● FCP - AWS Cloud Security 7.4 Administrator Actual Materials
The Actual questions for FCP - AWS Cloud Security 7.4 Administrator (FCP_WCS_AD-7.4) - Updated Weekly
Question #1
Question #2
An AWS administrator is designing internet connectivity for an organization's virtual public cloud (VPC). The organization has web servers with private addresses that must be reachable from the internet. The web servers must be highly available.
Which two configurations can you use to ensure the web servers are highly available and
reachable from the internet?
(Choose two answers)
- A. Deploy a network load balancer.
- B. Configure a network address translation (NAT) Gateway in your VPC. Place web servers behind the NAT Gateway.
- C. Add a route to the default virtual public cloud (VPC) route table forwarding all traffic to the internet gateway
- D. Deploy web servers in multiple availability zones.
Question #3
A global organization with cloud networks deployed in several AWS regions wants to set up next-generation firewall (NGFW) protection using FortiGate Cloud-Native Firewall (CNF).
What are two deployment considerations for the organization?
(Choose two answers)
- A. They must choose AWS Firewall Manager to provision a CNF instance
- B. A CNF instance is required for each AWS region that must be protected.
- C. More than one AWS account can be associated with a CNF instance
- D. Only one CNF instance is required to protect all AWS regions.
Question #4
An organization has created a VPC with two subnets and deployed a FortiGate-VM (VM04/c4.xlarge) in AWS.
The EC2 instance is initially configured with two Elastic Network Interfaces (ENIs). The primary ENI is configured on the public subnet, and the secondary ENI is configured on the privatensubnet. To provide internet access for the FortiGate-VM, they now want to associate an EIP to its primary ENI, but the assignment is failing.
Which action would allow the EIP assignment to be successful?
(Choose one answer)
- A. Create and associate a public subnet with the primary ENI of the FortiGate VM, and then assign the EIP to the primary ENI.
- B. Shut down the FortiGate VM, if it is running, assign the EIP to the primary ENI, and then power it on.
- C. Create and attach an internet gateway to the VPC, and then assign the EIP to the primary ENI of the FortiGate VM.
- D. Create and attach a public routing table to the public subnet, associate the public subnet with the primary ENI of the FortiGate VM, and then assign the EIP to the primary ENI
Question #5
An administrator has been asked to deploy an active-passive (A-P) FortiGate cluster in the AWS cloud across two availability zones.
In addition to enhanced redundancy, which other major difference is there compared to deploying A-P high availability in the same availability zone?
(Choose one answer)
- A. The FortiGate devices act as a single, logical instance.
- B. Secondary IP address configuration is used
- C. The number of subnets required is less
- D. IP addressing and subnetting are not shared
Question #6
A customer has deployed FortiGate Cloud-Native Firewall (CNF).
Which two statements are correct about policy sets?
(Choose two answers)
- A. There is an implicit deny rule at the bottom of the policy set.
- B. The policy set must be manually synchronized to the CNF instance each time it is modified.
- C. A new policy set is created with each deployed CNF instance.
- D. Multiple policy sets can be applied to a single CNF instance.
Question #7
Your company deployed a FortiSandbox for AWS.
Which statement is correct about FortiSandbox for AWS?
(Choose one answer)
- A. FortiSandbox for AWS comes as a hybrid solution. The FortiSandbox manager is installed on-premises and analyzes the results of the sandboxing process received from AWS EC2 instances.
- B. The FortiSandbox manager is installed on the AWS platform and analyzes the results of the sandboxing process received from on-premises Windows instances.
- C. FortiSandbox for AWS does not need more resources because it performs only management and analysis tasks.
- D. FortiSandbox deploys new EC2 instances with the custom Windows and Linux VMs, then it sends malware, runs it, and captures the results for analysis.
Question #8
Your customers have been reporting slow response times when accessing your web
application.
What are two possible ways to increase response times from web servers protected by
FortiWeb Cloud?
(Choose two answers)
- A. Deploy FortiWeb Cloud in the same region where your web application is being hosted.
- B. Enable a content delivery network (CDN)
- C. Modify DNS entries to directly point to your web server.
- D. Disable WAF functionality
Question #9
You need to deploy a new Windows server in AWS to offload web traffic from an existing web server in a different availability zone.
According to the AWS shared responsibility model, what three actions must you take to secure the new EC2 instance?
(Choose three answers)
- A. Update software on the instance.
- B. Change the existing elastic load balancer (ELB) to a gateway load balancer
- C. Configure security groups.
- D. Manage the operating system on the instance.
- E. Move all web servers into the same availability zone
Question #10
Your organization is deciding between deploying FortiWeb VM or Fortinet Managed Rules for AWS WAF.
What are two benefits of choosing FortiWeb VM?
(Choose two answers)
- A. Only pay for what is used.
- B. Up-to-date WAF signatures powered by FortiGuard
- C. Zero-day protection.
- D. Advanced WAF functionality.
What is a drawback of deploying a FortiWeb VM inside a virtual public cloud (VPC) compared to FortiWeb Cloud? (Choose one answer)