• Home
  • Articles
  • Fortinet NSE7_PBC-6.4 Dumps Updated [Jul-2021] Get 100% Real Exam Questions! [Q18-Q41]

Fortinet NSE7_PBC-6.4 Dumps Updated [Jul-2021] Get 100% Real Exam Questions! [Q18-Q41]

Share

[Jul-2021] Pass Fortinet NSE7_PBC-6.4 Exam in First Attempt Guaranteed!

Full NSE7_PBC-6.4 Practice Test and 30 unique questions with explanations waiting just for you, get it now!

NEW QUESTION 18
You are deploying Amazon Web Services (AWS) GuardDuty to monitor malicious or unauthorized behaviors related to AWS resources. You will also use the Fortinet aws-lambda-guarddutyscript to translate feeds from AWS GuardDuty findings into a list of malicious IP addresses. FortiGate can then consume this list as an external threat feed.
Which Amazon AWS services must you subscribe to in order to use this feature?

  • A. Inspector, Shield, GuardDuty, S3, and DynamoDB.
  • B. WAF, Shield, GuardDuty, S3, and DynamoDB.
  • C. GuardDuty, CloudWatch, S3, and DynamoDB.
  • D. GuardDuty, CloudWatch, S3, Inspector, WAF, and Shield.

Answer: D

Explanation:
Explanation/Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/ed901ad2-4424-11e9-
94bf-00505692583a/FortiOS_6.2.0_AWS_Cookbook.pdf

 

NEW QUESTION 19
Refer to the exhibit.

Consider an active-passive HA deployment in Microsoft Azure. The exhibit shows an excerpt from the passive FortiGate-VM node.
If the active FortiGate-VM fails, what are the results of the API calls made by the FortiGate named SSTENTAZFGT-0302? (Choose two.)

  • A. SSTENTAZFGT-03-FloatingPIP is assigned to the IP configuration with the name SSTENTAZFGT- 0302-Nic-01, under the network interface SSTENTAZFGT-0302-Nic-01
  • B. 172.29.32.71 is set as a next hop IP for all routes under FortigateUDR-01
  • C. The network interface of the active unit moves to itself
  • D. SSTENTAZFGT-03-FloatingPIP public IP is assigned to NIC SSTENTAZFGT-0302-Nic-01

Answer: A,B

 

NEW QUESTION 20
Which two Amazon Web Services (AWS) topologies support east-west traffic inspection within the AWS cloud by the FortiGate VM? (Choose two.)

  • A. A multiple VPC deployment utilizing a transit VPC topology
  • B. A single VPC deployment with multiple subnets and a NAT gateway
  • C. A multiple VPC deployment utilizing a transit gateway
  • D. A single VPC deployment with multiple subnets

Answer: A,D

Explanation:
Explanation/Reference: https://www.fortinet.com/content/dam/fortinet/assets/white-papers/wp-aws-reference- architecture.pdf

 

NEW QUESTION 21
Customer XYZ has an ExpressRoute connection from Microsoft Azure to a data center. They want to secure communication over ExpressRoute, and to install an in-line FortiGate to perform intrusion prevention system (IPS) and antivirus scanning.
Which three methods can the customer use to ensure that all traffic from the data center is sent through FortiGate over ExpressRoute? (Choose three.)

  • A. Define a default route where the next hop IP is the FortiGate WAN interface
  • B. Install FortiGate in Azure and build a VPN tunnel to the data center over ExpressRoute
  • C. Enable the redirect option in ExpressRoute to send data center traffic to a user-defined route table
  • D. Configure the gateway subnet as the subnet in the user-defined route table
  • E. Configure a user-defined route table

Answer: A,C,D

 

NEW QUESTION 22
Refer to the exhibit.

Which two conditions will enable you to segregate and secure the traffic between the hub and the spokes in Microsoft Azure? (Choose two.)

  • A. Use ExpressRoute to interconnect the hub VNets and spoke VNets.
  • B. Implement the FortiGate-VM network virtual appliance (NVA) in the hub and use user-defined routes (UDRs) in the spokes.
  • C. Configure VNet peering between the hub and spokes.
  • D. Configure VNet peering between the spokes only.

Answer: A,C

 

NEW QUESTION 23
You need to deploy FortiGate VM devices in a highly available topology in the Microsoft Azure cloud. The following are the requirements of your deployment:
* Two FortiGate devices must be deployed; each in a different availability zone.
* Each FortiGate requires two virtual network interfaces: one will connect to a public subnet and the other will connect to a private subnet.
* An external Microsoft Azure load balancer will distribute ingress traffic to both FortiGate devices in an active- active topology.
* An internal Microsoft Azure load balancer will distribute egress traffic from protected virtual machines to both FortiGate devices in an active-active topology.
* Traffic should be accepted or denied by a firewall policy in the same way by either FortiGate device in this topology.
Which FortiOS CLI configuration can help reduce the administrative effort required to maintain the FortiGate devices, by synchronizing firewall policy and object configuration between the FortiGate devices?

  • A. config system sdn-connector
  • B. config system session-sync
  • C. config system ha
  • D. config system auto-scale

Answer: C

 

NEW QUESTION 24
You have previously deployed an Amazon Web Services (AWS) transit virtual private cloud (VPC) with a pair of FortiGate firewalls (VM04 / c4.xlarge) as your security perimeter. You are beginning to see high CPU usage on the FortiGate instances.
Which action will fix this issue?

  • A. Convert the c4.xlarge instances to m4.xlarge instances.
  • B. Convert the transit VPC firewalls into an auto-scaling group and launch additional EC2 instances in that group.
  • C. Migrate the transit VPNs to new and larger instances (VM08 / c4.2xlarge).
  • D. Convert from IPsec tunnels to generic routing encapsulation (GRE) tunnels, for the VPC peering connections.

Answer: B

 

NEW QUESTION 25
An organization deployed a FortiGate-VM in the Google Cloud Platform and initially configured it with two vNICs. Now, the same organization wants to add additional vNICs to this existing FortiGate-VM to support different workloads in their environment.
How can they do this?

  • A. They can use the Compute Engine API Explorer.
  • B. They cannot create and add additional vNICs to an existing FortiGate-VM.
  • C. They can create additional vNICs using the Cloud Shell.
  • D. They can create additional vNICs in the UI console.

Answer: A

Explanation:
Explanation/Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/62d32ecf-687f-11ea-
9384-00505692583a/FortiOS-6.4-GCP_Cookbook.pdf

 

NEW QUESTION 26

Refer to the exhibit. Consider an active-passive HA deployment in Microsoft Azure. The exhibit shows an excerpt from the passive FortiGate-VM node.
If the active FortiGate-VM fails, what are the results of the API calls made by the FortiGate named SSTENTAZFGT-0302? (Choose two.)

  • A. 172.29.32.71is set as a next hop IP for all routes under FortigateUDR-01
  • B. The network interface of the active unit moves to itself
  • C. SSTENTAZFGT-03-FloatingPIP is assigned to the IP configuration with the name SSTENTAZFGT-
    0302-Nic-01, under the network interface SSTENTAZFGT-0302-Nic-01
  • D. SSTENTAZFGT-03-FloatingPIP public IP is assigned to NIC SSTENTAZFGT-0302-Nic-01

Answer: A,C

 

NEW QUESTION 27
Which two statements about Amazon Web Services (AWS) networking are correct? (Choose two.)

  • A. Multicast traffic is not allowed.
  • B. AWS DNS reserves the first host IP address of each subnet.
  • C. 802.1q VLAN tags are allowed inside the same virtual private cloud.
  • D. Proxy ARP entries are disregarded.

Answer: A,B

 

NEW QUESTION 28
When an organization deploys a FortiGate-VM in a high availability (HA) (active/active) architecture in Microsoft Azure, they need to determine the default timeout values of the load balancer probes.
In the event of failure, how long will Azure take to mark a FortiGate-VM as unhealthy, considering the default timeout values?

  • A. 20 seconds
  • B. 16 seconds
  • C. 30 seconds
  • D. Less than 10 seconds

Answer: C

 

NEW QUESTION 29
Which two statements about the Amazon Cloud Services (AWS) network access control lists (ACLs) are true? (Choose two.)

  • A. Network ACLs support allow rules and deny rules.
  • B. Network ACLs are stateful, and inbound and outbound rules are used for traffic filtering.
  • C. Network ACLs must be manually applied to virtual network interfaces.
  • D. Network ACLs are stateless, and inbound and outbound rules are used for traffic filtering.

Answer: A,D

 

NEW QUESTION 30
A company deployed a FortiGate-VM with an on-demand license using Amazon Web Services (AWS) Market Place Cloud Formation template. After deployment, the administrator cannot remember the default admin password.
What is the default admin password for the FortiGate-VM instance?

  • A. The instance-ID value
  • B. <blank>
  • C. The admin password cannot be recovered and the customer needs to deploy the FortiGate-VM again.
  • D. admin

Answer: A

 

NEW QUESTION 31
You have been asked to develop an Azure Resource Manager infrastructure as a code template for the FortiGate-VM, that can be reused for multiple deployments. The deployment fails, and errors point to the storageAccount name.
Which two are restrictions for a storageAccount name in an Azure Resource Manager template? (Choose two.)

  • A. The storageAccount name must be in lowercase.
  • B. The storageAccount name must use special characters.
  • C. The storageAccount name must contain between 3 and 24 alphanumeric characters.
  • D. The uniqueString() function must be used.

Answer: A,D

 

NEW QUESTION 32
What is the bandwidth limitation of an Amazon Web Services (AWS) transit gateway VPC attachment?

  • A. Up to 50 Gbps per attachment
  • B. Up to 1 Gbps per attachment
  • C. Up to 10 Gbps per attachment
  • D. Up to 1.25 Gbps per attachment

Answer: D

Explanation:
Explanation/Reference: https://d1.awsstatic.com/whitepapers/building-a-scalable-and-secure-multi-vpc-aws-network- infrastructure.pdf (5)

 

NEW QUESTION 33
Which two statements about Microsoft Azure network security groups are true? (Choose two.)

  • A. Network security groups can be applied to subnets only.
  • B. Network security groups can be applied to subnets and virtual network interfaces.
  • C. Network security groups are stateless inbound and outbound rules used for traffic filtering.
  • D. Network security groups are a stateful inbound and outbound rules used for traffic filtering.

Answer: A,D

Explanation:
Explanation/Reference: https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

 

NEW QUESTION 34

Refer to the exhibit. The exhibit shows a topology where multiple connections from clients to the same FortiGate-VM instance, regardless of the protocol being used, are required.
Which two statements are correct? (Choose two.)

  • A. The design shows an active-active FortiGate-VM architecture.
  • B. The Cloud Load Balancer Session Affinity setting should be changed to CLIENT_IP.
  • C. The Cloud Load Balancer Session Affinity setting should use the default value.
  • D. The design shows an active-passive FortiGate-VM architecture.

Answer: A,B

 

NEW QUESTION 35
......

Prepare for your Fortinet certification with the updated PassLeader NSE7_PBC-6.4 exam questions: https://drive.google.com/open?id=1gCLg5UX_pbNFx1lFB09ipE4I89GRXHGg

Get Latest NSE7_PBC-6.4 Dumps Exam Questions in here: https://www.passleader.top/Fortinet/NSE7_PBC-6.4-exam-braindumps.html

Related Articles

more
Fortinet NSE7_PBC-6.4 Certification Practice Exam