ExamGecko
Search Search Login
Home Home / Fortinet / NSE7_PBC-7.2
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is the main advantage of using SD-WAN Transit Gateway Connect over traditional SD-WAN?
Refer to the exhibit. You deployed an HA active-active load balance sandwich with two FortiGate VMs in Microsoft Azure. After the deployment, you prefer to use FGSP to synchronize sessions, and allow asymmetric return traffic In the environment, FortiGate port 1 and port 2 are facing external and internal load balancers respectively What IP address must you use in the peerip configuration?
Refer to Exhibit: The exhibit shows the Connect Peers settings on Amazon Web Services (AWS) transit gateway attachments With two FortiGate VMS in a security VPC. Which two statements are correct? (Choose two.)
Refer to the exhibit You deployed an HA active-passive FortiGate VM in Microsoft Azure. Which two statements regarding this particular deployment are true? (Choose two.)
Refer to the exhibit You are tasked with deploying FortiGate using Terraform. When you run the terraform version command during the Terraform installation, you get an error message. What could be the reason that you are getting the command not found error?
Refer to the exhibit. What would be the impact of confirming to delete all the resources in Terraform?
Which statement about immutable infrastructure in automation is true?
You have created a TGW route table to route traffic from your spoke VPC to the security VPC where two FortiGate devices are inspecting traffic. Your spoke VPC CIDR block is already propagated to the Transit Gateway (TGW) route table. Which type of attachment should you use to advertise routes through BGP from the spoke VPC to the security VPC?
Refer to the exhibit An administrator is trying to deploy a FortiGate VM in Microsoft Azure using Terraform However, during the configuration, the Azure client secret is no longer visible in the Azure portal. How would the administrator obtain the Azure client secret to configure on Terratorm?
Refer to the exhibit. What value or values must the administrator use in the SSH Key section to deploy a FortiGate VM using Terraform in Amazon Web Services (AWS)?

Question 7 - NSE7_PBC-7.2 discussion

Report
Export

Refer to the exhibit

In your Amazon Web Services (AWS), you must allow inbound HTTPS access to the Customer VPC FortiGate VM from the internet However, your HTTPS connection to the FortiGate VM in the Customer VPC is not successful.

Also, you must ensure that the Customer VPC FortiGate VM sends all the outbound Internet traffic through the Security VPC How do you correct this Issue with minimal configuration changes?

(Choose three.)

A.
Add a route With your local internet public IP address as the destination and target transit gateway
Answers
A.
Add a route With your local internet public IP address as the destination and target transit gateway
B.
Add route destination 0 0.0 0/0 to target the transit gateway
Answers
B.
Add route destination 0 0.0 0/0 to target the transit gateway
C.
Add a route With your local internet public IP address as the destination and target internet gateway
Answers
C.
Add a route With your local internet public IP address as the destination and target internet gateway
D.
Deploy an internet gateway, associate an EIP in the private subnet, edit route tables, and add a new route destination 0.0.0.0/0 to the target internet gateway
Answers
D.
Deploy an internet gateway, associate an EIP in the private subnet, edit route tables, and add a new route destination 0.0.0.0/0 to the target internet gateway
E.
Deploy an internet gateway, associate an EIP in the public subnet, and attach the internet gateway to the Customer VPC,
Answers
E.
Deploy an internet gateway, associate an EIP in the public subnet, and attach the internet gateway to the Customer VPC,
Suggested answer: B, D, E

Explanation:

B) Add route destination 0.0.0.0/0 to target the transit gateway.This will ensure that the Customer VPC FortiGate VM sends all the outbound internet traffic through the Security VPC, where it can be inspected by the Security VPC FortiGate VMs1.The transit gateway is a network device that connects multiple VPCs and on-premises networks in a hub-and-spoke model2. D) Deploy an internet gateway, associate an EIP in the private subnet, edit route tables, and add a new route destination 0.0.0.0/0 to the target internet gateway.This will allow inbound HTTPS access to the Customer VPC FortiGate VM from the internet, by creating a public route for the private subnet where the FortiGate VM is located3.An internet gateway is a service that enables communication between your VPC and the internet4. An EIP is a public IPv4 address that you can allocate to your AWS account and associate with your resources. E. Deploy an internet gateway, associate an EIP in the public subnet, and attach the internet gateway to the Customer VPC.This will also allow inbound HTTPS access to the Customer VPC FortiGate VM from the internet, by creating a public route for the public subnet where the FortiGate VM is located3. This is an alternative solution to option D, depending on which subnet you want to use for the FortiGate VM.

The other options are incorrect because:

Adding a route with your local internet public IP address as the destination and target transit gateway will not allow inbound HTTPS access to the Customer VPC FortiGate VM from the internet, because it will only apply to traffic coming from your specific IP address, not from any other source on the internet1.Moreover, it will not ensure that the outbound internet traffic goes through the Security VPC, because it will only apply to traffic going to your specific IP address, not to any other destination on the internet1.

Adding a route with your local internet public IP address as the destination and target internet gateway will not allow inbound HTTPS access to the Customer VPC FortiGate VM from the internet, because it will bypass the Security VPC and send the traffic directly to the Customer VPC1.Moreover, it will not ensure that the outbound internet traffic goes through the Security VPC, because it will only apply to traffic going to your specific IP address, not to any other destination on the internet1.

Show Answer
asked 18/09/2024
Vasco Rodrigues
40 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms