NSE7_PBC-6.4 Online Practice Questions and Answers

When configuring the FortiCASB policy, which three configuration options are available? (Choose three.)

A. Intrusion prevention policies

B. Threat protection policies

C. Data loss prevention policies

D. Compliance policies

E. Antivirus policies

Refer to the exhibit. Your senior administrator successfully configured a FortiGate fabric connector with the Azure resource manager, and created a dynamic address object on the FortiGate VM to connect with a windows server in Microsoft Azure. However, there is now an error on the dynamic address object, and you must resolve the issue.

How do you resolve this issue?

A. Run diagnose debug application azd -l on FortiGate.

B. In the Microsoft Azure portal, set the correct tag values for the windows server.

C. In the Microsoft Azure portal, access the windows server, obtain the private IP address, and assign the IP address under the FortiGate-VM AzureLab address object.

D. Delete the address object and recreate a new address object with the type set to FQDN.

Refer to the exhibit. You attempted to deploy the FortiGate-VM in Microsoft Azure with the JSON template, and it failed to boot up. The exhibit shows an excerpt from the JSON template.

What is incorrect with the template?

A. The LUN ID is not defined.

B. FortiGate-VM does not support managedDisk from Azure.

C. The caching parameter should be None.

D. The CreateOptions parameter should be FromImage.

Which two statements about Microsoft Azure network security groups are true? (Choose two.)

A. Network security groups can be applied to subnets and virtual network interfaces.

B. Network security groups can be applied to subnets only.

C. Network security groups are stateless inbound and outbound rules used for traffic filtering.

D. Network security groups are a stateful inbound and outbound rules used for traffic filtering.

A company deployed a FortiGate-VM with an on-demand license using Amazon Web Services (AWS) Market Place Cloud Formation template. After deployment, the administrator cannot remember the default admin password.

What is the default admin password for the FortiGate-VM instance?

A. The admin password cannot be recovered and the customer needs to deploy the FortiGate-VM again.

B.

C. admin

D. The instance-ID value

Your company deploys FortiGate VM devices in high availability (HA) (active-active) mode with Microsoft Azure load balancers using the Microsoft Azure ARM template. Your senior administrator instructs you to connect to one of the FortiGate devices and configure the necessary firewall rules. However, you are not sure now to obtain the correct public IP address of the deployed FortiGate VM and identify the access ports.

How do you obtain the public IP address of the FortiGate VM and identify the correct ports to access the device?

A. In the configured load balancer, access the inbound NAT rules section.

B. In the configured load balancer, access the backend pools section.

C. In the configured load balancer, access the inbound and outbound NAT rules section.

D. In the configured load balancer, access the health probes section.

An organization deploys a FortiGate-VM (VM04 / c4.xlarge) in Amazon Web Services (AWS) and configures two elastic network interfaces (ENIs). Now, the same organization wants to add additional ENIs to support different workloads in their environment.

Which action can you take to accomplish this?

A. None, you cannot create and add additional ENIs to an existing FortiGate-VM.

B. Create the ENI, shut down FortiGate, attach the ENI to FortiGate, and then start FortiGate.

C. Create the ENI, attach it to FortiGate, and then restart FortiGate.

D. Create the ENI and attach it to FortiGate.

Refer to the exhibit. Which two conditions will enable you to segregate and secure the traffic between the hub and the spokes in Microsoft Azure? (Choose two.)

A. Implement the FortiGate-VM network virtual appliance (NVA) in the hub and use user-defined routes (UDRs) in the spokes.

B. Use ExpressRoute to interconnect the hub VNets and spoke VNets.

C. Configure VNet peering between the spokes only.

D. Configure VNet peering between the hub and spokes.

You have been asked to develop an Azure Resource Manager infrastructure as a code template for the FortiGate-VM, that can be reused for multiple deployments. The deployment fails, and errors point to the storageAccount name.

Which two are restrictions for a storageAccount name in an Azure Resource Manager template? (Choose two.)

A. The uniqueString() function must be used.

B. The storageAccount name must use special characters.

C. The storageAccount name must be in lowercase.

D. The storageAccount name must contain between 3 and 24 alphanumeric characters.

Which statement about FortiSandbox in Amazon Web Services (AWS) is true?

A. In AWS, virtual machines (VMs) that inspect files do not have to be reset after inspecting a file.

B. FortiSandbox in AWS uses Windows virtual machines (VMs) to inspect files.

C. In AWS, virtual machines (VMs) that inspect files are constantly up and running.

D. FortiSandbox in AWS can have a maximum of eight virtual machines (VMs) that inspect files.