● FCP - AWS Cloud Security 7.4 Administrator Actual Materials
Please note that the exam " FCP - AWS Cloud Security 7.4 Administrator" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
Question #31
Question #32
An administrator has deployed an environment in AWS and is now trying to send outbound traffic from the web servers to the internet through FortiGate. The webserver instance uses the default security group and the FortiGate policies are configured to allow all outbound traffic, however, the traffic is not reaching the FortiGate internal interface.
Which two statements explain the reasons for this behavior?
(Choose two answers)
- A. FortiGate ENI is not configured as a default gateway for the route table of the subnet of the web servers.
- B. AWS source destination checks are enabled on the FortiGate internal interfaces
- C. Internet Gateway (IGW) is not configured for the VPC.
- D. AWS security groups are blocking the traffic.
Question #33
Which three statements are correct about Amazon Web Services networking? (Choose three answers)
- A. You can use the unicast FGCP protocol
- B. You cannot configure gratuitous ARP but you can configure proxy ARP.
- C. You cannot use custom frames in AWS.
- D. You can configure instant IP failover in AWS.
- E. You cannot deploy FortiGate in transparent mode in AWS.
Question #34
Which three statements about AWS security groups are correct? (Choose three answers)
- A. Security groups are stateful.
- B. By default, security groups allow all inbound traffic.
- C. By default, security groups block all outbound traffic.
- D. You can associate multiple security groups with an interface that is attached to an EC2 instance.
- E. Security group rules are always permissive; you cannot create rules that deny access.
Question #35
As part of the security plan, you need to deploy FortiGate as a network-level security device in AWS. FortiGate intercepts and analyzes traffic inline with the application server.
Which two elements are the security responsibility of the customer in a cloud environment?
(Choose two answers)
- A. Storage infrastructure
- B. Physical hardware
- C. Security profiles
- D. Traffic encryption
Question #36
Your organization has decided to deploy Fortinet Managed Rules for AWS WAF as an add-on to AWS WAF.
What is the benefit of doing this?
(Choose one answer)
- A. To be able to integrate AWS WAF into the Fortinet Security Fabric.
- B. To be able to deploy antivirus and anti-malware protection.
- C. To be able to update signatures automatically.
- D. To be able to enforce user and device identification.
Question #37
Which two statements are correct about AWS Network Access Control Lists (NACLs)? (Choose two answers)
- A. NACLs are stateless; responses to allowed inbound traffic are subject to the rules for outbound traffic.
- B. By default, each custom NACL allows all inbound and outbound traffic unless you add new rules.
- C. The VPC automatically comes with a modifiable default NACL, and by default it denies all inbound and outbound IPv4 traffic.
- D. An NACL has separate inbound and outbound rules, and each rule can either allow or deny traffic.
Question #38
Your organization has deployed AWS Web Application Firewall (WAF) to protect web applications in AWS. They would now also like to have malware protection
What solution is best deployed to accomplish this?
(Choose one answer)
- A. AWS network firewall with Fortinet-managed intrusion prevention system (IPS) rules
- B. Fortinet managed rules for AWS WAF
- C. AWS GuardDuty
- D. FortiSandbox for AWS
Question #39
Your organization has deployed AWS Web Application Firewall (WAF) to protect its web applications. You have been tasked with adding additional layers of WAF protection as a result of a recent cross site scripting (XSS) attack on one of the web servers.
What are two benefits of deploying Fortinet managed rule sets to the AWS WAF?
(Choose two answers)
- A. Ability to cache web application data for faster access.
- B. Level of protection is comparable to FortiWeb.
- C. Simplified billing through AWS marketplace
- D. Integration with the Fortinet Security Fabric.
Question #40
Refer to the exhibit.
An organization deployed the application servers in the AWS VPC that connects to the corporate data center using Transit Gateway Connect. Demand for the applications has grown and the connection requires more bandwidth.
What is required to achieve higher bandwidth?
(Choose one answer)
- A. Use routable public IP addresses instead of private IP addresses for connectivity.
- B. You cannot increase bandwidth the connection has a fixed limit.
- C. No configuration change is required because GRE tunnels are scaled to provide higher bandwidth.
- D. You add a Transit VPC between the organization's VPCs.
What are two ways to combine AWS Lambda with FortiGate? (Choose two answers)