New Year Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Fortinet FCP_WCS_AD-7.4 FCP - AWS Cloud Security 7.4 Administrator Exam Exam Practice Test

Page: 1 / 4
Total 35 questions

FCP - AWS Cloud Security 7.4 Administrator Exam Questions and Answers

Question 1

Refer to the exhibit.

Question # 1

Which two statements are true about inbound traffic based on the IGW ingress route table and GWLB deployment shown in the exhibit? (Choose two.)

Options:

A.

GWLB forwards traffic to FortiGate without encapsulation in its dedicated subnet.

B.

Inbound traffic is directed to the GWLB through a GWLB endpoint.

C.

Inbound traffic is directed to the application subnet through a GWLB endpoint.

D.

GWLB encapsulates traffic with the GENEVE protocol and sends it to FortiGate.

Question 2

A global organization with cloud networks deployed in several AWS regions wants to set up next-generation firewall (NGFW) protection using FortiGate Cloud-Native Firewall (CNF).

What are two deployment considerations for the organization? (Choose two.)

Options:

A.

They must choose AWS Firewall Manager to provision a CNF instance.

B.

A CNF instance is required for each AWS region that must be protected.

C.

More than one AWS account can be associated with a CNF instance.

D.

Only one CNF instance is required to protect all AWS regions.

Question 3

An administrator must deploy a web application firewall (WAF) solution to protect the web applications of their organization.

Why would the administrator choose FortiWeb Cloud over AWS WAF with Fortinet managed rules?

Options:

A.

WAF signatures must be manually updated by FortiGuard.

B.

The solution must meet PCI 6.6 compliance.

C.

SSL inspection is a requirement.

D.

Traffic must be inspected for malware.

Question 4

Refer to the exhibit.

Question # 4

Traffic is initiated from the EC2 instance and is destined for the internet.

Which traffic flow is correct?

Options:

A.

EC2 instance > NAT GW > IGW > internet

B.

There is no route to the internet in the Private Route Table. The traffic does not reach the internet.

C.

EC2 instance > GWLBe > NAT GW > IGW > internet

D.

EC2 instance > GWLBe > internet

Question 5

Refer to the exhibit.

Question # 5

An organization deployed the application servers in the AWS VPC that connects to the corporate data center using Transit Gateway Connect. Demand for the applications has grown and the connection requires more bandwidth.

What is required to achieve higher bandwidth?

Options:

A.

Use routable public IP addresses instead of private IP addresses for connectivity.

B.

You cannot increase bandwidth the connection has a fixed limit.

C.

No configuration change is required because GRE tunnels are scaled to provide higher bandwidth.

D.

You add a Transit VPC between the organization's VPCs.

Question 6

Your company deployed a FortiSandbox for AWS.

Which statement is correct about FortiSandbox for AWS?

Options:

A.

FortiSandbox for AWS comes as a hybrid solution. The FortiSandbox manager is installed on-premises and analyzes the results of the sandboxing process received from AWS EC2 instances.

B.

The FortiSandbox manager is installed on the AWS platform and analyzes the results of the sandboxing process received from on-premises Windows instances.

C.

FortiSandbox for AWS does not need more resources because it performs only management and analysis tasks.

D.

FortiSandbox deploys new EC2 instances with the custom Windows and Linux VMs, then it sends malware, runs it, and captures the results for analysis.

Question 7

Which three statements are correct about VPC flow logs? (Choose three.)

Options:

A.

Flow logs do not capture traffic to and from 169.254.169.254 for instance metadata.

B.

Flow logs do not capture DHCP traffic.

C.

Flow logs can capture traffic to the reserved IP address for the default VPC router.

D.

Flow logs can be used as a security tool to monitor the traffic that is reaching the instance.

E.

Flow logs can capture real-time log streams for the network interfaces.

Question 8

A customer has implemented GWLB between the partner and application VPCs. FortiGate appliances are deployed in the partner VPC with multiple AZs to inspect traffic transparently.

Which two things will happen to application traffic based on the GWLB deployment? (Choose two.)

Options:

A.

Inbound and outbound traffic will go to multiple devices, which will perform load balancing.

B.

Inbound and outbound traffic will go to the same device, which will perform stateful processing.

C.

The content of the original traffic exchanged between the GWLB and FortiGate will be preserved.

D.

The original trafficexchangedbetween the GWLB and FortiGate will be hashed for data integrity.

Question 9

An administrator needs to attach an Elastic Network Interface (ENI) to an application instance in a VPC with multiple availability zones. An instance runs in availability zone 1.

Which ENI property must the administrator consider when implementing this requirement?

Options:

A.

An ENI cannot attach to an instance in availability zone 2.

B.

After the ENI detaches from one instance, it can reattach only to the same instance.

C.

You can detach the primary ENI from an AWS instance.

D.

When you move an ENI, network traffic remains directed to the old instance until you terminate that instance.

Question 10

An organization has the requirement to connect a data VPC to the on-premises infrastructure of a branch office in a hybrid cloud environment. The connectivity needs the higher bandwidth but the organization does not want to use multiple connections between sites.

Which AWS solution meets the requirement?

Options:

A.

Transit VPC with IPSec

B.

Internet Gateway

C.

Transit Gateway multicast

D.

Transit Gateway Connect

Page: 1 / 4
Total 35 questions