• ホーム
  • ブログ
  • 無料NSE7_PBC-6.4試験ブレーン問題集認定ガイド問題と解答 [Q18-Q35]

無料NSE7_PBC-6.4試験ブレーン問題集認定ガイド問題と解答 [Q18-Q35]

Share

無料NSE7_PBC-6.4試験ブレーン問題集認定ガイド問題と解答

NSE7_PBC-6.4認定概要最新のNSE7_PBC-6.4PDF問題集

質問 18
Which two statements about Microsoft Azure network security groups are true? (Choose two.)

  • A. Network security groups can be applied to subnets and virtual network interfaces.
  • B. Network security groups are stateless inbound and outbound rules used for traffic filtering.
  • C. Network security groups are a stateful inbound and outbound rules used for traffic filtering.
  • D. Network security groups can be applied to subnets only.

正解: C,D

解説:
Explanation/Reference: https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

 

質問 19
Refer to the exhibit.

In your Amazon Web Services (AWS) virtual private cloud (VPC), you must allow outbound access to the internet and upgrade software on an EC2 instance, without using a NAT instance. This specific EC2 instance is running in a private subnet: 10.0.1.0/24.
Also, you must ensure that the EC2 instance source IP address is not exposed to the public internet. There are two subnets in this VPC in the same availability zone, named public (10.0.0.0/24) and private (10.0.1.0/24).
How do you achieve this outcome with minimum configuration?

  • A. Deploy a NAT gateway with an EIP in the private subnet, edit route tables, select Private-route, and add a new route destination 0.0.0.0/0 to the target internet gateway.
  • B. Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Public-route, and delete the route destination 10.0.0.0/16 to target local.
  • C. Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Private-route and add a new route destination 0.0.0.0/0 to target the NAT gateway.
  • D. Deploy a NAT gateway with an EIP in the private subnet, edit the public main routing table, and change the destination route 0.0.0.0/0 to the target NAT gateway.

正解: A

 

質問 20
When configuring the FortiCASB policy, which three configuration options are available? (Choose three.)

  • A. Intrusion prevention policies
  • B. Data loss prevention policies
  • C. Compliance policies
  • D. Antivirus policies
  • E. Threat protection policies

正解: B,C,E

 

質問 21
Refer to the exhibit.

You are deploying a FortiGate-VM in Microsoft Azure using the PAYG/On-demand licensing model. After you configure the FortiGate-VM, the validation process fails, displaying the error shown in the exhibit.
What caused the validation process to fail?

  • A. You selected the incorrect resource group.
  • B. You selected the Bring Your Own License (BYOL) licensing mode.
  • C. You selected the PAYG/On-demand licensing model, but did not associate a valid Azure subscription.
  • D. You selected the PAYG/On-demand licensing model, but did not select correct virtual machine size.

正解: A

 

質問 22
You have been tasked with deploying FortiGate VMs in a highly available topology on the Amazon Web Services (AWS) cloud. The requirements for your deployment are as follows:
* You must deploy two FortiGate VMs in a single virtual private cloud (VPC), with an external elastic load balancer which will distribute ingress traffic from the internet to both FortiGate VMs in an active-active topology.
* Each FortiGate VM must have two elastic network interfaces: one will connect to a public subnet and other will connect to a private subnet.
* To maintain high availability, you must deploy the FortiGate VMs in two different availability zones.
How many public and private subnets will you need to configure within the VPC?

  • A. One public subnet and two private subnets
  • B. Two public subnets and one private subnet
  • C. One public subnet and one private subnet
  • D. Two public subnets and two private subnets

正解: A

 

質問 23
Which two statements about the Amazon Cloud Services (AWS) network access control lists (ACLs) are true?
(Choose two.)

  • A. Network ACLs are stateless, and inbound and outbound rules are used for traffic filtering.
  • B. Network ACLs support allow rules and deny rules.
  • C. Network ACLs must be manually applied to virtual network interfaces.
  • D. Network ACLs are stateful, and inbound and outbound rules are used for traffic filtering.

正解: A,B

解説:
Explanation/Reference: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html

 

質問 24
You are deploying Amazon Web Services (AWS) GuardDuty to monitor malicious or unauthorized behaviors related to AWS resources. You will also use the Fortinet aws-lambda-guardduty script to translate feeds from AWS GuardDuty findings into a list of malicious IP addresses. FortiGate can then consume this list as an external threat feed.
Which Amazon AWS services must you subscribe to in order to use this feature?

  • A. WAF, Shield, GuardDuty, S3, and DynamoDB.
  • B. Inspector, Shield, GuardDuty, S3, and DynamoDB.
  • C. GuardDuty, CloudWatch, S3, Inspector, WAF, and Shield.
  • D. GuardDuty, CloudWatch, S3, and DynamoDB.

正解: C

 

質問 25
Which three properties are configurable Microsoft Azure network security group rule settings? (Choose three.)

  • A. Sequence number
  • B. Source and destination IP ranges
  • C. Action
  • D. Destination port ranges
  • E. Source port ranges

正解: C,D,E

解説:
Explanation/Reference: https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

 

質問 26
A company deployed a FortiGate-VM with an on-demand license using Amazon Web Services (AWS) Market Place Cloud Formation template. After deployment, the administrator cannot remember the default admin password.
What is the default admin password for the FortiGate-VM instance?

  • A. The instance-ID value
  • B. admin
  • C. The admin password cannot be recovered and the customer needs to deploy the FortiGate-VM again.
  • D. <blank>

正解: A

 

質問 27
Which two statements about Microsoft Azure network security groups are true? (Choose two.)

  • A. Network security groups can be applied to subnets and virtual network interfaces.
  • B. Network security groups are stateless inbound and outbound rules used for traffic filtering.
  • C. Network security groups are a stateful inbound and outbound rules used for traffic filtering.
  • D. Network security groups can be applied to subnets only.

正解: C,D

 

質問 28
When an organization deploys a FortiGate-VM in a high availability (HA) (active/active) architecture in Microsoft Azure, they need to determine the default timeout values of the load balancer probes.
In the event of failure, how long will Azure take to mark a FortiGate-VM as unhealthy, considering the default timeout values?

  • A. 20 seconds
  • B. 16 seconds
  • C. 30 seconds
  • D. Less than 10 seconds

正解: C

 

質問 29
Your company deploys FortiGate VM devices in high availability (HA) (active-active) mode with Microsoft Azure load balancers using the Microsoft Azure ARM template. Your senior administrator instructs you to connect to one of the FortiGate devices and configure the necessary firewall rules. However, you are not sure now to obtain the correct public IP address of the deployed FortiGate VM and identify the access ports.
How do you obtain the public IP address of the FortiGate VM and identify the correct ports to access the device?

  • A. In the configured load balancer, access the health probes section.
  • B. In the configured load balancer, access the inbound NAT rules section.
  • C. In the configured load balancer, access the backend pools section.
  • D. In the configured load balancer, access the inbound and outbound NAT rules section.

正解: D

 

質問 30
Refer to the exhibit.

Your senior administrator successfully configured a FortiGate fabric connector with the Azure resource manager, and created a dynamic address object on the FortiGate VM to connect with a windows server in Microsoft Azure. However, there is now an error on the dynamic address object, and you must resolve the issue.
How do you resolve this issue?

  • A. Run diagnose debug application azd -l on FortiGate.
  • B. In the Microsoft Azure portal, set the correct tag values for the windows server.
  • C. In the Microsoft Azure portal, access the windows server, obtain the private IP address, and assign the IP address under the FortiGate-VM AzureLab address object.
  • D. Delete the address object and recreate a new address object with the type set to FQDN.

正解: C

 

質問 31
You need to deploy FortiGate VM devices in a highly available topology in the Microsoft Azure cloud. The following are the requirements of your deployment:
* Two FortiGate devices must be deployed; each in a different availability zone.
* Each FortiGate requires two virtual network interfaces: one will connect to a public subnet and the other will connect to a private subnet.
* An external Microsoft Azure load balancer will distribute ingress traffic to both FortiGate devices in an active- active topology.
* An internal Microsoft Azure load balancer will distribute egress traffic from protected virtual machines to both FortiGate devices in an active-active topology.
* Traffic should be accepted or denied by a firewall policy in the same way by either FortiGate device in this topology.
Which FortiOS CLI configuration can help reduce the administrative effort required to maintain the FortiGate devices, by synchronizing firewall policy and object configuration between the FortiGate devices?

  • A. config system sdn-connector
  • B. config system session-sync
  • C. config system ha
  • D. config system auto-scale

正解: C

 

質問 32
What is the bandwidth limitation of an Amazon Web Services (AWS) transit gateway VPC attachment?

  • A. Up to 1.25 Gbps per attachment
  • B. Up to 10 Gbps per attachment
  • C. Up to 50 Gbps per attachment
  • D. Up to 1 Gbps per attachment

正解: A

 

質問 33
You have been asked to develop an Azure Resource Manager infrastructure as a code template for the FortiGate-VM, that can be reused for multiple deployments. The deployment fails, and errors point to the storageAccount name.
Which two are restrictions for a storageAccount name in an Azure Resource Manager template? (Choose two.)

  • A. The storageAccount name must contain between 3 and 24 alphanumeric characters.
  • B. The storageAccount name must be in lowercase.
  • C. The uniqueString() function must be used.
  • D. The storageAccount name must use special characters.

正解: B,C

 

質問 34

Refer to the exhibit. The exhibit shows a topology where multiple connections from clients to the same FortiGate-VM instance, regardless of the protocol being used, are required.
Which two statements are correct? (Choose two.)

  • A. The design shows an active-passive FortiGate-VM architecture.
  • B. The design shows an active-active FortiGate-VM architecture.
  • C. The Cloud Load Balancer Session Affinity setting should use the default value.
  • D. The Cloud Load Balancer Session Affinity setting should be changed to CLIENT_IP.

正解: B,D

 

質問 35
......


Fortinet NSE7_PBC-6.4 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • Review FortiCASB architecture and supported applications
  • Fortinet Solution for Google Cloud Platform (GCP)
トピック 2
  • Apply auto scaling, resilience
  • availability, transit VPCs, load balancing
  • Identify Azure Security Center, Azure Stack
トピック 3
  • Configure HA, load balancing, and autoscaling
  • Identify traffic patterns, MPLS, IPsec, ExpressRoute, Traffic Manager
トピック 4
  • Choose Fortinet products licensing in Azure Marketplace: PAYG, BYOL
  • Identify traffic patterns, MPLS, IPsec, Direct Connect
トピック 5
  • Fortinet Solution for Microsoft Azure
  • Implement marketplace deployment, templates, sizing, automation
トピック 6
  • Implement marketplace deployment, templates, sizing, automation
  • Choose Fortinet products licensing in AWS Marketplace: PAYG, BYOL
トピック 7
  • Configure resilience
  • availability, Transit VNet, load balancing, east-west inspection
  • Fortinet Solution for Amazon Web Services (AWS)

 

ベストなFortinet NSE7_PBC-6.4学習ガイドと問題集には2022:https://www.goshiken.com/Fortinet/NSE7_PBC-6.4-mondaishu.html

関するブログ

もっと
NSE7_PBC-6.4無料問題集