NSE7_PBC-6.4 Online Practice Questions and Answers

When configuring the FortiCASB policy, which three configuration options are available? (Choose three.)

A. Intrusion prevention policies

B. Threat protection policies

C. Data loss prevention policies

D. Compliance policies

E. Antivirus policies

You are deploying Amazon Web Services (AWS) GuardDuty to monitor malicious or unauthorized behaviors related to AWS resources. You will also use the Fortinet aws-lambda-guardduty script to translate feeds from AWS GuardDuty findings into a list of malicious IP addresses. FortiGate can then consume this list as an external threat feed.

Which Amazon AWS services must you subscribe to in order to use this feature?

A. GuardDuty, CloudWatch, S3, Inspector, WAF, and Shield.

B. GuardDuty, CloudWatch, S3, and DynamoDB.

C. Inspector, Shield, GuardDuty, S3, and DynamoDB.

D. WAF, Shield, GuardDuty, S3, and DynamoDB.

Refer to the exhibit. You are deploying a FortiGate-VM in Microsoft Azure using the PAYG/On-demand licensing model. After you configure the FortiGate-VM, the validation process fails, displaying the error shown in the exhibit.

What caused the validation process to fail?

A. You selected the incorrect resource group.

B. You selected the Bring Your Own License (BYOL) licensing mode.

C. You selected the PAYG/On-demand licensing model, but did not select correct virtual machine size.

D. You selected the PAYG/On-demand licensing model, but did not associate a valid Azure subscription.

An Amazon Web Services (AWS) auto-scale FortiGate cluster has just experienced a scale-down event, terminating a FortiGate in availability zone C.

What action will the worker node automatically perform to restore access to the black-holed subnet?

A. The worker node applies a route table from a non-black-holed subnet to the black-holed subnet.

B. The worker node moves the virtual IP of the terminated FortiGate to a running FortiGate on the worker node's private subnet interface.

C. The worker node modifies the route table applied to the black-holed subnet changing its default route to point to a running FortiGate on the worker node's private subnet interface.

D. The worker node migrates the subnet to a different availability zone.

When an organization deploys a FortiGate-VM in a high availability (HA) (active/active) architecture in Microsoft Azure, they need to determine the default timeout values of the load balancer probes.

In the event of failure, how long will Azure take to mark a FortiGate-VM as unhealthy, considering the default timeout values?

A. Less than 10 seconds

B. 30 seconds

C. 20 seconds

D. 16 seconds

Which three properties are configurable Microsoft Azure network security group rule settings? (Choose three.)

A. Action

B. Sequence number

C. Source and destination IP ranges

D. Destination port ranges

E. Source port ranges

An organization deployed a FortiGate-VM in the Google Cloud Platform and initially configured it with two vNICs. Now, the same organization wants to add additional vNICs to this existing FortiGate-VM to support different workloads in their environment.

How can they do this?

A. They can create additional vNICs using the Cloud Shell.

B. They cannot create and add additional vNICs to an existing FortiGate-VM.

C. They can create additional vNICs in the UI console.

D. They can use the Compute Engine API Explorer.

You need to deploy FortiGate VM devices in a highly available topology in the Microsoft Azure cloud. The

following are the requirements of your deployment:

Two FortiGate devices must be deployed; each in a different availability zone.

Each FortiGate requires two virtual network interfaces: one will connect to a public subnet and the other

will connect to a private subnet.

An external Microsoft Azure load balancer will distribute ingress traffic to both FortiGate devices in an

active-active topology.

An internal Microsoft Azure load balancer will distribute egress traffic from protected virtual machines to

both FortiGate devices in an active-active topology.

Traffic should be accepted or denied by a firewall policy in the same way by either FortiGate device in this

topology.

Which FortiOS CLI configuration can help reduce the administrative effort required to maintain the

FortiGate devices, by synchronizing firewall policy and object configuration between the FortiGate

devices?

A. config system sdn-connector

B. config system ha

C. config system auto-scale

D. config system session-sync