Fortinet NSE7_PBC-7.2 Fortinet NSE 7 Public Cloud Security 7.2 (FCSS) Online Training
Fortinet NSE7_PBC-7.2 Online Training
The questions for NSE7_PBC-7.2 were last updated at Dec 26,2024.
- Exam Code: NSE7_PBC-7.2
- Exam Name: Fortinet NSE 7 Public Cloud Security 7.2 (FCSS)
- Certification Provider: Fortinet
- Latest update: Dec 26,2024
A Network security administrator is searching for a solution to secure traffic going in and out of the container infrastructure.
In which two ways can Fortinet container security help secure container infrastructure? (Choose two.)
- A . FortiGate NGFW can be placed between each application container for north-south traffic inspection
- B . FortiGate NGFW can connect to the worker node and protects the container-
- C . FortiGate NGFW can inspect north-south container traffic with label aware policies
- D . FortiGate NGFW and FortiSandbox can be used to secure container traffic
You need a solution to safeguard public cloud-hosted web applications from the OWASP Top 10 vulnerabilities. The solution must support the same region in which your applications reside, with minimum traffic cost
Which solution meets the requirements?
- A . Use FortiADC
- B . Use FortiCNP
- C . Use FortiWebCloud
- D . Use FortiGate
Refer to the exhibit
You attempted to access the Linux1 EC2 instance directly from the internet using its public IP address in AWS.
However, your connection is not successful.
Given the network topology, what can be the issue?
- A . There is no connection between VPC A and VPC B.
- B . There is no elastic IP address attached to FortiGate in the Security VPC.
- C . The Transit Gateway BGP IP address is incorrect.
- D . There is no internet gateway attached to the Spoke VPC A.
Refer to the exhibit
The exhibit shows a customer deployment of two Linux instances and their main routing table in Amazon Web Services (AWS). The customer also created a Transit Gateway (TGW) and two attachments
Which two steps are required to route traffic from Linux instances to the TGWQ (Choose two.)
- A . In the TGW route table, add route propagation to 192.168.0 0/16
- B . In the main subnet routing table in VPC A and B, add a new route with destination 0_0.0.0/0, next hop Internet gateway (IGW).
- C . In the TGW route table, associate two attachments.
- D . In the main subnet routing table in VPC A and B, add a new route with destination 0_0.0.0/0, next hop TGW.
Which two attachments are necessary to connect a transit gateway to an existing VPC with BGP? (Choose two)
- A . A transport attachment
- B . A BGP attachment
- C . A connect attachment
- D . A GRE attachment
You have created a TGW route table to route traffic from your spoke VPC to the security VPC where two FortiGate devices are inspecting traffic. Your spoke VPC CIDR block is already propagated to the Transit Gateway (TGW) route table.
Which type of attachment should you use to advertise routes through BGP from the spoke VPC to the security VPC?
- A . Connect attachment
- B . VPC attachment
- C . Route attachment
- D . GRE attachment
Refer to the exhibit
A customer has deployed an environment in Amazon Web Services (AWS) and is now trying to send outbound traffic from the Linux1 and Linux2 instances to the internet through the security VPC (virtual private cloud). The FortiGate policies are configured to allow all outbound
traffic; however, the traffic is not reaching the FortiGate internal interface. Assume there are no issues with the Transit Gateway (TGW) configuration
Which two settings must the customer add to correct the issue? (Choose two.)
- A . Both landing subnets in the spoke VPCs must have a 0.0.0.0/0 traffic route to the Internet Gateway (IOW).
- B . Both landing subnets in the spoke VPCs must have a 0.0 00/0 traffic route to the TGW
- C . Both landing subnets in the security VPC must have a 0.0.0.0/0 traffic route to the FortiGate port2.
- D . The four landing subnets in all the VPCs must have a 0.0 0 0/0 traffic route to the TGW
Which two Amazon Web Services (AWS) features support east-west traffic inspection within the AWS cloud by the FortiGate VM? (Choose two.)
- A . A NAT gateway with an EIP
- B . A transit gateway with an attachment
- C . An Internet gateway with an EIP
- D . A transit VPC
Which statement about Transit Gateway (TGW) in Amazon Web Services (AWS) is true?
- A . TGW can have multiple TGW route tables.
- B . Both the TGW attachment and propagation must be in the same TGW route table
- C . A TGW attachment can be associated with multiple TGW route tables.
- D . The TGW default route table cannot be disabled.
You are asked to find a solution to replace the existing VPC peering topology to have a higher bandwidth connection from Amazon Web Services (AWS) to the on-premises data center.
Which two solutions will satisfy the requirement? (Choose two.)
- A . Use ECMP and VPN to achieve higher bandwidth.
- B . Use transit VPC to build multiple VPC connections to the on-premises data center
- C . Use a transit VPC with hub and spoke topology to create multiple VPN connections to the on-premises data center.
- D . Use the transit gateway attachment With VPN option to create multiple VPN connections to the on-premises data center