● FCP - AWS Cloud Security 7.4 Administrator Actual Materials
Please note that the exam " FCP - AWS Cloud Security 7.4 Administrator" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
Question #11
Question #12
An administrator wants to deploy a solution to automatically create firewall rules on FortiGate to accelerate time-to-protection for threats.
Which AWS service can be integrated with FortiGate to accomplish this?
(Choose one answer)
- A. AWS Firewall Manager
- B. AWS network access control list
- C. SDN Connector for AWS
- D. AWS GuardDuty
Question #13
An administrator is adding a web application to be protected by FortiWeb Cloud.
Which two steps are necessary to successfully onboard the application?
(Choose two answers)
- A. Wait for the EC2 instance to be created.
- B. Provide a web application name.
- C. Create DNS records in the domain server that hosts the application.
- D. Enable a content delivery network (CDN) in the same region where your application is located.
Question #14
You want to deploy the Fortinet HA CloudFormation template to stage and bootstrap the FortiGate configuration in the same region in which you created your VPC, which is
Ohio US-East-2.
Based on this information, which statement is correct?
(Choose one answer)
- A. You create an S3 bucket to stage and bootstrap FortiGate with an FGCP unicast configuration. The S3 bucket can be hosted in any region.
- B. The Fortinet HA cloud formation template automatically creates an S3 bucket.
- C. You create an S3 bucket to stage and bootstrap FortiGate with an FGCP unicast configuration. The S3 bucket needs to be hosted in the Ohio US-East-2 region. Most Voted
- D. You create a DynamoDB to stage and bootstrap FortiGate with an FGCP unicast configuration. It needs to be hosted in the Ohio US-East-2 region.
Question #15
An organization has the requirement to connect a data VPC to the on-premises infrastructure of a branch office in a hybrid cloud environment. The connectivity needs the higher bandwidth but the organization does not want to use multiple connections between sites.
Which AWS solution meets the requirement?
(Choose one answer)
- A. Transit VPC with IPSec
- B. Internet Gateway
- C. Transit Gateway multicast
- D. Transit Gateway Connect
Question #16
A customer has implemented GWLB between the partner and application VPCs. FortiGate appliances are deployed in the partner VPC with multiple AZs to inspect traffic transparently.
Which two things will happen to application traffic based on the GWLB deployment?
(Choose two answers)
- A. Inbound and outbound traffic will go to multiple devices, which will perform load balancing.
- B. Inbound and outbound traffic will go to the same device, which will perform stateful processing.
- C. The content of the original traffic exchanged between the GWLB and FortiGate will be preserved.
- D. The original traffic exchanged between the GWLB and FortiGate will be hashed for data integrity.
Question #17
Which two statements about the FortiCloud portal are true? (Choose two answers)
- A. You can gain remote access to your FortiGate VM directly from the portal.
- B. To assign permissions in the identity and access management (IAM) portal, you must write a JSON script.
- C. You can access the FortiFlex portal only after you purchase a FortiFlex license and register it on FortiCare.
- D. You can access only cloud services that you have subscribed to on AWS marketplace
Question #18
Which three statements correctly describe FortiGate Cloud-Native Firewall (CNF)? (Choose three answers)
- A. It provides carrier-grade protection
- B. It scales seamlessly.
- C. It uses AWS Elastic Load Balancing (ELB).
- D. It is considered to be a Firewall-as-a-Service (FWaaS).
- E. It can be managed by FortiManager and AWS firewall manager.
Question #19
AWS native network services offer vast functionality and inter-connectivity between the cloud and on-premises networks.
Which three additional functions can FortiGate for AWS offer to complement the native services offered by AWS?
(Choose three answers)
- A. Higher VPN throughput
- B. Web filtering
- C. OSPF over IPSec
- D. Advanced dynamic routing
- E. Secure SD-WAN with application visibility
Question #20
Which three statements are correct about VPC flow logs? (Choose three answers)
- A. Flow logs do not capture traffic to and from 169.254.169.254 for instance metadata.
- B. Flow logs do not capture DHCP traffic.
- C. Flow logs can capture traffic to the reserved IP address for the default VPC router.
- D. Flow logs can be used as a security tool to monitor the traffic that is reaching the instance.
- E. Flow logs can capture real-time log streams for the network interfaces.
Your organization is deciding between deploying an active-active (A-A) or active-passive (A-P) FortiGate high availability (HA) cluster in AWS cloud.
Which two statements are true about A-A clusters compared to A-P clusters? (Choose two answers)