Limited-Time Offer: Enjoy 60% Savings! - Ends In 0d 00h 00m 00s Coupon code: 60OFF
Welcome to QA4Exam
Logo

- Trusted Worldwide Questions & Answers

Most Recent Fortinet NSE7_PBC-7.2 Exam Questions & Answers


Prepare for the Fortinet NSE 7 - Public Cloud Security 7.2 exam with our extensive collection of questions and answers. These practice Q&A are updated according to the latest syllabus, providing you with the tools needed to review and test your knowledge.

QA4Exam focus on the latest syllabus and exam objectives, our practice Q&A are designed to help you identify key topics and solidify your understanding. By focusing on the core curriculum, These Questions & Answers helps you cover all the essential topics, ensuring you're well-prepared for every section of the exam. Each question comes with a detailed explanation, offering valuable insights and helping you to learn from your mistakes. Whether you're looking to assess your progress or dive deeper into complex topics, our updated Q&A will provide the support you need to confidently approach the Fortinet NSE7_PBC-7.2 exam and achieve success.

The questions for NSE7_PBC-7.2 were last updated on Nov 17, 2024.
  • Viewing page 1 out of 12 pages.
  • Viewing questions 1-5 out of 59 questions
Get All 59 Questions & Answers
Question No. 1

What are three important steps required to get Terraform ready using Microsoft Azure Cloud Shell? (Choose three.)

Show Answer Hide Answer
Question No. 2

You have created a TGW route table to route traffic from your spoke VPC to the security VPC where two FortiGate devices are inspecting traffic. Your spoke VPC CIDR block is already propagated to the Transit Gateway (TGW) route table.

Which type of attachment should you use to advertise routes through BGP from the spoke VPC to the security VPC?

Show Answer Hide Answer
Correct Answer: B

A VPC attachment is the type of attachment that allows you to connect a VPC to a TGW and advertise routes through BGP. A VPC attachment creates a VPN connection between the VPC and the TGW, and enables dynamic routing with BGP. A connect attachment is used to connect a VPN or Direct Connect gateway to a TGW. A route attachment is not a valid type of attachment for TGW. A GRE attachment is used to connect a FortiGate device to a TGW using GRE tunnels.Reference:

Creating the TGW and related resources

Configuring TGW route tables

FortiGate Public Cloud 7.2.0 - Fortinet Documentation

Updating the route table and adding an IAM policy


Question No. 3

Which two attachments are necessary to connect a transit gateway to an existing VPC with BGP? (Choose two )

Show Answer Hide Answer
Correct Answer: A, C

The correct answer is A and C. A transport attachment and a connect attachment are necessary to connect a transit gateway to an existing VPC with BGP.

According to the AWS documentation for Transit Gateway, a transit gateway is a network transit hub that connects VPCs and on-premises networks. To connect a transit gateway to an existing VPC with BGP, you need to do the following steps:

Create a transport attachment. A transport attachment is a resource that connects a VPC or VPN to a transit gateway. You can specify the BGP options for the transport attachment, such as the autonomous system number (ASN) and the BGP peer IP address.

Create a connect attachment. A connect attachment is a resource that enables you to use your own appliance to provide network services for traffic that flows through the transit gateway. You can use a connect attachment to route traffic between the transport attachment and your appliance using GRE tunnels and BGP.

The other options are incorrect because:

A BGP attachment is not a valid type of attachment for a transit gateway. BGP is a protocol that enables dynamic routing between the transit gateway and the VPC or VPN.

A GRE attachment is not a valid type of attachment for a transit gateway. GRE is a protocol that encapsulates packets for tunneling purposes. GRE tunnels are established between the connect attachment and your appliance.

: [Transit Gateways - Amazon Virtual Private Cloud] : [Transit Gateway Connect - Amazon Virtual Private Cloud]


Question No. 4

You are adding more spoke VPCs to an existing hub and spoke topology Your goal is to finish this task in the minimum amount of time without making errors.

Which Amazon AWS services must you subscribe to accomplish your goal?

Show Answer Hide Answer
Correct Answer: D

The correct answer is D. CloudWatch and S3.

According to the GitHub repository for the Fortinet aws-lambda-tgw script1, this function requires the following AWS services:

CloudWatch: A monitoring and observability service that collects and processes events from various AWS resources, including Transit Gateway attachments and route tables.

S3: A scalable object storage service that can store the configuration files and logs generated by the Lambda function.

By using the Fortinet aws-lambda-tgw script, you can automate the creation and configuration of Transit Gateway Connect attachments for your FortiGate devices. This can help you save time and avoid errors when adding more spoke VPCs to an existing hub and spoke topology1.

The other AWS services mentioned in the options are not required for this task. GuardDuty is a threat detection service that monitors for malicious and unauthorized behavior to help protect AWS accounts and workloads. WAF is a web application firewall that helps protect web applications from common web exploits. Inspector is a security assessment service that helps improve the security and compliance of applications deployed on AWS. DynamoDB is a fast and flexible NoSQL database service that can store various types of data.

1: GitHub - fortinet/aws-lambda-tgw


Question No. 5

Refer to the exhibit

You deployed an HA active-passive FortiGate VM in Microsoft Azure.

Which two statements regarding this particular deployment are true? (Choose two.)

Show Answer Hide Answer
Correct Answer: A, D

A is correct because in this deployment, the passive FortiGate issues API calls to Azure to update the routing table and the public IP address of the active FortiGate123. This way, the traffic is redirected to the new active FortiGate after a failover.

B is incorrect because the vdom-exception command is used to exclude specific VDOMs from being synchronized in an HA cluster. This command is not related to this deployment scenario.

C is incorrect because Microsoft Azure does provide an SLA for API calls. According to the Azure Service Level Agreements, the API Management service has a monthly uptime percentage of at least 99.9% for the standard tier and higher.

D is correct because by default, the configuration is not synchronized between the primary and secondary devices in this deployment.The administrator needs to manually enable configuration synchronization on both devices123.Alternatively, the administrator can use FortiManager to manage and synchronize the configuration of both devices4.


Unlock All Questions for Fortinet NSE7_PBC-7.2 Exam

Full Exam Access, Actual Exam Questions, Validated Answers, Anytime Anywhere, No Download Limits, No Practice Limits

Get All 59 Questions & Answers