Fortinet fcp wcs ad 7 4 practice test
fcp - aws cloud security 7.4 administrator
Question 1
An administrator is adding a web application to be protected by FortiWeb Cloud.
Which two steps are necessary to successfully onboard the application? (Choose two.)
- A. Wait for the EC2 instance to be created.
- B. Provide a web application name.
- C. Create DNS records in the domain server that hosts the application.
- D. Enable a content delivery network (CDN) in the same region where your application is located.
Answer:
bc
Question 2
Refer to the exhibit.
What occurs during a failover for an active-passive (A-P) cluster that is deployed in two different availability zones? (Choose two.)
- A. The cluster elastic IP address (EIP) is moved from Port1 of FGT-1 to Port1 of FGT-2.
- B. The secondary IP address of Port2 of FGT-1 is moved to Port2 of FGT-2.
- C. The default static route in the Private-AZ1 subnet route table is modified to forward all traffic to Port2 of FGT2.
- D. An additional route is added to the route table of the HA Sync AZ2 subnet to forward all traffic to the Internet GW.
Answer:
ab
Question 3
An administrator needs to attach an Elastic Network Interface (ENI) to an application instance in a VPC with multiple availability zones. An instance runs in availability zone 1.
Which ENI property must the administrator consider when implementing this requirement?
- A. An ENI cannot attach to an instance in availability zone 2.
- B. After the ENI detaches from one instance, it can reattach only to the same instance.
- C. You can detach the primary ENI from an AWS instance.
- D. When you move an ENI, network traffic remains directed to the old instance until you terminate that instance.
Answer:
a
Question 4
Which two statements about the FortiCloud portal are true? (Choose two.)
- A. You can gain remote access to your FortiGate VM directly from the portal.
- B. To assign permissions in the identity and access management (IAM) portal, you must write a JSON script.
- C. You can access the FortiFlex portal only after you purchase a FortiFlex license and register it on FortiCare.
- D. You can access only cloud services that you have subscribed to on AWS marketplace.
Answer:
ad
Question 5
Refer to the exhibit.
An organization deployed the application servers in the AWS VPC that connects to the corporate data center using Transit Gateway Connect. Demand for the applications has grown and the connection requires more bandwidth.
What is required to achieve higher bandwidth?
- A. Use routable public IP addresses instead of private IP addresses for connectivity.
- B. You cannot increase bandwidth the connection has a fixed limit.
- C. No configuration change is required because GRE tunnels are scaled to provide higher bandwidth.
- D. You add a Transit VPC between the organization's VPCs.
Answer:
c
Question 6
Which three statements are correct about VPC flow logs? (Choose three.)
- A. Flow logs do not capture traffic to and from 169.254.169.254 for instance metadata.
- B. Flow logs do not capture DHCP traffic.
- C. Flow logs can capture traffic to the reserved IP address for the default VPC router.
- D. Flow logs can be used as a security tool to monitor the traffic that is reaching the instance.
- E. Flow logs can capture real-time log streams for the network interfaces.
Answer:
abd
Question 7
An AWS administrator is designing internet connectivity for an organization's virtual public cloud (VPC). The organization has web servers with private addresses that must be reachable from the internet. The web servers must be highly available.
Which two configurations can you use to ensure the web servers are highly available and reachable from the internet? (Choose two.)
- A. Deploy a network load balancer.
- B. Configure a network address translation (NAT) Gateway in your VPC. Place web servers behind the NAT Gateway.
- C. Add a route to the default virtual public cloud (VPC) route table forwarding all traffic to the internet gateway.
- D. Deploy web servers in multiple availability zones.
Answer:
ad
Question 8
A cloud administrator is tasked with protecting web applications hosted in AWS cloud.
Which three Fortinet cloud offerings can the administrator choose from to accomplish the task? (Choose three.)
- A. AWS WAF
- B. FortiEDR
- C. FortiGate Cloud-Native Firewall (CNF)
- D. Fortinet Managed Rules for AWS WAF
- E. FortiWeb Cloud
Answer:
cde
Question 9
An administrator must deploy a web application firewall (WAF) solution to protect the web applications of their organization.
Why would the administrator choose FortiWeb Cloud over AWS WAF with Fortinet managed rules?
- A. WAF signatures must be manually updated by FortiGuard.
- B. The solution must meet PCI 6.6 compliance.
- C. SSL inspection is a requirement.
- D. Traffic must be inspected for malware.
Answer:
b
Question 10
An administrator has been asked to deploy an active-passive (A-P) FortiGate cluster in the AWS cloud across two availability zones.
In addition to enhanced redundancy, which other major difference is there compared to deploying A-P high availability in the same availability zone?
- A. The FortiGate devices act as a single, logical instance.
- B. Secondary IP address configuration is used.
- C. The number of subnets required is less.
- D. IP addressing and subnetting are not shared.
Answer:
d