Aviatrix ACE Exam Questions Instant Access

Question 1

Which Aviatrix solution lets customers connect and manage their branch Cisco ISR routers to AWS or Azure without requiring any manual effort on branch routers or replacement of equipment?

AHigh Performance Encryption (Insane Mode)

BFlightPath

CDirect Connect

DCloudWAN

Answer : D

CloudWAN provides centralized, simple, cloud-based, automated reconfiguration of existing IOS

branch routers to securely connect directly to the optimal cloud access point.

CloudWAN Automates reconfiguration of Cisco IOS branch routers from the cloud. Orchestrates connectivity

directly to Aviatrix AVX Service Gateways, AWS Transit Gateways, or Azure Virtual WANs

Question 2

ACE Inc. is currently using AWS Transit Gateway (TGW) with 100 VPCs attached to it from different security domains.

These 100 VPCs are used as following:

* 20 VPCs belong to Production,

* 40 VPCs belong to Development,

* 20 are part of UAT and

* 20 VPCs are for shared services and miscellanous common needs.

ACE Inc. requirements are to:

* provide network and traffic segmentation between Prod, Development, UAT VPCs such that there is no traffic between VPCs belonging to different domains

* allow all VPCs in each domain to communicate with each other

* allow every VPC access to shared services VPCs

Which Aviatrix feature would help to not only provide this segmentation but also decrease the complexity of this topology and routing configuration by orchestrating life-cycle management of AWS Transit Gateways?

(Choose 2)

AAviatrix AWS-TGW Encrypted Peering

BAviatrix TGW Orchestrator

CAviatrix Security Domain

DAviatrix Slte-io-Cloud (S2C)

Answer : B, C

A Security Domain is an enforced network of member VPCs attached to the same route table. Member VPCs

have connectivity to each other. VPCs outside of the domain cannot connect. A Security Domain is an

instantiation of the AWS Transit Gateway (TGW) Route Domain concept. This enables VPC segmentation

through AWS Transit Gateway (TGW). For example, you can have ''dev'', ''prod'' and ''test'' security domains toisolate your development, production and test environments in your AWS cloud. In this scenario, the VPCs in dev security domain cannot talk to VPCs in prod and test security domains. A security domain can have one or more spoke VPCs as its members. VPCs within a security domain can communicate to each other via AWS Transit

Gateway (TGW).

we can leverage domains with the AWS Transit Gateway to segment and secure your network.

The AWS Transit Gateway (TGW) Orchestrator is a feature in Aviatrix Controller. It provides a point-andclick workflow to build a transit network and manages all network routing updates.

Aviatrix orchestrator (available in the AVX Controller) simplifies and extends the AWS Transit Gateway (TGW)

by using dynamic route propagation, policy abstraction and simplifying operations through a single pane of glass.

Question 3

You can peer AWS TGWS within a Region

AFalse

BTrue

Answer : A

You can peer two transit gateways and route traffic between them, which includes IPv4 and IPv6 traffic. To do this, create a peering attachment on your transit gateway, and specify a transit gateway in another AWS Region. The peer transit gateway can be in your account or a different AWS account.

Question 4

Choose two statements that best describe Aviatrix UserVPN/OpenVPN service?

ARequires AWS NAT Gateway

BIs limited to one Gateway per VPC/VNET

CCan integrate with DUO for MFA

DCan integrate with Active Directory

Answer : A, C

NAT capability supported on the gateway - An Aviatrix OpenVPN gateway performs a NAT function for

the user's VPN traffic, effectively masking out the VPN client's virtual IP address assigned by gateway from

the VPN CIDR Block. but here specifically AWS NAT Gateway is asked.

An Aviatrix OpenVPN is DUO multi-factor authentication supported.

LDAP/AD Integration Authenticates VPN user from Aviatrix gateways in addition to VPN certificate

authentication.

Question 5

ACE Inc. has 50 VPCs in AWS with applications that need access to SaaS services on the internet using pre-defined.

FQDNs. Current deployment has AWS NAT instances deployed that allow full internet access.

ACE Inc.'s security team has mandated that these applications should only be allowed access to pre-approved FQDNs.

You have been tasked to solve this problem considering the following three goals.

1. Solution must be easy to implement

2. Same URLs definitions can be used for multiple applications

3. Keep the cost down

ADeploy a WAF solution

BDeploy a NGFW firewall In each VPC

CDeploy Aviatrix Gateways to perform FQDN filtering

DConfigure NAT policies on the AWS NAT instance

Answer : C

Question 6

As a Cloud Networking Consultant, you are reviewing a Microsoft Azure Virtual WAN network design that will be used to connect several VNets, branches, users and a Data Center (using ExpressRoute). What are some known challenges with this design pattern? (Choose 3)

ANo support for multi-cloud

BLack of encryption within the cloud

CInability to selectively advertise routes

DNo support for BGP

ENo support for VPN Users

FInability to have default any to any connectivity

Answer : A, B, C

Question 7

Choose the best definition for Firewall Network (FireNet)?

AAviatrix turn key solution to scalably deploy firewall instances in the cloud

BAzure functionality to deploy 3rd party firewalls in a VPC

CAWS functionality to deploy 3rd party firewalls in a VPC

DGCP functionality to deploy 3rd party firewalls in a VPC

Answer : A

Firewall Network (FireNet) Workflow Aviatrix Firewall Network (FireNet) is a turn key network solution to deploy firewall instances in the cloud.

FireNet is a solution for integrating firewalls in the AWS TGW deployment.

Aviatrix Certified Engineer (ACE) Program ACE Exam Questions