NSE7_PBC-6.4 Online Practice Questions and Answers

You are deploying Amazon Web Services (AWS) GuardDuty to monitor malicious or unauthorized behaviors related to AWS resources. You will also use the Fortinet aws-lambda-guardduty script to translate feeds from AWS GuardDuty findings into a list of malicious IP addresses. FortiGate can then consume this list as an external threat feed.

Which Amazon AWS services must you subscribe to in order to use this feature?

A. GuardDuty, CloudWatch, S3, Inspector, WAF, and Shield.

B. GuardDuty, CloudWatch, S3, and DynamoDB.

C. Inspector, Shield, GuardDuty, S3, and DynamoDB.

D. WAF, Shield, GuardDuty, S3, and DynamoDB.

Refer to the exhibit. You are deploying a FortiGate-VM in Microsoft Azure using the PAYG/On-demand licensing model. After you configure the FortiGate-VM, the validation process fails, displaying the error shown in the exhibit.

What caused the validation process to fail?

A. You selected the incorrect resource group.

B. You selected the Bring Your Own License (BYOL) licensing mode.

C. You selected the PAYG/On-demand licensing model, but did not select correct virtual machine size.

D. You selected the PAYG/On-demand licensing model, but did not associate a valid Azure subscription.

An Amazon Web Services (AWS) auto-scale FortiGate cluster has just experienced a scale-down event, terminating a FortiGate in availability zone C.

What action will the worker node automatically perform to restore access to the black-holed subnet?

A. The worker node applies a route table from a non-black-holed subnet to the black-holed subnet.

B. The worker node moves the virtual IP of the terminated FortiGate to a running FortiGate on the worker node's private subnet interface.

C. The worker node modifies the route table applied to the black-holed subnet changing its default route to point to a running FortiGate on the worker node's private subnet interface.

D. The worker node migrates the subnet to a different availability zone.

Which three properties are configurable Microsoft Azure network security group rule settings? (Choose three.)

A. Action

B. Sequence number

C. Source and destination IP ranges

D. Destination port ranges

E. Source port ranges

What is the bandwidth limitation of an Amazon Web Services (AWS) transit gateway VPC attachment?

A. Up to 1.25 Gbps per attachment

B. Up to 50 Gbps per attachment

C. Up to 10 Gbps per attachment

D. Up to 1 Gbps per attachment

Refer to the exhibit. Consider an active-passive HA deployment in Microsoft Azure. The exhibit shows an excerpt from the passive FortiGate-VM node.

If the active FortiGate-VM fails, what are the results of the API calls made by the FortiGate named SSTENTAZFGT-0302? (Choose two.)

A. SSTENTAZFGT-03-FloatingPIP is assigned to the IP configuration with the name SSTENTAZFGT0302-Nic-01, under the network interface SSTENTAZFGT-0302-Nic-01

B. 172.29.32.71 is set as a next hop IP for all routes under FortigateUDR-01

C. The network interface of the active unit moves to itself

D. SSTENTAZFGT-03-FloatingPIP public IP is assigned to NIC SSTENTAZFGT-0302-Nic-01

You have previously deployed an Amazon Web Services (AWS) transit virtual private cloud (VPC) with a pair of FortiGate firewalls (VM04 / c4.xlarge) as your security perimeter. You are beginning to see high CPU usage on the FortiGate instances.

Which action will fix this issue?

A. Convert the c4.xlarge instances to m4.xlarge instances.

B. Migrate the transit VPNs to new and larger instances (VM08 / c4.2xlarge).

C. Convert from IPsec tunnels to generic routing encapsulation (GRE) tunnels, for the VPC peering connections.

D. Convert the transit VPC firewalls into an auto-scaling group and launch additional EC2 instances in that group.

An organization deploys a FortiGate-VM (VM04 / c4.xlarge) in Amazon Web Services (AWS) and configures two elastic network interfaces (ENIs). Now, the same organization wants to add additional ENIs to support different workloads in their environment.

Which action can you take to accomplish this?

A. None, you cannot create and add additional ENIs to an existing FortiGate-VM.

B. Create the ENI, shut down FortiGate, attach the ENI to FortiGate, and then start FortiGate.

C. Create the ENI, attach it to FortiGate, and then restart FortiGate.

D. Create the ENI and attach it to FortiGate.

An organization deployed a FortiGate-VM in the Google Cloud Platform and initially configured it with two vNICs. Now, the same organization wants to add additional vNICs to this existing FortiGate-VM to support different workloads in their environment.

How can they do this?

A. They can create additional vNICs using the Cloud Shell.

B. They cannot create and add additional vNICs to an existing FortiGate-VM.

C. They can create additional vNICs in the UI console.

D. They can use the Compute Engine API Explorer.

You have been asked to develop an Azure Resource Manager infrastructure as a code template for the FortiGate-VM, that can be reused for multiple deployments. The deployment fails, and errors point to the storageAccount name.

Which two are restrictions for a storageAccount name in an Azure Resource Manager template? (Choose two.)

A. The uniqueString() function must be used.

B. The storageAccount name must use special characters.

C. The storageAccount name must be in lowercase.

D. The storageAccount name must contain between 3 and 24 alphanumeric characters.