● FCP - AWS Cloud Security 7.4 Administrator Actual Materials

Please note that the exam " FCP - AWS Cloud Security 7.4 Administrator" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,



Question #51
Comment Image Comment Image Comment Image

Refer to the exhibit.

A customer has deployed an active-passive (A-P) cluster spanning two availability zones using the publicly available CloudFormation template from Fortinet.

What three things can you assume from the output? (Choose three answers)

  • A. The FortiGate devices were created manually through AWS marketplace.
  • B. Five different CloudFormation templates were run to provide the five outputs.
  • C. The initial password for the FortiGate devices has been set.
  • D. The CloudFormation template executed successfully.
  • E. The IP address 18.224.122.219 will be moved to the WAN interface of FortiGate 2 during a failover.

Question #52
Comment Image Comment Image Comment Image

Refer to the exhibit.
A customer has deployed FortiGate Cloud-Native Firewall (CNF) in the GWLB Subnet to protect an EC2 instance in the Private subnet.

What does the traffic flow look like for incoming packets destined for the EC2 instance?. (Choose one answer)

  • A. Internet > IGW > GWLB Subnet > Private subnet > EC2 instance.
  • B. Internet > IGW > Public subnet > GWLBe > GWLB Subnet > Private subnet > EC2 instance.
  • C. Internet > NAT GW > GWLB Subnet > Private subnet > EC2 instance.
  • D. Internet > IGW > Public subnet > Private subnet > EC2 instance.

Question #53
Comment Image Comment Image Comment Image

Refer to the exhibit.

An active-passive (A-P) cluster has been deployed in AZ1. This A-P cluster is part of an active-active(A-A) cluster that spans AZ1 and AZ2.
Which three statements about the topology are correct? (Choose three.) (Choose three answers)

  • A. Not all three FortiGate devices will show as healthy on the elastic load balancer (ELB) status page.
  • B. Virtual IPs (VIPs) must be created on all FortiGate devices to translate inbound connections to the protected hosts.
  • C. The ELB will forward traffic to the FortiGate in AZ2 only when both FortiGate devices in AZ1 are down and considered unhealthy.
  • D. The minimum number of subnets that are required to be created for this topology is four.
  • E. Healthy FortiGate devices are accessible using the DNS name assigned to the ELB.

Question #54
Comment Image Comment Image Comment Image

Refer to the exhibit.

What two assumptions can you make about the cloud-native firewall (CNF) instance shown in the exhibit? (Choose two answers)

  • A. At least one AWS account has been associated with FortiGate CNF.
  • B. The policy set allow_all was manually created on the FortiGate CNF console.
  • C. The CNF is managed by AWS Firewall Manager.
  • D. The administrator has specified the virtual public cloud (VPC) and subnet in which to deploy the CNF instance.

Question #55
Comment Image Comment Image Comment Image

An organization wants to inspect all traffic between Customer A's VPC and Customer B's VPC through a VPC named Security VPC.

The Security VPC has a GWLB subnet to deploy the endpoint and redirects the east-west traffic to FortiGate for inspection.

Based on the exhibit, why do you need to deploy Transit Gateway? (Choose one answer)

  • A. To load balance traffic
  • B. To scale partner virtual appliances
  • C. To ensure that any east-west traffic between the organization's VPCs routes through the Security VPC
  • D. To achieve higher bandwidth

Question #56
Comment Image Comment Image Comment Image

Which two statements correctly describe FortiGate Cloud-Native Firewall (CNF)? (Choose two answers)

  • A. It supports VPN, SD-WAN, and network address translation (NAT).
  • B. It is a Firewall-as-a-Service.
  • C. It integrates into AWS by provisioning a network load balancer.
  • D. It is a high-performing, auto-scaling, next-generation firewall (NGFW) solution to control and inspect north-south and east-west network traffic.

Question #57
Comment Image Comment Image Comment Image

A customer has deployed a FortiGate Cloud-Native Firewall (CNF) instance. They are now debating which management processes to use.

Which statement is correct about the different management processes available for FortiGate CNF? (Choose one answer)

  • A. There are varying levels of control when choosing between AWS Firewall Manager, FortiManager, or the CNF console.
  • B. You can use FortiManager to provision a CNF instance.
  • C. When using AWS Firewall Manager, you can extend a CNF instance across multiple regions.
  • D. You can use the CNF console to configure all supported next-generation (NGFW) capabilities.

Question #58
Comment Image Comment Image Comment Image

A customer has decided to deploy an active-passive (A-P) high availability (HA) cluster in AWS cloud. They have decided to use the publicly available CloudFormation template provided by Fortinet.
Where can they download the template? (Choose one answer)

  • A. AWS marketplace
  • B. https://support.fortinet.com
  • C. GitHub
  • D. FortiCloud

Question #59
Comment Image Comment Image Comment Image

Refer to the exhibit.

Which two statements are correct about Transit Gateway Connect as shown in the exhibit? (Choose two answers)

  • A. Traffic is encapsulated.
  • B. You can configure both BGP and static routes.
  • C. You can configure static routes only.
  • D. You get lower bandwidth performance than a VPN.

Question #60
Comment Image Comment Image Comment Image

In which file format can the AWS CloudFormation template be saved? (Choose one answer)

  • A. YAML
  • B. TOML
  • C. XML
  • D. INI