Fortinet NSE 7 - Public Cloud Security 7.2 - NSE7

Question 1

Refer to the exhibit. What value or values must the administrator use in the SSH Key section to deploy a FortiGate VM using Terraform in Amazon Web Services (AWS)?

A. Use the Fingerprint value of the key pair

B. Use the ID value of the key pair.

C. Use the Name of the key pair

D. Use the Name and ID values of the key pair

Correct Answer: C

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 2

How does an administrator secure container environments from newly emerged security threats?

A. Use Docker-related application control signatures

B. Use distributed network-related application control signatures.

C. Use Amazon AWS-related application control signatures

D. Use Amazon AWS_S3-related application control signatures

Correct Answer: A

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 3

Refer to the exhibit. You have deployed a Linux EC2 instance in Amazon Web Services (AWS) with the settings shown on the exhibit What next step must the administrator take to access this instance from the internet?

A. Configure the user name and password.

B. Enable SSH and allocate it to the device

C. Allocate an Elastic IP address and assign it to the instance

D. Enable source and destination checks on the instance

Correct Answer: C

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 4

You have created a TGW route table to route traffic from your spoke VPC to the security VPC where two FortiGate devices are inspecting traffic. Your spoke VPC CIDR block is already propagated to the Transit Gateway (TGW) route table.
Which type of attachment should you use to advertise routes through BGP from the spoke VPC to the security VPC?

A. Route attachment

B. VPC attachment

C. GRE attachment

D. Connect attachment

Correct Answer: B

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 5

How does the immutable infrastructure strategy work in automation?

A. It runs one idle and two live environments for configuration changes.

B. It runs one idle and a single live environment for configuration changes.

C. It runs a single live environment for configuration changes.

D. It runs two live environments for configuration changes.

Correct Answer: D

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 6

Customer XYZ has an ExpressRoute connection from Microsoft Azure to a data center. They want to secure communication over ExpressRoute, and to install an in-line FortiGate to perform intrusion prevention system (IPS) and antivirus scanning.
Which three methods can the customer use to ensure that all traffic from the data center is sent through FortiGate over ExpressRoute? (Choose three.)

A. Configure the gateway subnet as the subnet in the user-defined route table

B. Configure a user-defined route table

C. Install FortiGate in Azure and build a VPN tunnel to the data center over ExpressRoute

D. Define a default route where the next hop IP is the FortiGate WAN interface

E. Enable the redirect option in ExpressRoute to send data center traffic to a user-defined route table

Correct Answer: A,C,D

Question 7

Refer to the exhibit. In your Amazon Web Services (AWS), you must allow inbound HTTPS access to the Customer VPC FortiGate VM from the internet. However, your HTTPS connection to the FortiGate VM in the Customer VPC is not successful.

Also, you must ensure that the Customer VPC FortiGate VM sends all the outbound Internet traffic through the Security VPC. How do you correct this Issue with minimal configuration changes? (Choose three.)

A. Deploy an internet gateway, associate an EIP in the private subnet, edit route tables, and add a new route destination 0.0.0.0/0 to the target internet gateway

B. Add a route With your local internet public IP address as the destination and target internet gateway

C. Add a route With your local internet public IP address as the destination and target transit gateway

D. Deploy an internet gateway, associate an EIP in the public subnet, and attach the internet gateway to the Customer VPC,

E. Add route destination 0 0.0 0/0 to target the transit gateway

Correct Answer: A,D,E

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 8

Refer to the exhibit. An administrator deployed a FortiGate-VM in a high availability (HA) (active/passive) architecture in Amazon Web Services (AWS) using Terraform for testing purposes. At the same time, the administrator deployed a single Linux server using AWS Marketplace.

Which two options are available for the administrator to delete all the resources created in this test? (Choose two.)

A. Use the terraform destroy command

B. Use the terraform validate command.

C. The administrator must manually delete the Linux server.

D. Use the terraform destroy all command.

Correct Answer: A,C

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 9

You have previously deployed an Amazon Web Services (AWS) transit virtual private cloud (VPC) with a pair of FortiGate firewalls (VM04 / c4.xlarge) as your security perimeter. You are beginning to see high CPU usage on the FortiGate instances.
Which action will fix this issue?

A. Migrate the transit VPNs to new and larger instances (VM08 / c4.2xlarge).

B. Convert from IPsec tunnels to generic routing encapsulation (GRE) tunnels, for the VPC peering connections.

C. Convert the transit VPC firewalls into an auto-scaling group and launch additional EC2 instances in that group.

D. Convert the c4.xlarge instances to m4.xlarge instances.

Correct Answer: C

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 10

An administrator is looking for a solution that can provide insight into users and data stored in major SaaS applications in the multicloud environment Which product should the administrator deploy to have secure access to SaaS applications?

A. FortiSandbox

B. ForliCASB

C. FortiProxy

D. FortiWeb

Correct Answer: B

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Fortinet NSE 7 - Public Cloud Security 7.2 - NSE7_PBC-7.2 Exam Practice Test

Latest Update

Useful Links

Contact Us