Fortinet NSE7_PBC-6.4テストエンジン問題集トレーニングには30問あります
NSE7_PBC-6.4問題一発合格させる問題集はNSE 7 Network Security Architect認定
質問 13
Refer to the exhibit.
The exhibit shows a topology where multiple connections from clients to the same FortiGate-VM instance, regardless of the protocol being used, are required.
Which two statements are correct? (Choose two.)
- A. The design shows an active-passive FortiGate-VM architecture.
- B. The Cloud Load Balancer Session Affinity setting should be changed to CLIENT_IP.
- C. The Cloud Load Balancer Session Affinity setting should use the default value.
- D. The design shows an active-active FortiGate-VM architecture.
正解: B,D
質問 14
You are deploying Amazon Web Services (AWS) GuardDuty to monitor malicious or unauthorized behaviors related to AWS resources. You will also use the Fortinet aws-lambda-guarddutyscript to translate feeds from AWS GuardDuty findings into a list of malicious IP addresses. FortiGate can then consume this list as an external threat feed.
Which Amazon AWS services must you subscribe to in order to use this feature?
- A. WAF, Shield, GuardDuty, S3, and DynamoDB.
- B. GuardDuty, CloudWatch, S3, and DynamoDB.
- C. GuardDuty, CloudWatch, S3, Inspector, WAF, and Shield.
- D. Inspector, Shield, GuardDuty, S3, and DynamoDB.
正解: C
解説:
Explanation/Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/ed901ad2-4424-11e9-
94bf-00505692583a/FortiOS_6.2.0_AWS_Cookbook.pdf
質問 15 
Refer to the exhibit. Which two conditions will enable you to segregate and secure the traffic between the hub and the spokes in Microsoft Azure? (Choose two.)
- A. Configure VNet peering between the hub and spokes.
- B. Implement the FortiGate-VM network virtual appliance (NVA) in the hub and use user-defined routes (UDRs) in the spokes.
- C. Use ExpressRoute to interconnect the hub VNets and spoke VNets.
- D. Configure VNet peering between the spokes only.
正解: A,C
質問 16
You are deploying Amazon Web Services (AWS) GuardDuty to monitor malicious or unauthorized behaviors related to AWS resources. You will also use the Fortinet aws-lambda-guardduty script to translate feeds from AWS GuardDuty findings into a list of malicious IP addresses. FortiGate can then consume this list as an external threat feed.
Which Amazon AWS services must you subscribe to in order to use this feature?
- A. WAF, Shield, GuardDuty, S3, and DynamoDB.
- B. GuardDuty, CloudWatch, S3, and DynamoDB.
- C. GuardDuty, CloudWatch, S3, Inspector, WAF, and Shield.
- D. Inspector, Shield, GuardDuty, S3, and DynamoDB.
正解: C
質問 17
You need to deploy FortiGate VM devices in a highly available topology in the Microsoft Azure cloud. The following are the requirements of your deployment:
* Two FortiGate devices must be deployed; each in a different availability zone.
* Each FortiGate requires two virtual network interfaces: one will connect to a public subnet and the other will connect to a private subnet.
* An external Microsoft Azure load balancer will distribute ingress traffic to both FortiGate devices in an active- active topology.
* An internal Microsoft Azure load balancer will distribute egress traffic from protected virtual machines to both FortiGate devices in an active-active topology.
* Traffic should be accepted or denied by a firewall policy in the same way by either FortiGate device in this topology.
Which FortiOS CLI configuration can help reduce the administrative effort required to maintain the FortiGate devices, by synchronizing firewall policy and object configuration between the FortiGate devices?
- A. config system session-sync
- B. config system sdn-connector
- C. config system auto-scale
- D. config system ha
正解: D
質問 18
Refer to the exhibit.
You are configuring an active-passive FortiGate clustering protocol (FGCP) HA configuration in a single availability zone in Amazon Web Services (AWS), using a cloud formation template.
After deploying the template, you notice that the AWS console has IP information listed in the FortiGate VM firewalls in the HA configuration. However, within the configuration of FortiOS, you notice that port1 is using an IP of 10.0.0.13, and port2 is using an IP of 10.0.1.13.
What should you do to correct this issue?
- A. Delete the deployment and start again. You have in put the wrong parameters during the cloud formation template deployment.
- B. Configure FortiOS to use DHCP so that it will get the correct IP addresses on the ports.
- C. Configure FortiOS to use static IP addresses with the IP addresses reflected in the ENI primary IP address configuration (as per the exhibit).
- D. Nothing, in AWS cloud, it is normal for a FortiGate ENI primary IP address to be different than the FortiOS IP address configuration.
正解: B
質問 19
Which two statements about Amazon Web Services (AWS) networking are correct? (Choose two.)
- A. Multicast traffic is not allowed.
- B. 802.1q VLAN tags are allowed inside the same virtual private cloud.
- C. Proxy ARP entries are disregarded.
- D. AWS DNS reserves the first host IP address of each subnet.
正解: A,D
質問 20
Customer XYZ has an ExpressRoute connection from Microsoft Azure to a data center. They want to secure communication over ExpressRoute, and to install an in-line FortiGate to perform intrusion prevention system (IPS) and antivirus scanning.
Which three methods can the customer use to ensure that all traffic from the data center is sent through FortiGate over ExpressRoute? (Choose three.)
- A. Enable the redirect option in ExpressRoute to send data center traffic to a user-defined route table
- B. Install FortiGate in Azure and build a VPN tunnel to the data center over ExpressRoute
- C. Configure the gateway subnet as the subnet in the user-defined route table
- D. Define a default route where the next hop IP is the FortiGate WAN interface
- E. Configure a user-defined route table
正解: A,C,D
質問 21
When configuring the FortiCASB policy, which three configuration options are available? (Choose three.)
- A. Compliance policies
- B. Antivirus policies
- C. Intrusion prevention policies
- D. Threat protection policies
- E. Data loss prevention policies
正解: A,D,E
質問 22
An organization deploys a FortiGate-VM (VM04 / c4.xlarge) in Amazon Web Services (AWS) and configures two elastic network interfaces (ENIs). Now, the same organization wants to add additional ENIs to support different workloads in their environment.
Which action can you take to accomplish this?
- A. Create the ENI, shut down FortiGate, attach the ENI to FortiGate, and then start FortiGate.
- B. None, you cannot create and add additional ENIs to an existing FortiGate-VM.
- C. Create the ENI and attach it to FortiGate.
- D. Create the ENI, attach it to FortiGate, and then restart FortiGate.
正解: A
質問 23
You have been asked to develop an Azure Resource Manager infrastructure as a code template for the FortiGate-VM, that can be reused for multiple deployments. The deployment fails, and errors point to the storageAccount name.
Which two are restrictions for a storageAccount name in an Azure Resource Manager template? (Choose two.)
- A. The storageAccount name must use special characters.
- B. The storageAccount name must be in lowercase.
- C. The uniqueString() function must be used.
- D. The storageAccount name must contain between 3 and 24 alphanumeric characters.
正解: B,C
質問 24
Which two statements about Microsoft Azure network security groups are true? (Choose two.)
- A. Network security groups can be applied to subnets only.
- B. Network security groups can be applied to subnets and virtual network interfaces.
- C. Network security groups are a stateful inbound and outbound rules used for traffic filtering.
- D. Network security groups are stateless inbound and outbound rules used for traffic filtering.
正解: A,C
質問 25 
Refer to the exhibit. Your senior administrator successfully configured a FortiGate fabric connector with the Azure resource manager, and created a dynamic address object on the FortiGate VM to connect with a windows server in Microsoft Azure. However, there is now an error on the dynamic address object, and you must resolve the issue.
How do you resolve this issue?
- A. In the Microsoft Azure portal, set the correct tag values for the windows server.
- B. Delete the address object and recreate a new address object with the type set to FQDN.
- C. Run diagnose debug application azd -lon FortiGate.
- D. In the Microsoft Azure portal, access the windows server, obtain the private IP address, and assign the IP address under the FortiGate-VM AzureLab address object.
正解: D
解説:
Explanation
質問 26
You have been asked to secure your organization's salesforce application that is running on Microsoft Azure, and find an effective method for inspecting shadow IT activities in the organization. After an initial investigation, you find that many users access the salesforce application remotely as well as on-premises.
Your goal is to find a way to get more visibility, control over shadow IT-related activities, and identify any data leaks in the salesforce application.
Which three steps should you take to achieve your goal? (Choose three.)
- A. Use FortiGate, FortiGuard, and FortiAnalyzer solutions.
- B. Deploy and configure FortiCASB with a Fortinet FortiCASB subscription license.
- C. Deploy and configure FortiGate with Security Fabric solutions, and FortiCWP with a storage guardian advance license.
- D. Configure FortiCASB and set up access rights, privileges, and data protection policies.
- E. Deploy and configure FortiCWP with a workload guardian license.
正解: A,B,D
質問 27
Refer to the exhibit.
Which two conditions will enable you to segregate and secure the traffic between the hub and the spokes in Microsoft Azure? (Choose two.)
- A. Configure VNet peering between the hub and spokes.
- B. Implement the FortiGate-VM network virtual appliance (NVA) in the hub and use user-defined routes (UDRs) in the spokes.
- C. Use ExpressRoute to interconnect the hub VNets and spoke VNets.
- D. Configure VNet peering between the spokes only.
正解: A,C
質問 28
Which two statements about the Amazon Cloud Services (AWS) network access control lists (ACLs) are true? (Choose two.)
- A. Network ACLs must be manually applied to virtual network interfaces.
- B. Network ACLs support allow rules and deny rules.
- C. Network ACLs are stateful, and inbound and outbound rules are used for traffic filtering.
- D. Network ACLs are stateless, and inbound and outbound rules are used for traffic filtering.
正解: B,D
質問 29
An organization deployed a FortiGate-VM in the Google Cloud Platform and initially configured it with two vNICs. Now, the same organization wants to add additional vNICs to this existing FortiGate-VM to support different workloads in their environment.
How can they do this?
- A. They can use the Compute Engine API Explorer.
- B. They cannot create and add additional vNICs to an existing FortiGate-VM.
- C. They can create additional vNICs in the UI console.
- D. They can create additional vNICs using the Cloud Shell.
正解: A
解説:
Explanation/Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/62d32ecf-687f-11ea-
9384-00505692583a/FortiOS-6.4-GCP_Cookbook.pdf
質問 30
......
Fortinet NSE7_PBC-6.4 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
NSE7_PBC-6.4練習テストPDF試験材料:https://www.jpntest.com/shiken/NSE7_PBC-6.4-mondaishu