[2023年07月14日] 心強いNSE7_PBC-6.4のPDF問題集はNSE7_PBC-6.4問題
正真正銘のNSE7_PBC-6.4問題集で無料PDF問題で合格させる
Fortinet NSE7_PBC-6.4(Fortinet NSE 7 - Public Cloud Security 6.4)試験は、パブリッククラウド環境のセキュリティを確保するITプロフェッショナルのスキルと知識を検証するために設計された認定試験です。この試験は、最新のクラウドセキュリティ技術、ベストプラクティス、業界標準の理解を測定します。この試験に合格することは、ITプロフェッショナルのパブリッククラウド環境のセキュリティを確保する専門知識を証明するものであり、クラウドセキュリティのキャリアにつながる足がかりとなります。
Fortinet NSE7_PBC-6.4認定資格は、認定プロフェッショナルが公共クラウド環境を効果的に保護するスキルと知識を持っていることを示すため、IT業界で高く評価されています。この認定は、グローバルに認知され、公共クラウドプラットフォームを使用する組織によって広く求められています。この認証は、自己のキャリアの展望を改善し、公共クラウドセキュリティのスキルを向上させたいプロフェッショナルにとって優れた資格です。
Fortinet NSE7_PBC-6.4 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
| トピック 8 |
|
質問 # 14
You need to deploy FortiGate VM devices in a highly available topology in the Microsoft Azure cloud. The following are the requirements of your deployment:
* Two FortiGate devices must be deployed; each in a different availability zone.
* Each FortiGate requires two virtual network interfaces: one will connect to a public subnet and the other will connect to a private subnet.
* An external Microsoft Azure load balancer will distribute ingress traffic to both FortiGate devices in an active- active topology.
* An internal Microsoft Azure load balancer will distribute egress traffic from protected virtual machines to both FortiGate devices in an active-active topology.
* Traffic should be accepted or denied by a firewall policy in the same way by either FortiGate device in this topology.
Which FortiOS CLI configuration can help reduce the administrative effort required to maintain the FortiGate devices, by synchronizing firewall policy and object configuration between the FortiGate devices?
- A. config system ha
- B. config system session-sync
- C. config system sdn-connector
- D. config system auto-scale
正解:A
質問 # 15
You are deploying Amazon Web Services (AWS) GuardDuty to monitor malicious or unauthorized behaviors related to AWS resources. You will also use the Fortinet aws-lambda-guarddutyscript to translate feeds from AWS GuardDuty findings into a list of malicious IP addresses. FortiGate can then consume this list as an external threat feed.
Which Amazon AWS services must you subscribe to in order to use this feature?
- A. GuardDuty, CloudWatch, S3, and DynamoDB.
- B. WAF, Shield, GuardDuty, S3, and DynamoDB.
- C. Inspector, Shield, GuardDuty, S3, and DynamoDB.
- D. GuardDuty, CloudWatch, S3, Inspector, WAF, and Shield.
正解:D
解説:
Explanation/Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/ed901ad2-4424-11e9-
94bf-00505692583a/FortiOS_6.2.0_AWS_Cookbook.pdf
質問 # 16
Which two Amazon Web Services (AWS) topologies support east-west traffic inspection within the AWS cloud by the FortiGate VM? (Choose two.)
- A. A multiple VPC deployment utilizing a transit VPC topology
- B. A single VPC deployment with multiple subnets
- C. A single VPC deployment with multiple subnets and a NAT gateway
- D. A multiple VPC deployment utilizing a transit gateway
正解:A、B
質問 # 17
You need to deploy FortiGate VM devices in a highly available topology in the Microsoft Azure cloud. The following are the requirements of your deployment:
*Two FortiGate devices must be deployed; each in a different availability zone.
*Each FortiGate requires two virtual network interfaces: one will connect to a public subnet and the other will connect to a private subnet.
*An external Microsoft Azure load balancer will distribute ingress traffic to both FortiGate devices in an active- active topology.
*An internal Microsoft Azure load balancer will distribute egress traffic from protected virtual machines to both FortiGate devices in an active-active topology.
*Traffic should be accepted or denied by a firewall policy in the same way by either FortiGate device in this topology.
Which FortiOS CLI configuration can help reduce the administrative effort required to maintain the FortiGate devices, by synchronizing firewall policy and object configuration between the FortiGate devices?
- A. config system ha
- B. config system session-sync
- C. config system sdn-connector
- D. config system auto-scale
正解:A
解説:
Explanation
FTG HA Active/Active requires the following configuration to sync the session by FGSP config system ha set session-pickup enable set session-pickup-connectionless enable set session-pickup-nat enable set session-pickup-expectation enable set override disable end config system cluster-sync edit 0 set peerip 10.0.1.x set syncvd "root" next end
https://github.com/fortinet/azure-templates/tree/main/FortiGate/Active-Active-ELB-ILB
質問 # 18
You have been asked to secure your organization's salesforce application that is running on Microsoft Azure, and find an effective method for inspecting shadow IT activities in the organization. After an initial investigation, you find that many users access the salesforce application remotely as well as on-premises.
Your goal is to find a way to get more visibility, control over shadow IT-related activities, and identify any data leaks in the salesforce application.
Which three steps should you take to achieve your goal? (Choose three.)
- A. Configure FortiCASB and set up access rights, privileges, and data protection policies.
- B. Deploy and configure FortiGate with Security Fabric solutions, and FortiCWP with a storage guardian advance license.
- C. Use FortiGate, FortiGuard, and FortiAnalyzer solutions.
- D. Deploy and configure FortiCWP with a workload guardian license.
- E. Deploy and configure FortiCASB with a Fortinet FortiCASB subscription license.
正解:A、C、E
質問 # 19
Refer to the exhibit.
Which two conditions will enable you to segregate and secure the traffic between the hub and the spokes in Microsoft Azure? (Choose two.)
- A. Configure VNet peering between the spokes only.
- B. Implement the FortiGate-VM network virtual appliance (NVA) in the hub and use user-defined routes (UDRs) in the spokes.
- C. Use ExpressRoute to interconnect the hub VNets and spoke VNets.
- D. Configure VNet peering between the hub and spokes.
正解:B、D
質問 # 20
Refer to the exhibit.
Your senior administrator successfully configured a FortiGate fabric connector with the Azure resource manager, and created a dynamic address object on the FortiGate VM to connect with a windows server in Microsoft Azure. However, there is now an error on the dynamic address object, and you must resolve the issue.
How do you resolve this issue?
- A. Run diagnose debug application azd -l on FortiGate.
- B. In the Microsoft Azure portal, access the windows server, obtain the private IP address, and assign the IP address under the FortiGate-VM AzureLab address object.
- C. Delete the address object and recreate a new address object with the type set to FQDN.
- D. In the Microsoft Azure portal, set the correct tag values for the windows server.
正解:D
解説:
Explanation
https://docs.fortinet.com/document/fortigate-public-cloud/6.2.0/azure-administration-guide/985498/troubleshooti
質問 # 21
Which two statements about the Amazon Cloud Services (AWS) network access control lists (ACLs) are true?
(Choose two.)
- A. Network ACLs must be manually applied to virtual network interfaces.
- B. Network ACLs support allow rules and deny rules.
- C. Network ACLs are stateful, and inbound and outbound rules are used for traffic filtering.
- D. Network ACLs are stateless, and inbound and outbound rules are used for traffic filtering.
正解:B、D
解説:
Explanation/Reference: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html
質問 # 22
Which two statements about the Amazon Cloud Services (AWS) network access control lists (ACLs) are true? (Choose two.)
- A. Network ACLs must be manually applied to virtual network interfaces.
- B. Network ACLs support allow rules and deny rules.
- C. Network ACLs are stateful, and inbound and outbound rules are used for traffic filtering.
- D. Network ACLs are stateless, and inbound and outbound rules are used for traffic filtering.
正解:B、D
質問 # 23
You have previously deployed an Amazon Web Services (AWS) transit virtual private cloud (VPC) with a pair of FortiGate firewalls (VM04 / c4.xlarge) as your security perimeter. You are beginning to see high CPU usage on the FortiGate instances.
Which action will fix this issue?
- A. Migrate the transit VPNs to new and larger instances (VM08 / c4.2xlarge).
- B. Convert the transit VPC firewalls into an auto-scaling group and launch additional EC2 instances in that group.
- C. Convert the c4.xlarge instances to m4.xlarge instances.
- D. Convert from IPsec tunnels to generic routing encapsulation (GRE) tunnels, for the VPC peering connections.
正解:B
質問 # 24
Which two statements about Amazon Web Services (AWS) networking are correct? (Choose two.)
- A. AWS DNS reserves the first host IP address of each subnet.
- B. Multicast traffic is not allowed.
- C. Proxy ARP entries are disregarded.
- D. 802.1q VLAN tags are allowed inside the same virtual private cloud.
正解:A、B
質問 # 25 
Refer to the exhibit. Which two conditions will enable you to segregate and secure the traffic between the hub and the spokes in Microsoft Azure? (Choose two.)
- A. Configure VNet peering between the spokes only.
- B. Use ExpressRoute to interconnect the hub VNets and spoke VNets.
- C. Implement the FortiGate-VM network virtual appliance (NVA) in the hub and use user-defined routes (UDRs) in the spokes.
- D. Configure VNet peering between the hub and spokes.
正解:B、D
質問 # 26
Refer to the exhibit.
Consider an active-passive HA deployment in Microsoft Azure. The exhibit shows an excerpt from the passive FortiGate-VM node.
If the active FortiGate-VM fails, what are the results of the API calls made by the FortiGate named SSTENTAZFGT-0302? (Choose two.)
- A. 172.29.32.71 is set as a next hop IP for all routes under FortigateUDR-01
- B. The network interface of the active unit moves to itself
- C. SSTENTAZFGT-03-FloatingPIP is assigned to the IP configuration with the name SSTENTAZFGT-
0302-Nic-01, under the network interface SSTENTAZFGT-0302-Nic-01 - D. SSTENTAZFGT-03-FloatingPIP public IP is assigned to NIC SSTENTAZFGT-0302-Nic-01
正解:A、C
質問 # 27
Refer to the exhibit.
You attempted to deploy the FortiGate-VM in Microsoft Azure with the JSON template, and it failed to boot up. The exhibit shows an excerpt from the JSON template.
What is incorrect with the template?
- A. The caching parameter should be None.
- B. The CreateOptions parameter should be FromImage.
- C. The LUN ID is not defined.
- D. FortiGate-VM does not support managedDisk from Azure.
正解:B
解説:
Explanation
https://github.com/fortinet/azure-templates/blob/main/FortiGate/A-Single-VM/azuredeploy.json
質問 # 28
Which statement about FortiSandbox in Amazon Web Services (AWS) is true?
- A. FortiSandbox in AWS uses Windows virtual machines (VMs) to inspect files.
- B. In AWS, virtual machines (VMs) that inspect files are constantly up and running.
- C. In AWS, virtual machines (VMs) that inspect files do not have to be reset after inspecting a file.
- D. FortiSandbox in AWS can have a maximum of eight virtual machines (VMs) that inspect files.
正解:A
解説:
Explanation
FortiSandbox deploys new EC2 instances with the custom Windows VMs, and then it sends malware, runs it, and captures the results for analysis. FortiSandbox for AWS does not need more resources because it performs management and analysis tasks only. Note that the cost varies based on the number of EC2 instances deployed, size of the instances, and duration of the running time.
質問 # 29
What is the bandwidth limitation of an Amazon Web Services (AWS) transit gateway VPC attachment?
- A. Up to 1 Gbps per attachment
- B. Up to 1.25 Gbps per attachment
- C. Up to 50 Gbps per attachment
- D. Up to 10 Gbps per attachment
正解:B
解説:
Explanation/Reference: https://d1.awsstatic.com/whitepapers/building-a-scalable-and-secure-multi-vpc-aws-network- infrastructure.pdf (5)
質問 # 30
......
結果を保証するには最新2023年07月無料:https://www.jpntest.com/shiken/NSE7_PBC-6.4-mondaishu