NSE7_PBC-7.2試験無料問題集（91題）「Fortinet NSE 7

出題：1

Refer to the exhibit. A customer has deployed an environment in Amazon Web Services (AWS) and is now trying to send outbound traffic from the Linux1 and Linux2 instances to the internet through the security VPC (virtual private cloud). The FortiGate policies are configured to allow all outbound traffic; however, the traffic is not reaching the FortiGate internal interface. Assume there are no issues with the Transit Gateway (TGW) configuration.

Which two settings must the customer add to correct the issue? (Choose two.)

A. The four landing subnets in all the VPCs must have a 0.0.0.0/0 traffic route to the TGW

B. Both landing subnets in the spoke VPCs must have a 0.0.0.0/0 traffic route to the TGW

C. Both landing subnets in the security VPC must have a 0.0.0.0/0 traffic route to the FortiGate port2.

D. Both landing subnets in the spoke VPCs must have a 0.0.0.0/0 traffic route to the Internet Gateway (IOW).

正解：B,C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

How does the immutable infrastructure strategy work in automation?

A. It runs two live environments for configuration changes.

B. It runs one idle and two live environments for configuration changes.

C. It runs one idle and a single live environment for configuration changes.

D. It runs a single live environment for configuration changes.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

In an SD-WAN TGW Connect topology, which three initial steps are mandatory when routing traffic from a spoke VPC to a security VPC through a Transit Gateway? (Choose three.)

A. From the security VPC TGW subnet routing table: point 0.0.0.0/0 traffic to the TGW

B. From both spoke VPCs and the security VPC, point 0.0.0.0/0 traffic to the Internet Gateway

C. From the spoke VPC internal routing table, point 0.0.0.0/0 traffic to the TGW

D. From the security VPC TGW subnet routing table: point 0.0.0.0/0 traffic to the FortiGate internal port

E. From the security VPC FortiGate internal subnet routing table, point 0.0.0.0/0 traffic to the TGW

正解：C,D,E 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

You are troubleshooting an Azure SDN connectivity issue with your FortiGate VM.
Which two queries does that SDN connector use to interact with the Azure management API?
(Choose two.)

A. The first query is targeted to a special IP address to get a token.

B. The first query is targeted to IP address 8.8

C. Some queries are made to manage public IP addresses.

D. There is only one query initiating from FortiGate port1 -

正解：A,C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

Which two Amazon Web Services (AWS) topologies support east-west traffic inspection within the AWS cloud by the FortiGate VM? (Choose two.)

A. A multiple VPC deployment utilizing a transit VPC topology

B. A multiple VPC deployment utilizing a transit gateway

C. A single VPC deployment with multiple subnets and a NAT gateway

D. A single VPC deployment with multiple subnets

正解：A,B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

You are configuring the failover settings on a FortiGate active-passive SDN connector solution in Microsoft Azure. Which two mandatory settings are required after the initial deployment? (Choose two)

A. FortiGate license file

B. Resource group name

C. Subscription-id

D. Active FortiGate serial number

正解：B,C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

You have been asked to secure your organization's salesforce application that is running on Microsoft Azure, and find an effective method for inspecting shadow IT activities in the organization. After an initial investigation, you find that many users access the salesforce application remotely as well as on-premises.
Your goal is to find a way to get more visibility, control over shadow IT-related activities, and identify any data leaks in the salesforce application.
Which three steps should you take to achieve your goal? (Choose three.)

A. Use FortiGate, FortiGuard, and FortiAnalyzer solutions.

B. Deploy and configure FortiCASB with a Fortinet FortiCASB subscription license.

C. Deploy and configure FortiGate with Security Fabric solutions, and FortiCWP with a storage guardian advance license.

D. Configure FortiCASB and set up access rights, privileges, and data protection policies.

E. Deploy and configure FortiCWP with a workload guardian license.

正解：A,B,D 解答を投票する

出題：8

Refer to the exhibit. In your Amazon Web Services (AWS) virtual private cloud (VPC), you must allow outbound access to the internet and upgrade software on an EC2 instance, without using a NAT instance. This specific EC2 instance is running in a private subnet: 10.0.1.0/24. Also, you must ensure that the EC2 instance source IP address is not exposed to the public internet. There are two subnets in this VPC in the same availability zone, named public (10.0.0.0/24) and private (10.0.1.0/24).

How do you achieve this outcome with minimum configuration?

A. Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Public-route, and delete the route destination 10.0.0.0/16 to target local.

B. Deploy a NAT gateway with an EIP in the private subnet, edit route tables, select Private- route, and add a new route destination 0.0.0.0/0 to the target internet gateway.

C. Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Private-route and add a new route destination 0.0.0.0/0 to target the NAT gateway.

D. Deploy a NAT gateway with an EIP in the private subnet, edit the public main routing table, and change the destination route 0.0.0.0/0 to the target NAT gateway.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

You have been asked to develop an Azure Resource Manager infrastructure as a code template for the FortiGate-VM, that can be reused for multiple deployments. The deployment fails, and errors point to the storageAccount name.
Which two are restrictions for a storageAccount name in an Azure Resource Manager template?
(Choose two.)

A. The storageAccount name must be in lowercase.

B. The storageAccount name must use special characters.

C. The uniqueString() function must be used.

D. The storageAccount name must contain between 3 and 24 alphanumeric characters.

正解：A,D 解答を投票する

NSE7_PBC-7.2試験無料問題集「Fortinet NSE 7 - Public Cloud Security 7.2 認定」