Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

AVIATRIX ACE FINAL EXAM Questions with 100% verified Answers Rated GRADE A+ Latest Updates, Exams of Nursing

AVIATRIX ACE FINAL EXAM Questions with 100% verified Answers Rated GRADE A+ Latest Updates 2024

Typology: Exams

2023/2024

Available from 08/02/2024

TUTOR1
TUTOR1 🇺🇸

3.3

(6)

1.3K documents

1 / 23

Toggle sidebar

Related documents


Partial preview of the text

Download AVIATRIX ACE FINAL EXAM Questions with 100% verified Answers Rated GRADE A+ Latest Updates and more Exams Nursing in PDF only on Docsity! AVIATRIX ACE FINAL EXAM Questions with 100% verified Answers Rated GRADE A+ Latest Updates 2024 ouesnon Using AWS Terraform provider, a customer created an AWS Transit Gateway with 50 VPCs attached to it. After attaching the VPCs and spinning up some EC2 instances in them, none of the instances can communicate with each other. What should be done to resolve the issue? SELECT THE CORRECT ANSWER © There must be security group rules blocking traffic as AWS auto configures VPC routing tables Configure BGP communities in VPC such that all VPCs that need to communicate with eachother have same community defined Create routing tables in each VPC, add CIDR for all the other VPCs in the routing table pointing to AWS Transit Gateway There must be security group rules blocking traffic as BGP in VPC auto configures VPC routing tables Clear answer question [ Choose two statements that best describe Aviatrix UserVPN/OpenVPN service. SELECT THE CORRECT ANSWERS Requires AWS NAT Gateway Is limited to one Gateway per VPC/VNET @ Can integrate with DUO for MFA e Can integrate with Active Directory Clear answer vesnon El Aviatrix platform has several operational features and capabilities built-in to help network engineers perform day to day operational tasks. Below, match the Aviatrix platform feature with the operational problem it addresses. [DRAG THE BOXES TO MATCH THE ANSWERS A feature that allows users to export their current Controller configurations (resources into Terraform fils (x and « import them into thei Teraform environment, faciitating an easy transition to using Terraform to manage their infrastructure. Packet Capture 2 eeanelracaae : ‘tool that collet ad helps you eager emeeReORTnpeas ¢ coal gies, edeatngte meter Iaep 20 Enel sheet ons your VPC mart otteane seowione Export to Terraform ? Abily to take live packet capture at any < spoke VPC/VNeVNC and aso display it in Wireshark VPC Tracker < > Abily to run basic troubleshooting tools from a simplified UL question Choose the two best statements that describe challenges of deploying a NextGen Firewall (NGFW) in public cloud. (Choose 2) SELECT THE CORRECT ANSWERS Reduced visibility due to NAT Firewalls can only be deployed in Active/Standby Reduced firewall feature availability Reduced effective throughput of the NGFW Firewalls can only be deployed in Active/Active Clear answer ueston J The feature in Aviatrix Controller that allows customers to see path between two instances/AMI/EC2/VM (including, but not limited to Security Groups, ACLs, Routes, etc.) is called: SELECT THE CORRECT ANSWER © Fighesth Netflow FlightControl Network Connectivity Test Clear answer auesron FB ACE Inc. has been using a 10 Gbps ExpressRoute connection into Microsoft Azure. Security and compliance team has recently flagged this as a policy violation as company data is going unencrypted over untrusted transport. What are the encryption options available to ACE Inc. for connecting to Azure? (Choose 2) SELECTTHE CORRECT ANSWERS Data over ExpressRouteis encrypted by default You can open a support ticket with Microsoft Azure o encrypt at 10 Gbps Use Aviatrix High Performance Encryption over ExpressRoute to encrypt at 10 Gbpsline rate Manually build IPSec tunnel from on-prem router to cloud over ExpressRoute to achieve a reduced thruput of 1.2 Gbps Clear answer quesnon Few key differences between Aviatrix based transit and other non-Aviatrix 3" party transit (such as Cisco CSR) are: (Choose 2) SELECT THE CORRECT ANSWERS Aviatrix transit architecture lets you choose any instance size. Throughput wll depend on the instance size characteristics Cisco CSR based transit lets you choose any instance size. Throughput will depend on the instance size characteristics Aviatrix based transit can do 1.25 Gbps encrypted throughput whereas Cisco CSR can do up to 70 Gbps With default settings, csco\CSR based transit can do 1.25 Gbps encrypted throughput whereas Avatrix can do upto 70 Gbps Clear answer WP cusnon Match the issues of deploying firewalls in public cloud to appropriate problem statement [DRAG THE BOXES TO MATCH THE ANSWERS the general recommendation is to When using 3rd party NextGen FWs deployed in a 2 ewe none < sepoytrewas nea VPC When using native features of Google Cloud Platform 2 sling out of frewalls i not possible and a 3rd party NextGen Frewal isneeded wen usngaws nate rans Gatewy andad : throughput ofeach NetGen FW is party NextGen Firewall i deployed as Active/Actve rited 10500 Mbps When using AWS native Transit Gateway and a 3rd 7 static routes are needed to manually party NextGen Firewall is deployed as Actve/Standby edliect interesting traffic to load balancers questo Choose two examples where you would leverage the Aviatrix Controller's S2C (Site-2-Cloud) workflow? (Choose 2) SELECT THE CORRECT ANSWERS Connect your branch office to the cloud resources Connect two branch ofces directly to eachother GX 0170 several telecommuting employees to cloud resources bated on ther geographic location @ connect a partner directly toa VEC/VNET hosting your application Clear answer uesmon What is Aviatrix CoPilot? SELECT THE CORRECT ANSWER ‘tool inside Aviatrix Controller to run FlightPath and other troubleshooting aspects ‘Atoo! that is used to upgrade Aviatrix Controller and perform other maintenance tasks © Acomponent of Avatrix platform tha provides end to end visibly showing deployment overview. cloud topology and provides views based on Netlow data ‘A product that run analytics and machine learning against the architecture Clear answer question Xj Aviatrix Gateways support NAT capability in which public cloud? SELECT THE CORRECT ANSWER AWS © All the the Public Cloud listed here in the options Google Cloud Microsoft Azure Clear answer cussion El Aviatrix platform provides rich capabilities around networking, security and operations in public cloud networks. In addition to Aviatrix Transit, it also helps customers overcome limitations of native public cloud constructs. Below, match the Aviatrix platform capability for AWS Transit Gateway (TGW) with the appropriate problem description. [DRAG THE BOXES TO MATCH THE ANSWERS AWS TGW Route Approval Customers are responsible for managing route tables at TGW and all the VPCs which is a huge administrative and technical overhead for customers. AWS TGW View Inability to have consolidated list of VPCs across AWS ‘TGWs, accounts, regions with CIDRs, IDs ete. AWS TGW Route Audit Ifsomeone makes a mistake and inserts bad routes, manually or via automation such as terraform, there is 1 ability to catch this common issue. AWS TOW List With multiple Transit Gateways and VPCs attached to them, there is @ need for visualization to map how VPCs and TGWs are connected. AWS TGW and VPC route table orchestration When a route is advertised over BGP, this route is {automatically propagated toall VPC. Tere needs to be \,_an ability for the network engineers to approve the route | before itis propagated, queston ACE Inc. needs to deploy a single consistent network infrastructure across AWS, Azure, GCP and OCI using Aviatrix. How many Aviatrix controllers will be needed? SELECT THE CORRECT ANSWER 4 ©: Clear answer quesnon What are some limitations of using Public Cloud Provider's (AWS, Azure, GCP, OCI) native VPN Gateways that network engineers must account for in their deployments? (Choose 2) SELECT THE CORRECT ANSWERS ‘No support for NAT which becomes problematic incase of overlapping IPs and connecting to (customer and partnen sites where IP allocation is out of your administrative control No support for Active/Active deployment Inability to use common troubleshooting tools lke ping, traceroute Only support UDP Clear answer QUESTION An example of when would you use Aviatrix FlightPath is: SELECT THE CORRECT ANSWER To insert Firewall into traffic path between 2 VPCs To connect your branch office to the cloud resources To view controller logs © To troubleshoot connectivity between EC2 instances in 2 AWS VPCs Clear answer question Egy Choose the best definition for Firewall Network (FireNet)? SELECT THE CORRECT ANSWER © Aviatrix turn key solution to scalably deploy firewall instances in the cloud Azure functionality to deploy 3rd party firewalls in a VPC AWS functionality to deploy 3rd party firewalls in a VPC GCP functionality to deploy 3rd party firewalls in a VPC Clear answer quesnon EA ACE Inc. had been using a standard marketplace router as an NVA (Network Virtual Appliance) in the hub Virtual Network (VNet) for spoke to spoke communication. The NVA has just been replaced by Azure Firewall. Now the security operations team is reporting that traffic between Virtual Machines in the same VNet is working however any inter-VNet traffic is being dropped by the NSGs (Network Security Groups) at destination. What could be a possible reason? SELECT THE CORRECT ANSWER ‘Azure Firewalls blocking all the traffic There is no route at the Azure Firewall © _Aaure Firewalls doing SNAT for inter-VNet traffic BGP routes in UDR need to be updated Clear answer ‘QUESTION What is a challenge of using ExpressRoute Edge Routers as transit to interconnect VNets in Azure? ‘SELECT THE CORRECT ANSWER Not recommended by Microsoft Product Group / not officially documented BW limited by ExpressRoute Gateway SKU Limited Control of routing propagation © Allofthe above Clear answer ouesnon Which networking entity in the cloud infrastructure allows operators to run commands to see BGP state, route tables, diagnostic, logs etc, SELECT THE CORRECT ANSWER AWS VPC Implicit Router Azure VNET Router Google Cloud Router © Aviatrix Gateway Clear answer quesnon High speed private connectivity from customer locations (data centers, Headquarters) to public cloud such as AWS Direct Connect, Azure ExpressRoute, Google InterConnect and OCI FastConnect are encrypted by default? SELECT THE CORRECT ANSWER Ture © Fae Clear answer Question ER What is/are the protocol(s) supported by Aviatrix Site2Cloud (S2C) Gateway? SELECT THE CORRECT ANSWER GRE UDP only @® Both TcP and uDP TCP only Clear answer quesnon As per the cloud architecture best practices guidelines in Multi-Cloud Network Architecture (MCNA), which component provides a consistent transit available in all regions across all public cloud providers. SELECT THE CORRECT ANSWER (Cloud Operations Layer @ iodat Transit Layer @ oud Applications Layer Cloud Security Layer Clear answer quesnon Which Aviatrix solution lets customers connect and manage their branch Cisco ISR routers to AWS or Azure without requiring any manual effort on branch routers or replacement of equipment? SELECT THE CORRECT ANSWER & High Performance Encryption (Insane Mode) FlightPath Direct Connect @ covswan Clear answer uesnon ACE Inc. has 50 VPCs in AWS with applications that need access to SaaS services on the internet using pre-defined FQDNs. Current deployment has AWS NAT instances deployed that allow full internet access. ACE Inc's security team has mandated that these applications should only be allowed access to pre-approved FQDNs. You have been tasked to solve this problem considering the following three goals 1. Solution must be easy to implement 2, Same URLs definitions can be used for multiple applications 3. Keep the cost down SELECT THE COREECT ANSWER Deploy @ WAF solution Deploy a NGFW frewallin each VPC @© deploy Avatix Gateways to perform FQDN fitering Configure NAT policies on the AWS NAT instance Clear answer question What native methods are available to configure Public Cloud Networks using Aviatrix Controller? (Choose 3) SELECT THE CORRECT ANSWERS Bes REST API @& L' User interface) @ Powershell @ ters!0rm Clear answer = MUCOHIUN Ea i can peer AWS TGWs within a Region 4 cer THE CORRECT ANSWER ve TRI Wi Hl) pews il He Wi, II cn snp What is an Availability Zone? | \\ | Wt | ili | SELECT THECORRECT ANSWER) |) | Hy | i | | Nat © A technology developed for Multi Cloud for automatic moving of resources between DC and Cloud regions fi ) Azone provided by Cloud Service Providers (csp) that is available to multiple regions across the globe to der 4 availability needs | hey Grouping of many on-préem data centets within a geographic area to provide regional service availability ‘@ Distinct location within cloud provider's network that is engineered to be isolated from failures of other such! - nan Azure setup where all VNETs are directly peered (full-mesh) using VNET Peering SELECT THE CORRECT ANSWERS (=> itiseasy to insert a centralized FW ®& peering needs to be broken for VNET CIDR change there are no real jimitations for bandwidth "' Qerressroute Edge Router does the actual routing Es quesnon Match the Azure transit option below to the description which best describes it: DRAG THE BOXES TO MATCH THE ANSWERS line = 7 tic uence aoe the MSFT Product Groups, this is the ommon transit routing anisms deployed by customers ethod can provide more granular but UDR management at scale become problematic Hairpinning through MSEE (Microsoft Enterprise Edge) routers, VNET Peering While the preferred option by Microsoft eens Group, this option faits to scale as customer grow due to the ! to! ‘mapping this method depends upon. von) [evewiew] [mosucton]} [Fn] [compen 2 Type here to search W Question [BB Wea One difference between Microsoft ExpressRoute circuits as compared to other cloud prov options, is that ExpressRoute is always provisioned as a redundant pair with two physical Microsoft Enterprise Edge Routers (MSEE)? i SELECT THE CORRECT ANSWER i False N \ oa True i Clear answer Previous Lod { be yetiiy iil er voll dau gti sight iis Eg FRSC NM Eeyore TEETH ENT TH a Pe rag a The IPSec tunnels terminating at AWS TGW/VGW, Azure VPN GW, and other native VPN = support interconnecting netwoks with overlapping IP ranges = _SELECT THE CORRECT ANSWER @ False = True Clear answer ‘ Previous z= overview [introduction | [mx] {
Docsity logo



Copyright © 2024 Ladybird Srl - Via Leonardo da Vinci 16, 10126, Torino, Italy - VAT 10816460017 - All rights reserved