Thursday, October 26, 2023

2023 – 2024 Aviatrix Certified Engineer – Multi-Cloud Network Associate Course Answers

2023 – 2024 Aviatrix Certified Engineer – Multi-Cloud Network Associate Course Answers

Sites for Free Certified Training 2022-2023

1. Where is the ‘center of gravity’ in the new computing model?

  1. Public Cloud
  2. Private Cloud
  3. On Prem
  4. Provider

2. What caused a large push to the public cloud?

  1. IT Security pushed it
  2. Speed of Deployment
  3. Lack of on-prem knowledge
  4. Compliance reasons

3. As applications move to the cloud, their proximity to the Internet is:

  1. closer
  2. farther away
  3. exactly the same

4. What are common challenges in the cloud?

  1. Lack of reference architecture
  2. Lack of visibility and troubleshooting
  3. Multi-Cloud Support
  4. All of the above

5. How does Aviatrix help customers in public clouds?

  1. Provides building blocks for AWS networking
  2. Aviatrix is a visibility tool inside cloud networks
  3. Aviatrix is a multi-cloud platform that brings a consistent architecture with Day 2 Operations and Visibility
  4. Aviatrix is an on-prem solution for networking and security

6. Which group led the initial charge in the cloud?

  1. DevOps
  2. IT
  3. Security
  4. System Admistrators

7. True or false: When things break, DevOps teams can troubleshoot their own network connectivity without needing networking teams for support.

  1. True
  2. False

8. Which unique challenge does a network engineer face in the cloud that isn’t present on-perm?

  1. Routing
  2. Firewalling
  3. Accounts/Subscriptions
  4. Securtiy

9. When organizations build in the cloud, the providers typically follow what model:

  1. Build it yourself – we provide the pieces
  2. Plenty of reference architectures to choose from
  3. Providers will design an architecture for you
  4. None of the above

10. True or false: Cloud providers can easily help customers in multi-cloud deployments.

  1. True
  2. False

Public Cloud Networking

Networking Principles In The Cloud Quiz Answers

1. What is the definition of a PaaS Service?

  1. You as the customer own the entire stack
  2. You as the customer manage just the application and data
  3. You as the customer just consume the service
  4. None of the above

2. What is a hybrid cloud?

  1. Multi-tenant cloud service provided by Microsoft, Amazon, etc.
  2. Single-tenant cloud service hosted by you the customer
  3. A combination of Public and Private Cloud
  4. any virtualized compute provider

3. Which is NOT a valid component of the cloud?

  1. Datacenter
  2. Region
  3. Geographical Zone
  4. Availability Zone

4. Is Availability Zone 1A the same for every customer in cloud environments?

  1. Yes
  2. No

5. True or false: We have an architectural gap in cloud today because there is no consistent framework for network and security across clouds.

  1. True
  2. False

6. The On-Prem world is most similar to which type of service:

  1. SaaS
  2. IaaS
  3. PaaS
  4. CSP

7. Office365 is an example of which service:

  1. IaaS
  2. PaaS
  3. SaaS
  4. None of the above

8. True or false: A region is the same thing as a data center for cloud providers.

  1. True
  2. False

9. True or false: When a cloud provider deploys a region, there are always multiple availability zones present.

  1. True
  2. False

10. One advantage of availability zones includes:

  1. Resources across AZs can survive a regional outage
  2. Resources across AZs can survive a global outage
  3. Resources across AZs can survive a data center outage
  4. None of the above

AWS Networking 101 Quiz Answers

1. Which AWS service represents a virtual machine?

  1. VPC
  2. Direct Connect
  3. EC2
  4. S3

2. True or false: To connect a VPC, AWS uses an implicit router that customers must configure to allow communication between VPCs.

  1. True
  2. False

3. Which AWS service best represents your private virtual walled garden in the cloud?

  1. Direct Connect
  2. VPC
  3. IAM
  4. CloudFront

4. True or false: In AWS, subnets are global resources spread across availability zones.

  1. True
  2. False

5. Which AWS security component is a stateless filter?

  1. Security Group
  2. NACL
  3. Internet Gateway
  4. Network Security Groups (NSG)

6. True or false: Security Groups in AWS can not be shared across VPCs unless they are peered together.

  1. True
  2. False

7. Which gateway is not an available option with AWS?

  1. Internet Gateway
  2. NAT Gateway
  3. Virtual Network Gateway
  4. Transit Gateway

8. True or false: Transit Gateway in AWS fully automates routing so that no manual configuration is required.

  1. True
  2. False

9. In AWS, a Direct Connect circuit can terminate on which of the following:

  1. Direct Connect Gateway
  2. Transit Gateway
  3. Internet Gateway
  4. VPC Gateway

10. Using native AWS constructs, the highest available bandwidth within an IPSEC tunnel is:

  1. 500Mbps
  2. 1.25Gbps
  3. 4Gbps
  4. 10Gbps

11. True or false: There are currently no limitations to the number of routes supported in AWS Transit Gateway.

  1. True
  2. False

Azure Networking 101

1. What is different about Availability Zones in Azure than other clouds?

  1. Azure does not support Availability Zones
  2. Azure implements Availability Zones by default
  3. Azure only supports Availability Zones in certain regions
  4. None of the above

2. What are Virtual Network Gateways used for?

  1. Hybrid Connectivity termination constructs for VPN or Express Route
  2. Native construct used for VNET peering
  3. Native construct used for Internet access
  4. Hybrid Connectivity option for SDWAN connectivity

3. Which Azure component groups items together for better organization control of a specific workload?

  1. Service
  2. Resource
  3. Resource Group
  4. AD Tenant

4. What is the top level organizational structure in Azure?

  1. Resource Group
  2. Subscription
  3. AD Tenant
  4. Resource

5. True or false: In Azure, subnets are created as either private or public.

  1. True
  2. False

6. Some challenges with Azure Virtual WAN as a platform include:

  1. Does not provide encryption within the cloud
  2. Does not provide a multi-cloud architecture
  3. No 3rd party devices supported in the HUB
  4. All of the above

7. An ExpressRoute circuit in Azure can terminate on which device (select all that apply)

  1. ExpressRoute Gateway
  2. NVA
  3. Virtual Network Gateway
  4. VPN Gateway

8. True or false: Using ExpressRoute hairpinning for spoke to spoke traffic is the recommended option for transit within Azure.

  1. True
  2. False

9. What is an NVA in Azure (select all that apply)

  1. Any 3rd party device in the Azure marketplace
  2. Any native Azure networking device
  3. Network Virtual Access
  4. Network Virtual Appliance

10. Challenges with using an NVA to provide spoke to spoke communication in Azure include: (select all that apply)

  1. User Defined Route Management at scale
  2. No allocated bandwidth on edge routers
  3. SNAT required for traffic symmetry
  4. This method is a 1 to 1 mapping of VNETs

GCP Networking 101

1. GCP private dedicated connectivity is referred to as

  1. ExpressRoute
  2. Direct Connect
  3. Cloud Interconnect
  4. Fast Connect

2. True or false: All resources within GCP are either Global or Regional or both.

  1. True
  2. False

3. A Virtual Machine is an example of a

  1. Zonal Resource
  2. Regional Resource
  3. Global Resource
  4. None of the above

4. A VPC is an example of a:

  1. Zonal Resource
  2. Regional Resource
  3. Global Resouce
  4. None of the above

5. For a single user, GCP resources are structurally organized in a:

  1. Organization
  2. Folder
  3. Project
  4. Resource Group

6. True or false: GCP encourages deployments of multiple VPCs to spread out all your workloads.

  1. True
  2. False

7. What does Auto Mode in GCP mean?

  1. VPC networks start with no subnets
  2. subnets are created in each region
  3. you must manually configure your subnets
  4. address space will be defined at the VPC level

8. True or false: GCP supports dynamic routes within the cloud.

  1. True
  2. False

9. True or false: VPC peering in GCP allows VPC to be transitive.

  1. True
  2. False

10. A project can access another project’s resource via (select all that apply)

  1. Shared VPC
  2. Cloud Interconnect
  3. VPC Peering
  4. Cloud Router

OCI Networking 101

1. What are virtual cloud networks called in OCI?

  1. Cloud SQLNet
  2. VCN
  3. OCI-NET
  4. oranet

2. True or false: OCI subnets are tied to Availability Domains.

  1. True
  2. False

3. How many DRGs can you have in an OCI Region?

  1. 25
  2. No limits
  3. 5
  4. 200

4. True or false: Overlapping IPs are allowed when peering VCNs in OCI.

  1. True
  2. False

5. In OCI you need to specify a _ when creating resources.

  1. Compartment ID
  2. Account Name
  3. Oracle Prefix Identifier
  4. Last 3 characters of tenancy id + the first three letters of your username

6. True or false: In OCI it’s easy to have full visibility and control of the networks built there using the OCI Console.

  1. True
  2. False

7. The Oracle Azure networking partnership is available in all OCI and Azure regions.

  1. True
  2. False

8. Service Gateways provide _____________ access from VCNs to Oracle Services.

  1. Public
  2. Hybrid
  3. Private
  4. Round-robin hashed

9. Tenancy IAM metadata is bound to _______.

  1. Company address
  2. the home region
  3. Phoenix for all US customers
  4. globally, no restrictions

10. True or false: Using OCI native networking resources alone, it’s easy to scale and set up secure connections with other Cloud Service Providers.

  1. True
  2. False

Multi-Cloud Network Architecture

What is the MCNA?

1. What are the main pillars of the MCNA?

  1. Cloud Core, Operations, and Access
  2. Cloud Core, Networking, and Applications
  3. Cloud Access, Transit, and Management
  4. Cloud Operations, Connectivity, and Core

2. True or false: Security and Visibility is inserted throughout the MCNA Architecture.

  1. True
  2. False

3. Which answer is a benefit of having a Multi-Cloud Network Architecture?

  1. Normalized Data Plane
  2. Centralized Control Plane
  3. Repeatable across cloud providers
  4. All of the above

4. Customer Challenges in cloud include:

  1. Go Build
  2. Vendor Lock In
  3. Black Box
  4. All of the above

5. What is the most important aspect of any multi-cloud network?

  1. Access
  2. Compute
  3. Transit
  4. Delivery

6. The function of the cloud operations layer includes (select all that apply)

  1. Multi-Cloud Centralized Visibility
  2. Multi-Cloud Centralized Control
  3. Multi-Cloud Centralized Orchestration
  4. All of the above

7. The Cloud Core layer of the MCNA provides:

  1. Centralized visibility and orchestrtion
  2. Normalized Data plane across clouds
  3. Common access into the clouds
  4. None of the above

8. True or false: With MCNA, security must be configured per cloud provider to maintain consistent governance.

  1. True
  2. False

9. Cloud Access in MCNA provides common access for:

  1. SDWAN
  2. Direct Connect options from cloud providers
  3. VPN connectivity
  4. All of the above

10. The core principal of MCNA is:

  1. a cloud architecture per cloud using native constructs
  2. an on-prem hybrid connectivity model for connecting to cloud
  3. a security a visibility framework for cloud environments
  4. a multi-cloud network and security framework for consistent deployment across clouds

Aviatrix Platform

Feature Overview – Part 1

1. Which best describes the Aviatrix Transit Solutions:

  1. Built using native IPSEC with a limit of 1.25G per tunnel
  2. Built using native peering only
  3. Built using Aviatrix IPSEC for encryption by default with option for high performance
  4. Built using a mix of IPSEC with BGP that requires customer configuration

2. True or false: Aviatrix transit must be built out per cloud and does not support cross-cloud communication by default.

  1. True
  2. False

3. What is a challenge with native encryption within the cloud?

  1. Cloud environments are not natively encrypted
  2. Native encryption mechanisms are limited to 1.25G
  3. IPSEC tunnels are tied to a single core within compute
  4. All of the above

4. What are the components within the Aviatrix Platform?

  1. Controller
  2. Gateways
  3. CoPilot
  4. All of the above

5. Why is cloud IPSEC limited to 1.25G?

  1. Native solutions build tunnels across a single core only
  2. This is can be overcome with multi-core VMs
  3. Private connectivity like ExpressRoute and Direct Connect is encrypted by default
  4. Cloud providers cannot provide encryption at all

6. True or false: The Aviatrix FQDN Egress Filter supports both centralized and distributed egress methods.

  1. True
  2. False

7. True or false: Aviatrix can extend native AWS features like Guard Duty to provide enforcement of alerts.

  1. True
  2. False

8. The advantage of Aviatrix Transit within the cloud is:

  1. End to End Encryption
  2. Repeatable across Clouds
  3. Complete Visibility and Control
  4. All of the above

9. With Aviatrix HPE, customers can get:

  1. Near line rate encryption within the cloud
  2. Near line rate encryption between clouds
  3. Near line rate encryption between on-prem and cloud
  4. All of the above

10. True or false: Aviatrix can provide filtering of partner route advertisements through a BGP Approval Process.

  1. True
  2. False

Feature Overview – Part 2

1. What are some challenges with inserting firewalls in the cloud?

  1. Repackaged Firewall Solution from on-prem world
  2. Native Firewall Solutions are primarily L4 firewalls
  3. Customer required to configure and manage routing
  4. All of the above

2. How much throughput can Aviatrix achieve with Firenet?

  1. Up to 10G
  2. Up to 30G
  3. Up to 50G
  4. Up to 70G

3. What advantages does the Aviatrix Site to Cloud offer?

  1. Support for Network Address Translation (NAT)
  2. Support for TCP and UDP tunnels
  3. Uses a template driven manner for configuration
  4. All of the above

4. True or false: Aviatrix Firenet can orchestrate the firewall deployment, firewall routing, and VNET/VPC routing for NGFW insertion.

  1. True
  2. False

5. True or false: The Aviatrix User VPN solution does not allow profile based granular access control.

  1. True
  2. False

6. Which 3rd party integrations are available for Aviatrix User VPN?

  1. DUO
  2. Okta
  3. AD
  4. SAML
  5. All of the above

7. True or false: Aviatrix Firenet requires that customers use gateways in the spokes, as this is not supported using native constructs for transit (i.e. AWS TGW or Azure Peering).

  1. True
  2. False

8. Which Aviatrix feature allows customers to group VPC/VNETs with common security properties for access?

  1. FireNet
  2. Security Domains
  3. Site 2 Cloud
  4. Cloud WAN

9. True or false: Aviatrix Site 2 Cloud can also be used to onboard IoT devices.

  1. True
  2. False

10. What problems does Aviatrix Private S3 solution solve for? (select all that apply)

  1. Data exfiltration
  2. IDS for S3 buckets
  3. Private access (RFC1918 only) to S3 buckets without the need of public addresses
  4. On prem S3 buckets

Operations, Visibility, and Troubleshooting

Day 2 Operations

1. True or false: Aviatrix is a multi-cloud Terraform provider.

  1. True
  2. False

2. True or false: Aviatrix can not provide packet captures of live traffic.

  1. True
  2. False

3. True or false: The VPC tracker is only available for AWS.

  1. True
  2. False

4. What does Aviatrix use for Controller HA in AWS?

  1. a Lambda script
  2. an S3 bucket
  3. an auto scaling group
  4. All of the above

5. How does Flight Path help users troubleshoot connectivity problems?

  1. Allows the gateways to be access via API to perform queries
  2. Provides a packet capture of specific network flows
  3. Provides a visual walk-through based on source and destination to highlight path issues
  4. Provides ping and traceroute capabilities for source and destination

6. What are some operational challenges that customers face in the cloud?

  1. Tier-3 becomes Tier-1 for troubleshooting
  2. Limited visibility into native constructs
  3. Lack of standard troubleshooting tools (ping, traceroute, etc.)
  4. All of the above

7. True or false: The Aviatrix controller can perform auditing of routing constructs. This ensures that no new routes have been added, that can affect end to end network correctness.

  1. True
  2. False

8. True or false: Common troubleshooting tasks like ping and traceroute can be run from any Aviatrix gateway.

  1. True
  2. False

9. What happens when the Aviatrix components require upgrades?

  1. Downtime is required for all upgrades
  2. Upgrades are hitless
  3. The controller must be rebooted after upgrades
  4. The gateways must be rebooted after upgrades

10. Which of the following statements is true?

  1. Customers must spin up a controller per subscription/account
  2. Customers must spin up a controller per cloud environment
  3. Customers can spin up a single controller but can only on-board one master account per cloud
  4. Customers can spin up a single controller and on-board multiple cloud accounts for management

CoPilot Demo

1. True or false: CoPilot must be deployed per cloud to gain visibility across your multi-cloud network.

  1. True
  2. False

2. CoPilot topology can provide:

  1. Customized Visibility Options
  2. Custom tagging of resources
  3. Diagnostic functions from gateways
  4. All of the above

3. True or false: CoPilot doesn’t provide any geolocation features for data traffic.

  1. True
  2. False

4. Aviatrix FlowIQ provides:

  1. A dashboard for up/down status of gateways
  2. Netflow data across the multi-cloud network for all traffic seen by gateways
  3. A dynamic topology of all cloud resources
  4. None of the above

5. True or false: Flow IQ will provide summarization of netflow data but for specific records we must perform tasks on the gateways.

  1. True
  2. False

6. What is Aviatrix CoPilot?

  1. Provides intelligent visibility into cloud networks through dynamic topology, netflow, troubleshooting and more
  2. A cloud native troubleshooting tool
  3. A function on the aviatrix gateways
  4. None of the above

7. True or false: CoPilot allows for custom filters to limit data to defined resources, applications, and flows.

  1. True
  2. False

Aviatrix Controller Deployment

1. Which clouds can you deploy the Aviatrix controller in?

  1. AWS
  2. Azure
  3. OCI
  4. All of the above

2. How many controllers do you normally need to run a multi-cloud environment consisting of OCI, Azure and GCP?

  1. 1
  2. 2
  3. 3
  4. 4

3. What is the recommended or easiest way of deploying the Aviatrix controller in AWS?

  1. your own lambda script
  2. your own CloudFormation template
  3. CloudFormation template from
  4. building an instance from the AMI

4. Can you deploy Aviatrix Controller in your on-prem DC?

  1. Yes
  2. No