Free NSE 7 Network Security Architect NSE7_PBC-6.4 Ultimate Study Guide (Updated 30 Questions) [Q14-Q29]

Free NSE 7 Network Security Architect NSE7_PBC-6.4 Ultimate Study Guide (Updated 30 Questions)

Get to the Top with NSE7_PBC-6.4 Practice Exam Questions

NEW QUESTION 14
Refer to the exhibit.

In your Amazon Web Services (AWS) virtual private cloud (VPC), you must allow outbound access to the internet and upgrade software on an EC2 instance, without using a NAT instance. This specific EC2 instance is running in a private subnet: 10.0.1.0/24.
Also, you must ensure that the EC2 instance source IP address is not exposed to the public internet. There are two subnets in this VPC in the same availability zone, named public (10.0.0.0/24) and private (10.0.1.0/24).
How do you achieve this outcome with minimum configuration?

• A. Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Public-route, and delete the route destination 10.0.0.0/16 to target local.
• B. Deploy a NAT gateway with an EIP in the private subnet, edit route tables, select Private-route, and add a new route destination 0.0.0.0/0 to the target internet gateway.
• C. Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Private-route and add a new route destination 0.0.0.0/0 to target the NAT gateway.
• D. Deploy a NAT gateway with an EIP in the private subnet, edit the public main routing table, and change the destination route 0.0.0.0/0 to the target NAT gateway.

Answer: B

 

NEW QUESTION 15
Which statement about FortiSandbox in Amazon Web Services (AWS) is true?

• A. FortiSandbox in AWS can have a maximum of eight virtual machines (VMs) that inspect files.
• B. In AWS, virtual machines (VMs) that inspect files are constantly up and running.
• C. In AWS, virtual machines (VMs) that inspect files do not have to be reset after inspecting a file.
• D. FortiSandbox in AWS uses Windows virtual machines (VMs) to inspect files.

Answer: B

 

NEW QUESTION 16
Your company deploys FortiGate VM devices in high availability (HA) (active-active) mode with Microsoft Azure load balancers using the Microsoft Azure ARM template. Your senior administrator instructs you to connect to one of the FortiGate devices and configure the necessary firewall rules. However, you are not sure now to obtain the correct public IP address of the deployed FortiGate VM and identify the access ports.
How do you obtain the public IP address of the FortiGate VM and identify the correct ports to access the device?

• A. In the configured load balancer, access the inbound and outbound NAT rules section.
• B. In the configured load balancer, access the health probes section.
• C. In the configured load balancer, access the backend pools section.
• D. In the configured load balancer, access the inbound NAT rules section.

Answer: A

 

NEW QUESTION 17
What is the bandwidth limitation of an Amazon Web Services (AWS) transit gateway VPC attachment?

• A. Up to 1 Gbps per attachment
• B. Up to 50 Gbps per attachment
• C. Up to 1.25 Gbps per attachment
• D. Up to 10 Gbps per attachment

Answer: C

Explanation:
Explanation/Reference: https://d1.awsstatic.com/whitepapers/building-a-scalable-and-secure-multi-vpc-aws-network- infrastructure.pdf (5)

 

NEW QUESTION 18
Refer to the exhibit.

The exhibit shows a topology where multiple connections from clients to the same FortiGate-VM instance, regardless of the protocol being used, are required.
Which two statements are correct? (Choose two.)

• A. The Cloud Load Balancer Session Affinity setting should be changed to CLIENT_IP.
• B. The Cloud Load Balancer Session Affinity setting should use the default value.
• C. The design shows an active-active FortiGate-VM architecture.
• D. The design shows an active-passive FortiGate-VM architecture.

Answer: A,C

 

NEW QUESTION 19
An organization deployed a FortiGate-VM in the Google Cloud Platform and initially configured it with two vNICs. Now, the same organization wants to add additional vNICs to this existing FortiGate-VM to support different workloads in their environment.
How can they do this?

• A. They can create additional vNICs in the UI console.
• B. They can use the Compute Engine API Explorer.
• C. They can create additional vNICs using the Cloud Shell.
• D. They cannot create and add additional vNICs to an existing FortiGate-VM.

Answer: B

Explanation:
Explanation/Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/62d32ecf-687f-11ea-
9384-00505692583a/FortiOS-6.4-GCP_Cookbook.pdf

 

NEW QUESTION 20

Refer to the exhibit. The exhibit shows a topology where multiple connections from clients to the same FortiGate-VM instance, regardless of the protocol being used, are required.
Which two statements are correct? (Choose two.)

• A. The Cloud Load Balancer Session Affinity setting should be changed to CLIENT_IP.
• B. The Cloud Load Balancer Session Affinity setting should use the default value.
• C. The design shows an active-active FortiGate-VM architecture.
• D. The design shows an active-passive FortiGate-VM architecture.

Answer: A,C

 

NEW QUESTION 21
Refer to the exhibit.

Consider an active-passive HA deployment in Microsoft Azure. The exhibit shows an excerpt from the passive FortiGate-VM node.
If the active FortiGate-VM fails, what are the results of the API calls made by the FortiGate named SSTENTAZFGT-0302? (Choose two.)

• A. SSTENTAZFGT-03-FloatingPIP is assigned to the IP configuration with the name SSTENTAZFGT- 0302-Nic-01, under the network interface SSTENTAZFGT-0302-Nic-01
• B. SSTENTAZFGT-03-FloatingPIP public IP is assigned to NIC SSTENTAZFGT-0302-Nic-01
• C. 172.29.32.71 is set as a next hop IP for all routes under FortigateUDR-01
• D. The network interface of the active unit moves to itself

Answer: A,C

 

NEW QUESTION 22
You have previously deployed an Amazon Web Services (AWS) transit virtual private cloud (VPC) with a pair of FortiGate firewalls (VM04 / c4.xlarge) as your security perimeter. You are beginning to see high CPU usage on the FortiGate instances.
Which action will fix this issue?

• A. Migrate the transit VPNs to new and larger instances (VM08 / c4.2xlarge).
• B. Convert the c4.xlarge instances to m4.xlarge instances.
• C. Convert the transit VPC firewalls into an auto-scaling group and launch additional EC2 instances in that group.
• D. Convert from IPsec tunnels to generic routing encapsulation (GRE) tunnels, for the VPC peering connections.

Answer: C

 

NEW QUESTION 23
You are deploying Amazon Web Services (AWS) GuardDuty to monitor malicious or unauthorized behaviors related to AWS resources. You will also use the Fortinet aws-lambda-guarddutyscript to translate feeds from AWS GuardDuty findings into a list of malicious IP addresses. FortiGate can then consume this list as an external threat feed.
Which Amazon AWS services must you subscribe to in order to use this feature?

• A. Inspector, Shield, GuardDuty, S3, and DynamoDB.
• B. WAF, Shield, GuardDuty, S3, and DynamoDB.
• C. GuardDuty, CloudWatch, S3, Inspector, WAF, and Shield.
• D. GuardDuty, CloudWatch, S3, and DynamoDB.

Answer: C

Explanation:
Explanation/Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/ed901ad2-4424-11e9-
94bf-00505692583a/FortiOS_6.2.0_AWS_Cookbook.pdf

 

NEW QUESTION 24
Refer to the exhibit.

You attempted to deploy the FortiGate-VM in Microsoft Azure with the JSON template, and it failed to boot up. The exhibit shows an excerpt from the JSON template.
What is incorrect with the template?

• A. The CreateOptions parameter should be FromImage.
• B. FortiGate-VM does not support managedDisk from Azure.
• C. The caching parameter should be None.
• D. The LUN ID is not defined.

Answer: A

 

NEW QUESTION 25
A company deployed a FortiGate-VM with an on-demand license using Amazon Web Services (AWS) Market Place Cloud Formation template. After deployment, the administrator cannot remember the default admin password.
What is the default admin password for the FortiGate-VM instance?

• A. The admin password cannot be recovered and the customer needs to deploy the FortiGate-VM again.
• B. <blank>
• C. The instance-ID value
• D. admin

Answer: C

Explanation:
Explanation/Reference: https://docs.fortinet.com/document/fortigate/6.2.0/aws-cookbook/828256/connecting-to-the- fortigate-vm

 

NEW QUESTION 26
You have been asked to develop an Azure Resource Manager infrastructure as a code template for the FortiGate-VM, that can be reused for multiple deployments. The deployment fails, and errors point to the storageAccount name.
Which two are restrictions for a storageAccount name in an Azure Resource Manager template? (Choose two.)

• A. The storageAccount name must use special characters.
• B. The uniqueString() function must be used.
• C. The storageAccount name must be in lowercase.
• D. The storageAccount name must contain between 3 and 24 alphanumeric characters.

Answer: B,C

 

NEW QUESTION 27
What is the bandwidth limitation of an Amazon Web Services (AWS) transit gateway VPC attachment?

• A. Up to 1 Gbps per attachment
• B. Up to 50 Gbps per attachment
• C. Up to 1.25 Gbps per attachment
• D. Up to 10 Gbps per attachment

Answer: C

 

NEW QUESTION 28
Which three properties are configurable Microsoft Azure network security group rule settings? (Choose three.)

• A. Source port ranges
• B. Action
• C. Sequence number
• D. Destination port ranges
• E. Source and destination IP ranges

Answer: A,B,D

Explanation:
Explanation/Reference: https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

 

NEW QUESTION 29
......

Pass Fortinet NSE7_PBC-6.4 exam - questions - convert Tets Engine to PDF: https://www.prep4sureexam.com/NSE7_PBC-6.4-dumps-torrent.html

Use Real NSE7_PBC-6.4 Dumps Free Sample Questions and Practice Test Engine: https://drive.google.com/open?id=1KAnYMQmaivF0_s6p-Q5mqU_1vyi9QYMA