Aviatrix Certified Engineer (ACE) Program ACE Exam Questions

Page: 1 / 14
Total 72 questions
Question 1

Where is the 'center of gravity' in the new computing model?



Answer : A


Question 2

As per the cloud architecture best practices guidelines in Multi-Cloud Network Architecture (MCNA), which component provides a consistent transit available in all regions across all public cloud providers.



Answer : B

Aviatrix software enables enterprise IT to easily deploy a high-availability, multi-cloud

network data plane with end-to-end encryption, high-performance encryption, multi-cloud security

domains, and operational telemetry operations teams need. This is the main point of connection for every

aspect of the cloud. This global transit layer also has the notion of inserting services in its platform, which

is done through the service insertion framework.


Question 3

in an Azure setup where all VNETs are directly peered (full-mesh) using VNET Peering

SELECT THE CORRECT ANSWERS



Answer : B, D


Question 4

What is a challenge of using ExpressRoute Edge Routers as transit to interconnect VNets in Azure?



Answer : D


Question 5

You can peer AWS TGWS within a Region



Answer : A

You can peer two transit gateways and route traffic between them, which includes IPv4 and IPv6 traffic. To do this, create a peering attachment on your transit gateway, and specify a transit gateway in another AWS Region. The peer transit gateway can be in your account or a different AWS account.


Question 6

Operations team has noticed that during the peak working hours, Aviatrix Gateway's throughput utilization stays around 80% of the current instance size. A decision has been made to scale up the instance size to provide more throughput. Which below statement accurately describes instance sizing of Aviatrix Gateways?



Answer : D

Aviatrix Gateways can scale up and down both.


Question 7

ACE Inc. had been using a standard marketplace router as an NVA (Network Virtual Appliance) in the hub Virtual Network (VNet) for spoke to spoke communication. The NVA has just been replaced by Azure Firewall.

Now the security operations team is reporting that traffic between Virtual Machines in the same VNet is working however any inter-VNet traffic is being dropped by the NSGs (Network Security Groups) at destination.

What could be a possible reason?



Answer : C

Azure Firewall provides automatic SNAT for all outbound traffic to public IP addresses. By default, Azure Firewall doesn't SNAT with Network rules when the destination IP address is in a private IP address range per IANA RFC 1918. Application rules are always applied using a transparent proxy regardless of the destination IP address.

This logic works well when you route traffic directly to the Internet. However, if you've enabled forced tunneling, Internet-bound traffic is SNATed to one of the firewall private IP addresses in

AzureFirewallSubnet, hiding the source from your on-premises firewall.

If your organization uses a public IP address range for private networks, Azure Firewall SNATs the traffic to one of the firewall private IP addresses in AzureFirewallSubnet. However, you can configure Azure Firewall to not SNAT your public IP address range.

To configure Azure Firewall to never SNAT regardless of the destination IP address, use 0.0.0.0/0 as your private IP address range. With this configuration, Azure Firewall can never route traffic directly to theInternet. To configure the firewall to always SNAT regardless of the destination address, use 255.255.255.255/32 as your private IP address range.


Page:    1 / 14   
Total 72 questions