Most Recent Fortinet NSE7_PBC-7.2 Exam Questions & Answers

To get Terraform ready using Microsoft Azure Cloud Shell, you need to perform the following steps:

Set up a storage account in Azure.This is required to store the Terraform state file in a blob container, which enables collaboration and persistence of the infrastructure configuration1.

Use the wget (terraform_version) command to upload Terraform.This command downloads the latest version of Terraform from the official website and saves it as a zip file in the current directory2.

Move the Terraform file to the bin directory. This step extracts the Terraform executable from the zip file and moves it to the bin directory, which is part of the PATH environment variable.This allows you to run Terraform commands from any directory in Cloud Shell2.

The other options are incorrect because:

You do not need to use the -O command to download Terraform.This command is used to specify a different output file name for the downloaded file, but it is not necessary for this task3.

You do not need to subscribe to Terraform in Azure.Terraform is an open-source tool that can be used with any cloud provider, and there is no subscription or registration required to use it with Azure4.Reference:

Updating the route table and adding an IAM policy

Configure Terraform in Azure Cloud Shell with Bash

wget(1) - Linux man page

Terraform by HashiCorp

A VPC attachment is the type of attachment that allows you to connect a VPC to a TGW and advertise routes through BGP. A VPC attachment creates a VPN connection between the VPC and the TGW, and enables dynamic routing with BGP. A connect attachment is used to connect a VPN or Direct Connect gateway to a TGW. A route attachment is not a valid type of attachment for TGW. A GRE attachment is used to connect a FortiGate device to a TGW using GRE tunnels.Reference:

Creating the TGW and related resources

Configuring TGW route tables

FortiGate Public Cloud 7.2.0 - Fortinet Documentation

Updating the route table and adding an IAM policy

The correct answer is A and C. A transport attachment and a connect attachment are necessary to connect a transit gateway to an existing VPC with BGP.

According to the AWS documentation for Transit Gateway, a transit gateway is a network transit hub that connects VPCs and on-premises networks. To connect a transit gateway to an existing VPC with BGP, you need to do the following steps:

Create a transport attachment. A transport attachment is a resource that connects a VPC or VPN to a transit gateway. You can specify the BGP options for the transport attachment, such as the autonomous system number (ASN) and the BGP peer IP address.

Create a connect attachment. A connect attachment is a resource that enables you to use your own appliance to provide network services for traffic that flows through the transit gateway. You can use a connect attachment to route traffic between the transport attachment and your appliance using GRE tunnels and BGP.

The other options are incorrect because:

A BGP attachment is not a valid type of attachment for a transit gateway. BGP is a protocol that enables dynamic routing between the transit gateway and the VPC or VPN.

A GRE attachment is not a valid type of attachment for a transit gateway. GRE is a protocol that encapsulates packets for tunneling purposes. GRE tunnels are established between the connect attachment and your appliance.

: [Transit Gateways - Amazon Virtual Private Cloud] : [Transit Gateway Connect - Amazon Virtual Private Cloud]

The correct answer is D. CloudWatch and S3.

According to the GitHub repository for the Fortinet aws-lambda-tgw script1, this function requires the following AWS services:

CloudWatch: A monitoring and observability service that collects and processes events from various AWS resources, including Transit Gateway attachments and route tables.

S3: A scalable object storage service that can store the configuration files and logs generated by the Lambda function.

By using the Fortinet aws-lambda-tgw script, you can automate the creation and configuration of Transit Gateway Connect attachments for your FortiGate devices. This can help you save time and avoid errors when adding more spoke VPCs to an existing hub and spoke topology1.

The other AWS services mentioned in the options are not required for this task. GuardDuty is a threat detection service that monitors for malicious and unauthorized behavior to help protect AWS accounts and workloads. WAF is a web application firewall that helps protect web applications from common web exploits. Inspector is a security assessment service that helps improve the security and compliance of applications deployed on AWS. DynamoDB is a fast and flexible NoSQL database service that can store various types of data.

1: GitHub - fortinet/aws-lambda-tgw

A is correct because in this deployment, the passive FortiGate issues API calls to Azure to update the routing table and the public IP address of the active FortiGate123. This way, the traffic is redirected to the new active FortiGate after a failover.

B is incorrect because the vdom-exception command is used to exclude specific VDOMs from being synchronized in an HA cluster. This command is not related to this deployment scenario.

C is incorrect because Microsoft Azure does provide an SLA for API calls. According to the Azure Service Level Agreements, the API Management service has a monthly uptime percentage of at least 99.9% for the standard tier and higher.

D is correct because by default, the configuration is not synchronized between the primary and secondary devices in this deployment.The administrator needs to manually enable configuration synchronization on both devices123.Alternatively, the administrator can use FortiManager to manage and synchronize the configuration of both devices4.