• ホーム
  • ブログ
  • 試験問題と解答はNSE7_PBC-6.4学習ガイド問題を試そう! [Q11-Q26]

試験問題と解答はNSE7_PBC-6.4学習ガイド問題を試そう! [Q11-Q26]

Share

試験問題と解答はNSE7_PBC-6.4学習ガイド問題を試そう!

Fortinet NSE 7 – Public Cloud Security 6.4認証サンプル問題と練習試験合格させます

質問 11
Which statement about FortiSandbox in Amazon Web Services (AWS) is true?

  • A. In AWS, virtual machines (VMs) that inspect files are constantly up and running.
  • B. FortiSandbox in AWS can have a maximum of eight virtual machines (VMs) that inspect files.
  • C. FortiSandbox in AWS uses Windows virtual machines (VMs) to inspect files.
  • D. In AWS, virtual machines (VMs) that inspect files do not have to be reset after inspecting a file.

正解: A

 

質問 12
Which two statements about the Amazon Cloud Services (AWS) network access control lists (ACLs) are true? (Choose two.)

  • A. Network ACLs are stateless, and inbound and outbound rules are used for traffic filtering.
  • B. Network ACLs support allow rules and deny rules.
  • C. Network ACLs must be manually applied to virtual network interfaces.
  • D. Network ACLs are stateful, and inbound and outbound rules are used for traffic filtering.

正解: A,B

 

質問 13
When an organization deploys a FortiGate-VM in a high availability (HA) (active/active) architecture in Microsoft Azure, they need to determine the default timeout values of the load balancer probes.
In the event of failure, how long will Azure take to mark a FortiGate-VM as unhealthy, considering the default timeout values?

  • A. 20 seconds
  • B. 16 seconds
  • C. 30 seconds
  • D. Less than 10 seconds

正解: C

 

質問 14
An organization deployed a FortiGate-VM in the Google Cloud Platform and initially configured it with two vNICs. Now, the same organization wants to add additional vNICs to this existing FortiGate-VM to support different workloads in their environment.
How can they do this?

  • A. They can create additional vNICs in the UI console.
  • B. They can create additional vNICs using the Cloud Shell.
  • C. They can use the Compute Engine API Explorer.
  • D. They cannot create and add additional vNICs to an existing FortiGate-VM.

正解: C

解説:
Explanation/Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/62d32ecf-687f-11ea-
9384-00505692583a/FortiOS-6.4-GCP_Cookbook.pdf

 

質問 15
An organization deployed a FortiGate-VM in the Google Cloud Platform and initially configured it with two vNICs. Now, the same organization wants to add additional vNICs to this existing FortiGate-VM to support different workloads in their environment.
How can they do this?

  • A. They can create additional vNICs in the UI console.
  • B. They can create additional vNICs using the Cloud Shell.
  • C. They can use the Compute Engine API Explorer.
  • D. They cannot create and add additional vNICs to an existing FortiGate-VM.

正解: C

 

質問 16

Refer to the exhibit. Which two conditions will enable you to segregate and secure the traffic between the hub and the spokes in Microsoft Azure? (Choose two.)

  • A. Configure VNet peering between the spokes only.
  • B. Configure VNet peering between the hub and spokes.
  • C. Implement the FortiGate-VM network virtual appliance (NVA) in the hub and use user-defined routes (UDRs) in the spokes.
  • D. Use ExpressRoute to interconnect the hub VNets and spoke VNets.

正解: B,D

 

質問 17
Which two statements about Microsoft Azure network security groups are true? (Choose two.)

  • A. Network security groups can be applied to subnets and virtual network interfaces.
  • B. Network security groups are stateless inbound and outbound rules used for traffic filtering.
  • C. Network security groups are a stateful inbound and outbound rules used for traffic filtering.
  • D. Network security groups can be applied to subnets only.

正解: C,D

解説:
Explanation/Reference: https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

 

質問 18
Which two Amazon Web Services (AWS) topologies support east-west traffic inspection within the AWS cloud by the FortiGate VM? (Choose two.)

  • A. A single VPC deployment with multiple subnets
  • B. A single VPC deployment with multiple subnets and a NAT gateway
  • C. A multiple VPC deployment utilizing a transit VPC topology
  • D. A multiple VPC deployment utilizing a transit gateway

正解: A,C

解説:
Explanation/Reference: https://www.fortinet.com/content/dam/fortinet/assets/white-papers/wp-aws-reference- architecture.pdf

 

質問 19
You have been tasked with deploying FortiGate VMs in a highly available topology on the Amazon Web Services (AWS) cloud. The requirements for your deployment are as follows:
* You must deploy two FortiGate VMs in a single virtual private cloud (VPC), with an external elastic load balancer which will distribute ingress traffic from the internet to both FortiGate VMs in an active-active topology.
* Each FortiGate VM must have two elastic network interfaces: one will connect to a public subnet and other will connect to a private subnet.
* To maintain high availability, you must deploy the FortiGate VMs in two different availability zones.
How many public and private subnets will you need to configure within the VPC?

  • A. One public subnet and two private subnets
  • B. Two public subnets and one private subnet
  • C. One public subnet and one private subnet
  • D. Two public subnets and two private subnets

正解: A

 

質問 20
What is the bandwidth limitation of an Amazon Web Services (AWS) transit gateway VPC attachment?

  • A. Up to 1.25 Gbps per attachment
  • B. Up to 10 Gbps per attachment
  • C. Up to 50 Gbps per attachment
  • D. Up to 1 Gbps per attachment

正解: A

 

質問 21
Refer to the exhibit.

Consider an active-passive HA deployment in Microsoft Azure. The exhibit shows an excerpt from the passive FortiGate-VM node.
If the active FortiGate-VM fails, what are the results of the API calls made by the FortiGate named SSTENTAZFGT-0302? (Choose two.)

  • A. 172.29.32.71 is set as a next hop IP for all routes under FortigateUDR-01
  • B. The network interface of the active unit moves to itself
  • C. SSTENTAZFGT-03-FloatingPIP public IP is assigned to NIC SSTENTAZFGT-0302-Nic-01
  • D. SSTENTAZFGT-03-FloatingPIP is assigned to the IP configuration with the name SSTENTAZFGT- 0302-Nic-01, under the network interface SSTENTAZFGT-0302-Nic-01

正解: A,D

 

質問 22
You are deploying Amazon Web Services (AWS) GuardDuty to monitor malicious or unauthorized behaviors related to AWS resources. You will also use the Fortinet aws-lambda-guarddutyscript to translate feeds from AWS GuardDuty findings into a list of malicious IP addresses. FortiGate can then consume this list as an external threat feed.
Which Amazon AWS services must you subscribe to in order to use this feature?

  • A. WAF, Shield, GuardDuty, S3, and DynamoDB.
  • B. Inspector, Shield, GuardDuty, S3, and DynamoDB.
  • C. GuardDuty, CloudWatch, S3, Inspector, WAF, and Shield.
  • D. GuardDuty, CloudWatch, S3, and DynamoDB.

正解: C

解説:
Explanation/Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/ed901ad2-4424-11e9-
94bf-00505692583a/FortiOS_6.2.0_AWS_Cookbook.pdf

 

質問 23
You have been asked to develop an Azure Resource Manager infrastructure as a code template for the FortiGate-VM, that can be reused for multiple deployments. The deployment fails, and errors point to the storageAccount name.
Which two are restrictions for a storageAccount name in an Azure Resource Manager template? (Choose two.)

  • A. The storageAccount name must contain between 3 and 24 alphanumeric characters.
  • B. The storageAccount name must be in lowercase.
  • C. The uniqueString() function must be used.
  • D. The storageAccount name must use special characters.

正解: B,C

 

質問 24
You are deploying Amazon Web Services (AWS) GuardDuty to monitor malicious or unauthorized behaviors related to AWS resources. You will also use the Fortinet aws-lambda-guardduty script to translate feeds from AWS GuardDuty findings into a list of malicious IP addresses. FortiGate can then consume this list as an external threat feed.
Which Amazon AWS services must you subscribe to in order to use this feature?

  • A. WAF, Shield, GuardDuty, S3, and DynamoDB.
  • B. Inspector, Shield, GuardDuty, S3, and DynamoDB.
  • C. GuardDuty, CloudWatch, S3, Inspector, WAF, and Shield.
  • D. GuardDuty, CloudWatch, S3, and DynamoDB.

正解: C

 

質問 25
Which two statements about Microsoft Azure network security groups are true? (Choose two.)

  • A. Network security groups can be applied to subnets and virtual network interfaces.
  • B. Network security groups are stateless inbound and outbound rules used for traffic filtering.
  • C. Network security groups are a stateful inbound and outbound rules used for traffic filtering.
  • D. Network security groups can be applied to subnets only.

正解: C,D

 

質問 26
......


Fortinet NSE7_PBC-6.4 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • Configure high availability (HA), load balancing, and autoscaling
  • Identify Fortinet WAF solutions for AWS
トピック 2
  • Configure HA, load balancing, and autoscaling
  • Identify traffic patterns, MPLS, IPsec, ExpressRoute, Traffic Manager
トピック 3
  • Implement marketplace deployment, templates, sizing, automation
  • Choose Fortinet products licensing in AWS Marketplace: PAYG, BYOL
トピック 4
  • FortiCASB and FortiCWP
  • Configure FortiCASB
  • Review FortiCWP architecture
トピック 5
  • Apply auto scaling, resilience
  • availability, transit VPCs, load balancing
  • Identify Azure Security Center, Azure Stack
トピック 6
  • Review FortiCASB architecture and supported applications
  • Fortinet Solution for Google Cloud Platform (GCP)
トピック 7
  • Identify traffic patterns, MPLS, IPsec, and dedicated interconnection
  • Deploy FortiGate in GCP

 

NSE7_PBC-6.4認証問題集NSE 7 Network Security Architect NSE7_PBC-6.4ガイド 100%有効:https://www.goshiken.com/Fortinet/NSE7_PBC-6.4-mondaishu.html

関するブログ

もっと
NSE7_PBC-6.4無料問題集