お手軽に合格させる最新Fortinet NSE7_PBC-6.4問題集には30問があります [Q16-Q40]

お手軽に合格させる最新Fortinet NSE7_PBC-6.4問題集には30問があります

最新のNSE7_PBC-6.4学習ガイド2022年最新の- 提供するのはテストエンジンとPDF

Fortinet NSE7_PBC-6.4 認定試験の出題範囲：

トピック	出題範囲
トピック 1	レジリエンス可用性、トランジットVNet、負荷分散、東西検査アマゾンウェブサービス（AWS）向けフォーティネットソリューションを構成する
トピック 2	MicrosoftAzure向けフォーティネットソリューションマーケットプレイスの展開、テンプレート、サイジング、自動化を実装する
トピック 3	マーケットプレイスのデプロイ、テンプレート、サイジング、自動化を実装する AWSマーケットプレイスでフォーティネット製品のライセンスを選択する：PAYG、BYOL
トピック 4	Azure Marketplaceでフォーティネット製品のライセンスを選択します：PAYG、BYOL トラフィックパターンの特定、MPLS、IPsec、ダイレクトコネクト
トピック 5	FortiCASBおよびFortiCWP FortiCASBの構成 FortiCWPアーキテクチャのレビュー
トピック 6	高可用性（HA）、負荷分散、自動スケーリングを構成します AWS向けのフォーティネットWAFソリューションを特定します
トピック 7	トラフィックパターン、MPLS、IPsec、専用相互接続を特定する GCPにFortiGateを導入する
トピック 8	FortiCASBアーキテクチャとサポートされているアプリケーションを確認する Google Cloud Platform（GCP）向けのフォーティネットソリューション

質問 16
You are deploying Amazon Web Services (AWS) GuardDuty to monitor malicious or unauthorized behaviors related to AWS resources. You will also use the Fortinet aws-lambda-guarddutyscript to translate feeds from AWS GuardDuty findings into a list of malicious IP addresses. FortiGate can then consume this list as an external threat feed.
Which Amazon AWS services must you subscribe to in order to use this feature?

A. WAF, Shield, GuardDuty, S3, and DynamoDB.
B. Inspector, Shield, GuardDuty, S3, and DynamoDB.
C. GuardDuty, CloudWatch, S3, Inspector, WAF, and Shield.
D. GuardDuty, CloudWatch, S3, and DynamoDB.

正解: C

解説:
Explanation/Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/ed901ad2-4424-11e9-
94bf-00505692583a/FortiOS_6.2.0_AWS_Cookbook.pdf

質問 17
A company deployed a FortiGate-VM with an on-demand license using Amazon Web Services (AWS) Market Place Cloud Formation template. After deployment, the administrator cannot remember the default admin password.
What is the default admin password for the FortiGate-VM instance?

A. The instance-ID value
B. admin
C. The admin password cannot be recovered and the customer needs to deploy the FortiGate-VM again.
D. <blank>

正解: A

質問 18
Refer to the exhibit.

In your Amazon Web Services (AWS) virtual private cloud (VPC), you must allow outbound access to the internet and upgrade software on an EC2 instance, without using a NAT instance. This specific EC2 instance is running in a private subnet: 10.0.1.0/24.
Also, you must ensure that the EC2 instance source IP address is not exposed to the public internet. There are two subnets in this VPC in the same availability zone, named public (10.0.0.0/24) and private (10.0.1.0/24).
How do you achieve this outcome with minimum configuration?

A. Deploy a NAT gateway with an EIP in the private subnet, edit route tables, select Private-route, and add a new route destination 0.0.0.0/0 to the target internet gateway.
B. Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Public-route, and delete the route destination 10.0.0.0/16 to target local.
C. Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Private-route and add a new route destination 0.0.0.0/0 to target the NAT gateway.
D. Deploy a NAT gateway with an EIP in the private subnet, edit the public main routing table, and change the destination route 0.0.0.0/0 to the target NAT gateway.

正解: A

質問 19

Refer to the exhibit. Which two conditions will enable you to segregate and secure the traffic between the hub and the spokes in Microsoft Azure? (Choose two.)

A. Configure VNet peering between the spokes only.
B. Configure VNet peering between the hub and spokes.
C. Implement the FortiGate-VM network virtual appliance (NVA) in the hub and use user-defined routes (UDRs) in the spokes.
D. Use ExpressRoute to interconnect the hub VNets and spoke VNets.

正解: B,D

質問 20
Refer to the exhibit.

Consider an active-passive HA deployment in Microsoft Azure. The exhibit shows an excerpt from the passive FortiGate-VM node.
If the active FortiGate-VM fails, what are the results of the API calls made by the FortiGate named SSTENTAZFGT-0302? (Choose two.)

A. 172.29.32.71 is set as a next hop IP for all routes under FortigateUDR-01
B. The network interface of the active unit moves to itself
C. SSTENTAZFGT-03-FloatingPIP public IP is assigned to NIC SSTENTAZFGT-0302-Nic-01
D. SSTENTAZFGT-03-FloatingPIP is assigned to the IP configuration with the name SSTENTAZFGT- 0302-Nic-01, under the network interface SSTENTAZFGT-0302-Nic-01

正解: A,D

質問 21

Refer to the exhibit. Consider an active-passive HA deployment in Microsoft Azure. The exhibit shows an excerpt from the passive FortiGate-VM node.
If the active FortiGate-VM fails, what are the results of the API calls made by the FortiGate named SSTENTAZFGT-0302? (Choose two.)

A. SSTENTAZFGT-03-FloatingPIP is assigned to the IP configuration with the name SSTENTAZFGT-
0302-Nic-01, under the network interface SSTENTAZFGT-0302-Nic-01
B. 172.29.32.71is set as a next hop IP for all routes under FortigateUDR-01
C. The network interface of the active unit moves to itself
D. SSTENTAZFGT-03-FloatingPIP public IP is assigned to NIC SSTENTAZFGT-0302-Nic-01

正解: A,B

質問 22
An organization deploys a FortiGate-VM (VM04 / c4.xlarge) in Amazon Web Services (AWS) and configures two elastic network interfaces (ENIs). Now, the same organization wants to add additional ENIs to support different workloads in their environment.
Which action can you take to accomplish this?

A. None, you cannot create and add additional ENIs to an existing FortiGate-VM.
B. Create the ENI, shut down FortiGate, attach the ENI to FortiGate, and then start FortiGate.
C. Create the ENI, attach it to FortiGate, and then restart FortiGate.
D. Create the ENI and attach it to FortiGate.

正解: B

質問 23
Refer to the exhibit.

Your senior administrator successfully configured a FortiGate fabric connector with the Azure resource manager, and created a dynamic address object on the FortiGate VM to connect with a windows server in Microsoft Azure. However, there is now an error on the dynamic address object, and you must resolve the issue.
How do you resolve this issue?

A. Run diagnose debug application azd -l on FortiGate.
B. In the Microsoft Azure portal, set the correct tag values for the windows server.
C. In the Microsoft Azure portal, access the windows server, obtain the private IP address, and assign the IP address under the FortiGate-VM AzureLab address object.
D. Delete the address object and recreate a new address object with the type set to FQDN.

正解: C

質問 24
Which two statements about the Amazon Cloud Services (AWS) network access control lists (ACLs) are true?
(Choose two.)

A. Network ACLs are stateless, and inbound and outbound rules are used for traffic filtering.
B. Network ACLs support allow rules and deny rules.
C. Network ACLs must be manually applied to virtual network interfaces.
D. Network ACLs are stateful, and inbound and outbound rules are used for traffic filtering.

正解: A,B

解説:
Explanation/Reference: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html

質問 25
Your company deploys FortiGate VM devices in high availability (HA) (active-active) mode with Microsoft Azure load balancers using the Microsoft Azure ARM template. Your senior administrator instructs you to connect to one of the FortiGate devices and configure the necessary firewall rules. However, you are not sure now to obtain the correct public IP address of the deployed FortiGate VM and identify the access ports.
How do you obtain the public IP address of the FortiGate VM and identify the correct ports to access the device?

A. In the configured load balancer, access the health probes section.
B. In the configured load balancer, access the inbound NAT rules section.
C. In the configured load balancer, access the backend pools section.
D. In the configured load balancer, access the inbound and outbound NAT rules section.

正解: D

質問 26
You have previously deployed an Amazon Web Services (AWS) transit virtual private cloud (VPC) with a pair of FortiGate firewalls (VM04 / c4.xlarge) as your security perimeter. You are beginning to see high CPU usage on the FortiGate instances.
Which action will fix this issue?

A. Migrate the transit VPNs to new and larger instances (VM08 / c4.2xlarge).
B. Convert from IPsec tunnels to generic routing encapsulation (GRE) tunnels, for the VPC peering connections.
C. Convert the transit VPC firewalls into an auto-scaling group and launch additional EC2 instances in that group.
D. Convert the c4.xlarge instances to m4.xlarge instances.

正解: C

質問 27
You have been tasked with deploying FortiGate VMs in a highly available topology on the Amazon Web Services (AWS) cloud. The requirements for your deployment are as follows:
* You must deploy two FortiGate VMs in a single virtual private cloud (VPC), with an external elastic load balancer which will distribute ingress traffic from the internet to both FortiGate VMs in an active-active topology.
* Each FortiGate VM must have two elastic network interfaces: one will connect to a public subnet and other will connect to a private subnet.
* To maintain high availability, you must deploy the FortiGate VMs in two different availability zones.
How many public and private subnets will you need to configure within the VPC?

A. One public subnet and two private subnets
B. Two public subnets and one private subnet
C. One public subnet and one private subnet
D. Two public subnets and two private subnets

正解: A

質問 28
What is the bandwidth limitation of an Amazon Web Services (AWS) transit gateway VPC attachment?

A. Up to 1.25 Gbps per attachment
B. Up to 10 Gbps per attachment
C. Up to 50 Gbps per attachment
D. Up to 1 Gbps per attachment

正解: A

解説:
Explanation/Reference: https://d1.awsstatic.com/whitepapers/building-a-scalable-and-secure-multi-vpc-aws-network- infrastructure.pdf (5)

質問 29

Refer to the exhibit. The exhibit shows a topology where multiple connections from clients to the same FortiGate-VM instance, regardless of the protocol being used, are required.
Which two statements are correct? (Choose two.)

A. The design shows an active-passive FortiGate-VM architecture.
B. The design shows an active-active FortiGate-VM architecture.
C. The Cloud Load Balancer Session Affinity setting should use the default value.
D. The Cloud Load Balancer Session Affinity setting should be changed to CLIENT_IP.

正解: B,D

質問 30
A company deployed a FortiGate-VM with an on-demand license using Amazon Web Services (AWS) Market Place Cloud Formation template. After deployment, the administrator cannot remember the default admin password.
What is the default admin password for the FortiGate-VM instance?

A. The instance-ID value
B. admin
C. The admin password cannot be recovered and the customer needs to deploy the FortiGate-VM again.
D. <blank>

正解: A

解説:
Explanation/Reference: https://docs.fortinet.com/document/fortigate/6.2.0/aws-cookbook/828256/connecting-to-the- fortigate-vm

質問 31
Refer to the exhibit.

You are configuring an active-passive FortiGate clustering protocol (FGCP) HA configuration in a single availability zone in Amazon Web Services (AWS), using a cloud formation template.
After deploying the template, you notice that the AWS console has IP information listed in the FortiGate VM firewalls in the HA configuration. However, within the configuration of FortiOS, you notice that port1 is using an IP of 10.0.0.13, and port2 is using an IP of 10.0.1.13.
What should you do to correct this issue?

A. Nothing, in AWS cloud, it is normal for a FortiGate ENI primary IP address to be different than the FortiOS IP address configuration.
B. Configure FortiOS to use DHCP so that it will get the correct IP addresses on the ports.
C. Configure FortiOS to use static IP addresses with the IP addresses reflected in the ENI primary IP address configuration (as per the exhibit).
D. Delete the deployment and start again. You have in put the wrong parameters during the cloud formation template deployment.

正解: B

質問 32
Which three properties are configurable Microsoft Azure network security group rule settings? (Choose three.)