Aviatrix ACE Exam Practice Test Instant Access

Question 1

ACE Inc. has been using a 10 Gbps ExpressRoute connection into Microsoft Azure. Security and compliance team has recently flagged this as a policy violation as company data is going unencrypted over untrusted transport. What are the encryption options available to ACE Inc. for connecting to Azure? (Choose 2)

AData over ExpressRoute is encrypted by default

BYou can open a support ticket with Microsoft Azure to encrypt at 10 Gbps

CUse Aviatrix High Performance Encryption over ExpressRoute to encrypt at 10 Gbps line rate

DManually build IPSec tunnel from on-prem router to cloud over ExpressRoute to achieve a reduced thruput of 1.2 Gbps

Answer : C, D

If your enterprise security policy requires encryption for data in motion, Aviatrix InsaneMode

encryption provides the best and most efficient single instance encryption performance.

IPsec (Internet Protocol Security) is a suite of protocols that secure network communication across IP

networks. It provides security services for IP network traffic such as encrypting sensitive data,

authentication, protection against replay and data confidentiality.

Question 2

As per the cloud architecture best practices guidelines in Multi-Cloud Network Architecture (MCNA), which component provides a consistent transit available in all regions across all public cloud providers.

ACloud Operations Layer

BGlobal Transit Layer

CCloud Applications Layer

DCloud Security Layer

Answer : B

Aviatrix software enables enterprise IT to easily deploy a high-availability, multi-cloud

network data plane with end-to-end encryption, high-performance encryption, multi-cloud security

domains, and operational telemetry operations teams need. This is the main point of connection for every

aspect of the cloud. This global transit layer also has the notion of inserting services in its platform, which

is done through the service insertion framework.

Question 3

You can peer AWS TGWs within a Region

SELECT THE CORRECT ANSWER

AFalse

BTrue

Answer : A

Question 4

What is an Availability Zone?

Select THE CORRECT ANSWERS

AA technology developed for Multi Cloud for automatic moving of resources between DC and Cloud regions..

BA zone provided by Cloud Service Providers (CSP) that is available to multiple regions across the globe to de... availability needs

CGrouping of many on-prem data centers within a geographic area to provide regional service availability

DDistinct location within cloud provider's network that is engineered to be Isolated from failures of other such ...

Answer : D

Question 5

AWS Security Group, Azure Network Security Group, GCP Firewall Service, by default support FQDN based firewall rules (e.g. www.yahoo.com) as a destination in their configuration, to allow/block traffic to the specified domain.

GCP Firewall Service, others not AWS Security Group does, others not

ATrue

BFalse

Answer : A

FQDN -- Fully Qualified Domain Name.

Azure Firewall Applicaon Rule: Configure fully qualified domain names (FQDNs) that can be accessed from a subnet. In Azure, You can limit outbound HTTP/S traffic to a specified list of fully qualified domain names (FQDN) including wild cards.

AWS - You can use a third-party solution to implement highly available, secure FQDN Egress Filtering

service.

Question 6

Choose the two best statements that describe challenges of deploying a NextGen Firewall (NGFW) in public cloud. (Choose 2)

AReduced visibility due to NAT

BFirewalls can only be deployed in Active/Standby

CReduced firewall feature availability

DReduced effective throughput of the NGFW

EFirewalls can only be deployed in Active/Active

Answer : A, C

The Aviatrix Next Generation Transit Network is built upon the AWS Transit Gateway to provide

better security, scalability and functional capabilities that are important for dynamic AWS implementations.

Aviatrix was a launch partner of the AWS Transit Gateway (TGW). The Aviatrix advanced features were built in

collaboration with the AWS product team.

Visibility: Aviatrix is the go-to partner for AWS when it comes to networking and routing. With the introduction

of the AWS TGW, Aviatrix has built robust visualization tools that lets you plan and implement connection

architectures that span Accounts, Regions and Clouds.

Question 7

ACE Inc. is currently using AWS Transit Gateway (TGW) with 100 VPCs attached to it from different security domains.

These 100 VPCs are used as following:

* 20 VPCs belong to Production,

* 40 VPCs belong to Development,

* 20 are part of UAT and

* 20 VPCs are for shared services and miscellanous common needs.

ACE Inc. requirements are to:

* provide network and traffic segmentation between Prod, Development, UAT VPCs such that there is no traffic between VPCs belonging to different domains

* allow all VPCs in each domain to communicate with each other

* allow every VPC access to shared services VPCs

Which Aviatrix feature would help to not only provide this segmentation but also decrease the complexity of this topology and routing configuration by orchestrating life-cycle management of AWS Transit Gateways?

(Choose 2)

AAviatrix AWS-TGW Encrypted Peering

BAviatrix TGW Orchestrator

CAviatrix Security Domain

DAviatrix Slte-io-Cloud (S2C)

Answer : B, C

A Security Domain is an enforced network of member VPCs attached to the same route table. Member VPCs

have connectivity to each other. VPCs outside of the domain cannot connect. A Security Domain is an

instantiation of the AWS Transit Gateway (TGW) Route Domain concept. This enables VPC segmentation

through AWS Transit Gateway (TGW). For example, you can have ''dev'', ''prod'' and ''test'' security domains toisolate your development, production and test environments in your AWS cloud. In this scenario, the VPCs in dev security domain cannot talk to VPCs in prod and test security domains. A security domain can have one or more spoke VPCs as its members. VPCs within a security domain can communicate to each other via AWS Transit

Gateway (TGW).

we can leverage domains with the AWS Transit Gateway to segment and secure your network.

The AWS Transit Gateway (TGW) Orchestrator is a feature in Aviatrix Controller. It provides a point-andclick workflow to build a transit network and manages all network routing updates.

Aviatrix orchestrator (available in the AVX Controller) simplifies and extends the AWS Transit Gateway (TGW)

by using dynamic route propagation, policy abstraction and simplifying operations through a single pane of glass.

Aviatrix ACE Aviatrix Certified Engineer (ACE) Program Exam Practice Test