Aviatrix ACE Exam Practice Test Instant Access

Question 1

Azure supports Availability Zones in all its regions.

ATrue

BFalse

Answer : B

Azure does not supports Availability Zones in all its regions.

There are two types of regions in Azure

1. Recommended Region : A region that provides the broadest range of service capabilities and is

designed to support Availability Zones now, or in the future. These are designated in the Azure portal

as Recommended.

2. Alternate (other) Region: A region that extends Azure's footprint within a data residency boundary

where a recommended region also exists. Alternate regions help to optimize latency and provide a

second region for disaster recovery needs. They are not designed to support Availability Zones

(although Azure conducts regular assessment of these regions to determine if they should become

recommended regions). These are designated in the Azure portal as Other.

Question 2

AWS Global Accelerator is a service which allows a direct connectivity between AWS DirectConnect and Azure ExpressRoute.

ATrue

BFalse

Answer : B

AWS Global Accelerator is a service that improves the availability and performance of your applications with local or global users. It provides static IP addresses that act as a fixed entry point to your application endpoints in a single or multiple AWS Regions, such as your Application Load Balancers, Network Load Balancers or Amazon EC2 instances.

Question 3

Statefull Firewall rule:

AIs another name for Azure Active Directory Firewall

BRequires explicit rule for the return traffic

CAllows the return traffic implicitly

DAlone can easily satisfy the enterprise security needs

Answer : C

Aviatrix stateful firewall is feature on the Aviatrix gateway. It is a L4 stateful firewall that filters network CIDR, protocol and port on the packet forwarding path.

The stateful firewall allows each individual rule to be defined as Allow, Deny and Force Drop, in addition to a base rule.

Question 4

Azure Firewall is cost effective.

ATrue

BFalse

Answer : A

(Azure Firewall is cost effective.)

Azure Firewall pricing includes a fixed hourly cost ($1.25/firewall/hour) and a variable per GB processed

cost to support auto scaling. Based on our observation, most customers save 30 percent -- 50 percent in

comparison to an NVA deployment model. We are announcing a price reduction, effective May 1, 2019,

for the firewall per GB cost to $0.016/GB (-46.6 percent) to ensure that high throughput customers

maintain cost effectiveness. There is no change to the fixed hourly cost.

Question 5

You must create one of the following virtual interfaces to begin using your AWS Direct Connect connection.

1. Private virtual interface

2. Public virtual interface

3. Transit virtual interface

ATrue

BFalse

Answer : A

(AWS Direct Connect virtual interfaces) You must create one of the following virtual interfaces to begin using your AWS Direct Connect connection. Private virtual interface: A private virtual interface should be used to access an Amazon VPC using private IP addresses. Public virtual interface: A public virtual interface can access all AWS public services using public IP addresses. Transit virtual interface: A transit virtual interface should be used to access one or more Amazon VPC Transit Gateways associated with Direct Connect gateways. You can use transit virtual interfaces with 1/2/5/10 Gbps AWS Direct Connect connections. For information about Direct Connect gateway configurations, see Direct Connect gateways.

Question 6

Aviatrix platform has several operational features and capabilities built-in to help network engineers perform day to day operational tasks.

Below, match the Aviatrix platform feature with the operational problem it addresses.

APacket Capture - Ability to take live packet capture at any spoke VPC/VNet/VNC and also display it at Wireshark.

BPing and Traceroute - Ability to run basic troubleshooting tools from simplified UI.

CExport to Terraform - A feature that allows users to export their current controller configurations (resources) into Terraform files (.tf) and import them into their Terraform environmrnts, facilitating an easy transition to using Terraform to manage their infrastructure.

DVPC Tracker - A tool that collects and helps you manage your network CIDR ranges at a central place, eliminating the need to keep an Excel sheet on all your VPC network addresses allocations.

Answer : A, B, C, D

Question 7

In order for a customer to leverage Aviatrix Firenet to orchestrate the deployment and insertion of NGFWs, customers must leverage Aviatrix gateways in the spokes VPC/VNETs in order to program the necessary routing to insert the firewall into the traffic flow?

AFalse

BTrue

Answer : A

FireNet is a solution for integrating firewalls in the AWS TGW deployment.

Aer creang Firewall Domain we have to launch Aviatrix FireNet Gateway.

This step leverages the Transit Network workflow to launch one Aviatrix gateway for FireNet deployment.

If you have HA enabled, it automatically sets up the HA gateway for FireNet deployment.

Specify Security Domain for Firewall Inspecon - if you wish to inspect traffic between on-prem to VPC,

connect Aviatrix Edge Domain to the Firewall Domain. This means on-prem traffic to any Spoke VPC is

routed to the firewall first and then it is forwarded to the destination Spoke VPC. Conversely, any Spoke

VPC traffic destined to on-prem is routed to the firewall first and then forwarded to on-prem.

Aviatrix Certified Engineer (ACE) Program Exam Practice Test