Azure supports Availability Zones in all its regions.
B
Explanation:
Azure does not supports Availability Zones in all its regions.
There are two types of regions in Azure
1. Recommended Region : A region that provides the broadest range of service capabilities and is
designed to support Availability Zones now, or in the future. These are designated in the Azure portal
as Recommended.
2. Alternate (other) Region: A region that extends Azure's footprint within a data residency boundary
where a recommended region also exists. Alternate regions help to optimize latency and provide a
second region for disaster recovery needs. They are not designed to support Availability Zones
(although Azure conducts regular assessment of these regions to determine if they should become
recommended regions). These are designated in the Azure portal as Other.
AWS Global Accelerator is a service which allows a direct connectivity between AWS DirectConnect
and Azure ExpressRoute.
B
Explanation:
AWS Global Accelerator is a service that improves the availability and performance of your
applications with local or global users. It provides static IP addresses that act as a fixed entry point to
your application endpoints in a single or multiple AWS Regions, such as your Application Load
Balancers, Network Load Balancers or Amazon EC2 instances.
Statefull Firewall rule:
C
Explanation:
Aviatrix stateful firewall is feature on the Aviatrix gateway. It is a L4 stateful firewall that filters
network CIDR, protocol and port on the packet forwarding path.
The stateful firewall allows each individual rule to be defined as Allow, Deny and Force Drop, in
addition to a base rule.
Azure Firewall is cost effective.
A
Explanation:
(Azure Firewall is cost effective.)
Azure Firewall pricing includes a fixed hourly cost ($1.25/firewall/hour) and a variable per GB
processed
cost to support auto scaling. Based on our observation, most customers save 30 percent 50 percent
in
comparison to an NVA deployment model. We are announcing a price reduction, effective May 1,
2019,
for the firewall per GB cost to $0.016/GB (-46.6 percent) to ensure that high throughput customers
maintain cost effectiveness. There is no change to the fixed hourly cost.
You must create one of the following virtual interfaces to begin using your AWS Direct Connect
connection.
1. Private virtual interface
2. Public virtual interface
3. Transit virtual interface
A
Explanation:
(AWS
Direct
Connect
virtual
interfaces)
You must create one of the following virtual interfaces to begin using your AWS Direct Connect
connection.
Private virtual interface: A private virtual interface should be used to access an Amazon VPC using
private
IP
addresses.
Public virtual interface: A public virtual interface can access all AWS public services using public IP
addresses.
Transit virtual interface: A transit virtual interface should be used to access one or more Amazon
VPC
Transit Gateways associated with Direct Connect gateways. You can use transit virtual interfaces with
1/2/5/10 Gbps AWS Direct Connect connections. For information about Direct Connect gateway
configurations, see Direct Connect gateways.
Aviatrix platform has several operational features and capabilities built-in to help network engineers
perform day to day operational tasks.
Below, match the Aviatrix platform feature with the operational problem it addresses.
A, B, C, D
In order for a customer to leverage Aviatrix Firenet to orchestrate the deployment and insertion of
NGFWs, customers must leverage Aviatrix gateways in the spokes VPC/VNETs in order to program the
necessary routing to insert the firewall into the traffic flow?
A
Explanation:
FireNet is a solution for integrating firewalls in the AWS TGW deployment.
Aer creang Firewall Domain we have to launch Aviatrix FireNet Gateway.
This step leverages the Transit Network workflow to launch one Aviatrix gateway for FireNet
deployment.
If you have HA enabled, it automatically sets up the HA gateway for FireNet deployment.
Specify Security Domain for Firewall Inspecon - if you wish to inspect traffic between on-prem to
VPC,
connect Aviatrix Edge Domain to the Firewall Domain. This means on-prem traffic to any Spoke VPC
is
routed to the firewall first and then it is forwarded to the destination Spoke VPC. Conversely, any
Spoke
VPC traffic destined to on-prem is routed to the firewall first and then forwarded to on-prem.
AWS Security Group, Azure Network Security Group, GCP Firewall Service, by default support FQDN
based firewall rules (e.g.
www.yahoo.com
) as a destination in their configuration, to allow/block
traffic to the specified domain.
GCP Firewall Service, others not AWS Security Group does, others not
A
Explanation:
FQDN Fully Qualified Domain Name.
Azure Firewall Applicaon Rule: Configure fully qualified domain names (FQDNs) that can be
accessed from a subnet. In Azure, You can limit outbound HTTP/S traffic to a specified list of fully
qualified domain names (FQDN) including wild cards.
AWS - You can use a third-party solution to implement highly available, secure FQDN Egress
Filtering
service.
Which Aviatrix feature customer might leverage to help prevent connected partners from affecting
cloud routing when peered with dynamic routing protocols?
D
Explanation:
Dynamic Route Propagation Using Aviatrix Orchestrator is the only guaranteed way
to ensure your on-prem routes are properly propagated to Spoke VPCs. AWS Transit Gateway
propagates VPC CIDR and IPSEC VPN routes to the Transit Gateway route table. But the routes
are not propagated to the VPC route table. It is the account owners responsibility to program
VPC route tables. Aviatrix Transit Gateway Orchestrator dynamically updates route entries in the
VPC route tables.
You can peer AWS TGWS within a Region
A
Explanation:
You can peer two transit gateways and route traffic between them, which includes IPv4 and IPv6
traffic. To do this, create a peering attachment on your transit gateway, and specify a transit gateway
in another AWS Region. The peer transit gateway can be in your account or a different AWS account.