Free Fortinet NSE 7 – Public Cloud Security 6.4 Exam NSE7_PBC-6.4 Exam Practice Test

You have been asked to secure your organization's salesforce application that is running on Microsoft Azure, and find an effective method for inspecting shadow IT activities in the organization. After an initial investigation, you find that many users access the salesforce application remotely as well as on-premises.Your goal is to find a way to get more visibility, control over shadow IT-related activities, and identify any data leaks in the salesforce application.Which three steps should you take to achieve your goal? (Choose three.)

• Deploy and configure FortiCASB with a Fortinet FortiCASB subscription license.
• Configure FortiCASB and set up access rights, privileges, and data protection policies.
• Use FortiGate, FortiGuard, and FortiAnalyzer solutions.
• Deploy and configure FortiCWP with a workload guardian license.
• Deploy and configure FortiGate with Security Fabric solutions, and FortiCWP with a storage guardian advance license.

Customer XYZ has an ExpressRoute connection from Microsoft Azure to a data center. They want to secure communication over ExpressRoute, and to install an in-line FortiGate to perform intrusion prevention system (IPS) and antivirus scanning.Which three methods can the customer use to ensure that all traffic from the data center is sent through FortiGate over ExpressRoute? (Choose three.)

• Install FortiGate in Azure and build a VPN tunnel to the data center over ExpressRoute
• Configure a user-defined route table
• Enable the redirect option in ExpressRoute to send data center traffic to a user-defined route table
• Configure the gateway subnet as the subnet in the user-defined route table
• Define a default route where the next hop IP is the FortiGate WAN interface

A company deployed a FortiGate-VM with an on-demand license using Amazon Web Services (AWS) Market Place Cloud Formation template. After deployment, the administrator cannot remember the default admin password.What is the default admin password for the FortiGate-VM instance?

• The admin password cannot be recovered and the customer needs to deploy the FortiGate-VM again.
• <blank>
• admin
• The instance-ID value

You have been tasked with deploying FortiGate VMs in a highly available topology on the Amazon Web Services (AWS) cloud. The requirements for your deployment are as follows:* You must deploy two FortiGate VMs in a single virtual private cloud (VPC), with an external elastic load balancer which will distribute ingress traffic from the internet to both FortiGate VMs in an active-active topology.* Each FortiGate VM must have two elastic network interfaces: one will connect to a public subnet and other will connect to a private subnet.* To maintain high availability, you must deploy the FortiGate VMs in two different availability zones.How many public and private subnets will you need to configure within the VPC?

• One public subnet and two private subnets
• Two public subnets and one private subnet
• Two public subnets and two private subnets
• One public subnet and one private subnet

You have previously deployed an Amazon Web Services (AWS) transit virtual private cloud (VPC) with a pair of FortiGate firewalls (VM04 / c4.xlarge) as your security perimeter. You are beginning to see high CPU usage on the FortiGate instances.Which action will fix this issue?

• Convert the c4.xlarge instances to m4.xlarge instances.
• Migrate the transit VPNs to new and larger instances (VM08 / c4.2xlarge).
• Convert from IPsec tunnels to generic routing encapsulation (GRE) tunnels, for the VPC peering connections.
• Convert the transit VPC firewalls into an auto-scaling group and launch additional EC2 instances in that group.

When configuring the FortiCASB policy, which three configuration options are available? (Choose three.)

• Intrusion prevention policies
• Threat protection policies
• Data loss prevention policies
• Compliance policies
• Antivirus policies

Which two Amazon Web Services (AWS) topologies support east-west traffic inspection within the AWS cloudby the FortiGate VM? (Choose two.)

• A single VPC deployment with multiple subnets and a NAT gateway
• A single VPC deployment with multiple subnets
• A multiple VPC deployment utilizing a transit VPC topology
• A multiple VPC deployment utilizing a transit gateway

Which two statements about the Amazon Cloud Services (AWS) network access control lists (ACLs) are true? (Choose two.)

• Network ACLs are stateless, and inbound and outbound rules are used for traffic filtering.
• Network ACLs are stateful, and inbound and outbound rules are used for traffic filtering.
• Network ACLs must be manually applied to virtual network interfaces.
• Network ACLs support allow rules and deny rules.

You are deploying Amazon Web Services (AWS) GuardDuty to monitor malicious or unauthorized behaviors related to AWS resources. You will also use the Fortinet aws-lambda-guardduty script to translate feeds from AWS GuardDuty findings into a list of malicious IP addresses. FortiGate can then consume this list as an external threat feed.Which Amazon AWS services must you subscribe to in order to use this feature?

• GuardDuty, CloudWatch, S3, Inspector, WAF, and Shield.
• GuardDuty, CloudWatch, S3, and DynamoDB.
• Inspector, Shield, GuardDuty, S3, and DynamoDB.
• WAF, Shield, GuardDuty, S3, and DynamoDB.

Which statement about FortiSandbox in Amazon Web Services (AWS) is true?

• In AWS, virtual machines (VMs) that inspect files do not have to be reset after inspecting a file.
• FortiSandbox in AWS uses Windows virtual machines (VMs) to inspect files.
• In AWS, virtual machines (VMs) that inspect files are constantly up and running.
• FortiSandbox in AWS can have a maximum of eight virtual machines (VMs) that inspect files.