Labour Day - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

Hot Vendors
  1. Home
  2. Fortinet
  3. NSE 7 Network Security Architect
  4. NSE7_PBC-6.4
  5. Fortinet NSE 7 - Public Cloud Security 6.4 Questions and Answers
Note! The NSE7_PBC-6.4 Exam is no longer available. Get in touch with our Live Chat or email us for more information about the NSE7_PBC-7.2 Exam.

NSE7_PBC-6.4 Fortinet NSE 7 - Public Cloud Security 6.4 Questions and Answers

Questions 4

Refer to the exhibit.

NSE7_PBC-6.4 Question 4

The exhibit shows a topology where multiple connections from clients to the same FortiGate-VM instance, regardless of the protocol being used, are required.

Which two statements are correct? (Choose two.)

Options:

A.

The design shows an active-active FortiGate-VM architecture.

B.

The Cloud Load Balancer Session Affinity setting should be changed to CLIENT_IP.

C.

The design shows an active-passive FortiGate-VM architecture.

D.

The Cloud Load Balancer Session Affinity setting should use the default value.

Buy Now
Questions 5

An organization deployed a FortiGate-VM in the Google Cloud Platform and initially configured it with two vNICs. Now, the same organization wants to add additional vNICs to this existing FortiGate-VM to support different workloads in their environment.

How can they do this?

Options:

A.

They can create additional vNICs using the Cloud Shell.

B.

They cannot create and add additional vNICs to an existing FortiGate-VM.

C.

They can create additional vNICs in the UI console.

D.

They can use the Compute Engine API Explorer.

Buy Now
Questions 6

Refer to the exhibit.

NSE7_PBC-6.4 Question 6

You are configuring an active-passive FortiGate clustering protocol (FGCP) HA configuration in a single availability zone in Amazon Web Services (AWS), using a cloud formation template.

After deploying the template, you notice that the AWS console has IP information listed in the FortiGate VM firewalls in the HA configuration. However, within the configuration of FortiOS, you notice that port1 is using an IP of 10.0.0.13, and port2 is using an IP of 10.0.1.13.

What should you do to correct this issue?

Options:

A.

Configure FortiOS to use static IP addresses with the IP addresses reflected in the ENI primary IP address configuration (as per the exhibit).

B.

Delete the deployment and start again. You have in put the wrong parameters during the cloud formation template deployment.

C.

Configure FortiOS to use DHCP so that it will get the correct IP addresses on the ports.

D.

Nothing, in AWS cloud, it is normal for a FortiGate ENI primary IP address to be different than the FortiOS IP address configuration.

Buy Now
Questions 7

Customer XYZ has an ExpressRoute connection from Microsoft Azure to a data center. They want to secure communication over ExpressRoute, and to install an in-line FortiGate to perform intrusion prevention system (IPS) and antivirus scanning.

Which three methods can the customer use to ensure that all traffic from the data center is sent through FortiGate over ExpressRoute? (Choose three.)

Options:

A.

Install FortiGate in Azure and build a VPN tunnel to the data center over ExpressRoute

B.

Configure a user-defined route table

C.

Enable the redirect option in ExpressRoute to send data center traffic to a user-defined route table

D.

Configure the gateway subnet as the subnet in the user-defined route table

E.

Define a default route where the next hop IP is the FortiGate WAN interface

Buy Now
Questions 8

You are deploying Amazon Web Services (AWS) GuardDuty to monitor malicious or unauthorized behaviors related to AWS resources. You will also use the Fortinet aws-lambda-guardduty script to translate feeds from AWS GuardDuty findings into a list of malicious IP addresses. FortiGate can then consume this list as an external threat feed.

Which Amazon AWS services must you subscribe to in order to use this feature?

Options:

A.

GuardDuty, CloudWatch, S3, Inspector, WAF, and Shield.

B.

GuardDuty, CloudWatch, S3, and DynamoDB.

C.

Inspector, Shield, GuardDuty, S3, and DynamoDB.

D.

WAF, Shield, GuardDuty, S3, and DynamoDB.

Buy Now
Questions 9

Which two statements about the Amazon Cloud Services (AWS) network access control lists (ACLs) are true? (Choose two.)

Options:

A.

Network ACLs are stateless, and inbound and outbound rules are used for traffic filtering.

B.

Network ACLs are stateful, and inbound and outbound rules are used for traffic filtering.

C.

Network ACLs must be manually applied to virtual network interfaces.

D.

Network ACLs support allow rules and deny rules.

Buy Now
Exam Code: NSE7_PBC-6.4
Exam Name: Fortinet NSE 7 - Public Cloud Security 6.4
Last Update: Dec 2, 2023
Questions: 30
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 23 Apr 2024