New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

NSE7_PBC-7.2 Questions and Answers

Question # 6

Refer to the exhibit

A customer has deployed an environment in Amazon Web Services (AWS) and is now trying to send outbound traffic from the Linux1 and Linux2 instances to the internet through the security VPC (virtual private cloud). The FortiGate policies are configured to allow all outbound

traffic; however, the traffic is not reaching the FortiGate internal interface. Assume there are no issues with the Transit Gateway (TGW) configuration

Which two settings must the customer add to correct the issue? (Choose two.)

A.

Both landing subnets in the spoke VPCs must have a 0.0.0.0/0 traffic route to the Internet Gateway (IOW).

B.

Both landing subnets in the spoke VPCs must have a 0.0 00/0 traffic route to the TGW

C.

Both landing subnets in the security VPC must have a 0.0.0.0/0 traffic route to the FortiGate port2.

D.

The four landing subnets in all the VPCs must have a 0.0 0 0/0 traffic route to the TGW

Full Access
Question # 7

Your goal is to deploy resources in multiple places and regions in the public cloud using Terraform.

What is the most efficient way to deploy resources without changing much of the Terraform code?

A.

Use multiple terraform.tfvars files With a variables.tf file.

B.

Use the provider. tf file to add all the new values

C.

Install and configure two Terraform staging servers to deploy resources.

D.

Use the variable, tf file and edit its values to match multiple resources

Full Access
Question # 8

An administrator decides to use the Use managed identity option on the FortiGate SDN connector with Microsoft Azure However, the SDN connector is failing on the connection What must the administrator do to correct this issue?

A.

Make sure to add the Tenant ID on FortiGate side of the configuration

B.

Make sure to set the type to system managed identity on FortiGate SDN connector settings

C.

Make sure to enable the system assigned managed identity on Azure

D.

Make sure to add the Client secret on FortiGate side of the configuration

Full Access
Question # 9

An administrator would like to keep track of sensitive data files located in the Amazon Web Services (AWS) S3 bucket and protect it from malware. Which Fortinet product or feature should the administrator use?

A.

FortiCNP application control policies

B.

FortiCNP web sensitive polices

C.

FortiCNP DLP policies

D.

FortiCNP compliance scanning policies

Full Access
Question # 10

Refer to the exhibit

You attempted to access the Linux1 EC2 instance directly from the internet using its public IP address in AWS.

However, your connection is not successful.

Given the network topology, what can be the issue?

A.

There is no connection between VPC A and VPC B.

B.

There is no elastic IP address attached to FortiGate in the Security VPC.

C.

The Transit Gateway BGP IP address is incorrect.

D.

There is no internet gateway attached to the Spoke VPC A.

Full Access
Question # 11

A Network security administrator is searching for a solution to secure traffic going in and out of the container infrastructure.

In which two ways can Fortinet container security help secure container infrastructure? (Choose two.)

A.

FortiGate NGFW can be placed between each application container for north-south traffic inspection

B.

FortiGate NGFW can connect to the worker node and protects the container-

C.

FortiGate NGFW can inspect north-south container traffic with label aware policies

D.

FortiGate NGFW and FortiSandbox can be used to secure container traffic

Full Access
Question # 12

You have created a TGW route table to route traffic from your spoke VPC to the security VPC where two FortiGate devices are inspecting traffic. Your spoke VPC CIDR block is already propagated to the Transit Gateway (TGW) route table.

Which type of attachment should you use to advertise routes through BGP from the spoke VPC to the security VPC?

A.

Connect attachment

B.

VPC attachment

C.

Route attachment

D.

GRE attachment

Full Access
Question # 13

Which two statements are true about Transit Gateway Connect peers in anlPv4 BGP configuration'? (Choose two.)

A.

The inside CIDR blocks are used for BGP peering

B.

You cannot use IPv6 addresses

C.

You must specify a /29CIDR block from the 169.254.0.0/16 range

D.

You must configure the second address from the IPv4 range on the device as the BGP IP address

Full Access
Question # 14

When adding the Amazon Web Services (AWS) account to the FortiCNP, which three mandatory configuration steps must you follow? (Choose three.)

A.

Add AWS accounts through FortiCNP.

B.

Enable cloud protection through AWS Guard Duty and AWS Inspector

C.

Accept FortiCNP to create CloudTrail for the account

D.

Enable cross-reg Ion aggregation

E.

Launch the CloudFormation template.

Full Access
Question # 15

Refer to the exhibit.

You have deployed a Linux EC2 instance in Amazon Web Services (AWS) with the settings shown on the exhibit

What next step must the administrator take to access this instance from the internet?

A.

Configure the user name and password.

B.

Enable source and destination checks on the instance

C.

Enable SSH and allocate it to the device

D.

Allocate an Elastic IP address and assign it to the instance

Full Access
Question # 16

What are three important steps required to get Terraform ready using Microsoft Azure Cloud Shell? (Choose three.)

A.

Set up a storage account in Azure.

B.

use the -O command to download Terraform.

C.

Subscribe to Terraform in Azure.

D.

Move the Terraform file to the bin directory.

E.

Use the wget (te=aform vession) command to upload Terraform.

Full Access
Question # 17

Refer to the exhibit.

What could be the reason that the administrator cannot access the EC2 instance?

A.

You must elevate the permissions to access the EC2 instance

B.

You must run the chmod 400 Staging-key.peracommand before accessing the instance.

C.

There is no . pem key created on in Amazon Web Services (AWS)

D.

The directory location of the . pem file is incorrect.

Full Access