New Year Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Fortinet NSE6_WCS-7.0 Fortinet NSE 6 - Cloud Security 7.0 for AWS Exam Practice Test

Page: 1 / 4
Total 35 questions

Fortinet NSE 6 - Cloud Security 7.0 for AWS Questions and Answers

Question 1

Which three statements correctly describe FortiGate Cloud-Native Firewall (CNF)? (Choose three.)

Options:

A.

It provides carrier-grade protection.

B.

It scales seamlessly.

C.

It uses AWS Elastic Load Balancing (ELB).

D.

It is considered to be a Firewall-as-a-Service (FWaaS).

E.

It can be managed by FortiManager and AWS firewall manager.

Question 2

An organization has the requirement to connect a data VPC to the on-premises infrastructure of a branch office in a hybrid cloud environment. The connectivity needs the higher bandwidth but the organization does not want to use multiple connections between sites.

Which AWS solution meets the requirement?

Options:

A.

Transit VPC with IPSec

B.

Internet Gateway

C.

Transit Gateway multicast

D.

Transit Gateway Connect

Question 3

An administrator has been asked to deploy an active-passive (A-P) FortiGate cluster in the AWS cloud across two availability zones.

In addition to enhanced redundancy, which other major difference is there compared to deploying A-P high availability in the same availability zone?

Options:

A.

The FortiGate devices act as a single, logical instance.

B.

Secondary IP address configuration is used.

C.

The number of subnets required is less.

D.

IP addressing and subnetting are not shared.

Question 4

Refer to the exhibit.

Question # 4

Which two statements are true about inbound traffic based on the IGW ingress route table and GWLB deployment shown in the exhibit? (Choose two.)

Options:

A.

GWLB forwards traffic to FortiGate without encapsulation in its dedicated subnet.

B.

Inbound traffic is directed to the GWLB through a GWLB endpoint.

C.

Inbound traffic is directed to the application subnet through a GWLB endpoint.

D.

GWLB encapsulates traffic with the GENEVE protocol and sends it to FortiGate.

Question 5

An organization has created a VPC with two subnets and deployed a FortiGate-VM (VM04/c4.xlarge) in AWS.

The EC2 instance is initially configured with two Elastic Network Interfaces (ENIs). The primary ENI is configured on the public subnet, and the secondary ENI is configured on the private subnet. To provide internet access for the FortiGate-VM, they now want to associate an EIP to its primary ENI, but the assignment is failing.

Which action would allow the EIP assignment to be successful?

Options:

A.

Create and associate a public subnet with the primary ENI of the FortiGate VM, and then assign the EIP to the primary ENI.

B.

Shut down the FortiGate VM, if it is running, assign the EIP to the primary ENI, and then power it on.

C.

Create and attach an internet gateway to the VPC, and then assign the EIP to the primary ENI of the FortiGate VM.

D.

Create and attach a public routing table to the public subnet, associate the public subnet with the primary ENI of the FortiGate VM, and then assign the EIP to the primary ENI.

Question 6

Refer to the exhibit.

Question # 6

What occurs during a failover for an active-passive (A-P) cluster that is deployed in two different availability zones? (Choose two.)

Options:

A.

The cluster elastic IP address (EIP) is moved from Port1 of FGT-1 to Port1 of FGT-2.

B.

The secondary IP address of Port2 of FGT-1 is moved to Port2 of FGT-2.

C.

The default static route in the Private-AZ1 subnet route table is modified to forward all traffic to Port2 of FGT2.

D.

An additional route is added to the route table of the HA Sync AZ2 subnet to forward all traffic to the Internet GW.

Question 7

Refer to the exhibit.

Question # 7

A customer is using the AWS Elastic Load Balancer (ELB).

Which two statements are correct about the ELB configuration? (Choose two.)

Options:

A.

The load balancer is configured to load balance traffic among multiple availability zones.

B.

The Amazon Resource Name is used to access the load balancer node and targets.

C.

You can use the DNS name to reach the targets behind the ELB.

D.

The load balancer is configured for the internal traffic of the virtual public cloud (VPC).

Question 8

Refer to the exhibit.

Question # 8

Which two statements are correct about traffic flow in FortiWeb Cloud? (Choose two.)

Options:

A.

The DNS name for the application servers must point to FortiWeb Cloud.

B.

FortiWeb Cloud filters the incoming traffic from users, blocking the OWASP Top 10 attacks, zero-day threats, and other application layer attacks.

C.

FortiWeb Cloud can protect the application servers only if they are all located in the same virtual public cloud (VPC).

D.

Step 2 requires an AWS S3 bucket to be created.

Question 9

Your customers have been reporting slow response times when accessing your web application.

What are two possible ways to increase response times from web servers protected by FortiWeb Cloud? (Choose two.)

Your customers have been reporting slow response times when accessing your web application.

What are two possible ways to increase response times from web servers protected by FortiWeb Cloud? (Choose two.)

Options:

A.

Deploy FortiWeb Cloud in the same region where your web application is being hosted.

B.

Enable a content delivery network

C.

Modify DNS entries to directly point to your web server.

D.

Disable WAF functionality.

Question 10

Your company deployed a FortiSandbox for AWS.

Which statement is correct about FortiSandbox for AWS?

Options:

A.

FortiSandbox for AWS comes as a hybrid solution. The FortiSandbox manager is installed on-premises and analyzes the results of the sandboxing process received from AWS EC2 instances.

B.

The FortiSandbox manager is installed on the AWS platform and analyzes the results of the sandboxing process received from on-premises Windows instances.

C.

FortiSandbox for AWS does not need more resources because it performs only management and analysis tasks.

D.

FortiSandbox deploys new EC2 instances with the custom Windows and Linux VMs, then it sends malware, runs it, and captures the results for analysis.

Page: 1 / 4
Total 35 questions