New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Fortinet NSE7_PBC-7.2 Dumps Questions Answers

Fortinet NSE 7 Public Cloud Security 7.2 (FCSS) Questions and Answers

Question 1

You are configuring the failover settings on a FortiGate active-passive SDN connector solution in Microsoft Azure. Which two mandatory settings are required after the initial deployment? (Choose two)

Options:

A.

Subscription-id

B.

FortiGate license file

C.

Active FortiGate serial number

D.

Resource group name

Buy Now
Question 2

What is the main advantage of using SD-WAN Transit Gateway Connect over traditional SD-WAN?

Options:

A.

It eliminates the use of ECMP

B.

You can use GRE-based tunnel attachments

C.

You can combine it with IPsec to achieve higher bandwidth

D.

You can use BGP over IPsec for maximum throughput

Question 3

An administrator is looking for a solution that can provide insight into users and data stored in major SaaS applications in the multicloud environment Which product should the administrator deploy to have secure access to SaaS applications?

Options:

A.

FortiProxy

B.

FortiSandbox

C.

ForliCASB

D.

FortiWeb

Question 4

You are automating configuration changes on one of the FortiGate VMS using Linux Red Hat Ansible.

How does Linux Red Hat Ansible connect to FortiGate to make the configuration change?

Options:

A.

It uses a FortiGate internal or external IP address with TCP port 21

B.

It uses SSH as a connection method to FortiOS.

C.

It uses an API.

D.

It uses YAML

Question 5

Refer to the exhibit.

What would be the impact of confirming to delete all the resources in Terraform?

Options:

A.

It destroys all the resources in the . tfvars file

B.

It destroys all the resources tied to the AWS Identity and Access Management (1AM) user.

C.

It destroys all the resources in the resource group

D.

It destroys all the resources in the state file.

Question 6

A Network security administrator is searching for a solution to secure traffic going in and out of the container infrastructure.

In which two ways can Fortinet container security help secure container infrastructure? (Choose two.)

Options:

A.

FortiGate NGFW can be placed between each application container for north-south traffic inspection

B.

FortiGate NGFW can connect to the worker node and protects the container-

C.

FortiGate NGFW can inspect north-south container traffic with label aware policies

D.

FortiGate NGFW and FortiSandbox can be used to secure container traffic

Question 7

Refer to the exhibit

An administrator deployed an HA active-active load balance sandwich in Microsoft Azure. The setup requires configuration synchronization between devices-

What are two outcomes from the configured settings? (Choose two.)

Options:

A.

FortiGate-VM instances are scaled out automatically according to predefined workload levels.

B.

FortiGate A and FortiGate B are two independent devices.

C.

By default, FortiGate uses FGCP

D.

It does not synchronize the FortiGate hostname

Question 8

Refer to the exhibit.

You deployed an HA active-active load balance sandwich with two FortiGate VMs in Microsoft Azure.

After the deployment, you prefer to use FGSP to synchronize sessions, and allow asymmetric return traffic In the environment, FortiGate port 1 and port 2 are facing external and internal load balancers respectively

What IP address must you use in the peerip configuration?

Options:

A.

The opposite FortiGate port 1 IP address.

B.

The public load balancer port 2 IP address

C.

The internal load balancer port 1 IP address.

D.

The opposite FortiGate port 2 IP address.

Question 9

Your goal is to deploy resources in multiple places and regions in the public cloud using Terraform.

What is the most efficient way to deploy resources without changing much of the Terraform code?

Options:

A.

Use multiple terraform.tfvars files With a variables.tf file.

B.

Use the provider. tf file to add all the new values

C.

Install and configure two Terraform staging servers to deploy resources.

D.

Use the variable, tf file and edit its values to match multiple resources

Question 10

Refer to the exhibit

You deployed an HA active-passive FortiGate VM in Microsoft Azure.

Which two statements regarding this particular deployment are true? (Choose two.)

Options:

A.

During the failover, the passive FortiGate issues API calls to Azure

B.

Use the vdom-excepticn command to synchronize the configuration.

C.

There is no SLA for API calls from Microsoft Azure.

D.

By default, the configuration does not synchromze between the primary and secondary devices.

Question 11

Your administrator instructed you to deploy an Azure vWAN solution to create a connection between the main company site and branch sites to the other company VNETs.

What are the two best connection solutions available between your company headquarters, branch sites, and the Azure vWAN hub? (Choose two.)

Options:

A.

ExpressRoute

B.

GRE tunnels

C.

SSL VPN connections

D.

An L2TP connection

E.

VPN Gateway

Question 12

You are adding a new spoke to the existing transit VPC environment using the AWS Cloud Formation template. Which two components must you use for this deployment? (Choose two.)

Options:

A.

The OSPF AS value used for the hub.

B.

The Amazon CloudWatch tag value.

C.

The BGPASN value used for the transit VPC.

D.

The tag value of the spoke

Question 13

What kind of underlying mechanism does Transit Gateway Connect use to send traffic from the virtual private cloud (VPC) to the transit gateway?

Options:

A.

A BGP attachment

B.

A GRE attachment

C.

A transport attachment

D.

Transit Gateway Connect attachment

Question 14

Which two Amazon Web Services (AWS) features do you use for the transit virtual private cloud (VPC) automation process to add new spoke N/PCs? (Choose two )

Options:

A.

Amazon S3 bucket

B.

AWS Security Hub

C.

AWS Transit Gateway

D.

Amazon CloudWatch

Question 15

What are two main features in Amazon Web Services (AWS) network access control lists (ACLs)? (Choose two.)

Options:

A.

You cannot use Network ACL and Security Group at the same time.

B.

The default network ACL is configured to allow all traffic

C.

NetworkACLs are stateless, and inbound and outbound rules are used for traffic filtering

D.

Network ACLs are tied to an instance

Question 16

Refer to Exhibit:

After the initial Terraform configuration in Microsoft Azure, the terraform plan command is run Which two statements about running the plan command are true? (Choose two.)

Options:

A.

The terraform plan command will deploy the rest of the resources except the service principle details.

B.

You cannot run the terraform apply command before the terraform plan command.

C.

You must run the terraform init command once, before the terraform plan command

D.

The terraform plan command makes terraform do a dry run.

Question 17

Which statement about immutable infrastructure in automation is true?

Options:

A.

It is the practice of deploying a new server for every configuration change

B.

It is the practice of modifying the existing server configuration after it is deployed

C.

It is the practice of deploying two parallel servers for high availability.

D.

It is the practice of applying hotfixes and OS patches after deployment