● FCP - AWS Cloud Security 7.4 Administrator Actual Materials
Please note that the exam " FCP - AWS Cloud Security 7.4 Administrator" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
Question #21
Question #22
A customer is attempting to deploy an active-passive high availability (HA) cluster using the software-defined network (SDN) connector in the AWS cloud.
What is an important consideration to ensure a successful formation of HA, failover, and traffic flow?
(Choose one answer)
- A. Both cluster members must be in the same availability zone.
- B. VDOM exceptions must be configured
- C. Unicast FortiGate Clustering Protocol (FGCP) must be used.
- D. Both cluster members must show as healthy in the elastic load balancer (ELB) configuration.
Question #23
A cloud administrator is tasked with protecting web applications hosted in AWS cloud.
Which three Fortinet cloud offerings can the administrator choose from to accomplish the task?
(Choose three answers)
- A. AWS WAF
- B. FortiEDR
- C. FortiGate Cloud-Native Firewall (CNF)
- D. Fortinet Managed Rules for AWS WAF
- E. FortiWeb Cloud
Question #24
You are troubleshooting network connectivity issues between two VMs deployed in AWS.
One VM is a FortiGate located on subnet "LAN" that is part of the VPC "Encryption".
The other VM is a Windows server located on the subnet "servers" which is also in the "Encryption" VPC.
You are unable to ping the Windows server from FortiGate.
What are two reasons for this?
(Choose two answers)
- A. The firewall in the Windows VM is blocking the traffic
- B. The default AWS Network Access Control List (NACL) does not allow this traffic.
- C. By default, AWS does not allow ICMP traffic between subnets.
- D. Add an inbound allow ICMP rule in the security group attached to the windows server.
Question #25
An administrator needs to attach an Elastic Network Interface (ENI) to an application instance in a VPC with multiple availability zones. An instance runs in availability zone
Which ENI property must the administrator consider when implementing this requirement?
(Choose one answer)
- A. An ENI cannot attach to an instance in availability zone 2.
- B. After the ENI detaches from one instance, it can reattach only to the same instance.
- C. You can detach the primary ENI from an AWS instance.
- D. When you move an ENI, network traffic remains directed to the old instance until you terminate that instance.
Question #26
How is traffic failover handled in a FortiGate active-active cluster deployed in AWS? (Choose one answer)
- A. The Elastic Load Balancer handles bi-directional traffic failover using a health probe.
- B. The Elastic Load Balancer handles traffic failover using FGCP.
- C. All FortiGate cluster members use unicast FGCP.
- D. All FortiGate cluster members send health probes using a dedicated interface.
Question #27
A customer must deploy an application that delivers a single stream of data to many users at the same time.
The customer also wants to distribute data across multiple connected VPC networks.
Which AWS service is used for this requirement?
(Choose one answer)
- A. Transit Gateway Connect
- B. Transit Gateway multicast
- C. Routing domains
- D. VPC Peering
Question #28
Your organization has decided to deploy FortiGate Cloud-Native Firewall (CNF) because of its simplified operations.
Which steps are required to successfully deploy a CNF instance?
(Choose three answers)
- A. Create a CNF instance on the CNF console or AWS Firewall Manager.
- B. Define the virtual public cloud (VPC) and subnets to place the instance in.
- C. Associate the AWS account with the CNF console.
- D. Manually deploy GWLB in the CNF subnet
- E. Procure a CNF license in FortiCloud.
Question #29
An organization wants to deploy FortiGate to inspect the internet traffic across multiple VPCs. They also want high availability across a fleet of FortiGate devices by rerouting traffic flows to the healthy device. which acts as a single entry and exit point for all traffic.
Which AWS solution meets this requirement?
(Choose one answer)
- A. Gateway load balancer
- B. Transit Gateway Connect
- C. Classic load balancer
- D. Application load balancer
Question #30
An organization has three separate VPCs: main, payroll, and HR. The employee portal in the main VPC needs access to the payroll and HR servers.
How can a portal access the servers running in the other VPCs?
(Choose one answer)
- A. This is not possible because VPCs cannot communicate with each other.
- B. Make sure the security groups allow for the IP address ranges of all VPCs.
- C. Open NACLs to allow for full communication.
- D. Set up VPC peering among the main, payroll, and HR VPCs.
An administrator must deploy a web application firewall (WAF) solution to protect the web applications of their organization.
Why would the administrator choose FortiWeb Cloud over AWS WAF with Fortinet managed rules? (Choose one answer)