Certbus > Fortinet > NSE 7 Network Security Architect > NSE7_PBC-6.4 > NSE7_PBC-6.4 Online Practice Questions and Answers

NSE7_PBC-6.4 Online Practice Questions and Answers

Questions 4

You are deploying Amazon Web Services (AWS) GuardDuty to monitor malicious or unauthorized behaviors related to AWS resources. You will also use the Fortinet aws-lambda-guardduty script to translate feeds from AWS GuardDuty findings into a list of malicious IP addresses. FortiGate can then consume this list as an external threat feed.

Which Amazon AWS services must you subscribe to in order to use this feature?

A. GuardDuty, CloudWatch, S3, Inspector, WAF, and Shield.

B. GuardDuty, CloudWatch, S3, and DynamoDB.

C. Inspector, Shield, GuardDuty, S3, and DynamoDB.

D. WAF, Shield, GuardDuty, S3, and DynamoDB.

Browse 30 Q&As
Questions 5

Refer to the exhibit. A customer has deployed an environment in Amazon Web Services (AWS) and is now trying to send outbound traffic from the Web servers to the Internet. The FortiGate policies are configured to allow all outbound traffic; however, the traffic is not reaching the FortiGate internal interface.

What are two possible reasons for this behavior? (Choose two.)

A. The web servers are not configured with the default gateway.

B. The Internet gateway (IGW) is not added to VPC (virtual private cloud).

C. AWS source and destination checks are enabled on the FortiGate interfaces.

D. AWS security groups may be blocking the traffic.

Browse 30 Q&As
Questions 6

Refer to the exhibit. You are deploying a FortiGate-VM in Microsoft Azure using the PAYG/On-demand licensing model. After you configure the FortiGate-VM, the validation process fails, displaying the error shown in the exhibit.

What caused the validation process to fail?

A. You selected the incorrect resource group.

B. You selected the Bring Your Own License (BYOL) licensing mode.

C. You selected the PAYG/On-demand licensing model, but did not select correct virtual machine size.

D. You selected the PAYG/On-demand licensing model, but did not associate a valid Azure subscription.

Browse 30 Q&As
Questions 7

When an organization deploys a FortiGate-VM in a high availability (HA) (active/active) architecture in Microsoft Azure, they need to determine the default timeout values of the load balancer probes.

In the event of failure, how long will Azure take to mark a FortiGate-VM as unhealthy, considering the default timeout values?

A. Less than 10 seconds

B. 30 seconds

C. 20 seconds

D. 16 seconds

Browse 30 Q&As
Questions 8

Refer to the exhibit. You attempted to deploy the FortiGate-VM in Microsoft Azure with the JSON template, and it failed to boot up. The exhibit shows an excerpt from the JSON template.

What is incorrect with the template?

A. The LUN ID is not defined.

B. FortiGate-VM does not support managedDisk from Azure.

C. The caching parameter should be None.

D. The CreateOptions parameter should be FromImage.

Browse 30 Q&As
Questions 9

Which two statements about Microsoft Azure network security groups are true? (Choose two.)

A. Network security groups can be applied to subnets and virtual network interfaces.

B. Network security groups can be applied to subnets only.

C. Network security groups are stateless inbound and outbound rules used for traffic filtering.

D. Network security groups are a stateful inbound and outbound rules used for traffic filtering.

Browse 30 Q&As
Questions 10

What is the bandwidth limitation of an Amazon Web Services (AWS) transit gateway VPC attachment?

A. Up to 1.25 Gbps per attachment

B. Up to 50 Gbps per attachment

C. Up to 10 Gbps per attachment

D. Up to 1 Gbps per attachment

Browse 30 Q&As
Questions 11

A company deployed a FortiGate-VM with an on-demand license using Amazon Web Services (AWS) Market Place Cloud Formation template. After deployment, the administrator cannot remember the default admin password.

What is the default admin password for the FortiGate-VM instance?

A. The admin password cannot be recovered and the customer needs to deploy the FortiGate-VM again.

B.

C. admin

D. The instance-ID value

Browse 30 Q&As
Questions 12

You have been asked to secure your organization's salesforce application that is running on Microsoft Azure, and find an effective method for inspecting shadow IT activities in the organization. After an initial investigation, you find that many users access the salesforce application remotely as well as on-premises. Your goal is to find a way to get more visibility, control over shadow IT-related activities, and identify any data leaks in the salesforce application.

Which three steps should you take to achieve your goal? (Choose three.)

A. Deploy and configure FortiCASB with a Fortinet FortiCASB subscription license.

B. Configure FortiCASB and set up access rights, privileges, and data protection policies.

C. Use FortiGate, FortiGuard, and FortiAnalyzer solutions.

D. Deploy and configure FortiCWP with a workload guardian license.

E. Deploy and configure FortiGate with Security Fabric solutions, and FortiCWP with a storage guardian advance license.

Browse 30 Q&As
Questions 13

Your company deploys FortiGate VM devices in high availability (HA) (active-active) mode with Microsoft Azure load balancers using the Microsoft Azure ARM template. Your senior administrator instructs you to connect to one of the FortiGate devices and configure the necessary firewall rules. However, you are not sure now to obtain the correct public IP address of the deployed FortiGate VM and identify the access ports.

How do you obtain the public IP address of the FortiGate VM and identify the correct ports to access the device?

A. In the configured load balancer, access the inbound NAT rules section.

B. In the configured load balancer, access the backend pools section.

C. In the configured load balancer, access the inbound and outbound NAT rules section.

D. In the configured load balancer, access the health probes section.

Browse 30 Q&As
Questions 14

Refer to the exhibit. Consider an active-passive HA deployment in Microsoft Azure. The exhibit shows an excerpt from the passive FortiGate-VM node.

If the active FortiGate-VM fails, what are the results of the API calls made by the FortiGate named SSTENTAZFGT-0302? (Choose two.)

A. SSTENTAZFGT-03-FloatingPIP is assigned to the IP configuration with the name SSTENTAZFGT0302-Nic-01, under the network interface SSTENTAZFGT-0302-Nic-01

B. 172.29.32.71 is set as a next hop IP for all routes under FortigateUDR-01

C. The network interface of the active unit moves to itself

D. SSTENTAZFGT-03-FloatingPIP public IP is assigned to NIC SSTENTAZFGT-0302-Nic-01

Browse 30 Q&As
Questions 15

Which two statements about Amazon Web Services (AWS) networking are correct? (Choose two.)

A. Proxy ARP entries are disregarded.

B. 802.1q VLAN tags are allowed inside the same virtual private cloud.

C. AWS DNS reserves the first host IP address of each subnet.

D. Multicast traffic is not allowed.

Browse 30 Q&As
Questions 16

Refer to the exhibit. The exhibit shows a topology where multiple connections from clients to the same FortiGate-VM instance, regardless of the protocol being used, are required.

Which two statements are correct? (Choose two.)

A. The design shows an active-active FortiGate-VM architecture.

B. The Cloud Load Balancer Session Affinity setting should be changed to CLIENT_IP.

C. The design shows an active-passive FortiGate-VM architecture.

D. The Cloud Load Balancer Session Affinity setting should use the default value.

Browse 30 Q&As
Questions 17

An organization deployed a FortiGate-VM in the Google Cloud Platform and initially configured it with two vNICs. Now, the same organization wants to add additional vNICs to this existing FortiGate-VM to support different workloads in their environment.

How can they do this?

A. They can create additional vNICs using the Cloud Shell.

B. They cannot create and add additional vNICs to an existing FortiGate-VM.

C. They can create additional vNICs in the UI console.

D. They can use the Compute Engine API Explorer.

Browse 30 Q&As
Questions 18

You need to deploy FortiGate VM devices in a highly available topology in the Microsoft Azure cloud. The

following are the requirements of your deployment:

Two FortiGate devices must be deployed; each in a different availability zone.

Each FortiGate requires two virtual network interfaces: one will connect to a public subnet and the other

will connect to a private subnet.

An external Microsoft Azure load balancer will distribute ingress traffic to both FortiGate devices in an

active-active topology.

An internal Microsoft Azure load balancer will distribute egress traffic from protected virtual machines to

both FortiGate devices in an active-active topology.

Traffic should be accepted or denied by a firewall policy in the same way by either FortiGate device in this

topology.

Which FortiOS CLI configuration can help reduce the administrative effort required to maintain the

FortiGate devices, by synchronizing firewall policy and object configuration between the FortiGate

devices?

A. config system sdn-connector

B. config system ha

C. config system auto-scale

D. config system session-sync

Browse 30 Q&As
Exam Code: NSE7_PBC-6.4
Exam Name: Fortinet NSE 7 - Public Cloud Security 6.4
Last Update: Mar 20, 2024
Questions: 30 Q&As

PDF

$45.99

VCE

$49.99

PDF + VCE

$59.99