試験問題と解答はNSE7_PBC-6.4学習ガイド問題を試そう!
Fortinet NSE 7 – Public Cloud Security 6.4認証サンプル問題と練習試験合格させます
質問 11
Which statement about FortiSandbox in Amazon Web Services (AWS) is true?
- A. In AWS, virtual machines (VMs) that inspect files are constantly up and running.
- B. FortiSandbox in AWS can have a maximum of eight virtual machines (VMs) that inspect files.
- C. FortiSandbox in AWS uses Windows virtual machines (VMs) to inspect files.
- D. In AWS, virtual machines (VMs) that inspect files do not have to be reset after inspecting a file.
正解: A
質問 12
Which two statements about the Amazon Cloud Services (AWS) network access control lists (ACLs) are true? (Choose two.)
- A. Network ACLs are stateless, and inbound and outbound rules are used for traffic filtering.
- B. Network ACLs support allow rules and deny rules.
- C. Network ACLs must be manually applied to virtual network interfaces.
- D. Network ACLs are stateful, and inbound and outbound rules are used for traffic filtering.
正解: A,B
質問 13
When an organization deploys a FortiGate-VM in a high availability (HA) (active/active) architecture in Microsoft Azure, they need to determine the default timeout values of the load balancer probes.
In the event of failure, how long will Azure take to mark a FortiGate-VM as unhealthy, considering the default timeout values?
- A. 20 seconds
- B. 16 seconds
- C. 30 seconds
- D. Less than 10 seconds
正解: C
質問 14
An organization deployed a FortiGate-VM in the Google Cloud Platform and initially configured it with two vNICs. Now, the same organization wants to add additional vNICs to this existing FortiGate-VM to support different workloads in their environment.
How can they do this?
- A. They can create additional vNICs in the UI console.
- B. They can create additional vNICs using the Cloud Shell.
- C. They can use the Compute Engine API Explorer.
- D. They cannot create and add additional vNICs to an existing FortiGate-VM.
正解: C
解説:
Explanation/Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/62d32ecf-687f-11ea-
9384-00505692583a/FortiOS-6.4-GCP_Cookbook.pdf
質問 15
An organization deployed a FortiGate-VM in the Google Cloud Platform and initially configured it with two vNICs. Now, the same organization wants to add additional vNICs to this existing FortiGate-VM to support different workloads in their environment.
How can they do this?
- A. They can create additional vNICs in the UI console.
- B. They can create additional vNICs using the Cloud Shell.
- C. They can use the Compute Engine API Explorer.
- D. They cannot create and add additional vNICs to an existing FortiGate-VM.
正解: C
質問 16
Refer to the exhibit. Which two conditions will enable you to segregate and secure the traffic between the hub and the spokes in Microsoft Azure? (Choose two.)
- A. Configure VNet peering between the spokes only.
- B. Configure VNet peering between the hub and spokes.
- C. Implement the FortiGate-VM network virtual appliance (NVA) in the hub and use user-defined routes (UDRs) in the spokes.
- D. Use ExpressRoute to interconnect the hub VNets and spoke VNets.
正解: B,D
質問 17
Which two statements about Microsoft Azure network security groups are true? (Choose two.)
- A. Network security groups can be applied to subnets and virtual network interfaces.
- B. Network security groups are stateless inbound and outbound rules used for traffic filtering.
- C. Network security groups are a stateful inbound and outbound rules used for traffic filtering.
- D. Network security groups can be applied to subnets only.
正解: C,D
解説:
Explanation/Reference: https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
質問 18
Which two Amazon Web Services (AWS) topologies support east-west traffic inspection within the AWS cloud by the FortiGate VM? (Choose two.)
- A. A single VPC deployment with multiple subnets
- B. A single VPC deployment with multiple subnets and a NAT gateway
- C. A multiple VPC deployment utilizing a transit VPC topology
- D. A multiple VPC deployment utilizing a transit gateway
正解: A,C
解説:
Explanation/Reference: https://www.fortinet.com/content/dam/fortinet/assets/white-papers/wp-aws-reference- architecture.pdf
質問 19
You have been tasked with deploying FortiGate VMs in a highly available topology on the Amazon Web Services (AWS) cloud. The requirements for your deployment are as follows:
* You must deploy two FortiGate VMs in a single virtual private cloud (VPC), with an external elastic load balancer which will distribute ingress traffic from the internet to both FortiGate VMs in an active-active topology.
* Each FortiGate VM must have two elastic network interfaces: one will connect to a public subnet and other will connect to a private subnet.
* To maintain high availability, you must deploy the FortiGate VMs in two different availability zones.
How many public and private subnets will you need to configure within the VPC?
- A. One public subnet and two private subnets
- B. Two public subnets and one private subnet
- C. One public subnet and one private subnet
- D. Two public subnets and two private subnets
正解: A
質問 20
What is the bandwidth limitation of an Amazon Web Services (AWS) transit gateway VPC attachment?
- A. Up to 1.25 Gbps per attachment
- B. Up to 10 Gbps per attachment
- C. Up to 50 Gbps per attachment
- D. Up to 1 Gbps per attachment
正解: A
質問 21
Refer to the exhibit.
Consider an active-passive HA deployment in Microsoft Azure. The exhibit shows an excerpt from the passive FortiGate-VM node.
If the active FortiGate-VM fails, what are the results of the API calls made by the FortiGate named SSTENTAZFGT-0302? (Choose two.)
- A. 172.29.32.71 is set as a next hop IP for all routes under FortigateUDR-01
- B. The network interface of the active unit moves to itself
- C. SSTENTAZFGT-03-FloatingPIP public IP is assigned to NIC SSTENTAZFGT-0302-Nic-01
- D. SSTENTAZFGT-03-FloatingPIP is assigned to the IP configuration with the name SSTENTAZFGT- 0302-Nic-01, under the network interface SSTENTAZFGT-0302-Nic-01
正解: A,D
質問 22
You are deploying Amazon Web Services (AWS) GuardDuty to monitor malicious or unauthorized behaviors related to AWS resources. You will also use the Fortinet aws-lambda-guarddutyscript to translate feeds from AWS GuardDuty findings into a list of malicious IP addresses. FortiGate can then consume this list as an external threat feed.
Which Amazon AWS services must you subscribe to in order to use this feature?
- A. WAF, Shield, GuardDuty, S3, and DynamoDB.
- B. Inspector, Shield, GuardDuty, S3, and DynamoDB.
- C. GuardDuty, CloudWatch, S3, Inspector, WAF, and Shield.
- D. GuardDuty, CloudWatch, S3, and DynamoDB.
正解: C
解説:
Explanation/Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/ed901ad2-4424-11e9-
94bf-00505692583a/FortiOS_6.2.0_AWS_Cookbook.pdf
質問 23
You have been asked to develop an Azure Resource Manager infrastructure as a code template for the FortiGate-VM, that can be reused for multiple deployments. The deployment fails, and errors point to the storageAccount name.
Which two are restrictions for a storageAccount name in an Azure Resource Manager template? (Choose two.)
- A. The storageAccount name must contain between 3 and 24 alphanumeric characters.
- B. The storageAccount name must be in lowercase.
- C. The uniqueString() function must be used.
- D. The storageAccount name must use special characters.
正解: B,C
質問 24
You are deploying Amazon Web Services (AWS) GuardDuty to monitor malicious or unauthorized behaviors related to AWS resources. You will also use the Fortinet aws-lambda-guardduty script to translate feeds from AWS GuardDuty findings into a list of malicious IP addresses. FortiGate can then consume this list as an external threat feed.
Which Amazon AWS services must you subscribe to in order to use this feature?
- A. WAF, Shield, GuardDuty, S3, and DynamoDB.
- B. Inspector, Shield, GuardDuty, S3, and DynamoDB.
- C. GuardDuty, CloudWatch, S3, Inspector, WAF, and Shield.
- D. GuardDuty, CloudWatch, S3, and DynamoDB.
正解: C
質問 25
Which two statements about Microsoft Azure network security groups are true? (Choose two.)
- A. Network security groups can be applied to subnets and virtual network interfaces.
- B. Network security groups are stateless inbound and outbound rules used for traffic filtering.
- C. Network security groups are a stateful inbound and outbound rules used for traffic filtering.
- D. Network security groups can be applied to subnets only.
正解: C,D
質問 26
......
Fortinet NSE7_PBC-6.4 認定試験の出題範囲:
トピック | 出題範囲 |
---|---|
トピック 1 |
|
トピック 2 |
|
トピック 3 |
|
トピック 4 |
|
トピック 5 |
|
トピック 6 |
|
トピック 7 |
|
NSE7_PBC-6.4認証問題集NSE 7 Network Security Architect NSE7_PBC-6.4ガイド 100%有効:https://www.goshiken.com/Fortinet/NSE7_PBC-6.4-mondaishu.html