The latest update of Leap4Pass Fortinet NSE7_PBC-6.4 test dumps contains PDF and VCE, all test questions are from the test room and real test cracking. All Fortinet NSE7_PBC-6.4 test questions are provided by Lead4Pass test experts.
You can get the latest exam questions and answers here. Get the complete dumps of NSE7_PBC-6.4: https://www.leads4pass.com/nse7_pbc-6-4.html (Q&A: 30).
All Fortinet NSE7_PBC-6.4 test questions have been updated and the answers have been corrected! Make sure your exam questions are true and valid to help you pass the first exam!
[2021.8] Fortinet NSE7_PBC-6.4 exam PDF uploaded from google drive, online download provided by the latest update of Lead4pass:
https://drive.google.com/file/d/1nm0q4kn_9D1qhz1t7jZrjMQLc9UmLLgt/
Free sharing of Fortinet NSE7_PBC-6.4 exam questions and answers online practice test
QUESTION 1
An organization deployed a FortiGate-VM in the Google Cloud Platform and initially configured it with two vNICs. Now,
the same organization wants to add additional vNICs to this existing FortiGate-VM to support different workloads in their
environment.
How can they do this?
A. They can create additional vNICs using the Cloud Shell.
B. They cannot create and add additional vNICs to an existing FortiGate-VM.
C. They can create additional vNICs in the UI console.
D. They can use the Compute Engine API Explorer.
Correct Answer: D
Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/62d32ecf-687f-11ea9384-00505692583a/FortiOS-6.4-GCP_Cookbook.pdf
QUESTION 2
Which two statements about Amazon Web Services (AWS) networking are correct? (Choose two.)
A. Proxy ARP entries are disregarded.
B. 802.1q VLAN tags are allowed inside the same virtual private cloud.
C. AWS DNS reserves the first host IP address of each subnet.
D. Multicast traffic is not allowed.
Correct Answer: CD
Reference: https://docs.aws.amazon.com/sdkfornet/v3/apidocs/items/EC2/TIEC2.html
QUESTION 3
You have previously deployed an Amazon Web Services (AWS) transit virtual private cloud (VPC) with a pair of
FortiGate firewalls (VM04 / c4.xlarge) as your security perimeter. You are beginning to see high CPU usage on the
FortiGate instances.
Which action will fix this issue?
A. Convert the c4.xlarge instances to m4.xlarge instances.
B. Migrate the transit VPNs to new and larger instances (VM08 / c4.2xlarge).
C. Convert from IPsec tunnels to generic routing encapsulation (GRE) tunnels, for the VPC peering connections.
D. Convert the transit VPC firewalls into an auto-scaling group and launch additional EC2 instances in that group.
Correct Answer: D
QUESTION 4
An organization deploys a FortiGate-VM (VM04 / c4.xlarge) in Amazon Web Services (AWS) and configures two elastic
network interfaces (ENIs). Now, the same organization wants to add additional ENIs to support different workloads in
their environment.
Which action can you take to accomplish this?
A. None, you cannot create and add additional ENIs to an existing FortiGate-VM.
B. Create the ENI, shut down FortiGate, attach the ENI to FortiGate, and then start FortiGate.
C. Create the ENI, attach it to FortiGate, and then restart FortiGate.
D. Create the ENI and attach it to FortiGate.
Correct Answer: B
Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/9e3b59dcba0b-11e9a989-00505692583a/FortiOS_6.2_AWS_Cookbook.pdf
QUESTION 5
When configuring the FortiCASB policy, which three configuration options are available? (Choose three.)
A. Intrusion prevention policies
B. Threat protection policies
C. Data loss prevention policies
D. Compliance policies
E. Antivirus policies
Correct Answer: BCD
Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/bf017449-572a-11e981a4-00505692583a/forticasb-4.1.0-admin-guide.pdf (62)
QUESTION 6
An Amazon Web Services (AWS) auto-scale FortiGate cluster has just experienced a scale-down event, terminating a
FortiGate in availability zone C.
What action will the worker node automatically perform to restore access to the black-holed subnet?
A. The worker node applies a route table from a non-black-holed subnet to the black-holed subnet.
B. The worker node moves the virtual IP of the terminated FortiGate to a running FortiGate on the worker node\\’s
private subnet interface.
C. The worker node modifies the route table applied to the black-holed subnet changing its default route to point to a
running FortiGate on the worker node\\’s private subnet interface.
D. The worker node migrates the subnet to a different availability zone.
Correct Answer: D
QUESTION 7
Refer to the exhibit. Which two conditions will enable you to segregate and secure the traffic between the hub and the
spokes in Microsoft Azure? (Choose two.)
A. Implement the FortiGate-VM network virtual appliance (NVA) in the hub and use user-defined routes (UDRs) in the
spokes.
B. Use ExpressRoute to interconnect the hub VNets and spoke VNets.
C. Configure VNet peering between the spokes only.
D. Configure VNet peering between the hub and spokes.
Correct Answer: BD
QUESTION 8
Refer to the exhibit. Consider an active-passive HA deployment in Microsoft Azure. The exhibit shows an excerpt from
the passive FortiGate-VM node.
If the active FortiGate-VM fails, what are the results of the API calls made by the FortiGate named
SSTENTAZFGT-0302? (Choose two.)
A. SSTENTAZFGT-03-FloatingPIP is assigned to the IP configuration with the name SSTENTAZFGT0302-Nic-01,
under the network interface SSTENTAZFGT-0302-Nic-01
B. 172.29.32.71 is set as a next hop IP for all routes under FortigateUDR-01
C. The network interface of the active unit moves to itself
D. SSTENTAZFGT-03-FloatingPIP public IP is assigned to NIC SSTENTAZFGT-0302-Nic-01
Correct Answer: AB
QUESTION 9
You have been asked to secure your organization\\’s salesforce application that is running on Microsoft Azure, and find
an effective method for inspecting shadow IT activities in the organization. After an initial investigation, you find that
many users access the salesforce application remotely as well as on-premises. Your goal is to find a way to get more
visibility, control over shadow IT-related activities, and identify any data leaks in the salesforce application.
Which three steps should you take to achieve your goal? (Choose three.)
A. Deploy and configure FortiCASB with a Fortinet FortiCASB subscription license.
B. Configure FortiCASB and set up access rights, privileges, and data protection policies.
C. Use FortiGate, FortiGuard, and FortiAnalyzer solutions.
D. Deploy and configure FortiCWP with a workload guardian license.
E. Deploy and configure FortiGate with Security Fabric solutions, and FortiCWP with a storage guardian advance
license.
Correct Answer: ABC
QUESTION 10
You need to deploy FortiGate VM devices in a highly available topology in the Microsoft Azure cloud. The
following are the requirements of your deployment:
Two FortiGate devices must be deployed; each in a different availability zone.
Each FortiGate requires two virtual network interfaces: one will connect to a public subnet and the other
will connect to a private subnet.
An external Microsoft Azure load balancer will distribute ingress traffic to both FortiGate devices in an
active-active topology.
An internal Microsoft Azure load balancer will distribute egress traffic from protected virtual machines to
both FortiGate devices in an active-active topology.
Traffic should be accepted or denied by a firewall policy in the same way by either FortiGate device in this
topology.
Which FortiOS CLI configuration can help reduce the administrative effort required to maintain the
FortiGate devices, by synchronizing firewall policy and object configuration between the FortiGate
devices?
A. config system sdn-connector
B. config system ha
C. config system auto-scale
D. config system session-sync
Correct Answer: B
Reference: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/84777/using-standaloneconfigurationsynchronization
QUESTION 11
Which three properties are configurable Microsoft Azure network security group rule settings? (Choose three.)
A. Action
B. Sequence number
C. Source and destination IP ranges
D. Destination port ranges
E. Source port ranges
Correct Answer: ADE
Reference: https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
QUESTION 12
Refer to the exhibit. The exhibit shows a topology where multiple connections from clients to the same FortiGate-VM
instance, regardless of the protocol being used, are required.
Which two statements are correct? (Choose two.)
A. The design shows an active-active FortiGate-VM architecture.
B. The Cloud Load Balancer Session Affinity setting should be changed to CLIENT_IP.
C. The design shows an active-passive FortiGate-VM architecture.
D. The Cloud Load Balancer Session Affinity setting should use the default value.
Correct Answer: AB
QUESTION 13
Refer to the exhibit. A customer has deployed an environment in Amazon Web Services (AWS) and is now trying to
send outbound traffic from the Web servers to the Internet. The FortiGate policies are configured to allow all outbound
traffic; however, the traffic is not reaching the FortiGate internal interface.
What are two possible reasons for this behavior? (Choose two.)
A. The web servers are not configured with the default gateway.
B. The Internet gateway (IGW) is not added to VPC (virtual private cloud).
C. AWS source and destination checks are enabled on the FortiGate interfaces.
D. AWS security groups may be blocking the traffic.
Correct Answer: AD
Share in August! Fortinet NSE7_PBC-6.4 exam pdf, NSE7_PBC-6.4 exam questions and answers,
And get the complete NSE7_PBC-6.4 exam dumps. The latest updated effective NSE7_PBC-6.4 brain dumps come from Lead4pass NSE7_PBC-6.4 Dumps (including PDF and VCE): https://www.leads4pass.com/nse7_pbc-6-4.html (30 Q&A)
ps. [Part] Get free Fortinet NSE7_PBC-6.4 dumps PDF online: https://drive.google.com/file/d/1nm0q4kn_9D1qhz1t7jZrjMQLc9UmLLgt/