Home Uncategorised ACE Aviatrix Certified Engineer Exam Answers – Multi-Cloud Network Associate Answers

ACE Aviatrix Certified Engineer Exam Answers – Multi-Cloud Network Associate Answers

2739
14

AWS Public VIF for DirectConnect announces the CIDR ranges of the publicly-available AWS services. It advertises

Using AWS Terraform provider, a customer created an AWS Transit Gateway with 50 VPCs attached to it. After attaching the VPCs and spinning up some EC2 instances in them, none of the instances can communicate with each other. What should be done to resolve the issue?

One difference between Microsoft ExpressRoute circuits as compared to other cloud providers direct connect options, is that ExpressRoute is always provisioned as a redundant pair with two physical connections to the Microsoft Enterprise Edge Routers (MSEE)?

Customer has an Aviatrix Controller deployed in AWS and wants to back up the Aviatrix Controller configuration. Where would the backup file be saved?

Which Aviatrix feature customer might leverage to help prevent connected partners from affecting cloud routing when peered with dynamic routing protocols?

Azure supports Availability Zones in all its regions

Stateful Firewall rule:

Aviatrix platform provides rich capabilities around networking, security and operations in public cloud networks. In addition to Aviatrix Transit, it also helps customers overcome limitations of native public cloud constructs.

Below, match the Aviatrix platform capability for AWS Transit Gateway (TGW) with the appropriate problem description.

You can peer AWS TGWs within a Region

Choose the correct behavior around software upgrade and security patching of Aviatrix Platform.(Choose 2)

Aviatrix Controller allows customers to export Netflow data from all or select Aviatrix Gateways to any Netflow collector on a custom port.

Choose the two best statements that describe challenges of deploying a NextGen Firewall (NGFW) in public cloud.

(Choose 2)

AWS Security Group, Azure Network Security Group, GCP Firewall service, by default support FQDN based firewall rules (e.g. www.yahoo.com) as a destination in their configuration, to allow/block traffic to the specified domain

AWS Guard Duty automatically enforces its findings through the ingress routing feature, blocking the malicious traffic by default

Choose two examples where you would leverage the Aviatrix Controller’s S2C (Site-2-Cloud) workflow?

(Choose 2)

What native methods are available to configure Public Cloud Networks using Aviatrix Controller?

(Choose 3)

An operator needs to create a new VPC, VCN or VNet using Aviatrix Controller.Can the operator use Aviatrix VPC Tracker feature to validate potential CIDR/Prefix/Address space duplication across multiple clouds?

In an Azure setup where all VNETs are directly peered (full-mesh) using VNET Peering

As per the cloud architecture best practices guidelines in Multi-Cloud Network Architecture (MCNA), which component provides a consistent transit available in all regions across all public cloud providers.

ACE Inc. currently uses AWS as their primary cloud provider with a strong desire to expand to Azure and GCP. IT team has strict security and control requirements from different business units that require isolation and control from each other. The different business units want

to own their own transit architecture

the ability to control firewall rules for their own application

to not share same transit with other business units but have ability to connect to other business units if needed

The architecture board has mandated that there needs to be a single design pattern that accommodates above requirements irrespective of the public cloud vendor being used.

Choose the best design option to meet above needs. Each option presents a complete solution.

Which Aviatrix solution lets customers connect and manage their branch Cisco ISR routers to AWS or Azure without requiring any manual effort on branch routers or replacement of equipment?

When AWS Direct Connect, Azure ExpressRoute, Google InterConnect and OCI FastConnect are encrypted without using Aviatrix High Performance Encryption, the effective throughput is reduced to _____.

An example of a Network Virtual Appliance (NVA) in Azure would include which of the following?

Private, Public, Transit VIFs (Virtual Interfaces) are terms related to which cloud element

Customers do not need to sign a separate licensing agreement with Aviatrix to get started because controller can be launched from any cloud provider’s Marketplace (Pay-As-You-Go metering).

Match the Azure transit option below to the description which best describes it:

Which AWS feature does Aviatrix integrate with to provide Public Subnet Filtering for Ingress Internet Traffic to a VPC?

Azure Firewall (native service):

ACE Inc. has 50 VPCs in AWS with applications that need access to SaaS services on the internet using pre-defined FQDNs. Current deployment has AWS NAT instances deployed that allow full internet access.

ACE Inc.’s security team has mandated that these applications should only be allowed access to pre-approved FQDNs.

You have been tasked to solve this problem considering the following three goals

Solution must be easy to implement

Same URLs definitions can be used for multiple applications

Keep the cost down

As a Cloud Networking Consultant, you are reviewing a Microsoft Azure network design that will be using Microsoft Azure ExpressRoute Edge routers as transit for inter-VNet communication. What are some known challenges with this design pattern?v

High speed private connectivity from customer locations (data centers, Headquarters) to public cloud such as AWS Direct Connect, Azure ExpressRoute, Google InterConnect and OCI FastConnect are encrypted by default?

ACE Inc. has a VNet-A hosting Database services which is peered with several app VNets. There is a new requirement to add another CIDR to VNet-A. How can you prevent a database connectivity outage for all the peered VNets while performing this task?

ACE Inc. has been using a 10 Gbps ExpressRoute connection into Microsoft Azure. Security and compliance team has recently flagged this as a policy violation as company data is going unencrypted over untrusted transport. What are the encryption options available to ACE Inc. for connecting to Azure?

(Choose 2)

What is/are the protocol(s) supported by Aviatrix Site2Cloud (S2C) Gateway?

What are the connectivity options for customers to access Azure?

The IPSec tunnels terminating at AWS TGW/VGW, Azure VPN GW, and other native VPN options in the public clouds, support interconnecting netwoks with overlapping IP ranges

ACE Inc. had been using a standard marketplace router as an NVA (Network Virtual Appliance) in the hub Virtual Network (VNet) for spoke to spoke communication. The NVA has just been replaced by Azure Firewall.

Now the security operations team is reporting that traffic between Virtual Machines in the same VNet is working however any inter-VNet traffic is being dropped by the NSGs (Network Security Groups)  at destination. What could be a possible reason?

Few key differences between Aviatrix based transit and other non-Aviatrix 3rd party transit (such as Cisco CSR) are: (Choose 2)

ACE Inc. is currently using AWS Transit Gateway (TGW) with 100 VPCs attached to it from different security domains.

These 100 VPCs are used as following:

20 VPCs belong to Production,

40 VPCs belong to Development,

20 are part of UAT and

20 VPCs are for shared services and miscellanous common needs.

ACE Inc. requirements are to:

provide network and traffic segmentation between Prod, Development, UAT VPCs such that there is no traffic between VPCs belonging to different domains

allow all VPCs in each domain to communicate with each other

allow every VPC access to shared services VPCs

Which Aviatrix feature would help to not only provide this segmentation but also decrease the complexity of this topology and routing configuration by orchestrating life-cycle management of AWS Transit Gateways?

(Choose 2)

As a Cloud Networking Consultant, you are reviewing a Microsoft Azure Virtual WAN network design that will be used to connect several VNets, branches, users and a Data Center (using ExpressRoute). What are some known challenges with this design pattern?

(Choose 3)

AWS Global Accelerator is a service which allows a direct connectivity between AWS DirectConnect and Azure ExpressRoute

Which elements are traversed on the path of a packet from the VM to the Internet in AWS (select the right order)

In order for a customer to leverage Aviaitrix Firenet to orchestrate the deployment and insertion of NGFWs, customers must leverage Aviatrix gateways in the spokes VPC/VNETs in order to program the necessary routing to insert the firewall into the traffic flow?

The feature in Aviatrix Controller that allows customers to see path between two instances/AMI/EC2/VM (including, but not limited to Security Groups, ACLs, Routes, etc.) is called:

Operations team has noticed that during the peak working hours, Aviatrix Gateway’s throughput utilization stays around 80% of the current instance size. A decision has been made to scale up the instance size to provide more throughput. Which below statement accurately describes instance sizing of Aviatrix Gateways?

Aviatrix platform has several operational features and capabilities built-in to help network engineers perform day to day operational tasks.

Below, match the Aviatrix platform feature with the operational problem it addresses.

Which networking entity in the cloud infrastructure allows operators to run commands to see BGP state, route tables, diagnostic, logs etc.

What is an Availability Zone?

What is a challenge of using ExpressRoute Edge Routers as transit to interconnect VNets in Azure?

Aviatrix Controller provides a VPC Creator tool that allows customers to create VPC, VNETs across multiple clouds like AWS, GCP, Azure and OCI from single pane of glass.

14 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here