Fortinet NSE7_PBC-6.4 Fortinet NSE 7 - Public Cloud Security 6.4 Exam Practice Test

Page: 1 / 14
Total 30 questions

Question 1

You need to deploy FortiGate VM devices in a highly available topology in the Microsoft Azure cloud. The following are the requirements of your deployment:

* Two FortiGate devices must be deployed; each in a different availability zone.

* Each FortiGate requires two virtual network interfaces: one will connect to a public subnet and the other will connect to a private subnet.

* An external Microsoft Azure load balancer will distribute ingress traffic to both FortiGate devices in an active- active topology.

* An internal Microsoft Azure load balancer will distribute egress traffic from protected virtual machines to both FortiGate devices in an active-active topology.

* Traffic should be accepted or denied by a firewall policy in the same way by either FortiGate device in this topology.

Which FortiOS CLI configuration can help reduce the administrative effort required to maintain the FortiGate devices, by synchronizing firewall policy and object configuration between the FortiGate devices?



Answer : B

Question 2

Customer XYZ has an ExpressRoute connection from Microsoft Azure to a data center. They want to secure communication over ExpressRoute, and to install an in-line FortiGate to perform intrusion prevention system (IPS) and antivirus scanning.

Which three methods can the customer use to ensure that all traffic from the data center is sent through FortiGate over ExpressRoute? (Choose three.)



Answer : C, D, E

Question 3

Refer to the exhibit.

You are configuring an active-passive FortiGate clustering protocol (FGCP) HA configuration in a single availability zone in Amazon Web Services (AWS), using a cloud formation template.

After deploying the template, you notice that the AWS console has IP information listed in the FortiGate VM firewalls in the HA configuration. However, within the configuration of FortiOS, you notice that port1 is using an IP of 10.0.0.13, and port2 is using an IP of 10.0.1.13.

What should you do to correct this issue?



Answer : C

Question 4

Which statement about FortiSandbox in Amazon Web Services (AWS) is true?



Answer : C

Question 5

You have been asked to develop an Azure Resource Manager infrastructure as a code template for the FortiGate-VM, that can be reused for multiple deployments. The deployment fails, and errors point to the storageAccount name.

Which two are restrictions for a storageAccount name in an Azure Resource Manager template? (Choose two.)



Answer : A, C

Question 6

An organization deployed a FortiGate-VM in the Google Cloud Platform and initially configured it with two vNICs. Now, the same organization wants to add additional vNICs to this existing FortiGate-VM to support different workloads in their environment.

How can they do this?



Answer : D

Question 7

Refer to the exhibit.

Which two conditions will enable you to segregate and secure the traffic between the hub and the spokes in Microsoft Azure? (Choose two.)



Answer : B, D

Page:    1 / 14   
Total 30 questions