[Oct-2023] Download Real NSE7_PBC-6.4 Exam Dumps for candidates 100% Free Dump Files [Q16-Q31]

Rate this post

[Oct-2023] Download Real NSE7_PBC-6.4 Exam Dumps for candidates. 100% Free Dump Files

Prepare Important Exam with NSE7_PBC-6.4 Exam Dumps(2023)

QUESTION 16
An Amazon Web Services (AWS) auto-scale FortiGate cluster has just experienced a scale-down event, terminating a FortiGate in availability zone C.
This has now black-holed the private subnet in this availability zone.
What action will the worker node automatically perform to restore access to the black-holed subnet?

The worker node applies a route table from a non-black-holed subnet to the black-holed subnet.

The worker node moves the virtual IP of the terminated FortiGate to a running FortiGate on the worker node’s private subnet interface.

The worker node modifies the route table applied to the black-holed subnet changing its default route to point to a running FortiGate on the worker node’s private subnet interface.

The worker node migrates the subnet to a different availability zone.

QUESTION 17
Refer to the exhibit.

Which two conditions will enable you to segregate and secure the traffic between the hub and the spokes in Microsoft Azure? (Choose two.)

Implement the FortiGate-VM network virtual appliance (NVA) in the hub and use user-defined routes (UDRs) in the spokes.

Use ExpressRoute to interconnect the hub VNets and spoke VNets.

Configure VNet peering between the spokes only.

Configure VNet peering between the hub and spokes.

QUESTION 18

Refer to the exhibit. Consider an active-passive HA deployment in Microsoft Azure. The exhibit shows an excerpt from the passive FortiGate-VM node.
If the active FortiGate-VM fails, what are the results of the API calls made by the FortiGate named SSTENTAZFGT-0302? (Choose two.)

SSTENTAZFGT-03-FloatingPIP is assigned to the IP configuration with the name SSTENTAZFGT-
0302-Nic-01, under the network interface SSTENTAZFGT-0302-Nic-01

172.29.32.71is set as a next hop IP for all routes under FortigateUDR-01

The network interface of the active unit moves to itself

SSTENTAZFGT-03-FloatingPIP public IP is assigned to NIC SSTENTAZFGT-0302-Nic-01

QUESTION 19
You are deploying Amazon Web Services (AWS) GuardDuty to monitor malicious or unauthorized behaviors related to AWS resources. You will also use the Fortinet aws-lambda-guarddutyscript to translate feeds from AWS GuardDuty findings into a list of malicious IP addresses. FortiGate can then consume this list as an external threat feed.
Which Amazon AWS services must you subscribe to in order to use this feature?

GuardDuty, CloudWatch, S3, Inspector, WAF, and Shield.

GuardDuty, CloudWatch, S3, and DynamoDB.

Inspector, Shield, GuardDuty, S3, and DynamoDB.

WAF, Shield, GuardDuty, S3, and DynamoDB.

QUESTION 20
Refer to the exhibit.

In your Amazon Web Services (AWS) virtual private cloud (VPC), you must allow outbound access to the internet and upgrade software on an EC2 instance, without using a NAT instance. This specific EC2 instance is running in a private subnet: 10.0.1.0/24.
Also, you must ensure that the EC2 instance source IP address is not exposed to the public internet. There are two subnets in this VPC in the same availability zone, named public (10.0.0.0/24) and private (10.0.1.0/24).
How do you achieve this outcome with minimum configuration?

Deploy a NAT gateway with an EIP in the private subnet, edit the public main routing table, and change the destination route 0.0.0.0/0 to the target NAT gateway.

Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Public-route, and delete the route destination 10.0.0.0/16 to target local.

Deploy a NAT gateway with an EIP in the private subnet, edit route tables, select Private-route, and add a new route destination 0.0.0.0/0 to the target internet gateway.

Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Private-route and add a new route destination 0.0.0.0/0 to target the NAT gateway.

QUESTION 21
Refer to the exhibit.

You are deploying a FortiGate-VM in Microsoft Azure using the PAYG/On-demand licensing model. After you configure the FortiGate-VM, the validation process fails, displaying the error shown in the exhibit.
What caused the validation process to fail?

You selected the incorrect resource group.

You selected the Bring Your Own License (BYOL) licensing mode.

You selected the PAYG/On-demand licensing model, but did not select correct virtual machine size.

You selected the PAYG/On-demand licensing model, but did not associate a valid Azure subscription.

QUESTION 22
An organization deploys a FortiGate-VM (VM04 / c4.xlarge) in Amazon Web Services (AWS) and configures two elastic network interfaces (ENIs). Now, the same organization wants to add additional ENIs to support different workloads in their environment.
Which action can you take to accomplish this?

None, you cannot create and add additional ENIs to an existing FortiGate-VM.

Create the ENI, shut down FortiGate, attach the ENI to FortiGate, and then start FortiGate.

Create the ENI, attach it to FortiGate, and then restart FortiGate.

Create the ENI and attach it to FortiGate.

QUESTION 23
You have previously deployed an Amazon Web Services (AWS) transit virtual private cloud (VPC) with a pair of FortiGate firewalls (VM04 / c4.xlarge) as your security perimeter. You are beginning to see high CPU usage on the FortiGate instances.
Which action will fix this issue?

Convert the c4.xlarge instances to m4.xlarge instances.

Migrate the transit VPNs to new and larger instances (VM08 / c4.2xlarge).

Convert from IPsec tunnels to generic routing encapsulation (GRE) tunnels, for the VPC peering connections.

Convert the transit VPC firewalls into an auto-scaling group and launch additional EC2 instances in that group.

QUESTION 24
You are deploying Amazon Web Services (AWS) GuardDuty to monitor malicious or unauthorized behaviors related to AWS resources. You will also use the Fortinet aws-lambda-guardduty script to translate feeds from AWS GuardDuty findings into a list of malicious IP addresses. FortiGate can then consume this list as an external threat feed.
Which Amazon AWS services must you subscribe to in order to use this feature?

GuardDuty, CloudWatch, S3, Inspector, WAF, and Shield.

GuardDuty, CloudWatch, S3, and DynamoDB.

Inspector, Shield, GuardDuty, S3, and DynamoDB.

WAF, Shield, GuardDuty, S3, and DynamoDB.

QUESTION 25
Refer to the exhibit.

The exhibit shows a topology where multiple connections from clients to the same FortiGate-VM instance, regardless of the protocol being used, are required.
Which two statements are correct? (Choose two.)

The design shows an active-active FortiGate-VM architecture.

The Cloud Load Balancer Session Affinity setting should be changed to CLIENT_IP.

The design shows an active-passive FortiGate-VM architecture.

The Cloud Load Balancer Session Affinity setting should use the default value.

QUESTION 26
Refer to the exhibit.

You are configuring an active-passive FortiGate clustering protocol (FGCP) HA configuration in a single availability zone in Amazon Web Services (AWS), using a cloud formation template.
After deploying the template, you notice that the AWS console has IP information listed in the FortiGate VM firewalls in the HA configuration. However, within the configuration of FortiOS, you notice that port1 is using an IP of 10.0.0.13, and port2 is using an IP of 10.0.1.13.
What should you do to correct this issue?

Configure FortiOS to use static IP addresses with the IP addresses reflected in the ENI primary IP address configuration (as per the exhibit).

Delete the deployment and start again. You have in put the wrong parameters during the cloud formation template deployment.

Configure FortiOS to use DHCP so that it will get the correct IP addresses on the ports.

Nothing, in AWS cloud, it is normal for a FortiGate ENI primary IP address to be different than the FortiOS IP address configuration.

QUESTION 27
You have been tasked with deploying FortiGate VMs in a highly available topology on the Amazon Web Services (AWS) cloud. The requirements for your deployment are as follows:
*You must deploy two FortiGate VMs in a single virtual private cloud (VPC), with an external elastic load balancer which will distribute ingress traffic from the internet to both FortiGate VMs in an active-active topology.
*Each FortiGate VM must have two elastic network interfaces: one will connect to a public subnet and other will connect to a private subnet.
*To maintain high availability, you must deploy the FortiGate VMs in two different availability zones.
How many public and private subnets will you need to configure within the VPC?

One public subnet and two private subnets

Two public subnets and one private subnet

Two public subnets and two private subnets

One public subnet and one private subnet

QUESTION 28
Which three properties are configurable Microsoft Azure network security group rule settings? (Choose three.)

Action

Sequence number

Source and destination IP ranges

Destination port ranges

Source port ranges

QUESTION 29
Which two statements about Amazon Web Services (AWS) networking are correct? (Choose two.)

Proxy ARP entries are disregarded.

802.1q VLAN tags are allowed inside the same virtual private cloud.

AWS DNS reserves the first host IP address of each subnet.

Multicast traffic is not allowed.

QUESTION 30
Which statement about FortiSandbox in Amazon Web Services (AWS) is true?

In AWS, virtual machines (VMs) that inspect files do not have to be reset after inspecting a file.

FortiSandbox in AWS uses Windows virtual machines (VMs) to inspect files.

In AWS, virtual machines (VMs) that inspect files are constantly up and running.

FortiSandbox in AWS can have a maximum of eight virtual machines (VMs) that inspect files.

QUESTION 31
Which three properties are configurable Microsoft Azure network security group rule settings? (Choose three.)

Action

Sequence number

Source and destination IP ranges

Destination port ranges

Source port ranges

Fortinet NSE7_PBC-6.4 (Fortinet NSE 7 – Public Cloud Security 6.4) Certification Exam is designed to validate the skills and knowledge of IT professionals in securing public cloud environments. Fortinet NSE 7 – Public Cloud Security 6.4 certification exam is aimed at individuals who have experience in deploying and managing security solutions in public cloud environments. NSE7_PBC-6.4 exam tests the candidate’s ability to design and implement secure public cloud infrastructures, as well as their knowledge of various security technologies and best practices.

NSE7_PBC-6.4 Questions – Truly Beneficial For Your Fortinet Exam: https://www.dumptorrent.com/NSE7_PBC-6.4-braindumps-torrent.html

Free Exam Dumps Torrent

[Oct-2023] Download Real NSE7_PBC-6.4 Exam Dumps for candidates 100% Free Dump Files [Q16-Q31]

Leave a Reply Cancel reply

Related Posts

Pass Your Fortinet NSE6_FAZ-7.2 Exam with Correct 32 Questions and Answers [Q19-Q38]

Updated NSE6_FML-6.4 Dumps Questions Are Available [2023] For Passing Fortinet Exam [Q11-Q32]

[Jun-2023] NSE5_EDR-5.0 Pre-Exam Practice Tests Exam Questions and Answers for NSE 5 Network Security Analyst Study Guide [Q15-Q29]

[Feb 26, 2023] NSE5_FSM-5.2 PDF Recently Updated Questions Dumps to Improve Exam Score [Q17-Q36]

(2022) PASS NSE6_FWB-6.1 Exam Free Practice Test with 100% Accurate Answers [Q10-Q33]

Leave a Reply Cancel reply