ERASED TEST, YOU MAY BE INTERESTED ON
N7-P Cloud
COMMENTS |
STATISTICS |
RECORDS
|
|---|
TAKE THE TEST
|
Title of test:
N7-P Cloud Description: Meu test N7 Author: Sou Eu Other tests from this author Creation Date: 18/09/2023 Category: Others Number of questions: 58 |
Share the Test:
New Comment
No comments about this test.
Content:
|
When configuring the FortiCASB policy, which three configuration options are available? (Choose three.) Intrusion prevention policies Threat protection policies Data loss prevention policies Compliance policies Antivirus policies. You have been tasked with deploying FortiGate VMs in a highly available topology on the Amazon Web Services (AWS) cloud. The requirements for your deployment are as follows: • You must deploy two FortiGate VMs in a single virtual private cloud (VPC), with an external elastic load balancer which will distribute ingress traffic from the internet to both FortiGate VMs in an active-active topology. • Each FortiGate VM must have two elastic network interfaces: one will connect to a public subnet and other will connect to a private subnet. • To maintain high availability, you must deploy the FortiGate VMs in two different availability zones. How many public and private subnets will you need to configure within the VPC? One public subnet and two private subnets Two public subnets and one private subnet Two public subnets and two private subnets One public subnet and one private subnet. You are deploying Amazon Web Services (AWS) GuardDuty to monitor malicious or unauthorized behaviors related to AWS resources. You will also use the Fortinet aws-lambda-guardduty script to translate feeds from AWS GuardDuty findings into a list of malicious IP addresses. FortiGate can then consume this list as an external threat feed. Which Amazon AWS services must you subscribe to in order to use this feature? GuardDuty, CloudWatch, S3, Inspector, WAF, and Shield GuardDuty, CloudWatch, S3, and DynamoDB Inspector, Shield, GuardDuty, S3, and DynamoDB WAF, Shield, GuardDuty, S3, and DynamoDB. Refer to the exhibit. Your senior administrator successfully configured a FortiGate fabric connector with the Azure resource manager, and created a dynamic address object on the FortiGate VM to connect with a windows server in Microsoft Azure. However, there is now an error on the dynamic address object, and you must resolve the issue. How do you resolve this issue? Run diagnose debug application azd -l on FortiGate. In the Microsoft Azure portal, set the correct tag values for the windows server. In the Microsoft Azure portal, access the windows server, obtain the private IP address, and assign the IP address under the FortiGate-VM AzureLab address object Delete the address object and recreate a new address object with the type set to FQDN. Refer to the exhibit. A customer has deployed an environment in Amazon Web Services (AWS) and is now trying to send outbound traffic from the Web servers to the Internet. The FortiGate policies are configured to allow all outbound traffic; however, the traffic is not reaching the FortiGate internal interface. What are two possible reasons for this behavior? (Choose two.) The Internet gateway (IGW) is not added to VPC (virtual private cloud). The web servers are not configured with the default gateway. AWS source and destination checks are enabled on the FortiGate interfaces. AWS security groups may be blocking the traffic. Refer to the exhibit. You are deploying a FortiGate-VM in Microsoft Azure using the PAYG/On-demand licensing model. After you configure the FortiGate-VM, the validation process fails, displaying the error shown in the exhibit. What caused the validation process to fail? You selected the incorrect resource group. You selected the Bring Your Own License (BYOL) licensing mode. You selected the PAYG/On-demand licensing model, but did not select correct virtual machine size. You selected the PAYG/On-demand licensing model, but did not associate a valid Azure subscription . An Amazon Web Services (AWS) auto-scale FortiGate cluster has just experienced a scale-down event, terminating a FortiGate in availability zone C. This has now black-holed the private subnet in this availability zone. What action will the worker node automatically perform to restore access to the black-holed subnet? The worker node applies a route table from a non-black-holed subnet to the black-holed subnet. The worker node moves the virtual IP of the terminated FortiGate to a running FortiGate on the worker node's private subnet interface. The worker node modifies the route table applied to the black-holed subnet changing its default route to point to a running FortiGate on the worker node's private subnet interface. The worker node migrates the subnet to a different availability zone. Which two statements about the Amazon Cloud Services (AWS) network access control lists (ACLs) are true? (Choose two.) Network ACLs are stateless, and inbound and outbound rules are used for traffic filtering. Network ACLs are stateful, and inbound and outbound rules are used for traffic filtering. Network ACLs must be manually applied to virtual network interfaces. Network ACLs support allow rules and deny rules. When an organization deploys a FortiGate-VM in a high availability (HA) (active/active) architecture in Microsoft Azure, they need to determine the default timeout values of the load balancer probes. In the event of failure, how long will Azure take to mark a FortiGate-VM as unhealthy, considering the default timeout values? Less than 10 seconds 30 seconds 20 seconds 16 seconds. Which three properties are configurable Microsoft Azure network security group rule settings? (Choose three.) Action Sequence number Source and destination IP ranges Destination port rang Source port ranges. Refer to the exhibit. You attempted to deploy the FortiGate-VM in Microsoft Azure with the JSON template, and it failed to boot up. The exhibit shows an excerpt from the JSON template. What is incorrect with the template? The LUN ID is not defined. FortiGate-VM does not support managedDisk from Azure. The caching parameter should be None. The CreateOptions parameter should be FromImage. Which two statements about Microsoft Azure network security groups are true? (Choose two.) Network security groups can be applied to subnets and virtual network interfaces. Network security groups can be applied to subnets only. Network security groups are stateless inbound and outbound rules used for traffic filtering. Network security groups are a stateful inbound and outbound rules used for traffic filtering. Refer to the exhibit. In your Amazon Web Services (AWS) virtual private cloud (VPC), you must allow outbound access to the internet and upgrade software on an EC2 instance, without using a NAT instance. This specific EC2 instance is running in a private subnet: 10.0.1.0/24. Also, you must ensure that the EC2 instance source IP address is not exposed to the public internet. There are two subnets in this VPC in the same availability zone, named public (10.0.0.0/24) and private (10.0.1.0/24). How do you achieve this outcome with minimum configuration? Deploy a NAT gateway with an EIP in the private subnet, edit the public main routing table, and change the destination route 0.0.0.0/0 to the target NAT gateway. Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Public-route, and delete the route destination 10.0.0.0/16 to target local. Deploy a NAT gateway with an EIP in the private subnet, edit route tables, select Private-route, and add a new route destination 0.0.0.0/0 to the target internet gateway. Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Private-route and add a new route destination 0.0.0.0/0 to target the NAT gateway. What is the bandwidth limitation of an Amazon Web Services (AWS) transit gateway VPC attachment? Up to 1.25 Gbps per attachment Up to 50 Gbps per attachment Up to 10 Gbps per attachment Up to 1 Gbps per attachment. A company deployed a FortiGate-VM with an on-demand license using Amazon Web Services (AWS) Market Place Cloud Formation template. After deployment, the administrator cannot remember the default admin password. What is the default admin password for the FortiGate-VM instance? The instance-ID value The admin password cannot be recovered and the customer needs to deploy the FortiGate-VM again. <blank> admin. You have been asked to secure your organization’s salesforce application that is running on Microsoft Azure, and find an effective method for inspecting shadow IT activities in the organization. After an initial investigation, you find that many users access the salesforce application remotely as well as on-premises. Your goal is to find a way to get more visibility, control over shadow IT-related activities, and identify any data leaks in the salesforce application. Which three steps should you take to achieve your goal? (Choose three.) Deploy and configure FortiCASB with a Fortinet FortiCASB subscription license. Configure FortiCASB and set up access rights, privileges, and data protection policies. Use FortiGate, FortiGuard, and FortiAnalyzer solutions. Deploy and configure FortiCWP with a workload guardian license. Deploy and configure FortiGate with Security Fabric solutions, and FortiCWP with a storage guardian advance license. Your company deploys FortiGate VM devices in high availability (HA) (active-active) mode with Microsoft Azure load balancers using the Microsoft Azure ARM template. Your senior administrator instructs you to connect to one of the FortiGate devices and configure the necessary firewall rules. However, you are not sure now to obtain the correct public IP address of the deployed FortiGate VM and identify the access ports. How do you obtain the public IP address of the FortiGate VM and identify the correct ports to access the device? In the configured load balancer, access the inbound NAT rules section In the configured load balancer, access the backend pools section. In the configured load balancer, access the inbound and outbound NAT rules section. In the configured load balancer, access the health probes section. Refer to the exhibit. Consider an active-passive HA deployment in Microsoft Azure. The exhibit shows an excerpt from the passive FortiGate-VM node. If the active FortiGate-VM fails, what are the results of the API calls made by the FortiGate named SSTENTAZFGT-0302? (Choose two.) The network interface of the active unit moves to itself 172.29.32.71 is set as a next hop IP for all routes under FortigateUDR-01 SSTENTAZFGT-03-FloatingPIP public IP is assigned to NIC SSTENTAZFGT-0302-Nic-01 SSTENTAZFGT-03-FloatingPIP is assigned to the IP configuration with the name SSTENTAZFGT0302-Nic-01. Which two Amazon Web Services (AWS) topologies support east-west traffic inspection within the AWS cloud by the FortiGate VM? (Choose two.) A single VPC deployment with multiple subnets and a NAT gateway A single VPC deployment with multiple subnets A multiple VPC deployment utilizing a transit VPC topology A multiple VPC deployment utilizing a transit gateway. You have previously deployed an Amazon Web Services (AWS) transit virtual private cloud (VPC) with a pair of FortiGate firewalls (VM04 / c4.xlarge) as your security perimeter. You are beginning to see high CPU usage on the FortiGate instances. Which action will fix this issue? Convert the c4.xlarge instances to m4.xlarge instances. Migrate the transit VPNs to new and larger instances (VM08 / c4.2xlarge). Convert from IPsec tunnels to generic routing encapsulation (GRE) tunnels, for the VPC peering connections. Convert the transit VPC firewalls into an auto-scaling group and launch additional EC2 instances in that group. Which two statements about Amazon Web Services (AWS) networking are correct? (Choose two.) Proxy ARP entries are disregarded. 802.1q VLAN tags are allowed inside the same virtual private cloud. AWS DNS reserves the first host IP address of each subnet. Multicast traffic is not allowed. An organization deploys a FortiGate-VM (VM04 / c4.xlarge) in Amazon Web Services (AWS) and configures two elastic network interfaces (ENIs). Now, the same organization wants to add additional ENIs to support different workloads in their environment. Which action can you take to accomplish this? None, you cannot create and add additional ENIs to an existing FortiGate-VM. Create the ENI, shut down FortiGate, attach the ENI to FortiGate, and then start FortiGate. Create the ENI, attach it to FortiGate, and then restart FortiGate. Create the ENI and attach it to FortiGate. Refer to the exhibit. The exhibit shows a topology where multiple connections from clients to the same FortiGate-VM instance, regardless of the protocol being used, are required. Which two statements are correct? (Choose two.) The design shows an active-active FortiGate-VM architecture. The Cloud Load Balancer Session Affinity setting should be changed to CLIENT_IP. The design shows an active-passive FortiGate-VM architecture. The Cloud Load Balancer Session Affinity setting should use the default value. Refer to the exhibit. Which two conditions will enable you to segregate and secure the traffic between the hub and the spokes in Microsoft Azure? (Choose two.) Implement the FortiGate-VM network virtual appliance (NVA) in the hub and use user-defined routes (UDRs) in the spokes. Use ExpressRoute to interconnect the hub VNets and spoke VNets. Configure VNet peering between the spokes only. Configure VNet peering between the hub and spokes. An organization deployed a FortiGate-VM in the Google Cloud Platform and initially configured it with two vNICs. Now, the same organization wants to add additional vNICs to this existing FortiGate-VM to support different workloads in their environment. How can they do this? They can create additional vNICs using the Cloud Shell. They cannot create and add additional vNICs to an existing FortiGate-VM. They can create additional vNICs in the UI console. They can use the Compute Engine API Explorer. You have been asked to develop an Azure Resource Manager infrastructure as a code template for the FortiGate-VM, that can be reused for multiple deployments. The deployment fails, and errors point to the storageAccount name. Which two are restrictions for a storageAccount name in an Azure Resource Manager template? (Choose two.) The uniqueString() function must be used. The storageAccount name must use special characters. The storageAccount name must be in lowercase. The storageAccount name must contain between 3 and 24 alphanumeric characters. Which statement about FortiSandbox in Amazon Web Services (AWS) is true? In AWS, virtual machines (VMs) that inspect files do not have to be reset after inspecting a file. FortiSandbox in AWS uses Windows virtual machines (VMs) to inspect files. In AWS, virtual machines (VMs) that inspect files are constantly up and running. FortiSandbox in AWS can have a maximum of eight virtual machines (VMs) that inspect files. Refer to the exhibit. You are configuring an active-passive FortiGate clustering protocol (FGCP) HA configuration in a single availability zone in Amazon Web Services (AWS), using a cloud formation template. After deploying the template, you notice that the AWS console has IP information listed in the FortiGate VM firewalls in the HA configuration. However, within the configuration of FortiOS, you notice that port1 is using an IP of 10.0.0.13, and port2 is using an IP of 10.0.1.13. What should you do to correct this issue? Configure FortiOS to use static IP addresses with the IP addresses reflected in the ENI primary IP address configuration (as per the exhibit). Delete the deployment and start again. You have in put the wrong parameters during the cloud formation template deployment. Configure FortiOS to use DHCP so that it will get the correct IP addresses on the ports. Nothing, in AWS cloud, it is normal for a FortiGate ENI primary IP address to be different than the FortiOS IP address configuration. Customer XYZ has an ExpressRoute connection from Microsoft Azure to a data center. They want to secure communication over ExpressRoute, and to install an in-line FortiGate to perform intrusion prevention system (IPS) and antivirus scanning. Which three methods can the customer use to ensure that all traffic from the data center is sent through FortiGate over ExpressRoute? (Choose three.) Install FortiGate in Azure and build a VPN tunnel to the data center over ExpressRoute Configure a user-defined route table Enable the redirect option in ExpressRoute to send data center traffic to a user-defined route table Configure the gateway subnet as the subnet in the user-defined route table Define a default route where the next hop IP is the FortiGate WAN interface. You need to Deploy FortiGate VM devices in a highy available topology in the Microsoft Azure cloud. The following are the requirements of your deployment º two FortiGate devices must be deployed, each in a different availability zone º Each FortiGate requires two virtual network interfaces: one will connect to a public subnet and the other will connect to a prívate subnet. º An internal Microsoft Azure load balancer will distribute ingress traffic to both FortiGate devices in an active-active topology. º An internal Microsoft Azure load balancer wil distribute egress traffic from protected vírtual machines to both FortiGate devices in an active-active topology º traffic should be accepted or denied by firewall policy in the same way by either FortiGate device in this topology. When configuring the external load balancer and public 1P address resources in the Microsoft Azure cloud, which Microsoft Azure load balancer and public IP address resource must you use for this deployment? Azure standard load balancer and standard public IP address Azure basic load balancer and standard public IP address Azure standard load balancer and basic public IP address Azure basic load balancer and basic public IP address. Refer to the exhibit. Your senior administrator successfully configured a fortiGate fabric connector with the Azure resource manager, and created a dynamic address object on the FortiGate VM to connect with a windows server in Microsoft Azure. However, there is now an error on the dynamic address object and you must resolve the issue. How do you resolve this issue ? In the Microsoft Azure portal, set the correct tag values for the windows server. Run diagnose debug application azd -1 on fortigate Delete the address object and recreate a new address object with the type set to FQDN In the microsoft Azure portal, access the windows server, obtain the private IP address, and assign the IP address under the Fortigate-VM AzureLab address object. Which three statements about FortiCASB and FortiCWP are true? (Choose three.) : The FOrtiCASB does not have to be tied to any other Fortinet appliance or service. The FortiCWP monitors and tracks security components in public cloud environments. The FortiCASB operates as an in-line proxy. The FortiCASB can be used to monitor all Software-as-a-Service (SaaS) applications. The FortiCWP can be used to get visibility and remediate security risks for IaaS environments. . Refer to the exhibit. Which two conditions will enable you to segregate and secure the traffic between the hub and the spokes in Microsoft Azure ? (Choose two.) Configure Vet peering between the spokes only. Implement the FortiGate-VM network virtual appliance (NVA) in the hub and use user-defined routes (UDRs) in the spokes. Use ExpressRoute to interconnect the hub VNets and spoke VNets. Configure VNet peering between the hub and spokes. Which two statements about Amazon Web Services (AWS) are true for FortiGate Pay-As-You-Grow (PAYG) and Bring Your Own License (BYOL) lcenses? (Choose two) BYOL licenses do not generate any costs while virtual machines (VMs) are stopped from the FortiGate CLI. IPAYG licenses Include FortiGuard and Forticare. Infrastruture costs for AWS are not included in PAYG licenses. BYOL licenses include FortiGuard and FortiCare. What three initial steps are mandatory when making a custom FortiGate-VM image available to be deployed in Google Cloud Platform(GCP) ? (Choose three.) Create a bucket in GCP storage. Deploy a new FortiGate-VM image in the Compute Engine VM instances. Upload the FortiGate-VM .tar.gz image file to a bucket. Create a new FortiGate-VM image within the Compute Engine images. Use a FortiGate-VM from the Google Launcher. Refer to the exhibit. The diagram depicts a FortiGate VM HA active-passive topology using FortiGate cluster protocol with unicast heartbeats, At minimum, how many elastic network interfaces (ENIs) are recommended on each FortiGate VM to achieve this configuration? 1 2 3 4. What is the applicable FortiWeb operating mode in Microsoft Azure? Transparent inspection Reverse proxy Offline protection True transparent proxy. Refer to the exhibit. You are Configuring an active-passive FotiGate clustering protocol (FGCP) HA configuration in a singles availability zone in Amazon Web Service (AWS), using a cloud formation template. After deploying the template, you notice that the AWS console has IP information Listed in the FortiGate VM Firewall in the HA congiguration. However, within the configuration of FortiOS, you notice that port1 is using an IP of 10.0.0.13, and port2 is using an IP of 10.0.1.13. What should you do to correct this issue? Delete the deployment and start again. You have in put the wrong parameters during the cloud formation template deployment. Nothing, in AWS cloud, it is normal for a FortiGate ENI primary IP address to be different than the FortiOS IP address configuration. Configure FortiOS to use static IP addresses with the IP addresses reflected in the ENI primary IP address configuration (as per the exhibit). Configure FortiOS to use DHCP so that it will get the correct IP addresses on the ports. Refer to the exhibit. Which statement is true regarding GCP ? The administrator used bq utility to create an instance The administrator used gsutil utility to create an instance. The administrator used gcloud utility to create an instance. The administrator used CLI utility to create a project named fortinet-training-288514. When you configure a routing table with a Microsoft Azure user-definet route that directs outbound internet traffic to a FotiGate VM in the network (VNET), which three items can you use as a next hop setting in the router. (Choose three.) Azure iternal load balance IP address Fortigate IP address Fotigate VM identifier Fortigate virtual NIC identifier Virtual Appliance. Which two statements about the Amazon Web Services (AWS) security groups are true? (Choose two.) A security group is a stateful list of ingress and egress traffic rules. Configured traffic rules may have an action of permit or deny. ENIs must have security groups configured on them. EC2 instances, elastic network interfaces (ENIs), and subnets may have security groups configured on them. Which three options can you use to build a custom template for deploying a FortiGate-VM in Microsoft Azure? (Choose three.) Download templates from https://support.fortinet.com and customize them as required. Create a template using an integrated development environment (IDE), such as Visual Studio Code. Download templates from https://github.com/fortinetsolutions and customize te as required. Download official templates from nttps://Pbitbucket.org and customize them as required. Download templates from Market Place Deployment Options and customize them as required. When using Amazon Web Services (AWS)-managed web application firewal (WAP) rulesets by FortiGuard, the customer is billed by which two criteria? (Choose two) Usage surcharge for every 1,000,000 processed requests Usage surcharge for every 1,000 processed requests Monthly subscription per region that the rules are deployed in (including Cloudfront) Global monthly subscription charge. An organization has deployed devices in Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). The administrator is looking for a simple solution to identify and remediate all suspicious instances involved in botnet activities on all three cloud environments. Which solution should the administrator use to achieve this task ? Deploy and configure a FortiCWP with a threat protection policy. Deploy and configure a ForticASB with a ShadowIT policy. Deploy and configure a FortiCWP with a network policy. Deploy and configure a FortiCASB with a data analysis policy. . Instead of deploying a Fortinet product from the Marketplace, you want to create a new resource in Microsoft Azure Resource Manager, from a template. Which three expressions are mandatory to construct your new deployment? (Choose Three.) resources parameters contentVersion variables $shema. Refer to the exhibit. The exhibit shows a customer deployment of a FortiGate device in Amazon Web Services (AWS). The FortiGate device is configured to use the FortiGate SDN connector. Which two statements are true ? The network security group with uuid, is applied to the subnet subnet-fb2506a0 FortiGate SDN connector is configured to dynamically learn addresses matching the subnetId field with subnet-fb2506a0. FortiGate is configured to learn dynamic addresses from the AWS environment. The aws-test firewall address is pushed to AWS network security group Wwith uuid. . Which two options can you use to connect the traffic between an on-premises data center and a FortiGate-VM running in Microsoft Azure ? (Choose two.) ExpressRoute IPsec VPN Layer 2 VPN VNet peering. Refer to the exhibit. : Which two Statements about creating an Amazon Web Services (AWS) virtual Private cloud (VPC) are true? (Choose two) You can specify an IPv4 CIDR block size /16. You must specify an IPv4 address range as a CIDR block. You can delete the primary IPv4 CIDR block of the VPC. You can specify an IPV4 CIDR block size larger than /16. You must create an allow SSH traffic rule in an Amazon Web Services (AWS) network access list (ACL) to allow traffic to travel to a subnet for temporary testing purposes.When you reviewing the current inbound network ACL rules, you notice that rule number 5 denies SSH and telnet traffic to the subnet. You do not have to create any network ACL rules because the defaulf security group rule automatically allows SSH traffic to the subnet. You can create a new allow SSH rule below rule number 5. You can create a new allow SSH rule above rule number 5. You can create a new allow SSH rule anywhere in the network ACL rule base to alow SSH traffic. . Which three features help an administrator to automatically quarantine infected hosts in Amazon Web Services(AWS) cloud?(Choose three.) FortiSandbox for AWS FortiAnalyzer AWS Shield Fortinet compromised host trigger AWS Lambda. Your company has tasked you with determining ways to automate and integrate the Amazon Web Service (AWS)-Deployed FortiGate firewall with AWS itself. Which two actions do you need to take as part of performing this integration? (Choose two.) Use AWS Lambda for serverless interactions with FortiGate. Use the published FortioS REST API for programmatic access. Use AWS CodeDeploy to deploy scripts. Use AWS PowerShell to orchestrate FortiGate configurations. . In your Amazon Web Services (AWS) virtual private cloud (VPC), you must allow outbound access to the internet and upgrade software on a EC2 instance, without using a NAT instance.This specific EC2 instance is running in a private subnet:10.0.1.0/24. Also, you must ensure that the EC2 instance IP address is not o exposed to the public internet. There are two subnet in this VPC in the same availability zone, named public (10.0.0.0/24) and private (10.0.1.0/24). How do you achieve this outcome wih minimum configuration? Deploy a NAT gateway with a EIP in the public subnet. edit route tables, select Private-route and add a new route destination 0.0.0.0/0 to the target the NAT gateway. Deploy a NAT gateway with an EIP in the private subnet, edit the public main routing table, and change the destinafion route 0.0.0.0/0 to the target NAT gateway. Deploy a NAT gateway with an EIP in the private subnet, edit route tables, select Private-route, and add a new route destination 0.0.0.0/0 to the target internet gateway. O Deploy a NAT gateway with an EIP in the public subnet, edit route tables, selecl Public-route, and delete the route destination 10.0.0.0/16 to target local. Which three configurations are correct configurations to secure Office 365 email traffic with a FortiMail virtual machine in Microsoft Azure? (Choose Three.) Disable Office 365 as a trusted relay in FortiMail Configure FortiMail to accept email from your domain and then forward the email to office 365. Change the DNS MX record from Office 365 to Fortimail. Configure Office 365 to accept incomming email from Fortimail Configure Office 365 to send outgoing email to the requested destination mail servers. Your company deploys FortiGate VM devices in high availability (HA) (active-active) mode with Microsoft Azure load balancers using the Microsoft Azure ARM template. Your senior administrator instructs you to connect to one of the FortiGate devices and configure the necessary firewall rules. However you are note sure how to obtain the correct public IP address of the deploy FortiGate VM and identily the access ports. How do you obtain the public IP address of the FortiGate VM and identify the correct ports to access the device? In the configured load balancer, access the backend pools section. In the configured load balancer, access the health probes section. In the configured load balancer, access the inbound NAT rules section. In the configured load balancer, access the inbound and outbound NAT rules section. A FortiGate VM in the network topology is not receiving outbound internet traffic grom the windows server on port2. Which three Amazon Web Service (AWS) settings should you check while troubleshooting this problem? (Choose Three.) Public subnet route table entries that include the internet gateway as the target The source and destination checking for FortiGate port2 ENI Private route table entries that include the FortiGate VM port2 IP address as the target Private route table entries that include the FortiGate VM port2 elastic network interface (ENI) as the target Security group settings for FortiGateVM port2 EN1. What is the bandwidth limitation of a transit gateway VPN tunnel attachment? Up to 50 GBps per tunnel Up to 1.25 GBps per tunnel Up to 1 GBps per tunnel Up to 10 GBps per tunnel. Refet to the exhibit. You attempted to deploy the FortiGate-VM in Microsoft Azure with the JSON template, and it failed to boot up. The exhibit shows an excerpt from the JSON template. What is incorrect with the template ? The CreateOptions parameter should be FromImage. The caching parameter should be None. The LUN ID is not defined. Refer to the exhibit. FGT-1 and FGT-2 are in two different availability zones in an active-passive state. FGT-1 is the active device and the FGT-2 is the passive device. During an incident in availability zone 1 (AZ1), HA failover occurs and FGT-2 becomes active device and FGT-1 becomes the passive device. Which statement about IP addresses on FGT-2 after the failover is true? FGT-2 has a dedicated IP address, 34.77.11.144 and a floating EIP address, 52.57.21.122. FGT-2 has a floating EIP address, 52.57.21.122, and a secondary IP address, 10.0.0.8. FGT-2 has a floating EIP address, 52.57.21.122, and no dedicated IP address. The FGT-2 dedicated IP address, 34.77.11.144, becomes the floating EIP address, 52.57.21.122. |
Report abuse