最新のNSE7_PBC-6.4実際の無料試験問題更新された30問あります
無料で使えるNSE7_PBC-6.4試験ブレーン問題集認定ガイドの問題と解答
Fortinet NSE7_PBC-6.4 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
質問 13
You have previously deployed an Amazon Web Services (AWS) transit virtual private cloud (VPC) with a pair of FortiGate firewalls (VM04 / c4.xlarge) as your security perimeter. You are beginning to see high CPU usage on the FortiGate instances.
Which action will fix this issue?
- A. Migrate the transit VPNs to new and larger instances (VM08 / c4.2xlarge).
- B. Convert the c4.xlarge instances to m4.xlarge instances.
- C. Convert the transit VPC firewalls into an auto-scaling group and launch additional EC2 instances in that group.
- D. Convert from IPsec tunnels to generic routing encapsulation (GRE) tunnels, for the VPC peering connections.
正解: C
質問 14
You have previously deployed an Amazon Web Services (AWS) transit virtual private cloud (VPC) with a pair of FortiGate firewalls (VM04 / c4.xlarge) as your security perimeter. You are beginning to see high CPU usage on the FortiGate instances.
Which action will fix this issue?
- A. Migrate the transit VPNs to new and larger instances (VM08 / c4.2xlarge).
- B. Convert the c4.xlarge instances to m4.xlarge instances.
- C. Convert the transit VPC firewalls into an auto-scaling group and launch additional EC2 instances in that group.
- D. Convert from IPsec tunnels to generic routing encapsulation (GRE) tunnels, for the VPC peering connections.
正解: C
解説:
Explanation
Multiple FortiGate-VM instances form an Auto Scaling group to provide highly efficient clustering at times of high workloads. FortiGate-VM instances can be scaled out automatically according to predefined workload levels.
https://docs.fortinet.com/document/fortigate-public-cloud/6.2.0/aws-administration-guide/397979/deploying-auto
質問 15
Which two statements about Amazon Web Services (AWS) networking are correct? (Choose two.)
- A. Multicast traffic is not allowed.
- B. 802.1q VLAN tags are allowed inside the same virtual private cloud.
- C. Proxy ARP entries are disregarded.
- D. AWS DNS reserves the first host IP address of each subnet.
正解: A,D
質問 16
What is the bandwidth limitation of an Amazon Web Services (AWS) transit gateway VPC attachment?
- A. Up to 50 Gbps per attachment
- B. Up to 1.25 Gbps per attachment
- C. Up to 1 Gbps per attachment
- D. Up to 10 Gbps per attachment
正解: B
解説:
Explanation/Reference: https://d1.awsstatic.com/whitepapers/building-a-scalable-and-secure-multi-vpc-aws-network- infrastructure.pdf (5)
質問 17
When configuring the FortiCASB policy, which three configuration options are available? (Choose three.)
- A. Data loss prevention policies
- B. Threat protection policies
- C. Intrusion prevention policies
- D. Antivirus policies
- E. Compliance policies
正解: A,B,E
解説:
Explanation
Policy setting allows you to configure each policy to fit the need of your usage. You can select any type of Policy (Data Analysis, Threat Protection or Compliance)
https://docs.fortinet.com/document/forticasb/20.1.0/online-help/482958/policy-configuration
質問 18
Refer to the exhibit.
You are deploying a FortiGate-VM in Microsoft Azure using the PAYG/On-demand licensing model. After you configure the FortiGate-VM, the validation process fails, displaying the error shown in the exhibit.
What caused the validation process to fail?
- A. You selected the incorrect resource group.
- B. You selected the PAYG/On-demand licensing model, but did not select correct virtual machine size.
- C. You selected the PAYG/On-demand licensing model, but did not associate a valid Azure subscription.
- D. You selected the Bring Your Own License (BYOL) licensing mode.
正解: A
質問 19
A company deployed a FortiGate-VM with an on-demand license using Amazon Web Services (AWS) Market Place Cloud Formation template. After deployment, the administrator cannot remember the default admin password.
What is the default admin password for the FortiGate-VM instance?
- A. admin
- B. <blank>
- C. The admin password cannot be recovered and the customer needs to deploy the FortiGate-VM again.
- D. The instance-ID value
正解: D
質問 20
Which three properties are configurable Microsoft Azure network security group rule settings? (Choose three.)
- A. Sequence number
- B. Source and destination IP ranges
- C. Destination port ranges
- D. Source port ranges
- E. Action
正解: C,D,E
解説:
Explanation/Reference: https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
質問 21
Which two statements about the Amazon Cloud Services (AWS) network access control lists (ACLs) are true?
(Choose two.)
- A. Network ACLs support allow rules and deny rules.
- B. Network ACLs must be manually applied to virtual network interfaces.
- C. Network ACLs are stateless, and inbound and outbound rules are used for traffic filtering.
- D. Network ACLs are stateful, and inbound and outbound rules are used for traffic filtering.
正解: A,C
解説:
Explanation
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html
https://aws.amazon.com/premiumsupport/knowledge-center/security-network-acl-vpc-endpoint/
-Network ACLs are stateless. You must define rules for both outbound and inbound traffic.
質問 22
A company deployed a FortiGate-VM with an on-demand license using Amazon Web Services (AWS) Market Place Cloud Formation template. After deployment, the administrator cannot remember the default admin password.
What is the default admin password for the FortiGate-VM instance?
- A. admin
- B. <blank>
- C. The admin password cannot be recovered and the customer needs to deploy the FortiGate-VM again.
- D. The instance-ID value
正解: D
解説:
Explanation/Reference: https://docs.fortinet.com/document/fortigate/6.2.0/aws-cookbook/828256/connecting-to-the- fortigate-vm
質問 23
Which two Amazon Web Services (AWS) topologies support east-west traffic inspection within the AWS cloud by the FortiGate VM? (Choose two.)
- A. A multiple VPC deployment utilizing a transit gateway
- B. A multiple VPC deployment utilizing a transit VPC topology
- C. A single VPC deployment with multiple subnets
- D. A single VPC deployment with multiple subnets and a NAT gateway
正解: B,C
解説:
Explanation/Reference: https://www.fortinet.com/content/dam/fortinet/assets/white-papers/wp-aws-reference- architecture.pdf
質問 24
Which statement about FortiSandbox in Amazon Web Services (AWS) is true?
- A. FortiSandbox in AWS uses Windows virtual machines (VMs) to inspect files.
- B. In AWS, virtual machines (VMs) that inspect files are constantly up and running.
- C. FortiSandbox in AWS can have a maximum of eight virtual machines (VMs) that inspect files.
- D. In AWS, virtual machines (VMs) that inspect files do not have to be reset after inspecting a file.
正解: B
質問 25
You have been tasked with deploying FortiGate VMs in a highly available topology on the Amazon Web Services (AWS) cloud. The requirements for your deployment are as follows:
*You must deploy two FortiGate VMs in a single virtual private cloud (VPC), with an external elastic load balancer which will distribute ingress traffic from the internet to both FortiGate VMs in an active-active topology.
*Each FortiGate VM must have two elastic network interfaces: one will connect to a public subnet and other will connect to a private subnet.
*To maintain high availability, you must deploy the FortiGate VMs in two different availability zones.
How many public and private subnets will you need to configure within the VPC?
- A. One public subnet and one private subnet
- B. Two public subnets and one private subnet
- C. One public subnet and two private subnets
- D. Two public subnets and two private subnets
正解: D
解説:
Explanation
https://github.com/fortinet/aws-cloudformation-templates/blob/master/LambdaAA-RouteFailover/6.0/README
https://github.com/fortinet/aws-cloudformation-templates/tree/master/LambdaAA-RouteFailover/6.0
質問 26
Refer to the exhibit.
In your Amazon Web Services (AWS) virtual private cloud (VPC), you must allow outbound access to the internet and upgrade software on an EC2 instance, without using a NAT instance. This specific EC2 instance is running in a private subnet: 10.0.1.0/24.
Also, you must ensure that the EC2 instance source IP address is not exposed to the public internet. There are two subnets in this VPC in the same availability zone, named public (10.0.0.0/24) and private (10.0.1.0/24).
How do you achieve this outcome with minimum configuration?
- A. Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Public-route, and delete the route destination 10.0.0.0/16 to target local.
- B. Deploy a NAT gateway with an EIP in the private subnet, edit the public main routing table, and change the destination route 0.0.0.0/0 to the target NAT gateway.
- C. Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Private-route and add a new route destination 0.0.0.0/0 to target the NAT gateway.
- D. Deploy a NAT gateway with an EIP in the private subnet, edit route tables, select Private-route, and add a new route destination 0.0.0.0/0 to the target internet gateway.
正解: D
質問 27
Which two statements about Microsoft Azure network security groups are true? (Choose two.)
- A. Network security groups are stateless inbound and outbound rules used for traffic filtering.
- B. Network security groups are a stateful inbound and outbound rules used for traffic filtering.
- C. Network security groups can be applied to subnets and virtual network interfaces.
- D. Network security groups can be applied to subnets only.
正解: B,D
質問 28
Customer XYZ has an ExpressRoute connection from Microsoft Azure to a data center. They want to secure communication over ExpressRoute, and to install an in-line FortiGate to perform intrusion prevention system (IPS) and antivirus scanning.
Which three methods can the customer use to ensure that all traffic from the data center is sent through FortiGate over ExpressRoute? (Choose three.)
- A. Enable the redirect option in ExpressRoute to send data center traffic to a user-defined route table
- B. Configure a user-defined route table
- C. Install FortiGate in Azure and build a VPN tunnel to the data center over ExpressRoute
- D. Configure the gateway subnet as the subnet in the user-defined route table
- E. Define a default route where the next hop IP is the FortiGate WAN interface
正解: C,D,E
解説:
Explanation
https://docs.microsoft.com/en-us/answers/questions/618005/adding-a-inline-fw-to-express-route.html
質問 29
You have been asked to develop an Azure Resource Manager infrastructure as a code template for the FortiGate-VM, that can be reused for multiple deployments. The deployment fails, and errors point to the storageAccount name.
Which two are restrictions for a storageAccount name in an Azure Resource Manager template? (Choose two.)
- A. The storageAccount name must use special characters.
- B. The storageAccount name must contain between 3 and 24 alphanumeric characters.
- C. The storageAccount name must be in lowercase.
- D. The uniqueString() function must be used.
正解: C,D
質問 30
Which statement about FortiSandbox in Amazon Web Services (AWS) is true?
- A. FortiSandbox in AWS uses Windows virtual machines (VMs) to inspect files.
- B. FortiSandbox in AWS can have a maximum of eight virtual machines (VMs) that inspect files.
- C. In AWS, virtual machines (VMs) that inspect files are constantly up and running.
- D. In AWS, virtual machines (VMs) that inspect files do not have to be reset after inspecting a file.
正解: A
解説:
Explanation
FortiSandbox deploys new EC2 instances with the custom Windows VMs, and then it sends malware, runs it, and captures the results for analysis. FortiSandbox for AWS does not need more resources because it performs management and analysis tasks only. Note that the cost varies based on the number of EC2 instances deployed, size of the instances, and duration of the running time.
質問 31
Refer to the exhibit.
You attempted to deploy the FortiGate-VM in Microsoft Azure with the JSON template, and it failed to boot up. The exhibit shows an excerpt from the JSON template.
What is incorrect with the template?
- A. The caching parameter should be None.
- B. The LUN ID is not defined.
- C. FortiGate-VM does not support managedDisk from Azure.
- D. The CreateOptions parameter should be FromImage.
正解: D
解説:
Explanation
https://github.com/fortinet/azure-templates/blob/main/FortiGate/A-Single-VM/azuredeploy.json
質問 32
An organization deploys a FortiGate-VM (VM04 / c4.xlarge) in Amazon Web Services (AWS) and configures two elastic network interfaces (ENIs). Now, the same organization wants to add additional ENIs to support different workloads in their environment.
Which action can you take to accomplish this?
- A. Create the ENI, attach it to FortiGate, and then restart FortiGate.
- B. Create the ENI, shut down FortiGate, attach the ENI to FortiGate, and then start FortiGate.
- C. None, you cannot create and add additional ENIs to an existing FortiGate-VM.
- D. Create the ENI and attach it to FortiGate.
正解: B
質問 33
An organization deployed a FortiGate-VM in the Google Cloud Platform and initially configured it with two vNICs. Now, the same organization wants to add additional vNICs to this existing FortiGate-VM to support different workloads in their environment.
How can they do this?
- A. They can use the Compute Engine API Explorer.
- B. They can create additional vNICs using the Cloud Shell.
- C. They can create additional vNICs in the UI console.
- D. They cannot create and add additional vNICs to an existing FortiGate-VM.
正解: A
解説:
Explanation/Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/62d32ecf-687f-11ea-
9384-00505692583a/FortiOS-6.4-GCP_Cookbook.pdf
質問 34
......
NSE7_PBC-6.4認定概要最新のNSE7_PBC-6.4のPDF問題集:https://www.jpntest.com/shiken/NSE7_PBC-6.4-mondaishu