ExamGecko
Search Search Login
Home Home / Fortinet / NSE7_PBC-7.2
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is the main advantage of using SD-WAN Transit Gateway Connect over traditional SD-WAN?
Refer to the exhibit. You deployed an HA active-active load balance sandwich with two FortiGate VMs in Microsoft Azure. After the deployment, you prefer to use FGSP to synchronize sessions, and allow asymmetric return traffic In the environment, FortiGate port 1 and port 2 are facing external and internal load balancers respectively What IP address must you use in the peerip configuration?
Refer to Exhibit: The exhibit shows the Connect Peers settings on Amazon Web Services (AWS) transit gateway attachments With two FortiGate VMS in a security VPC. Which two statements are correct? (Choose two.)
Refer to the exhibit You deployed an HA active-passive FortiGate VM in Microsoft Azure. Which two statements regarding this particular deployment are true? (Choose two.)
Refer to the exhibit. What would be the impact of confirming to delete all the resources in Terraform?
Refer to the exhibit You are tasked with deploying FortiGate using Terraform. When you run the terraform version command during the Terraform installation, you get an error message. What could be the reason that you are getting the command not found error?
Which statement about immutable infrastructure in automation is true?
You have created a TGW route table to route traffic from your spoke VPC to the security VPC where two FortiGate devices are inspecting traffic. Your spoke VPC CIDR block is already propagated to the Transit Gateway (TGW) route table. Which type of attachment should you use to advertise routes through BGP from the spoke VPC to the security VPC?
Refer to the exhibit An administrator is trying to deploy a FortiGate VM in Microsoft Azure using Terraform However, during the configuration, the Azure client secret is no longer visible in the Azure portal. How would the administrator obtain the Azure client secret to configure on Terratorm?
Refer to the exhibit. What value or values must the administrator use in the SSH Key section to deploy a FortiGate VM using Terraform in Amazon Web Services (AWS)?

Question 56 - NSE7_PBC-7.2 discussion

Report
Export

In an SD-WAN TGW Connect topology, which three initial steps are mandatory when routing traffic from a spoke VPC to a security VPC through a Transit Gateway? (Choose three.)

A.
From the spoke VPC internal routing table, point 0.0.0.0/0 traffic to the TGW
Answers
A.
From the spoke VPC internal routing table, point 0.0.0.0/0 traffic to the TGW
B.
From the security VPC TGW subnet routing table: point 0.0.0.0/0 traffic to the FortiGate internal port
Answers
B.
From the security VPC TGW subnet routing table: point 0.0.0.0/0 traffic to the FortiGate internal port
C.
From the security VPC TGW subnet routing table: point 0.0.0.0/0 traffic to the TGW
Answers
C.
From the security VPC TGW subnet routing table: point 0.0.0.0/0 traffic to the TGW
D.
From the security VPC FortiGate internal subnet routing table, point 0.0.0.0/0 traffic to the TGW
Answers
D.
From the security VPC FortiGate internal subnet routing table, point 0.0.0.0/0 traffic to the TGW
E.
From both spoke VPCs and the security VPC, point 0.0.0.0/0 traffic to the Internet Gateway
Answers
E.
From both spoke VPCs and the security VPC, point 0.0.0.0/0 traffic to the Internet Gateway
Suggested answer: A, B, D

Explanation:

Spoke VPC Routing:The 0.0.0.0/0 (default) route in the spoke VPC must point to the Transit Gateway attachment for traffic to reach other VPCs or external destinations.

Security VPC Routing:Traffic from the security VPC needs to pass through the FortiGate for inspection and security controls. Therefore, the 0.0.0.0/0 route in the security VPC's TGW subnet routing table must point to the FortiGate's internal port.

FortiGate Routing:The FortiGate's internal subnet must have its 0.0.0.0/0 route configured to point to the Transit Gateway attachment, allowing traffic to be returned to other VPCs or reach the internet.

In an SD-WAN TGW Connect topology, when routing traffic from a spoke VPC to a security VPC through a Transit Gateway, the mandatory initial steps include:

From the spoke VPC internal routing table, point 0.0.0.0/0 traffic to the TGW (Option A): This step is crucial for ensuring that all traffic from the spoke VPC destined for external networks is directed through the Transit Gateway, allowing for centralized management and security inspection.

From the security VPC TGW subnet routing table: point 0.0.0.0/0 traffic to the FortiGate internal port (Option B): Routing all traffic from the TGW subnet in the security VPC to the FortiGate's internal port ensures that traffic is subjected to the necessary security policies and inspections provided by the FortiGate appliance before it proceeds to other destinations or returns to the spoke VPCs.

From the security VPC FortiGate internal subnet routing table, point 0.0.0.0/0 traffic to the TGW (Option D): This configuration ensures that traffic returning from the security processes handled by the FortiGate is routed back through the Transit Gateway, maintaining the integrity of the secure transit path and ensuring proper routing back to the originating spoke or onward to the internet.

Show Answer
asked 18/09/2024
Karthika Aravinth
33 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms