New Year Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Fortinet NSE7_PBC-7.2 Fortinet NSE 7 Public Cloud Security 7.2 (FCSS) Exam Practice Test

Page: 1 / 6
Total 59 questions

Fortinet NSE 7 Public Cloud Security 7.2 (FCSS) Questions and Answers

Question 1

You have created a TGW route table to route traffic from your spoke VPC to the security VPC where two FortiGate devices are inspecting traffic. Your spoke VPC CIDR block is already propagated to the Transit Gateway (TGW) route table.

Which type of attachment should you use to advertise routes through BGP from the spoke VPC to the security VPC?

Options:

A.

Connect attachment

B.

VPC attachment

C.

Route attachment

D.

GRE attachment

Question 2

Which two Amazon Web Services (AWS) features support east-west traffic inspection within the AWS cloud by the FortiGate VM? (Choose two.)

Options:

A.

A NAT gateway with an EIP

B.

A transit gateway with an attachment

C.

An Internet gateway with an EIP

D.

A transit VPC

Question 3

Refer to the exhibit

Question # 3

You attempted to access the Linux1 EC2 instance directly from the internet using its public IP address in AWS.

However, your connection is not successful.

Given the network topology, what can be the issue?

Options:

A.

There is no connection between VPC A and VPC B.

B.

There is no elastic IP address attached to FortiGate in the Security VPC.

C.

The Transit Gateway BGP IP address is incorrect.

D.

There is no internet gateway attached to the Spoke VPC A.

Question 4

Refer to the exhibit.

Question # 4

Question # 4

What value or values must the administrator use in the SSH Key section to deploy a FortiGate VM using Terraform in Amazon Web Services (AWS)?

Options:

A.

Use the Name and ID values of the key pair

B.

Use the Name of the key pair

C.

Use the ID value of the key pair.

D.

Use the Fingerprint value of the key pair

Question 5

Which two attachments are necessary to connect a transit gateway to an existing VPC with BGP? (Choose two )

Options:

A.

A transport attachment

B.

A BGP attachment

C.

A connect attachment

D.

A GRE attachment

Question 6

Your administrator instructed you to deploy an Azure vWAN solution to create a connection between the main company site and branch sites to the other company VNETs.

What are the two best connection solutions available between your company headquarters, branch sites, and the Azure vWAN hub? (Choose two.)

Options:

A.

ExpressRoute

B.

GRE tunnels

C.

SSL VPN connections

D.

An L2TP connection

E.

VPN Gateway

Question 7

Refer to the exhibit

Question # 7

You are tasked with deploying FortiGate using Terraform. When you run the terraform version command during the Terraform installation, you get an error message.

What could be the reason that you are getting the command not found error?

Options:

A.

You must move the binary file to the bin directory.

B.

You must change the directory location to the root directory

C.

You must assign correct permissions to the ec2-user.

D.

You must reinstall Terraform

Question 8

Refer to the exhibit.

Question # 8

What would be the impact of confirming to delete all the resources in Terraform?

Options:

A.

It destroys all the resources in the . tfvars file

B.

It destroys all the resources tied to the AWS Identity and Access Management (1AM) user.

C.

It destroys all the resources in the resource group

D.

It destroys all the resources in the state file.

Question 9

What is the main advantage of using SD-WAN Transit Gateway Connect over traditional SD-WAN?

Options:

A.

It eliminates the use of ECMP

B.

You can use GRE-based tunnel attachments

C.

You can combine it with IPsec to achieve higher bandwidth

D.

You can use BGP over IPsec for maximum throughput

Question 10

Refer to the exhibit.

Question # 10

The exhibit shows an active-passive high availability FortiGate pair with external and internal Azure load balancers. There is no SDN connector used in this solution

Which configuration should the administrator implement?

Options:

A.

Lambda IP address with one static route.

B.

Probe IP address with two static routes

C.

Probe IP address with one BGP route

D.

Public load balancer IP address with two BGP routes.

Question 11

What are two main features in Amazon Web Services (AWS) network access control lists (ACLs)? (Choose two.)

Options:

A.

You cannot use Network ACL and Security Group at the same time.

B.

The default network ACL is configured to allow all traffic

C.

NetworkACLs are stateless, and inbound and outbound rules are used for traffic filtering

D.

Network ACLs are tied to an instance

Question 12

Refer to the exhibit

Question # 12

An administrator deployed a FortiGate-VM in a high availability (HA)

(active/passive) architecture in Amazon Web Services (AWS) using Terraform

for testing purposes. At the same time, the administrator deployed a single

Linux server using AWS Marketplace

Which two options are available for the administrator to delete all the resources

created in this test? (Choose two.)

Options:

A.

Use the terraform destroy command

B.

Use the terraform validate command.

C.

Use the terraform destroy all command.

D.

The administrator must manually delete the Linux server.

Question 13

You are adding a new spoke to the existing transit VPC environment using the AWS Cloud Formation template. Which two components must you use for this deployment? (Choose two.)

Options:

A.

The OSPF AS value used for the hub.

B.

The Amazon CloudWatch tag value.

C.

The BGPASN value used for the transit VPC.

D.

The tag value of the spoke

Question 14

You are automating configuration changes on one of the FortiGate VMS using Linux Red Hat Ansible.

How does Linux Red Hat Ansible connect to FortiGate to make the configuration change?

Options:

A.

It uses a FortiGate internal or external IP address with TCP port 21

B.

It uses SSH as a connection method to FortiOS.

C.

It uses an API.

D.

It uses YAML

Question 15

You are asked to find a solution to replace the existing VPC peering topology to have a higher bandwidth connection from Amazon Web Services (AWS) to the on-premises data center Which two solutions will satisfy the requirement? (Choose two.)

Options:

A.

Use ECMP and VPN to achieve higher bandwidth.

B.

Use transit VPC to build multiple VPC connections to the on-premises data center

C.

Use a transit VPC with hub and spoke topology to create multiple VPN connections to the on-premises data center.

D.

Use the transit gateway attachment With VPN option to create multiple VPN connections to the on-premises data center

Question 16

Refer to the exhibit

Question # 16

You are tasked to deploy a FortiGate VM with private and public subnets in Amazon Web Services (AWS).

You examined the variables.tf file.

What will be the final result after running the terraform init and terraform apply commands?

Options:

A.

Terraform will not deploy a FortiGate VM

B.

Terraform will deploy a FortiGate VM in the eu-West-Ia region with private and public subnets.

C.

Terraform will deploy a FortiGate VM in the eu-West-1a region with two subnets and byol license.

D.

Terraform will deploy a FortiGate VM in the eu-West-Ia region without any subnets.

Question 17

You must allow an SSH traffic rule in an Amazon Web Services (AWS) network access list (NACL) to allow SSH traffic to travel to a subnet for temporary testing purposes. When you review the current inbound network ACL rules, you notice that rule number 5 demes SSH and telnet traffic to the subnet

What can you do to allow SSH traffic?

Options:

A.

You must create a new allow SSH rule below rule number 5

B.

You must create a new allow SSH rule above rule number 5-

C.

You must create a new allow SSH rule anywhere in the network ACL rule base to allow SSH traffic.

D.

You do not have to create any NACL rules because the default security group rule automatically allows SSH traffic to the subnet.

Page: 1 / 6
Total 59 questions