Fortinet NSE7_PBC-7.2 Fortinet NSE 7 Public Cloud Security 7.2 (FCSS) Online Training
Fortinet NSE7_PBC-7.2 Online Training
The questions for NSE7_PBC-7.2 were last updated at Dec 30,2024.
- Exam Code: NSE7_PBC-7.2
- Exam Name: Fortinet NSE 7 Public Cloud Security 7.2 (FCSS)
- Certification Provider: Fortinet
- Latest update: Dec 30,2024
You are automating configuration changes on one of the FortiGate VMS using Linux Red Hat Ansible.
How does Linux Red Hat Ansible connect to FortiGate to make the configuration change?
- A . It uses a FortiGate internal or external IP address with TCP port 21
- B . It uses SSH as a connection method to FortiOS.
- C . It uses an API.
- D . It uses YAML
Refer to the exhibit
An administrator deployed an HA active-active load balance sandwich in Microsoft Azure. The setup requires configuration synchronization between devices-
What are two outcomes from the configured settings? (Choose two.)
- A . FortiGate-VM instances are scaled out automatically according to predefined workload levels.
- B . FortiGate A and FortiGate B are two independent devices.
- C . By default, FortiGate uses FGCP
- D . It does not synchronize the FortiGate hostname
Refer to the exhibit
An administrator deployed a FortiGate-VM in a high availability (HA) (active/passive) architecture in Amazon Web Services (AWS) using Terraform for testing purposes. At the same time, the administrator deployed a single Linux server using AWS Marketplace
Which two options are available for the administrator to delete all the resources created in this test? (Choose two.)
- A . Use the terraform destroy command
- B . Use the terraform validate command.
- C . Use the terraform destroy all command.
- D . The administrator must manually delete the Linux server.
You are tasked with deploying a FortiGate HA solution in Amazon Web Services (AWS) using Terraform.
What are two steps you must take to complete this deployment? (Choose two.)
- A . Enable automation on the AWS portal.
- B . Create an AWS Identity and Access Management (IAM) user With permissions.
- C . Use CloudSheIl to install Terraform.
- D . Create an AWS Active Directory user with permissions.
Refer to the exhibit
Consider the active-active load balance sandwich scenario in Microsoft Azure.
What are two important facts in the active-active load balance sandwich scenario? (Choose two)
- A . It uses the vdom-exception command to exclude the configuration from being synced
- B . It is recommended to enable NAT on FortiGate policies.
- C . It uses the FGCP protocol
- D . It supports session synchronization for handling asynchronous traffic.
Refer to the exhibit
An administrator is trying to deploy a FortiGate VM in Microsoft Azure using Terraform However, during the configuration, the Azure client secret is no longer visible in the Azure portal.
How would the administrator obtain the Azure client secret to configure on Terratorm?
- A . The administrator must create a new Azure account
- B . Log in to the Azure CLI with power user to obtain the client secret
- C . The administrator can create a new client secret
- D . The administrator must obtain the client secret through Azure Cloud Shell.
What are two main features in Amazon Web Services (AWS) network access control lists (ACLs)? (Choose two.)
- A . You cannot use Network ACL and Security Group at the same time.
- B . The default network ACL is configured to allow all traffic
- C . Network ACLs are stateless, and inbound and outbound rules are used for traffic filtering
- D . Network ACLs are tied to an instance
Refer to the exhibit
In your Amazon Web Services (AWS), you must allow inbound HTTPS access to the Customer VPC FortiGate VM from the internet However, your HTTPS connection to the FortiGate VM in the Customer VPC is not successful.
Also, you must ensure that the Customer VPC FortiGate VM sends all the outbound Internet traffic through the Security VPC.
How do you correct this Issue with minimal configuration changes?
(Choose three.)
- A . Add a route With your local internet public IP address as the destination and target transit gateway
- B . Add route destination 0 0.0 0/0 to target the transit gateway
- C . Add a route With your local internet public IP address as the destination and target internet gateway
- D . Deploy an internet gateway, associate an EIP in the private subnet, edit route tables, and add a new route destination 0.0.0.0/0 to the target internet gateway
- E . Deploy an internet gateway, associate an EIP in the public subnet, and attach the internet gateway to the Customer VPC,
You must allow an SSH traffic rule in an Amazon Web Services (AWS) network access list (NACL) to allow SSH traffic to travel to a subnet for temporary testing purposes. When you review the current inbound network ACL rules, you notice that rule number 5 demes SSH and telnet traffic to the subnet.
What can you do to allow SSH traffic?
- A . You must create a new allow SSH rule below rule number 5
- B . You must create a new allow SSH rule above rule number 5-
- C . You must create a new allow SSH rule anywhere in the network ACL rule base to allow SSH traffic.
- D . You do not have to create any NACL rules because the default security group rule automatically allows SSH traffic to the subnet.
Refer to Exhibit:
The exhibit shows the Connect Peers settings on Amazon Web Services (AWS) transit gateway attachments With two FortiGate VMS in a security VPC.
Which two statements are correct? (Choose two.)
- A . The peer GRE address is the FortiGate external interface IP address.
- B . The Transit Gateway GRE address is auto-generated
- C . The BGP inside CIDR blocks can be any CIDR block with /29
- D . The Peer GRE address is the FortiGate internal interface IP address
Latest NSE7_PBC-7.2 Dumps Valid Version with 37 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
