Lead4Pass NSE7_PBC-6.4 exam dumps contain 30 exam questions and answers, covering complete Fortinet NSE 7 – Public Cloud Security 6.4 certification exam questions, and verified to be true and valid, check here to get the latest Lead4Pass NSE7_PBC-6.4 dumps: https://www.lead4pass.com/nse7_pbc-6-4.html (PDF+VCE).
Check out the NSE7_PBC-6.4 PDF exam questions and answers shared for free: https://drive.google.com/file/d/1RVMC9IObxQQp7SAl57j9I40lQw-Yrkqi/
Also, read the latest 15 Lead4Pass NSE7_PBC-6.4 exam questions and answers online:
When configuring the FortiCASB policy, which three configuration options are available? (Choose three.)
A. Intrusion prevention policies
B. Threat protection policies
C. Data loss prevention policies
D. Compliance policies
E. Antivirus policies
Correct Answer: BCD
Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/bf017449-572a-11e981a4-00505692583a/forticasb-4.1.0-admin-guide.pdf (62)
Refer to the exhibit. A customer has deployed an environment in Amazon Web Services (AWS) and is now trying to send outbound traffic from the Web servers to the Internet. The FortiGate policies are configured to allow all outbound traffic; however, the traffic is not reaching the FortiGate internal interface.
What are two possible reasons for this behavior? (Choose two.)
A. The web servers are not configured with the default gateway.
B. The Internet gateway (IGW) is not added to VPC (virtual private cloud).
C. AWS source and destination checks are enabled on the FortiGate interfaces.
D. AWS security groups may be blocking the traffic.
Correct Answer: AD
Refer to the exhibit. Your senior administrator successfully configured a FortiGate fabric connector with the Azure resource manager and created a dynamic address object on the FortiGate VM to connect with a windows server in Microsoft Azure. However, there is now an error on the dynamic address object, and you must resolve the issue.
How do you resolve this issue?
A. Run diagnose debug the application and -l on FortiGate.
B. In the Microsoft Azure portal, set the correct tag values for the windows server.
C. In the Microsoft Azure portal, access the windows server, obtain the private IP address, and assign the IP address under the FortiGate-VM AzureLab address object.
D. Delete the address object and recreate a new address object with the type set to FQDN.
Correct Answer: C
Refer to the exhibit. You are deploying a FortiGate-VM in Microsoft Azure using the PAYG/On-demand licensing model. After you configure the FortiGate-VM, the validation process fails, displaying the error shown in the exhibit.
What caused the validation process to fail?
A. You selected the incorrect resource group.
B. You selected the Bring Your Own License (BYOL) licensing mode.
C. You selected the PAYG/On-demand licensing model, but did not select correct virtual machine size.
D. You selected the PAYG/On-demand licensing model, but did not associate a valid Azure subscription.
Correct Answer: A
An Amazon Web Services (AWS) auto-scale FortiGate cluster has just experienced a scale-down event, terminating a FortiGate in availability zone C.
What action will the worker node automatically perform to restore access to the black-holed subnet?
A. The worker node applies a routeing table from a non-black-holed subnet to the black-holed subnet.
B. The worker node moves the virtual IP of the terminated FortiGate to a running FortiGate on the worker node\’s private subnet interface.
C. The worker node modifies the routeing table applied to the black-holed subnet changing its default route to point to a running FortiGate on the worker node\’s private subnet interface.
D. The worker node migrates the subnet to a different availability zone.
Correct Answer: D
Which two statements about the Amazon Cloud Services (AWS) network access control lists (ACLs) are true? (Choose two.)
A. Network ACLs are stateless, and inbound and outbound rules are used for traffic filtering.
B. Network ACLs are stateful, and inbound and outbound rules are used for traffic filtering.
C. Network ACLs must be manually applied to virtual network interfaces.
D. Network ACLs support allow rules and deny rules.
Correct Answer: AD
When an organization deploys a FortiGate-VM in a high availability (HA) (active/active) architecture in Microsoft Azure, they need to determine the default timeout values of the load balancer probes.
In the event of failure, how long will Azure take to mark a FortiGate-VM as unhealthy, considering the default timeout values?
A. Less than 10 seconds
B. 30 seconds
C. 20 seconds
D. 16 seconds
Correct Answer: B
Which three properties are configurable Microsoft Azure network security group rule settings? (Choose three.)
B. Sequence number
C. Source and destination IP ranges
D. Destination port ranges
E. Source port ranges
Correct Answer: ADE
Refer to the exhibit. You attempted to deploy the FortiGate-VM in Microsoft Azure with the JSON template, and it failed to boot up. The exhibit shows an excerpt from the JSON template.
What is incorrect with the template?
A. The LUN ID is not defined.
B. FortiGate-VM does not support managed disk from Azure.
C. The caching parameter should be None.
D. The CreateOptions parameter should be FromImage.
Correct Answer: D
What is the bandwidth limitation of an Amazon Web Services (AWS) transit gateway VPC attachment?
A. Up to 1.25 Gbps per attachment
B. Up to 50 Gbps per attachment
C. Up to 10 Gbps per attachment
D. Up to 1 Gbps per attachment
Correct Answer: A
Reference: https://d1.awsstatic.com/whitepapers/building-a-scalable-and-secure-multi-vpc-aws-networkinfrastructure.pdf (5)
A company deployed a FortiGate-VM with an on-demand license using Amazon Web Services (AWS) Market Place Cloud Formation template. After deployment, the administrator cannot remember the default admin password.
What is the default admin password for the FortiGate-VM instance?
A. The admin password cannot be recovered and the customer needs to deploy the FortiGate-VM again.
D. The instance-ID value
Correct Answer: D
You have been asked to secure your organization\’s salesforce application that is running on Microsoft Azure, and find an effective method for inspecting shadow IT activities in the organization. After an initial investigation, you find that many users access the salesforce application remotely as well as on-premises. Your goal is to find a way to get more visibility, control over shadow IT-related activities, and identify any data leaks in the salesforce application.
Which three steps should you take to achieve your goal? (Choose three.)
A. Deploy and configure FortiCASB with a Fortinet FortiCASB subscription license.
B. Configure FortiCASB and set up access rights, privileges, and data protection policies.
C. Use FortiGate, FortiGuard, and FortiAnalyzer solutions.
D. Deploy and configure FortiCWP with a workload guardian license.
E. Deploy and configure FortiGate with Security Fabric solutions and FortiCWP with a storage guardian advance license.
Correct Answer: ABC
Your company deploys FortiGate VM devices in high availability (HA) (active-active) mode with Microsoft Azure load balancers using the Microsoft Azure ARM template. Your senior administrator instructs you to connect to one of the FortiGate devices and configure the necessary firewall rules. However, you are not sure how to obtain the correct public IP address of the deployed FortiGate VM and identify the access ports.
How do you obtain the public IP address of the FortiGate VM and identify the correct ports to access the device?
A. In the configured load balancer, access the inbound NAT rules section.
B. In the configured load balancer, access the backend pools section.
C. In the configured load balancer, access the inbound and outbound NAT rules section.
D. In the configured load balancer, access the health probes section.
Correct Answer: C
Refer to the exhibit. Consider an active-passive HA deployment in Microsoft Azure. The exhibit shows an excerpt from the passive FortiGate-VM node.
If the active FortiGate-VM fails, what are the results of the API calls made by the FortiGate named SSTENTAZFGT-0302? (Choose two.)
A. SSTENTAZFGT-03-FloatingPIP is assigned to the IP configuration with the name SSTENTAZFGT0302-Nic-01, under the network interface SSTENTAZFGT-0302-Nic-01
B. 172.29.32.71 is set as a next-hop IP for all routes under FortigateUDR-01
C. The network interface of the active unit moves to itself
D. SSTENTAZFGT-03-FloatingPIP public IP is assigned to NIC SSTENTAZFGT-0302-Nic-01
Correct Answer: AB
Which two Amazon Web Services (AWS) topologies support east-west traffic inspection within the AWS A. A single VPC deployment with multiple subnets and a NAT gateway
B. A single VPC deployment with multiple subnets
C. A multiple VPC deployment utilizing a transit VPC topology
D. A multiple VPC deployment utilizing a transit gateway
Correct Answer: BC
Latest Complete 30 NSE7_PBC-6.4 Certification Exam Questions With Answers Get Lead4Pass NSE7_PBC-6.4 Exam Dumps: https://www.lead4pass.com/nse7_pbc-6-4.html (PDF+VCE)