Fortinet NSE7_PBC-7.2 Fortinet NSE 7 - Public Cloud Security 7.2 Exam Practice Test

Page: 1 / 14
Total 59 questions
Question 1

What kind of underlying mechanism does Transit Gateway Connect use to send traffic from the virtual private cloud (VPC) to the transit gateway?



Answer : D

Transit Gateway Connect Specificity:AWS Transit Gateway Connect is a specific feature designed to streamline the integration of SD-WAN appliances and third-party virtual appliances into your Transit Gateway.expand_moreIt utilizes a specialized attachment type.exclamation

BGP's Role:While Transit Gateway Connect attachments leverage BGP for dynamic routing, BGP itself is a routing protocol and not the core connectivity mechanism in this context.

GRE Tunneling:GRE is a tunneling protocol commonly used with Transit Gateway Connect attachments to encapsulate traffic.


Question 2

You are automating configuration changes on one of the FortiGate VMS using Linux Red Hat Ansible.

How does Linux Red Hat Ansible connect to FortiGate to make the configuration change?



Answer : C

Ansible connects to FortiGate using an API, which is a method of communication between different software components.Ansible uses the fortios_* modules to interact with the FortiOS API, which is a RESTful API that allows configuration and monitoring of FortiGate devices12.Ansible can use either HTTP or HTTPS as the transport protocol, and can authenticate with either a username and password or an API token3.

The other options are incorrect because:

Ansible does not use TCP port 21 to connect to FortiGate.Port 21 is typically used for FTP, which is not supported by FortiOS4.

Ansible does not use SSH as a connection method to FortiOS. SSH is a secure shell protocol that allows remote command execution and file transfer, but it is not the preferred way of automating configuration changes on FortiGate devices.

Ansible does not use YAML to connect to FortiGate. YAML is a data serialization language that Ansible uses to write playbooks and inventory files, but it is not a connection method.Reference:

Fortinet.Fortios --- Ansible Documentation

FortiOS REST API Reference

FortiOS Module Guide --- Ansible Documentation

FortiOS 7.0 CLI Reference

[Connection methods and details --- Ansible Documentation]

[YAML Syntax --- Ansible Documentation]


Question 3

A Network security administrator is searching for a solution to secure traffic going in and out of the container infrastructure.

In which two ways can Fortinet container security help secure container infrastructure? (Choose two.)



Answer : C, D

The correct answer is C and D. FortiGate NGFW can inspect north-south container traffic with label aware policies and FortiGate NGFW and FortiSandbox can be used to secure container traffic.

According to the Fortinet documentation for container security1, FortiGate NGFW can provide the following benefits for securing container infrastructure:

It can inspect north-south traffic between containers and external networks using label aware policies, which allow for dynamic policy enforcement based on Kubernetes labels and metadata.

It can integrate with FortiSandbox to provide advanced threat protection for container traffic, by sending suspicious files or URLs to a cloud-based sandbox for analysis and detection.

It can leverage FortiGuard Security Services to provide real-time threat intelligence and updates for container traffic, such as antivirus, web filtering, IPS, and application control.

The other options are incorrect because:

FortiGate NGFW cannot be placed between each application container for north-south traffic inspection, as this would create unnecessary complexity and overhead. Instead, FortiGate NGFW can be deployed at the edge of the container network or as a sidecar proxy to inspect traffic at the ingress and egress points.

FortiGate NGFW cannot connect to the worker node and protect the container, as this would not provide sufficient visibility and control over the container traffic. Instead, FortiGate NGFW can leverage the native Kubernetes APIs and services to monitor and secure the container traffic.

1: Fortinet Documentation Library - Container Security


Question 4
Question 5

Refer to the exhibit

The exhibit shows a customer deployment of two Linux instances and their main routing table in Amazon Web Services (AWS). The customer also created a Transit Gateway (TGW) and two attachments

Which two steps are required to route traffic from Linux instances to the TGWQ (Choose two.)



Answer : A, B

According to the AWS documentation for Transit Gateway, a Transit Gateway is a network transit hub that connects VPCs and on-premises networks. To route traffic from Linux instances to the TGW, you need to do the following steps:

In the TGW route table, associate two attachments. An attachment is a resource that connects a VPC or VPN to a Transit Gateway. By associating the attachments to the TGW route table, you enable the TGW to route traffic between the VPCs and the VPN.

In the main subnet routing table in VPC A and B, add a new route with destination 0_0.0.0/0, next hop TGW. This route directs all traffic from the Linux instances to the TGW, which can then forward it to the appropriate destination based on the TGW route table.

The other options are incorrect because:

In the TGW route table, adding route propagation to 192.168.0 0/16 is not necessary, as this is already the default route for the TGW. Route propagation allows you to automatically propagate routes from your VPC or VPN to your TGW route table.

In the main subnet routing table in VPC A and B, adding a new route with destination 0_0.0.0/0, next hop Internet gateway (IGW) is not correct, as this would bypass the TGW and send all traffic directly to the internet. An IGW is a VPC component that enables communication between instances in your VPC and the internet.

: [Transit Gateways - Amazon Virtual Private Cloud]


Question 6

How does Terraform keep track of provisioned resources?



Answer : A

Terraform manages and tracks the state of infrastructure resources through a file known as terraform.tfstate. This file is automatically created by Terraform and is updated after the application of a Terraform plan to capture the current state of the resources.

State File Purpose: The terraform.tfstate file contains a JSON object that records the IDs and properties of resources Terraform manages, so that it can map real-world resources to your configuration, keep track of metadata, and improve performance for large infrastructures.

State File Management: This file is crucial for Terraform to perform resource updates, deletions, and for creating dependencies. It's essentially the 'source of truth' for Terraform about your managed infrastructure and services.


Question 7

Refer to the exhibit

An administrator deployed a FortiGate-VM in a high availability (HA)

(active/passive) architecture in Amazon Web Services (AWS) using Terraform

for testing purposes. At the same time, the administrator deployed a single

Linux server using AWS Marketplace

Which two options are available for the administrator to delete all the resources

created in this test? (Choose two.)



Page:    1 / 14   
Total 59 questions