledge to work on these products and confidence to attempt the exam!