Home

Home / Fortinet / NSE7_PBC-7.2

Question list

List of questions

Question 1

(0)

Refer to the exhibit An administrator is trying to deploy a FortiGate VM in Microsoft Azure using Terraform However, during the configuration, the Azure client secret is no longer visible in the

Question 2

(0)

What are two main features in Amazon Web Services (AWS) network access control lists (ACLs)? (Choose two.)

Question 3

(0)

What are three important steps required to get Terraform ready using Microsoft Azure Cloud Shell? (Choose three.)

Question 4

(0)

Refer to the exhibit You are tasked with deploying a webserver and FortiGate VMS in AWS_ You are using Terraform to automate the process Which two important details should you know about the Ter

Question 5

(0)

Refer to the exhibit You are tasked to deploy a FortiGate VM with private and public subnets in Amazon Web Services (AWS). You examined the variables.tf file. What will be the final result afte

Question 6

(0)

You are automating configuration changes on one of the FortiGate VMS using Linux Red Hat Ansible. How does Linux Red Hat Ansible connect to FortiGate to make the configuration change?

Question 7

(0)

Refer to the exhibit In your Amazon Web Services (AWS), you must allow inbound HTTPS access to the Customer VPC FortiGate VM from the internet However, your HTTPS connection to the FortiGate VM i

Question 8

(0)

You must allow an SSH traffic rule in an Amazon Web Services (AWS) network access list (NACL) to allow SSH traffic to travel to a subnet for temporary testing purposes. When you review the current i

Question 9

(0)

Refer to Exhibit: The exhibit shows the Connect Peers settings on Amazon Web Services (AWS) transit gateway attachments With two FortiGate VMS in a security VPC. Which two statements are correct

Question 10

(0)

Refer to the exhibit. You are configuring a second route table on a Transit Gateway to accommodate east-west traffic inspection between two VPCs_ However, you are getting an error during the transi

Open VPLUS File

Convert VPLUS to PDF

Related questions

What is the main advantage of using SD-WAN Transit Gateway Connect over traditional SD-WAN?

Refer to the exhibit. You deployed an HA active-active load balance sandwich with two FortiGate VMs in Microsoft Azure. After the deployment, you prefer to use FGSP to synchronize sessions, and allow asymmetric return traffic In the environment, FortiGate port 1 and port 2 are facing external and internal load balancers respectively What IP address must you use in the peerip configuration?

Refer to Exhibit: The exhibit shows the Connect Peers settings on Amazon Web Services (AWS) transit gateway attachments With two FortiGate VMS in a security VPC. Which two statements are correct? (Choose two.)

Refer to the exhibit You deployed an HA active-passive FortiGate VM in Microsoft Azure. Which two statements regarding this particular deployment are true? (Choose two.)

Refer to the exhibit. What would be the impact of confirming to delete all the resources in Terraform?

Refer to the exhibit You are tasked with deploying FortiGate using Terraform. When you run the terraform version command during the Terraform installation, you get an error message. What could be the reason that you are getting the command not found error?

Which statement about immutable infrastructure in automation is true?

You have created a TGW route table to route traffic from your spoke VPC to the security VPC where two FortiGate devices are inspecting traffic. Your spoke VPC CIDR block is already propagated to the Transit Gateway (TGW) route table. Which type of attachment should you use to advertise routes through BGP from the spoke VPC to the security VPC?

Refer to the exhibit An administrator is trying to deploy a FortiGate VM in Microsoft Azure using Terraform However, during the configuration, the Azure client secret is no longer visible in the Azure portal. How would the administrator obtain the Azure client secret to configure on Terratorm?

Refer to the exhibit. What value or values must the administrator use in the SSH Key section to deploy a FortiGate VM using Terraform in Amazon Web Services (AWS)?

Question 24 - NSE7_PBC-7.2 discussion

Report

When adding the Amazon Web Services (AWS) account to the FortiCNP, which three mandatory configuration steps must you follow? (Choose three.)

A.

Add AWS accounts through FortiCNP.

B.

Enable cloud protection through AWS Guard Duty and AWS Inspector

C.

Accept FortiCNP to create CloudTrail for the account

D.

Enable cross-reg Ion aggregation

E.

Launch the CloudFormation template.

Suggested answer: A, C, E

Explanation:

When adding the Amazon Web Services (AWS) account to the FortiCNP, you must follow these three mandatory configuration steps:

Add AWS accounts through FortiCNP. This is the first step to enable cloud protection for your AWS account. You can add one or multiple accounts automatically or manually. You need to provide the AWS account ID and a name for the account.You also need to select the optional permissions to be granted to FortiCNP as needed1.

Accept FortiCNP to create CloudTrail for the account. This is required for FortiCNP to collect and analyze the AWS API calls and events. You can choose to let FortiCNP create a CloudTrail for the account or use an existing one.You also need to specify the aggregation region for the CloudTrail1.

Launch the CloudFormation template. This is required for FortiCNP to create a stack and a role in your AWS account. The stack contains the resources that FortiCNP needs to access and monitor your AWS account. The role allows FortiCNP to assume it and perform actions on your behalf.You need to enter a custom or default role name and a unique UUID that is designated for your company on FortiCNP1.

https://docs.fortinet.com/document/forticnp/22.4.a/online-help/246021/add-aws-account-automatically

To configure a FortiGate VM to add to FortiCNP, you need to perform three steps on FortiGate:

Enable send logs in FortiGate to allow FortiCNP to receive the IPS logs from FortiGate.

Create an SSL/SSH inspection profile on FortiGate to inspect the encrypted traffic and apply IPS protection.

Create an IPS sensor and a firewall policy on FortiGate to enable IPS detection and prevention for the traffic.

FortiCNP 22.4.a Administration Guide, page 22-24

FortiGate IPS Administration Guide, page 9-10

Show Answer

asked 18/09/2024

Peter Sundstrom

31 questions

User

Your answer: A B C D E

0 comments

Sorted by

Leave a comment first