Fortinet NSE 7 - Public Cloud Security 7.2 - NSE7

QUESTION NO: 1
A company deployed a FortiGate-VM with an on-demand license using Amazon Web Services (AWS) Market Place Cloud Formation template. After deployment, the administrator cannot remember the default admin password.
What is the default admin password for the FortiGate-VM instance?

A. The instance-ID value B. admin C. <blank> D. The admin password cannot be recovered and the customer needs to deploy the FortiGate- VM again.

Correct Answer: A

QUESTION NO: 2
Refer to the exhibit. A customer has deployed an environment in Amazon Web Services (AWS) and is now trying to send outbound traffic from the Web servers to the Internet. The FortiGate policies are configured to allow all outbound traffic; however, the traffic is not reaching the FortiGate internal interface.

What are two possible reasons for this behavior? (Choose two.)

A. The web servers are not configured with the default gateway. B. AWS source and destination checks are enabled on the FortiGate interfaces. C. AWS security groups may be blocking the traffic. D. The Internet gateway (IGW) is not added to VPC (virtual private cloud).

Correct Answer: B,C

QUESTION NO: 3
You have been asked to develop an Azure Resource Manager infrastructure as a code template for the FortiGate-VM, that can be reused for multiple deployments. The deployment fails, and errors point to the storageAccount name.
Which two are restrictions for a storageAccount name in an Azure Resource Manager template?
(Choose two.)

A. The storageAccount name must use special characters. B. The storageAccount name must contain between 3 and 24 alphanumeric characters. C. The uniqueString() function must be used. D. The storageAccount name must be in lowercase.

Correct Answer: B,D

QUESTION NO: 4
Refer to the exhibit. You deployed an HA active-passive FortiGate VM in Microsoft Azure.

Which two statements regarding this particular deployment are true? (Choose two.)

A. There is no SLA for API calls from Microsoft Azure. B. During the failover, the passive FortiGate issues API calls to Azure C. By default, the configuration does not synchromze between the primary and secondary devices. D. Use the vdom-excepticn command to synchronize the configuration.

Correct Answer: B,C

Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).

QUESTION NO: 5
You have previously deployed an Amazon Web Services (AWS) transit virtual private cloud (VPC) with a pair of FortiGate firewalls (VM04 / c4.xlarge) as your security perimeter. You are beginning to see high CPU usage on the FortiGate instances.
Which action will fix this issue?

A. Convert the c4.xlarge instances to m4.xlarge instances. B. Convert from IPsec tunnels to generic routing encapsulation (GRE) tunnels, for the VPC peering connections. C. Convert the transit VPC firewalls into an auto-scaling group and launch additional EC2 instances in that group. D. Migrate the transit VPNs to new and larger instances (VM08 / c4.2xlarge).

Correct Answer: C

Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).

QUESTION NO: 6
Which two statements are true about Transit Gateway Connect peers in anlPv4 BGP configuration'? (Choose two.)

A. You cannot use IPv6 addresses B. You must configure the second address from the IPv4 range on the device as the BGP IP address C. The inside CIDR blocks are used for BGP peering D. You must specify a /29CIDR block from the 169.254.0.0/16 range

Correct Answer: C,D

Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).

QUESTION NO: 7
Refer to the exhibit. You deployed an HA active-active load balance sandwich with two FortiGate VMs in Microsoft Azure. After the deployment, you prefer to use FGSP to synchronize sessions, and allow asymmetric return traffic In the environment, FortiGate port 1 and port 2 are facing external and internal load balancers respectively What IP address must you use in the peerip configuration?

A. The opposite FortiGate port 2 IP address. B. The internal load balancer port 1 IP address. C. The opposite FortiGate port 1 IP address. D. The public load balancer port 2 IP address

Correct Answer: A

Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).

QUESTION NO: 8
You are tasked with deploying a FortiGate HA solution in Amazon Web Services (AWS) using Terraform.
What are two steps you must take to complete this deployment? (Choose two.)

A. Create an AWS Active Directory user with permissions. B. Enable automation on the AWS portal. C. Create an AWS Identity and Access Management (IAM) user With permissions. D. Use CloudSheIl to install Terraform.

Correct Answer: C,D

Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).

QUESTION NO: 9
An organization deploys a FortiGate-VM (VM04 / c4.xlarge) in Amazon Web Services (AWS) and configures two elastic network interfaces (ENIs). Now, the same organization wants to add additional ENIs to support different workloads in their environment.
Which action can you take to accomplish this?

A. Create the ENI, attach it to FortiGate, and then restart FortiGate. B. None, you cannot create and add additional ENIs to an existing FortiGate-VM. C. Create the ENI, shut down FortiGate, attach the ENI to FortiGate, and then start FortiGate. D. Create the ENI and attach it to FortiGate.

Correct Answer: D

QUESTION NO: 10
Refer to the exhibit. You have deployed a Linux EC2 instance in Amazon Web Services (AWS) with the settings shown on the exhibit What next step must the administrator take to access this instance from the internet?

A. Configure the user name and password. B. Enable source and destination checks on the instance C. Allocate an Elastic IP address and assign it to the instance D. Enable SSH and allocate it to the device

Correct Answer: C

Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).

Fortinet NSE 7 - Public Cloud Security 7.2 - NSE7_PBC-7.2 Exam Questions