Download AVIATRIX ACE FINAL EXAM Questions with 100% verified Answers Rated GRADE A+ Latest Updates and more Exams Nursing in PDF only on Docsity! AVIATRIX ACE FINAL EXAM Questions with 100% verified Answers Rated GRADE A+ Latest Updates 2024
ouesnon
Using AWS Terraform provider, a customer created an AWS Transit Gateway with 50 VPCs attached to it. After
attaching the VPCs and spinning up some EC2 instances in them, none of the instances can communicate with each
other. What should be done to resolve the issue?
SELECT THE CORRECT ANSWER
© There must be security group rules blocking traffic as AWS auto configures VPC routing tables
Configure BGP communities in VPC such that all VPCs that need to communicate with eachother have same community defined
Create routing tables in each VPC, add CIDR for all the other VPCs in the routing table pointing to AWS Transit Gateway
There must be security group rules blocking traffic as BGP in VPC auto configures VPC routing tables
Clear answer
question [
Choose two statements that best describe Aviatrix UserVPN/OpenVPN service.
SELECT THE CORRECT ANSWERS
Requires AWS NAT Gateway
Is limited to one Gateway per VPC/VNET
@ Can integrate with DUO for MFA
e Can integrate with Active Directory
Clear answer
vesnon El
Aviatrix platform has several operational features and capabilities built-in to help network engineers perform day to
day operational tasks.
Below, match the Aviatrix platform feature with the operational problem it addresses.
[DRAG THE BOXES TO MATCH THE ANSWERS
A feature that allows users to export
their current Controller configurations
(resources into Terraform fils (x and
« import them into thei Teraform
environment, faciitating an easy
transition to using Terraform to manage
their infrastructure.
Packet Capture 2
eeanelracaae : ‘tool that collet ad helps you
eager emeeReORTnpeas
¢ coal gies, edeatngte meter
Iaep 20 Enel sheet ons your VPC
mart otteane seowione
Export to Terraform ? Abily to take live packet capture at any
< spoke VPC/VNeVNC and aso display it
in Wireshark
VPC Tracker < > Abily to run basic troubleshooting
tools from a simplified UL
question
Choose the two best statements that describe challenges of deploying a NextGen Firewall (NGFW) in public cloud.
(Choose 2)
SELECT THE CORRECT ANSWERS
Reduced visibility due to NAT
Firewalls can only be deployed in Active/Standby
Reduced firewall feature availability
Reduced effective throughput of the NGFW
Firewalls can only be deployed in Active/Active
Clear answer
ueston J
The feature in Aviatrix Controller that allows customers to see path between two instances/AMI/EC2/VM (including,
but not limited to Security Groups, ACLs, Routes, etc.) is called:
SELECT THE CORRECT ANSWER
© Fighesth
Netflow
FlightControl
Network Connectivity Test
Clear answer
auesron FB
ACE Inc. has been using a 10 Gbps ExpressRoute connection into Microsoft Azure. Security and compliance team
has recently flagged this as a policy violation as company data is going unencrypted over untrusted transport. What
are the encryption options available to ACE Inc. for connecting to Azure?
(Choose 2)
SELECTTHE CORRECT ANSWERS
Data over ExpressRouteis encrypted by default
You can open a support ticket with Microsoft Azure o encrypt at 10 Gbps
Use Aviatrix High Performance Encryption over ExpressRoute to encrypt at 10 Gbpsline rate
Manually build IPSec tunnel from on-prem router to cloud over ExpressRoute to achieve a reduced thruput of 1.2 Gbps
Clear answer
quesnon
Few key differences between Aviatrix based transit and other non-Aviatrix 3" party transit (such as Cisco CSR) are:
(Choose 2)
SELECT THE CORRECT ANSWERS
Aviatrix transit architecture lets you choose any instance size. Throughput wll depend on the instance size characteristics
Cisco CSR based transit lets you choose any instance size. Throughput will depend on the instance size characteristics
Aviatrix based transit can do 1.25 Gbps encrypted throughput whereas Cisco CSR can do up to 70 Gbps
With default settings, csco\CSR based transit can do 1.25 Gbps encrypted throughput whereas Avatrix can do upto 70 Gbps
Clear answer
WP cusnon
Match the issues of deploying firewalls in public cloud to appropriate problem statement
[DRAG THE BOXES TO MATCH THE ANSWERS
the general recommendation is to
When using 3rd party NextGen FWs deployed in a 2
ewe none < sepoytrewas nea VPC
When using native features of Google Cloud Platform 2 sling out of frewalls i not possible
and a 3rd party NextGen Frewal isneeded
wen usngaws nate rans Gatewy andad : throughput ofeach NetGen FW is
party NextGen Firewall i deployed as Active/Actve rited 10500 Mbps
When using AWS native Transit Gateway and a 3rd 7 static routes are needed to manually
party NextGen Firewall is deployed as Actve/Standby edliect interesting traffic to load
balancers
questo
Choose two examples where you would leverage the Aviatrix Controller's S2C (Site-2-Cloud) workflow?
(Choose 2)
SELECT THE CORRECT ANSWERS
Connect your branch office to the cloud resources
Connect two branch ofces directly to eachother
GX 0170 several telecommuting employees to cloud resources bated on ther geographic location
@ connect a partner directly toa VEC/VNET hosting your application
Clear answer
uesmon
What is Aviatrix CoPilot?
SELECT THE CORRECT ANSWER
‘tool inside Aviatrix Controller to run FlightPath and other troubleshooting aspects
‘Atoo! that is used to upgrade Aviatrix Controller and perform other maintenance tasks
© Acomponent of Avatrix platform tha provides end to end visibly showing deployment overview. cloud topology and provides views based on Netlow data
‘A product that run analytics and machine learning against the architecture
Clear answer
question Xj
Aviatrix Gateways support NAT capability in which public cloud?
SELECT THE CORRECT ANSWER
AWS
© All the the Public Cloud listed here in the options
Google Cloud
Microsoft Azure
Clear answer
cussion El
Aviatrix platform provides rich capabilities around networking, security and operations in public cloud networks. In
addition to Aviatrix Transit, it also helps customers overcome limitations of native public cloud constructs.
Below, match the Aviatrix platform capability for AWS Transit Gateway (TGW) with the appropriate problem
description.
[DRAG THE BOXES TO MATCH THE ANSWERS
AWS TGW Route Approval Customers are responsible for managing route tables at
TGW and all the VPCs which is a huge administrative and
technical overhead for customers.
AWS TGW View Inability to have consolidated list of VPCs across AWS
‘TGWs, accounts, regions with CIDRs, IDs ete.
AWS TGW Route Audit Ifsomeone makes a mistake and inserts bad routes,
manually or via automation such as terraform, there is
1 ability to catch this common issue.
AWS TOW List With multiple Transit Gateways and VPCs attached to
them, there is @ need for visualization to map how VPCs
and TGWs are connected.
AWS TGW and VPC route table orchestration When a route is advertised over BGP, this route is
{automatically propagated toall VPC. Tere needs to be
\,_an ability for the network engineers to approve the route
| before itis propagated,
queston
ACE Inc. needs to deploy a single consistent network infrastructure across AWS, Azure, GCP and OCI using Aviatrix.
How many Aviatrix controllers will be needed?
SELECT THE CORRECT ANSWER
4
©:
Clear answer
quesnon
What are some limitations of using Public Cloud Provider's (AWS, Azure, GCP, OCI) native VPN Gateways that
network engineers must account for in their deployments?
(Choose 2)
SELECT THE CORRECT ANSWERS
‘No support for NAT which becomes problematic incase of overlapping IPs and connecting to (customer and partnen sites where IP allocation is out of your
administrative control
No support for Active/Active deployment
Inability to use common troubleshooting tools lke ping, traceroute
Only support UDP
Clear answer
QUESTION
An example of when would you use Aviatrix FlightPath is:
SELECT THE CORRECT ANSWER
To insert Firewall into traffic path between 2 VPCs
To connect your branch office to the cloud resources
To view controller logs
© To troubleshoot connectivity between EC2 instances in 2 AWS VPCs
Clear answer
question Egy
Choose the best definition for Firewall Network (FireNet)?
SELECT THE CORRECT ANSWER
© Aviatrix turn key solution to scalably deploy firewall instances in the cloud
Azure functionality to deploy 3rd party firewalls in a VPC
AWS functionality to deploy 3rd party firewalls in a VPC
GCP functionality to deploy 3rd party firewalls in a VPC
Clear answer
quesnon EA
ACE Inc. had been using a standard marketplace router as an NVA (Network Virtual Appliance) in the hub Virtual
Network (VNet) for spoke to spoke communication. The NVA has just been replaced by Azure Firewall.
Now the security operations team is reporting that traffic between Virtual Machines in the same VNet is working
however any inter-VNet traffic is being dropped by the NSGs (Network Security Groups) at destination. What could
be a possible reason?
SELECT THE CORRECT ANSWER
‘Azure Firewalls blocking all the traffic
There is no route at the Azure Firewall
© _Aaure Firewalls doing SNAT for inter-VNet traffic
BGP routes in UDR need to be updated
Clear answer
‘QUESTION
What is a challenge of using ExpressRoute Edge Routers as transit to interconnect VNets in Azure?
‘SELECT THE CORRECT ANSWER
Not recommended by Microsoft Product Group / not officially documented
BW limited by ExpressRoute Gateway SKU
Limited Control of routing propagation
© Allofthe above
Clear answer
ouesnon
Which networking entity in the cloud infrastructure allows operators to run commands to see BGP state, route
tables, diagnostic, logs etc,
SELECT THE CORRECT ANSWER
AWS VPC Implicit Router
Azure VNET Router
Google Cloud Router
© Aviatrix Gateway
Clear answer
quesnon
High speed private connectivity from customer locations (data centers, Headquarters) to public cloud such as AWS
Direct Connect, Azure ExpressRoute, Google InterConnect and OCI FastConnect are encrypted by default?
SELECT THE CORRECT ANSWER
Ture
© Fae
Clear answer
Question ER
What is/are the protocol(s) supported by Aviatrix Site2Cloud (S2C) Gateway?
SELECT THE CORRECT ANSWER
GRE
UDP only
@® Both TcP and uDP
TCP only
Clear answer
quesnon
As per the cloud architecture best practices guidelines in Multi-Cloud Network Architecture (MCNA), which
component provides a consistent transit available in all regions across all public cloud providers.
SELECT THE CORRECT ANSWER
(Cloud Operations Layer
@ iodat Transit Layer
@ oud Applications Layer
Cloud Security Layer
Clear answer
quesnon
Which Aviatrix solution lets customers connect and manage their branch Cisco ISR routers to AWS or Azure without
requiring any manual effort on branch routers or replacement of equipment?
SELECT THE CORRECT ANSWER
& High Performance Encryption (Insane Mode)
FlightPath
Direct Connect
@ covswan
Clear answer
uesnon
ACE Inc. has 50 VPCs in AWS with applications that need access to SaaS services on the internet using pre-defined
FQDNs. Current deployment has AWS NAT instances deployed that allow full internet access.
ACE Inc's security team has mandated that these applications should only be allowed access to pre-approved
FQDNs.
You have been tasked to solve this problem considering the following three goals
1. Solution must be easy to implement
2, Same URLs definitions can be used for multiple applications
3. Keep the cost down
SELECT THE COREECT ANSWER
Deploy @ WAF solution
Deploy a NGFW frewallin each VPC
@© deploy Avatix Gateways to perform FQDN fitering
Configure NAT policies on the AWS NAT instance
Clear answer
question
What native methods are available to configure Public Cloud Networks using Aviatrix Controller?
(Choose 3)
SELECT THE CORRECT ANSWERS
Bes
REST API
@& L' User interface)
@ Powershell
@ ters!0rm
Clear answer
= MUCOHIUN Ea
i can peer AWS TGWs within a Region
4 cer THE CORRECT ANSWER
ve TRI
Wi Hl) pews il He
Wi, II cn snp
What is an Availability Zone? |
\\ | Wt |
ili |
SELECT THECORRECT ANSWER) |) |
Hy | i | | Nat
© A technology developed for Multi Cloud for automatic moving of resources between DC and Cloud regions fi
) Azone provided by Cloud Service Providers (csp) that is available to multiple regions across the globe to der
4 availability needs |
hey Grouping of many on-préem data centets within a geographic area to provide regional service availability
‘@ Distinct location within cloud provider's network that is engineered to be isolated from failures of other such!
- nan Azure setup where all VNETs are directly peered (full-mesh) using VNET Peering
SELECT THE CORRECT ANSWERS
(=> itiseasy to insert a centralized FW
®& peering needs to be broken for VNET CIDR change
there are no real jimitations for bandwidth "'
Qerressroute Edge Router does the actual routing
Es
quesnon
Match the Azure transit option below to the description which best describes it:
DRAG THE BOXES TO MATCH THE ANSWERS
line = 7 tic uence aoe
the MSFT Product Groups, this is the
ommon transit routing
anisms deployed by customers
ethod can provide more granular
but UDR management at scale
become problematic
Hairpinning through MSEE (Microsoft Enterprise Edge)
routers,
VNET Peering While the preferred option by Microsoft
eens Group, this option faits to scale
as customer grow due to the ! to!
‘mapping this method depends upon.
von) [evewiew] [mosucton]} [Fn] [compen
2 Type here to search
W Question [BB Wea
One difference between Microsoft ExpressRoute circuits as compared to other cloud prov
options, is that ExpressRoute is always provisioned as a redundant pair with two physical
Microsoft Enterprise Edge Routers (MSEE)? i
SELECT THE CORRECT ANSWER
i False N \
oa True i
Clear answer
Previous Lod {
be yetiiy
iil
er voll dau gti sight iis
Eg FRSC NM Eeyore TEETH ENT TH a Pe rag a
The IPSec tunnels terminating at AWS TGW/VGW, Azure VPN GW, and other native VPN
= support interconnecting netwoks with overlapping IP ranges
= _SELECT THE CORRECT ANSWER
@ False
= True
Clear answer ‘
Previous z= overview [introduction | [mx] {