Real Fortinet NSE7_PBC-6.4 Exam Questions [Updated 2023]
NSE7_PBC-6.4 Exam Dumps Pass with Updated 2023 Fortinet NSE 7 - Public Cloud Security 6.4
Fortinet NSE7_PBC-6.4 Exam Objectives
The Fortinet NSE7_PBC-6.4 certification exam has been designed to test your knowledge of the latest technologies in IT security. It tests your knowledge of the networking security fundamentals covered in this certification. The NSE7_PBC-6.4 certification is a three hour long exam and consists of 75 percent objective and 25 percent free time for the preparation. It is very easy to prepare for Fortinet NSE7_PBC-6.4 certification exam in a short period of time. You can easily prepare for this exam with the help of this article.
How exactly to prepare for the Fortinet NSE7_PBC-6.4i Certification
What is the prep work standards for Fortinet NSE7_PBC-6.4 Certification
Swiftly checked out the review of Fortinet NSE7_PBC-6.4 Certification
The NSE7_PBC-6.4 Certification exam is a great certification for people who want to take a step into the cybersecurity field. The Fortinet Cybersecurity Expert (NSE7) Foundations certification validates your skills in IT security fundamentals and network security essentials. You will receive valuable hands-on experience with today's most popular network and cybersecurity tools such as firewalls, IDS/IPS, VPNs, SSLs, malware protection techniques and more. The NSE7_PBC-6.4 exam tests your skills in network security infrastructure including IPv4 and IPv6, DNS, certificates, encryption technologies, compliance and regulations such as PCI DSS, SOX and more. This is the best guide to know Fortinet NSE7_PBC-6.4 Certification for achieving your objectives in a short period of time which are also covered in our Fortinet NSE7_PBC-6.4 Dumps. So continue reading this article to learn more about passing this certification as quickly as possible.
NEW QUESTION 17
Refer to the exhibit.
Consider an active-passive HA deployment in Microsoft Azure. The exhibit shows an excerpt from the passive FortiGate-VM node.
If the active FortiGate-VM fails, what are the results of the API calls made by the FortiGate named SSTENTAZFGT-0302? (Choose two.)
- A. The network interface of the active unit moves to itself
- B. SSTENTAZFGT-03-FloatingPIP public IP is assigned to NIC SSTENTAZFGT-0302-Nic-01
- C. SSTENTAZFGT-03-FloatingPIP is assigned to the IP configuration with the name SSTENTAZFGT-
0302-Nic-01, under the network interface SSTENTAZFGT-0302-Nic-01 - D. 172.29.32.71 is set as a next hop IP for all routes under FortigateUDR-01
Answer: C,D
NEW QUESTION 18
Refer to the exhibit.
You attempted to deploy the FortiGate-VM in Microsoft Azure with the JSON template, and it failed to boot up. The exhibit shows an excerpt from the JSON template.
What is incorrect with the template?
- A. FortiGate-VM does not support managedDisk from Azure.
- B. The CreateOptions parameter should be FromImage.
- C. The LUN ID is not defined.
- D. The caching parameter should be None.
Answer: B
NEW QUESTION 19
An Amazon Web Services (AWS) auto-scale FortiGate cluster has just experienced a scale-down event, terminating a FortiGate in availability zone C.
This has now black-holed the private subnet in this availability zone.
What action will the worker node automatically perform to restore access to the black-holed subnet?
- A. The worker node applies a route table from a non-black-holed subnet to the black-holed subnet.
- B. The worker node modifies the route table applied to the black-holed subnet changing its default route to point to a running FortiGate on the worker node's private subnet interface.
- C. The worker node migrates the subnet to a different availability zone.
- D. The worker node moves the virtual IP of the terminated FortiGate to a running FortiGate on the worker node's private subnet interface.
Answer: C
NEW QUESTION 20
Refer to the exhibit.
Your senior administrator successfully configured a FortiGate fabric connector with the Azure resource manager, and created a dynamic address object on the FortiGate VM to connect with a windows server in Microsoft Azure. However, there is now an error on the dynamic address object, and you must resolve the issue.
How do you resolve this issue?
- A. In the Microsoft Azure portal, set the correct tag values for the windows server.
- B. Run diagnose debug application azd -l on FortiGate.
- C. In the Microsoft Azure portal, access the windows server, obtain the private IP address, and assign the IP address under the FortiGate-VM AzureLab address object.
- D. Delete the address object and recreate a new address object with the type set to FQDN.
Answer: C
NEW QUESTION 21
Your company deploys FortiGate VM devices in high availability (HA) (active-active) mode with Microsoft Azure load balancers using the Microsoft Azure ARM template. Your senior administrator instructs you to connect to one of the FortiGate devices and configure the necessary firewall rules. However, you are not sure now to obtain the correct public IP address of the deployed FortiGate VM and identify the access ports.
How do you obtain the public IP address of the FortiGate VM and identify the correct ports to access the device?
- A. In the configured load balancer, access the inbound and outbound NAT rules section.
- B. In the configured load balancer, access the health probes section.
- C. In the configured load balancer, access the inbound NAT rules section.
- D. In the configured load balancer, access the backend pools section.
Answer: C
Explanation:
Explanation
From the resource group Overview page, click the external load balancer name to load it. From the navigation column, click Inbound NAT Rules.
https://docs.fortinet.com/document/fortigate-public-cloud/6.4.0/azure-administration-guide/889158/connecting-to
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-networking#azure-v it is more economical and secure to associate a public IP address to a load balancer or to an individual virtual machine (also known as a jumpbox), which then routes incoming connections to scale set virtual machines as needed (for example, through inbound NAT rules).
NEW QUESTION 22
Refer to the exhibit.
A customer has deployed an environment in Amazon Web Services (AWS) and is now trying to send outbound traffic from the Web servers to the Internet. The FortiGate policies are configured to allow all outbound traffic; however, the traffic is not reaching the FortiGate internal interface.
What are two possible reasons for this behavior? (Choose two.)
- A. The Internet gateway (IGW) is not added to VPC (virtual private cloud).
- B. The web servers are not configured with the default gateway.
- C. AWS source and destination checks are enabled on the FortiGate interfaces.
- D. AWS security groups may be blocking the traffic.
Answer: B,D
NEW QUESTION 23
An organization deploys a FortiGate-VM (VM04 / c4.xlarge) in Amazon Web Services (AWS) and configures two elastic network interfaces (ENIs). Now, the same organization wants to add additional ENIs to support different workloads in their environment.
Which action can you take to accomplish this?
- A. Create the ENI, shut down FortiGate, attach the ENI to FortiGate, and then start FortiGate.
- B. Create the ENI and attach it to FortiGate.
- C. Create the ENI, attach it to FortiGate, and then restart FortiGate.
- D. None, you cannot create and add additional ENIs to an existing FortiGate-VM.
Answer: B
Explanation:
Explanation
https://docs.fortinet.com/document/fortigate-public-cloud/6.2.0/aws-administration-guide/903457 AWS says that you can attach a network interface to an instance when it's running (hot attach), when it's stopped (warm attach), or when the instance is being launched (cold attach). It applies to windows:
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/best-practices-for-configuring-network-interfaces
NEW QUESTION 24
You have been asked to develop an Azure Resource Manager infrastructure as a code template for the FortiGate-VM, that can be reused for multiple deployments. The deployment fails, and errors point to the storageAccount name.
Which two are restrictions for a storageAccount name in an Azure Resource Manager template? (Choose two.)
- A. The uniqueString() function must be used.
- B. The storageAccount name must contain between 3 and 24 alphanumeric characters.
- C. The storageAccount name must be in lowercase.
- D. The storageAccount name must use special characters.
Answer: B,C
Explanation:
Explanation
-Storage account names must be between 3 and 24 characters in length and may contain numbers and lowercase letters only. https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview
https://docs.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts?tabs=bicep Property values / storageAccounts name --> The resource name :
* string (required)
* Character limit: 3-24
* Valid characters: Lowercase letters and numbers.
* Resource name must be unique across Azure.
NEW QUESTION 25 
Refer to the exhibit. The exhibit shows a topology where multiple connections from clients to the same FortiGate-VM instance, regardless of the protocol being used, are required.
Which two statements are correct? (Choose two.)
- A. The Cloud Load Balancer Session Affinity setting should be changed to CLIENT_IP.
- B. The Cloud Load Balancer Session Affinity setting should use the default value.
- C. The design shows an active-active FortiGate-VM architecture.
- D. The design shows an active-passive FortiGate-VM architecture.
Answer: A,C
NEW QUESTION 26
You have previously deployed an Amazon Web Services (AWS) transit virtual private cloud (VPC) with a pair of FortiGate firewalls (VM04 / c4.xlarge) as your security perimeter. You are beginning to see high CPU usage on the FortiGate instances.
Which action will fix this issue?
- A. Migrate the transit VPNs to new and larger instances (VM08 / c4.2xlarge).
- B. Convert from IPsec tunnels to generic routing encapsulation (GRE) tunnels, for the VPC peering connections.
- C. Convert the transit VPC firewalls into an auto-scaling group and launch additional EC2 instances in that group.
- D. Convert the c4.xlarge instances to m4.xlarge instances.
Answer: C
Explanation:
Explanation
Multiple FortiGate-VM instances form an Auto Scaling group to provide highly efficient clustering at times of high workloads. FortiGate-VM instances can be scaled out automatically according to predefined workload levels.
https://docs.fortinet.com/document/fortigate-public-cloud/6.2.0/aws-administration-guide/397979/deploying-auto
NEW QUESTION 27
Which statement about FortiSandbox in Amazon Web Services (AWS) is true?
- A. FortiSandbox in AWS uses Windows virtual machines (VMs) to inspect files.
- B. In AWS, virtual machines (VMs) that inspect files are constantly up and running.
- C. FortiSandbox in AWS can have a maximum of eight virtual machines (VMs) that inspect files.
- D. In AWS, virtual machines (VMs) that inspect files do not have to be reset after inspecting a file.
Answer: B
NEW QUESTION 28
A company deployed a FortiGate-VM with an on-demand license using Amazon Web Services (AWS) Market Place Cloud Formation template. After deployment, the administrator cannot remember the default admin password.
What is the default admin password for the FortiGate-VM instance?
- A. admin
- B. The instance-ID value
- C. The admin password cannot be recovered and the customer needs to deploy the FortiGate-VM again.
- D. <blank>
Answer: B
NEW QUESTION 29
Which two Amazon Web Services (AWS) topologies support east-west traffic inspection within the AWS cloud by the FortiGate VM? (Choose two.)
- A. A multiple VPC deployment utilizing a transit gateway
- B. A single VPC deployment with multiple subnets and a NAT gateway
- C. A multiple VPC deployment utilizing a transit VPC topology
- D. A single VPC deployment with multiple subnets
Answer: C,D
NEW QUESTION 30
You have been asked to secure your organization's salesforce application that is running on Microsoft Azure, and find an effective method for inspecting shadow IT activities in the organization. After an initial investigation, you find that many users access the salesforce application remotely as well as on-premises.
Your goal is to find a way to get more visibility, control over shadow IT-related activities, and identify any data leaks in the salesforce application.
Which three steps should you take to achieve your goal? (Choose three.)
- A. Deploy and configure FortiGate with Security Fabric solutions, and FortiCWP with a storage guardian advance license.
- B. Deploy and configure FortiCWP with a workload guardian license.
- C. Use FortiGate, FortiGuard, and FortiAnalyzer solutions.
- D. Deploy and configure FortiCASB with a Fortinet FortiCASB subscription license.
- E. Configure FortiCASB and set up access rights, privileges, and data protection policies.
Answer: C,D,E
NEW QUESTION 31
What is the bandwidth limitation of an Amazon Web Services (AWS) transit gateway VPC attachment?
- A. Up to 1 Gbps per attachment
- B. Up to 10 Gbps per attachment
- C. Up to 1.25 Gbps per attachment
- D. Up to 50 Gbps per attachment
Answer: C
Explanation:
Explanation/Reference: https://d1.awsstatic.com/whitepapers/building-a-scalable-and-secure-multi-vpc-aws-network- infrastructure.pdf (5)
NEW QUESTION 32
You have been tasked with deploying FortiGate VMs in a highly available topology on the Amazon Web Services (AWS) cloud. The requirements for your deployment are as follows:
* You must deploy two FortiGate VMs in a single virtual private cloud (VPC), with an external elastic load balancer which will distribute ingress traffic from the internet to both FortiGate VMs in an active-active topology.
* Each FortiGate VM must have two elastic network interfaces: one will connect to a public subnet and other will connect to a private subnet.
* To maintain high availability, you must deploy the FortiGate VMs in two different availability zones.
How many public and private subnets will you need to configure within the VPC?
- A. One public subnet and one private subnet
- B. One public subnet and two private subnets
- C. Two public subnets and one private subnet
- D. Two public subnets and two private subnets
Answer: B
NEW QUESTION 33
You have been asked to develop an Azure Resource Manager infrastructure as a code template for the FortiGate-VM, that can be reused for multiple deployments. The deployment fails, and errors point to the storageAccount name.
Which two are restrictions for a storageAccount name in an Azure Resource Manager template? (Choose two.)
- A. The uniqueString() function must be used.
- B. The storageAccount name must contain between 3 and 24 alphanumeric characters.
- C. The storageAccount name must be in lowercase.
- D. The storageAccount name must use special characters.
Answer: A,C
NEW QUESTION 34
When configuring the FortiCASB policy, which three configuration options are available? (Choose three.)
- A. Antivirus policies
- B. Intrusion prevention policies
- C. Threat protection policies
- D. Data loss prevention policies
- E. Compliance policies
Answer: C,D,E
Explanation:
Explanation
Policy setting allows you to configure each policy to fit the need of your usage. You can select any type of Policy (Data Analysis, Threat Protection or Compliance)
https://docs.fortinet.com/document/forticasb/20.1.0/online-help/482958/policy-configuration
NEW QUESTION 35
You are deploying Amazon Web Services (AWS) GuardDuty to monitor malicious or unauthorized behaviors related to AWS resources. You will also use the Fortinet aws-lambda-guardduty script to translate feeds from AWS GuardDuty findings into a list of malicious IP addresses. FortiGate can then consume this list as an external threat feed.
Which Amazon AWS services must you subscribe to in order to use this feature?
- A. Inspector, Shield, GuardDuty, S3, and DynamoDB.
- B. WAF, Shield, GuardDuty, S3, and DynamoDB.
- C. GuardDuty, CloudWatch, S3, Inspector, WAF, and Shield.
- D. GuardDuty, CloudWatch, S3, and DynamoDB.
Answer: D
Explanation:
Explanation
You must subscribe to GuardDuty, CloudWatch, S3, and DynamoDB.
https://docs.fortinet.com/document/fortigate-public-cloud/6.4.0/aws-administration-guide/908646/populating-thr
NEW QUESTION 36
......
NSE7_PBC-6.4 Exam Dumps, NSE7_PBC-6.4 Practice Test Questions: https://www.free4torrent.com/NSE7_PBC-6.4-braindumps-torrent.html
Free NSE7_PBC-6.4 Exam Dumps to Pass Exam Easily: https://drive.google.com/open?id=1NyEEzMhywM2_CjdWEW6RiGBzYzFozPwJ