Aviatrix Certified Engineer (ACE) Program Exam Practice Test

Page: 1 / 14
Total 72 questions
Question 1

Azure supports Availability Zones in all its regions.



Answer : B

Azure does not supports Availability Zones in all its regions.

There are two types of regions in Azure

1. Recommended Region : A region that provides the broadest range of service capabilities and is

designed to support Availability Zones now, or in the future. These are designated in the Azure portal

as Recommended.

2. Alternate (other) Region: A region that extends Azure's footprint within a data residency boundary

where a recommended region also exists. Alternate regions help to optimize latency and provide a

second region for disaster recovery needs. They are not designed to support Availability Zones

(although Azure conducts regular assessment of these regions to determine if they should become

recommended regions). These are designated in the Azure portal as Other.


Question 2

AWS Global Accelerator is a service which allows a direct connectivity between AWS DirectConnect and Azure ExpressRoute.



Answer : B

AWS Global Accelerator is a service that improves the availability and performance of your applications with local or global users. It provides static IP addresses that act as a fixed entry point to your application endpoints in a single or multiple AWS Regions, such as your Application Load Balancers, Network Load Balancers or Amazon EC2 instances.


Question 3

Statefull Firewall rule:



Answer : C

Aviatrix stateful firewall is feature on the Aviatrix gateway. It is a L4 stateful firewall that filters network CIDR, protocol and port on the packet forwarding path.

The stateful firewall allows each individual rule to be defined as Allow, Deny and Force Drop, in addition to a base rule.


Question 4

Azure Firewall is cost effective.



Answer : A

(Azure Firewall is cost effective.)

Azure Firewall pricing includes a fixed hourly cost ($1.25/firewall/hour) and a variable per GB processed

cost to support auto scaling. Based on our observation, most customers save 30 percent -- 50 percent in

comparison to an NVA deployment model. We are announcing a price reduction, effective May 1, 2019,

for the firewall per GB cost to $0.016/GB (-46.6 percent) to ensure that high throughput customers

maintain cost effectiveness. There is no change to the fixed hourly cost.


Question 5

You must create one of the following virtual interfaces to begin using your AWS Direct Connect connection.

1. Private virtual interface

2. Public virtual interface

3. Transit virtual interface



Answer : A

(AWS Direct Connect virtual interfaces) You must create one of the following virtual interfaces to begin using your AWS Direct Connect connection. Private virtual interface: A private virtual interface should be used to access an Amazon VPC using private IP addresses. Public virtual interface: A public virtual interface can access all AWS public services using public IP addresses. Transit virtual interface: A transit virtual interface should be used to access one or more Amazon VPC Transit Gateways associated with Direct Connect gateways. You can use transit virtual interfaces with 1/2/5/10 Gbps AWS Direct Connect connections. For information about Direct Connect gateway configurations, see Direct Connect gateways.


Question 6

Aviatrix platform has several operational features and capabilities built-in to help network engineers perform day to day operational tasks.

Below, match the Aviatrix platform feature with the operational problem it addresses.



Answer : A, B, C, D


Question 7

In order for a customer to leverage Aviatrix Firenet to orchestrate the deployment and insertion of NGFWs, customers must leverage Aviatrix gateways in the spokes VPC/VNETs in order to program the necessary routing to insert the firewall into the traffic flow?



Answer : A

FireNet is a solution for integrating firewalls in the AWS TGW deployment.

Aer creang Firewall Domain we have to launch Aviatrix FireNet Gateway.

This step leverages the Transit Network workflow to launch one Aviatrix gateway for FireNet deployment.

If you have HA enabled, it automatically sets up the HA gateway for FireNet deployment.

Specify Security Domain for Firewall Inspecon - if you wish to inspect traffic between on-prem to VPC,

connect Aviatrix Edge Domain to the Firewall Domain. This means on-prem traffic to any Spoke VPC is

routed to the firewall first and then it is forwarded to the destination Spoke VPC. Conversely, any Spoke

VPC traffic destined to on-prem is routed to the firewall first and then forwarded to on-prem.


Page:    1 / 14   
Total 72 questions