Which two are true of the NSX Gateway Firewall?

NSX Gateway Firewall is a distributed firewall that provides security for east-west traffic within a virtual environment.

B. Firewall rules in Pre Rule category are applied to all gateways. This category contains system-defined rules that are always applied first to all gateways and cannot be modified. These rules include the default deny all rule and others that control basic connectivity.

D. Security Groups can be used in Applied-To column. Security groups allow you to group together VMs that have similar security requirements and then apply firewall policies to those groups. This way you can apply the same security rules to multiple VMs at once, instead of configuring the rules on each individual VM.

References:

VMware NSX-T Data Center documentation https://docs.vmware.com/en/VMware-NSX-T-Data-Center/index.html

VMware NSX-T Data Center Gateway Firewall documentation https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/com.vmware.nsxt.firewall.doc/GUID-4C5D5A5F-8FDF-4F2A-9C5A-2C1903A3E5A5.html