Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Fortinet FCSS_CDS_AR-7.6 - FCSS - Public Cloud Security 7.6 Architect

Fortinet FCSS_CDS_AR-7.6 Premium Access     Download Demo    
Page: 1 / 2
Total 38 questions

In an SD-WAN TGW Connect topology, which three initial steps are mandatory when routing traffic from a spoke VPC to a security VPC through a Transit Gateway? (Choose three.)

A.

From the security VPC TGW subnet routing table, point 0.0.0.0/0 traffic to the FortiGate internal port.

B.

From the security VPC TGW subnet routing table, point 0.0.0.0/0 traffic to the TGW.

C.

From both spoke VPCs, and the security VPC, point 0.0.0.0/0 traffic to the Internet Gateway.

D.

From the security VPC FortiGate internal subnet routing table, point 0.0.0.0/0 traffic to the TGW.

E.

From the spoke VPC internal routing table, point 0.0.0.0/0 traffic to the TGW.

You need a solution to safeguard public cloud-hosted web applications from the OWASP Top 10 vulnerabilities. The solution must support the same region in which your applications reside, with minimum traffic cost.

Which solution meets the requirements?

A.

Use FortiGate

B.

Use FortiCNP

C.

Use FortiWeb

D.

Use FortiADC

Refer to the exhibit.

A managed security service provider (MSSP) administration team is trying to deploy a new HA cluster in Azure to filter traffic to and from a client that is also using Azure. However, every deployment attempt fails, and only some of the resources are deployed successfully. While troubleshooting this issue, the team runs the command shown in the exhibit.

What are the implications of the output of the command?

A.

The team will not be able to deploy an A-P FortiGate HA cluster with Azure gateway load balancer.

B.

The team will not be able to deploy an A-P FortiGate HA cluster with Azure load balancer.

C.

The team will not be able to deploy an active-passive (A-P) FortiGate high availability (HA) cluster with SDN connector.

D.

The team will not be able to deploy an active-active (A-A) FortiGate HA cluster with Azure load balancer.

As part of your organization's monitoring plan, you have been tasked with obtaining and analyzing detailed information about the traffic sourced at one of your FortiGate EC2 instances.

What can you do to achieve this goal?

A.

Use AWS CloudTrail to capture and then examine traffic from the EC2 instance.

B.

Create a virtual public cloud (VPC) flow log at the network interface level for the EC2 instance.

C.

Add the EC2 instance as a target in CloudWatch to collect its traffic logs.

D.

Configure a network access analyzer scope with the EC2 instance as a match finding.

You must add an Amazon Web Services (AWS) network access list (NACL) rule to allow SSH traffic to a subnet for temporary testing purposes. When you review the current inbound and outbound NACL rules, you notice that the rules with number 5 deny SSH and telnet traffic to the subnet.

What can you do to allow SSH traffic?

A.

You do not have to create any NACL rules because the default security group rule automatically allows SSH traffic to the subnet.

B.

You must create a new allow SSH rule anywhere in the network ACL rule base to allow SSH traffic.

C.

You must create two new allow SSH rules, each with a number bigger than 5.

D.

You must create two new allow SSH rules, each with a number smaller than 5.

What would be the impact of confirming to delete all the resources in Terraform?

A.

It destroys all the resources tied to the AWS Identity and Access Management (IAM) user.

B.

It destroys all the resources in the resource group.

C.

It destroys all the resources in the .tfstate file.

D.

It destroys all the resources in the .tfvars file.

Your monitoring team reports performance issues with a web application hosted in Azure. You suspect that the bottleneck might be due to unexpected inbound traffic spikes.

Which method should you use to identify and analyze the traffic pattern?

A.

Deploy Azure Firewall to log traffic by IP address.

B.

Enable Azure DDoS protection to prevent inbound traffic spikes.

C.

Use Azure Traffic Manager to visualize all traffic to the application.

D.

Enable NSG Flow Logs and analyze logs with Azure Monitor.

An administrator is relying on an Azure Bicep linter to find possible issues in Bicep files.

Which problem can the administrator expect to find?

A.

The resources to be deployed exceed the quota for a region.

B.

Some resources are missing dependsOn statements.

C.

There are output statements that contain passwords.

D.

One or more modules are not using runtime values as parameters.

Refer to the exhibit.

After analyzing the native monitoring tools available in Azure, an administrator decides to use the tool displayed in the exhibit.

Why would an administrator choose this tool?

A.

To view details about Azure resources and their relationships across multiple regions.

B.

To obtain, and later examine, traffic flow data with a visualization tool.

C.

To help debug issues affecting virtual network gateways.

D.

To compare the latency of an on-premises site with the latency of an Azure application.

Exhibit.

In which type of FortiCNP insights can an administrator examine the findings triggered by this policy?

A.

Data

B.

Threat

C.

Risk

D.

User activity