Aviatrix ACE Exam Practice Test Instant Access

Question 1

When AWS Direct Connect, Azure ExpressRoute, Google Interconnect and OCI FastConnect are encrypted without using Aviatrix High Performance Encryption, the effective throughput is reduced to____. SELECT THE

CORRECT ANSWER

A1.25 Gbps

B10.25 Gbps

C5.25 Gbps

D525 Mbps

Answer : A

To encrypt this connection, users have the option to create an IPSec Tunnel which limits the throughput to only 1.25Gbps. Standard IPSec encryption in the cloud, or from your data center to the cloud, is limited by a single core processing to 1.25 Gbps.

High Performance Encryption with InsaneMode - Aviatrix Insane mode is integrated into the Transit Network solution to provide 10Gbps performance between on-prem and Transit VPC with encryption. For VPC to VPC, Insane mode can achieve 25 - 30Gbps.

Question 2

ACE Inc. is currently using AWS Transit Gateway (TGW) with 100 VPCs attached to it from different security domains.

These 100 VPCs are used as following:

* 20 VPCs belong to Production,

* 40 VPCs belong to Development,

* 20 are part of UAT and

* 20 VPCs are for shared services and miscellanous common needs.

ACE Inc. requirements are to:

* provide network and traffic segmentation between Prod, Development, UAT VPCs such that there is no traffic between VPCs belonging to different domains

* allow all VPCs in each domain to communicate with each other

* allow every VPC access to shared services VPCs

Which Aviatrix feature would help to not only provide this segmentation but also decrease the complexity of this topology and routing configuration by orchestrating life-cycle management of AWS Transit Gateways?

(Choose 2)

AAviatrix AWS-TGW Encrypted Peering

BAviatrix TGW Orchestrator

CAviatrix Security Domain

DAviatrix Slte-io-Cloud (S2C)

Answer : B, C

A Security Domain is an enforced network of member VPCs attached to the same route table. Member VPCs

have connectivity to each other. VPCs outside of the domain cannot connect. A Security Domain is an

instantiation of the AWS Transit Gateway (TGW) Route Domain concept. This enables VPC segmentation

through AWS Transit Gateway (TGW). For example, you can have ''dev'', ''prod'' and ''test'' security domains toisolate your development, production and test environments in your AWS cloud. In this scenario, the VPCs in dev security domain cannot talk to VPCs in prod and test security domains. A security domain can have one or more spoke VPCs as its members. VPCs within a security domain can communicate to each other via AWS Transit

Gateway (TGW).

we can leverage domains with the AWS Transit Gateway to segment and secure your network.

The AWS Transit Gateway (TGW) Orchestrator is a feature in Aviatrix Controller. It provides a point-andclick workflow to build a transit network and manages all network routing updates.

Aviatrix orchestrator (available in the AVX Controller) simplifies and extends the AWS Transit Gateway (TGW)

by using dynamic route propagation, policy abstraction and simplifying operations through a single pane of glass.

Question 3

Aviatrix Controller allows customers to export Netflow data from all or select Aviatrix Gateways to any Netflow collector on a custom port.

AFalse

BTrue

Answer : B

Aviatrix Controller can allows customers to export Netflow data from all or select Aviatrix Gateways to

any Netflow collector on a custom port (your designated service point) by enablingusing NetFlow Agent .

Read Following Link for detailed Tutorial Steps. [Netflow

Integration](https://docs.aviatrix.com/HowTos/netflow.html)

Aviatrix Controller and gateways can forward Netflow logs to your designated service point.

Aviatrix Gateways generate and export information about network traffic. Flows come directly from

Gateways to CoPilot.

The flows are sent from the Aviatrix gateways directly to CoPilot's instance.

https://docs.aviatrix.com/HowTos/copilot_faq.html

Link (Netflow Integration): https://docs.aviatrix.com/HowTos/netflow.html

Question 4

You can peer AWS TGWS within a Region

AFalse

BTrue

Answer : A

You can peer two transit gateways and route traffic between them, which includes IPv4 and IPv6 traffic. To do this, create a peering attachment on your transit gateway, and specify a transit gateway in another AWS Region. The peer transit gateway can be in your account or a different AWS account.

Question 5

As a Cloud Networking Consultant, you are reviewing a Microsoft Azure network design that will be using Microsoft Azure ExpressRoute Edge routers as transit for inter-VNet communication. What are some known challenges with this design pattern?

AMultiple customers using same edge router may create noisy neighbor issues

BLack of visibility into traffic at the edge routers

CNo granular control to be able to route VNets selectively

DAll of the above

Answer : D

Question 6

Which Aviatrix solution lets customers connect and manage their branch Cisco ISR routers to AWS or Azure without requiring any manual effort on branch routers or replacement of equipment?

AHigh Performance Encryption (Insane Mode)

BFlightPath

CDirect Connect

DCloudWAN

Answer : D

CloudWAN provides centralized, simple, cloud-based, automated reconfiguration of existing IOS

branch routers to securely connect directly to the optimal cloud access point.

CloudWAN Automates reconfiguration of Cisco IOS branch routers from the cloud. Orchestrates connectivity

directly to Aviatrix AVX Service Gateways, AWS Transit Gateways, or Azure Virtual WANs

Question 7

As a Cloud Networking Consultant, you are reviewing a Microsoft Azure Virtual WAN network design that will be used to connect several VNets, branches, users and a Data Center (using ExpressRoute). What are some known challenges with this design pattern? (Choose 3)

ANo support for multi-cloud

BLack of encryption within the cloud

CInability to selectively advertise routes

DNo support for BGP

ENo support for VPN Users

FInability to have default any to any connectivity

Answer : A, B, C

Aviatrix Certified Engineer (ACE) Program ACE Exam Practice Test