Fortinet NSE 7 - Public Cloud Security 7.2 (NSE7_PBC-7.2) Free Practice Test

Question 1

Refer to the exhibit. You are troubleshooting a FortiGate HA floating IP issue with Microsoft Azure. After the failover, the new primary device does not have the previous primary device floating IP address.

What could be the possible issue With this scenario?

A. A wrong client secret credential is used

B. The error is caused by credential time expiration.

C. The Azure service principle account must have a contributor role.

D. FortiGate port4 does not have internet access.

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 2

Which two attachments are necessary to connect a transit gateway to an existing VPC with BGP?
(Choose two )

A. A GRE attachment

B. A connect attachment

C. A transport attachment

D. A BGP attachment

Correct Answer: B,C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 3

Which three properties are configurable Microsoft Azure network security group rule settings?
(Choose three.)

A. Action

B. Source and destination IP ranges

C. Sequence number

D. Destination port ranges

E. Source port ranges

Correct Answer: A,D,E

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 4

Refer to Exhibit. The exhibit shows the Connect Peers settings on Amazon Web Services (AWS) transit gateway attachments with two FortiGate VMS in a security VPC.

Which two statements are correct? (Choose two.)

A. The Transit Gateway GRE address is auto-generated

B. The Peer GRE address is the FortiGate internal interface IP address

C. The BGP inside CIDR blocks can be any CIDR block with /29

D. The peer GRE address is the FortiGate external interface IP address.

Correct Answer: A,D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 5

Refer to the exhibit. You deployed an HA active-passive FortiGate VM in Microsoft Azure.

Which two statements regarding this particular deployment are true? (Choose two.)

A. There is no SLA for API calls from Microsoft Azure.

B. During the failover, the passive FortiGate issues API calls to Azure

C. Use the vdom-excepticn command to synchronize the configuration.

D. By default, the configuration does not synchromze between the primary and secondary devices.

Correct Answer: B,D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 6

Which two statements about the Amazon Cloud Services (AWS) network access control lists (ACLs) are true? (Choose two.)

A. Network ACLs support allow rules and deny rules.

B. Network ACLs are stateful, and inbound and outbound rules are used for traffic filtering.

C. Network ACLs are stateless, and inbound and outbound rules are used for traffic filtering.

D. Network ACLs must be manually applied to virtual network interfaces.

Correct Answer: A,C

Question 7

You are automating configuration changes on one of the FortiGate VMS using Linux Red Hat Ansible.
How does Linux Red Hat Ansible connect to FortiGate to make the configuration change?

A. It uses an API.

B. It uses YAML

C. It uses a FortiGate internal or external IP address with TCP port 21

D. It uses SSH as a connection method to FortiOS.

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 8

You are adding more spoke VPCs to an existing hub and spoke topology. Your goal is to finish this task in the minimum amount of time without making errors.
Which Amazon AWS services must you subscribe to accomplish your goal?

A. GuardDuty, CloudWatch

B. Inspector, S3

C. WAF, DynamoDB

D. CloudWatch, S3

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 9

Your company deploys FortiGate VM devices in high availability (HA) (active-active) mode with Microsoft Azure load balancers using the Microsoft Azure ARM template. Your senior administrator instructs you to connect to one of the FortiGate devices and configure the necessary firewall rules. However, you are not sure now to obtain the correct public IP address of the deployed FortiGate VM and identify the access ports.
How do you obtain the public IP address of the FortiGate VM and identify the correct ports to access the device?

A. In the configured load balancer, access the inbound and outbound NAT rules section.

B. In the configured load balancer, access the inbound NAT rules section.

C. In the configured load balancer, access the backend pools section.

D. In the configured load balancer, access the health probes section.

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 10

You have been asked to secure your organization's salesforce application that is running on Microsoft Azure, and find an effective method for inspecting shadow IT activities in the organization. After an initial investigation, you find that many users access the salesforce application remotely as well as on-premises.
Your goal is to find a way to get more visibility, control over shadow IT-related activities, and identify any data leaks in the salesforce application.
Which three steps should you take to achieve your goal? (Choose three.)

A. Deploy and configure FortiCASB with a Fortinet FortiCASB subscription license.

B. Use FortiGate, FortiGuard, and FortiAnalyzer solutions.

C. Deploy and configure FortiCWP with a workload guardian license.

D. Configure FortiCASB and set up access rights, privileges, and data protection policies.

E. Deploy and configure FortiGate with Security Fabric solutions, and FortiCWP with a storage guardian advance license.

Correct Answer: A,B,D

Welcome to TestSimulate

Fortinet NSE 7 - Public Cloud Security 7.2 (NSE7_PBC-7.2) Free Practice Test