Winter Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: myex65

Home > Fortinet > Fortinet Certification > NSE7_PBC-7.2

NSE7_PBC-7.2 Fortinet NSE 7 Public Cloud Security 7.2 (FCSS) Question and Answers

Question # 4

You must allow an SSH traffic rule in an Amazon Web Services (AWS) network access list (NACL) to allow SSH traffic to travel to a subnet for temporary testing purposes. When you review the current inbound network ACL rules, you notice that rule number 5 demes SSH and telnet traffic to the subnet

What can you do to allow SSH traffic?

A.

You must create a new allow SSH rule below rule number 5

B.

You must create a new allow SSH rule above rule number 5-

C.

You must create a new allow SSH rule anywhere in the network ACL rule base to allow SSH traffic.

D.

You do not have to create any NACL rules because the default security group rule automatically allows SSH traffic to the subnet.

Full Access
Question # 5

Refer to the exhibit

You are deploying two FortiGate VMS in HA active-passive mode with load balancers in Microsoft Azure

Which two statements are true in this load balancing scenario? (Choose two.)

A.

The FortiGate public IP is the next-hop for all the traffic.

B.

An internal load balancer listener is the next-hop for outgoing traffic.

C.

You must add a route to the Microsoft VIP used for the health check.

D.

A dedicated management interface can be used for load balancing.

Full Access
Question # 6

Refer to the exhibit

You deployed an HA active-passive FortiGate VM in Microsoft Azure.

Which two statements regarding this particular deployment are true? (Choose two.)

A.

During the failover, the passive FortiGate issues API calls to Azure

B.

Use the vdom-excepticn command to synchronize the configuration.

C.

There is no SLA for API calls from Microsoft Azure.

D.

By default, the configuration does not synchromze between the primary and secondary devices.

Full Access
Question # 7

Which statement about Transit Gateway (TGW) in Amazon Web Services (AWS) is true?

A.

TGW can have multiple TGW route tables.

B.

Both the TGW attachment and propagation must be in the same TGW route table

C.

A TGW attachment can be associated with multiple TGW route tables.

D.

The TGW default route table cannot be disabled.

Full Access
Question # 8

You are tasked with deploying a FortiGate HA solution in Amazon Web Services (AWS) using Terraform What are two steps you must take to complete this deployment? (Choose two.)

A.

Enable automation on the AWS portal.

B.

Create an AWS Identity and Access Management (IAM) user With permissions.

C.

Use CloudSheIl to install Terraform.

D.

Create an AWS Active Directory user with permissions.

Full Access
Question # 9

Refer to Exhibit:

You are troubleshooting a Microsoft Azure SDN connector issue on your FortiGate VM in Azure

Which three settings should you check while troubleshooting this problem? (Choose three.)

A.

Use the show vdom command to see hidden VDOMs.

B.

use the diag sys va command.

C.

Ensure FortiGate port4 can resolve DNS.

D.

Ensure FortiGate portl has internet access

E.

Ensure IP address 169.254.169_254 is not blocked

Full Access
Question # 10

How does the immutable infrastructure strategy work in automation?

A.

It runs a single live environment for configuration changes.

B.

It runs one idle and a single live environment for configuration changes.

C.

It runs two live environments for configuration changes.

D.

It runs one idle and two live environments for configuration changes.

Full Access
Question # 11

A Network security administrator is searching for a solution to secure traffic going in and out of the container infrastructure.

In which two ways can Fortinet container security help secure container infrastructure? (Choose two.)

A.

FortiGate NGFW can be placed between each application container for north-south traffic inspection

B.

FortiGate NGFW can connect to the worker node and protects the container-

C.

FortiGate NGFW can inspect north-south container traffic with label aware policies

D.

FortiGate NGFW and FortiSandbox can be used to secure container traffic

Full Access
Question # 12

Refer to the exhibit

An administrator is trying to deploy a FortiGate VM in Microsoft Azure using Terraform However, during the configuration, the Azure client secret is no longer visible in the Azure portal.

How would the administrator obtain the Azure

client secret to configure on Terratorm?

A.

The administrator must create a new Azure account

B.

Log in to the Azure CLI with power user to obtain the client secret

C.

The administrator can create a new client secret

D.

The administrator must obtain the client secret through Azure Cloud Shell.

Full Access
Question # 13

Refer to the exhibit.

An administrator has deployed a FortiGate VM in Amazon Web Services (AWS) and is trying to access it using its public IP address from their local computer However, the connection is not successful and at the same time FortiGate is not receiving any HTTPS or SSH traffic to its external interface

What should the administrator check for possible issue?

A.

Run a debug flow to check any network ACLs

B.

Check the FortiGate firewall policies

C.

Check the FortiGate instance ID

D.

Check the inbound network security group rules

Full Access
Question # 14

Refer to Exhibit:

The exhibit shows the Connect Peers settings on Amazon Web Services (AWS) transit gateway attachments With two FortiGate VMS in a security VPC.

Which two statements are correct? (Choose two.)

A.

The peer GRE address is the FortiGate external interface IP address.

B.

The Transit Gateway GRE address is auto-generated

C.

The BGP inside CIDR blocks can be any CIDR block with /29

D.

The Peer GRE address is the FortiGate internal interface IP address

Full Access
Question # 15

What kind of underlying mechanism does Transit Gateway Connect use to send traffic from the virtual private cloud (VPC) to the transit gateway?

A.

A BGP attachment

B.

A GRE attachment

C.

A transport attachment

D.

Transit Gateway Connect attachment

Full Access
Question # 16

Which two Amazon Web Services (AWS) features support east-west traffic inspection within the AWS cloud by the FortiGate VM? (Choose two.)

A.

A NAT gateway with an EIP

B.

A transit gateway with an attachment

C.

An Internet gateway with an EIP

D.

A transit VPC

Full Access
Question # 17

Refer to the exhibit

You are tasked with deploying a webserver and FortiGate VMS in AWS_ You are using Terraform to automate the process

Which two important details should you know about the Terraform files? (Choose two.)

A.

All the output values are available after a successful terraform apply command

B.

The subnet_private 1 value is defined in the variables . tf file

C.

After the deployment, Terraform output values are visible only through AWS CloudShell.

D.

You must specify all the AWS credentials in the output. of file.

Full Access