Aviatrix ACE Exam Questions Instant Access

Question 1

In order for a customer to leverage Aviatrix Firenet to orchestrate the deployment and insertion of NGFWs, customers must leverage Aviatrix gateways in the spokes VPC/VNETs in order to program the necessary routing to insert the firewall into the traffic flow?

AFalse

BTrue

Answer : A

FireNet is a solution for integrating firewalls in the AWS TGW deployment.

Aer creang Firewall Domain we have to launch Aviatrix FireNet Gateway.

This step leverages the Transit Network workflow to launch one Aviatrix gateway for FireNet deployment.

If you have HA enabled, it automatically sets up the HA gateway for FireNet deployment.

Specify Security Domain for Firewall Inspecon - if you wish to inspect traffic between on-prem to VPC,

connect Aviatrix Edge Domain to the Firewall Domain. This means on-prem traffic to any Spoke VPC is

routed to the firewall first and then it is forwarded to the destination Spoke VPC. Conversely, any Spoke

VPC traffic destined to on-prem is routed to the firewall first and then forwarded to on-prem.

Question 2

One difference between Microsoft ExpressRoute circuits as compared to other cloud provide.... options, is that ExpressRoute is always provisioned as a redundant pair with two physical Microsoft Enterprise Edge Routers (MSEE)?

SELECT THE CORRECT ANSWER

AFalse

BTrue

Answer : B

Each Express Route connection includes two Microsoft Enterprise Edge and two-router

connections in between the connectivity provider and the local network perimeter. Microsoft ensures

there's a BGP connection between the connectivity and the edge of the on-premise network one each

allocated for the MSEE router. For the validation of the SLA, there must be a redundant layer 3

configured.

Question 3

Aviatrix platform has several operational features and capabilities built-in to help network engineers perform day to day operational tasks.

Below, match the Aviatrix platform feature with the operational problem it addresses.

APacket Capture - Ability to take live packet capture at any spoke VPC/VNet/VNC and also display it at Wireshark.

BPing and Traceroute - Ability to run basic troubleshooting tools from simplified UI.

CExport to Terraform - A feature that allows users to export their current controller configurations (resources) into Terraform files (.tf) and import them into their Terraform environmrnts, facilitating an easy transition to using Terraform to manage their infrastructure.

DVPC Tracker - A tool that collects and helps you manage your network CIDR ranges at a central place, eliminating the need to keep an Excel sheet on all your VPC network addresses allocations.

Answer : A, B, C, D

Question 4

The IPSec tunnels terminating at AWS TGW/VGW, Azure VPN GW, and other native VPN support interconnecting networks with overlapping IP ranges

SELECT THE CORRECT ANSWER

AFalse

BTrue

Answer : A

Question 5

ACE Inc. has been using a 10 Gbps ExpressRoute connection into Microsoft Azure. Security and compliance team has recently flagged this as a policy violation as company data is going unencrypted over untrusted transport. What are the encryption options available to ACE Inc. for connecting to Azure? (Choose 2)

AData over ExpressRoute is encrypted by default

BYou can open a support ticket with Microsoft Azure to encrypt at 10 Gbps

CUse Aviatrix High Performance Encryption over ExpressRoute to encrypt at 10 Gbps line rate

DManually build IPSec tunnel from on-prem router to cloud over ExpressRoute to achieve a reduced thruput of 1.2 Gbps

Answer : C, D

If your enterprise security policy requires encryption for data in motion, Aviatrix InsaneMode

encryption provides the best and most efficient single instance encryption performance.

IPsec (Internet Protocol Security) is a suite of protocols that secure network communication across IP

networks. It provides security services for IP network traffic such as encrypting sensitive data,

authentication, protection against replay and data confidentiality.

Question 6

Using AWS Terraform provider, a customer created an AWS Transit Gateway with 50 VPCs attached to it. After attaching the VPCs and spinning up some EC2 instances in them, none of the instances can communicate with each other. What should be done to resolve the issue?

AThere must be security group rules blocking traffic as AWS auto configures VPC routing tables

BConfigure BGP communities in VPC such that all VPCs that need to communicate with eachother have same community defined

CCreate routing tables in each VPC, add CIDR for all the other VPCs in the routing table pointing to AWS Transit Gateway

DThere must be security group rules blocking traffic as BGP in VPC auto configures VPC routing tables

Answer : A

Question 7

Aviatrix Gateways support NAT capability in which public cloud?

AAWS

BAll the the Public Cloud listed here in the options

CGoogle Cloud

DMicrosoft Azure

Answer : B

Aviatrix Certified Engineer (ACE) Program ACE Exam Questions