ExamGecko
Search Search Login
Home Home / Fortinet / FCP_WCS_AD-7.4
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibit. An administrator configured a FortiGate device to connect to the AWS API to retrieve resource values from the AWS console to create dynamic objects for the FortiGate policies. The administrator is unable to retrieve AWS dynamic objects on FortiGate. Which two reasons can explain why? (Choose two.)
A customer is attempting to deploy an active-passive high availability (HA) cluster using the software-defined network (SDN) connector in the AWS cloud. What is an important consideration to ensure a successful formation of HA, failover, and traffic flow?
An organization has created a VPC with two subnets and deployed a FortiGate-VM (VM04/c4.xlarge) in AWS. The EC2 instance is initially configured with two Elastic Network Interfaces (ENIs). The primary ENI is configured on the public subnet, and the secondary ENI is configured on the private subnet. To provide internet access for the FortiGate-VM, they now want to associate an EIP to its primary ENI, but the assignment is failing. Which action would allow the EIP assignment to be successful?
Refer to the exhibit. What occurs during a failover for an active-passive (A-P) cluster that is deployed in two different availability zones? (Choose two.)
Which three statements are correct about VPC flow logs? (Choose three.)
Refer to the exhibit. Which two statements are true about inbound traffic based on the IGW ingress route table and GWLB deployment shown in the exhibit? (Choose two.)
Refer to the exhibit. You deployed an active-passive FortiGate HA cluster using a CloudFormation template on an existing VPC. Now you want to test active-passive FortiGate HA failover by running a debug so you can see the API calls to change the Elastic and secondary IP addresses. Which statement is correct about the output of the debug?
You need to deploy a new Windows server in AWS to offload web traffic from an existing web server in a different availability zone. According to the AWS shared responsibility model, what three actions must you take to secure the new EC2 instance? (Choose three.)
An administrator must deploy a web application firewall (WAF) solution to protect the web applications of their organization. Why would the administrator choose FortiWeb Cloud over AWS WAF with Fortinet managed rules?
An administrator needs to attach an Elastic Network Interface (ENI) to an application instance in a VPC with multiple availability zones. An instance runs in availability zone 1. Which ENI property must the administrator consider when implementing this requirement?

Question 14 - FCP_WCS_AD-7.4 discussion

Report
Export

Refer to the exhibit.

You deployed an active-passive FortiGate HA cluster using a CloudFormation template on an existing VPC. Now you want to test active-passive FortiGate HA failover by running a debug so you can see the API calls to change the Elastic and secondary IP addresses.

Which statement is correct about the output of the debug?

A.
The routing table for Fgt2 updated successfully, and port2 will provide internet access to Fgt2.
Answers
A.
The routing table for Fgt2 updated successfully, and port2 will provide internet access to Fgt2.
B.
The Elastic IP is associated with port1 of Fgt2.
Answers
B.
The Elastic IP is associated with port1 of Fgt2.
C.
IP address 10.0.0.13 is now associated with eni-0b61d8afc0aefb8a2.
Answers
C.
IP address 10.0.0.13 is now associated with eni-0b61d8afc0aefb8a2.
D.
The Elastic IP is associated with port2 of Fgt2, and the secondary IP address for port1 and port2 was updated successfully.
Answers
D.
The Elastic IP is associated with port2 of Fgt2, and the secondary IP address for port1 and port2 was updated successfully.
Suggested answer: B

Explanation:

HA Event and Failover:

The debug output indicates that a failover event occurred and the secondary instance (Fgt2) is now taking over as the master.

Elastic IP Association:

The debug output shows the process of moving the Elastic IP (eipalloc-090425f83f912c8d6) to the new master instance. This involves associating the Elastic IP with the appropriate network interface (eni) of the new master.

Specific IP Address Association:

The Elastic IP is specifically associated with port1 of Fgt2. The message 'associate elastic ip eipalloc-090425f83f912c8d6 to 10.0.0.13 of eni eni-0f6b35f8fccd24eb0' indicates that the Elastic IP is now linked to the primary IP address (10.0.0.13) on port1 of the new master.

Other Options Analysis:

Option A is incorrect because the routing table update details are not explicitly stated.

Option C is incorrect because the IP address association mentioned relates to an Elastic IP, not eni-0b61d8afc0aefb8a2.

Option D is incorrect because it specifically mentions port2 for the Elastic IP association, which is not indicated in the debug output.

FortiGate HA Configuration Guide: FortiGate HA

AWS Elastic IP Documentation: Elastic IP

Show Answer
asked 18/09/2024
Jebaz Norton
44 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms