which statement about fortisandbox in amazon web services (AWS) is true?

fortisandbox in AWS uses windows virtual machine VMs to inspect files

in AWS virtual machines VMS that inspect files do not have to be reset after inspecting a file

In AWS virtual machines VMs that inspect files are constantly up and running

fortisandbox in AWS can have a maximu of eigth virtual machines VMs that inspect

what is the bandwidth ilimitation of an amazon web services AWS transit gateway VPC attachment?

up to 1.25 Gbps per attachement

an organization deploys a fortigate-VM in amazon web services AWS and configures two elastic network interfaces ENIS now the same organization wants to add additional ENIS to support different workloads in their enviroment. Which action can you take to accomplish this?

create the ENI and attach it to fortigate

none you cannot create and additional ENis to an existing Fortigate-VM

create the ENi shut down fortigate attach the ENI to fortigate an then start fortigate

create the ENI attach it to fortigate and then restart fortigate

refer to the exhibit A customer has deployed an environment in Amazon Web Services AWS and is now trying to send outbound traffic from the web servers to the internet the fortigate policies are configured to allow all outbound traffic however the traffic is not reaching the fortigate internal interface. What are two possible reasons for this behavior( choose two)

AWS soruce and destination checks are enabled on the fortigate interfaces

AWS security groups may be blocking the traffic

the web servers are not configured with the default gateway

the internet gateway IGW is not added to VPC (virtual private cloud)

an organization deployed a fortigate VM in the google cloud platform and initialy configured it with two VNICS now the same organization wants to add additional vNICS to this existing fortigate-VM to support different workloads in their environment. How can they do this?

they cannot create and add additional VNICs to anexisting fortigate VM

they can create additional VNICs using the cloud shell

they can create additional VNICS in the iu console

they can use the compute engine Api explorer

you are deploying amazon web services AWS guardDuty to monitor malicious or unauthorized behavarios related to AWS resources.you will also use the fortinet aws-lambda-guardutty script to translate feeds from AWS GuardDuty findings into a list of malicious IP addresses Fortigate can the consume this list as an external threat feed

GuardDuty, CloudWatch, S3, and DynamoDB

GuardDuty, CloudWatch, S3, inspector , WAF , and shiel

inspector, Shield,GuardDuty,S3,and DynamoDB

WAF,shield,GuardDuty,S3,and DynamoDB

you have been asked to secure your organizations salesforce application that is running on microsoft azure, and find an effective method for inspecting shadow IT activities in the organization, after an initial investigation you find that many users access the salesforce application remotely as well as on-premises your goal is to find way to get more visibility, control over shadow IT-realted activities, and identify any data leaks in the salesforce application.

deploy and configure FortiCASB with a fortinet FortiCASB subscription license

configure FortiCASB and set up access tights, privileges,and data protection policies

use Fortigate,FortiGuard and FortiAnalyzer solutions

deploy and configure FortiCWP with a workload guardian license

deploy and configure Fortigate with security fabric solutions and FortiCWP with a storage guardian advance license

A company deployed a FortiGate-VM with an on-demand license using Amazon Web Services (AWS) Market Place Cloud Formation template. After deployment, the administrator cannot remember the default admin password. What is the default admin password for the FortiGate-VM instance?

The admin password cannot be recovered and the customer needs to deploy the FortiGate-VM again.

Refer to the exhibit. Your senior administrator successfully configured a FortiGate fabric connector with the Azure resource manager, and created a dynamic address object on the FortiGate VM to connect with a windows server in Microsoft Azure. However, there is now an error on the dynamic address object, and you must resolve the issue. How do you resolve this issue?

Run diagnose debug application azd -I on FortiGate.

In the Microsoft Azure portal, set the correct tag values for the windows server.

In the Microsoft Azure portal, access the windows server, obtain the private IP address, and assign the IP address under the FortiGate-VM AzureLab address object.

Delete the address object and recreate a new address object with the type set to FQDN.

You have been tasked with deploying FortiGate VMs in a highly available topology on the Amazon Web Services (AWS) cloud. The requirements for your deployment are as follows: • You must deploy two FortiGate VMs in a single virtual private cloud (VPC), with an external elastic load balancer which will distribute ingress traffic from the internet to both FortiGate VMs in an active-active topology. • Each FortiGate VM must have two elastic network interfaces: one will connect to a public subnet and other will connect to a private subnet. • To maintain high availability, you must deploy the FortiGate VMs in two different availability zones. How many public and private subnets will you need to configure within the VPC?

Two public subnets and two private subnets

One public subnet and two private subnets

Two public subnets and one private subnet

One public subnet and one private subnet

Refer to the exhibit. The exhibit shows a topology where multiple connections from clients to the same FortiGate-VM instance, regardless of the protocol being used, are required. Which two statements are correct? (Choose two.)

The design shows an active-active FortiGate-VM architecture.

The Cloud Load Balancer Session Affinity setting should be changed to CLIENT_IP.

The design shows an active-passive FortiGate-VM architecture

The Cloud Load Balancer Session Affinity setting should use the default value.

Your company deploys FortiGate VM devices in high availability (HA) (active-active) mode with Microsoft Azure load balancers using the Microsoft Azure ARM template. Your senior administrator instructs you to connect to one of the FortiGate devices and configure the necessary firewall rules. However, you are not sure now to obtain the correct public IP address of the deployed FortiGate VM and identify the access ports. How do you obtain the public IP address of the FortiGate VM and identify the correct ports to access the device?

In the configured load balancer, access the inbound NAT rules section.

In the configured load balancer, access the backend pools section.

In the configured load balancer, access the inbound and outbound NAT rules section.

In the configured load balancer, access the health probes section.

Refer to the exhibit. You are deploying a FortiGate-VM in Microsoft Azure using the PAYG/On-demand licensing model. After you configure the FortiGate-VM, the validation process fails, displaying the error shown in the exhibit. What caused the validation process to fail?

You selected the PAYG/On-demand licensing model, but did not associate a valid Azure subscription.

You selected the incorrect resource group

You selected the Bring Your Own License (BYOL) licensing mode.

You selected the PAYG/On-demand licensing model, but did not select correct virtual machine size.

You have previously deployed an Amazon Web Services (AWS) transit virtual private cloud (VPC) with a pair of FortiGate firewalls (VM04/c4.xlarge) as your security perimeter. You are beginning to see high CPU usage on the FortiGate instances. Which action will fix this issue?

Convert the transit VPC firewalls into an auto-scaling group and launch additional EC2 instances in that group

Convert the c4.xlarge instances to m4.xlarge instances

Migrate the transit VPNs to new and larger instances (VM08/c4.2xlarge)

Convert from IPsec tunnels to generic routing encapsulation (GRE) tunnels, for the VPC peering connections

Which two statements about Amazon Web Services (AWS) networking are correct? (Choose two.)

Proxy ARP entries are disregarded.

Multicast traffic is not allowed.

802.1Q VLAN tags are allowed inside the same virtual private cloud.

AWS DNS reserves the first host IP address of each subnet.

Which two statements about Microsoft Azure network security groups are true? (Choose two.)

Network security groups can be applied to subnets and virtual network interfaces

Network security groups are a stateful inbound and outbound rules used for traffic filtering.

Network security groups can be applied to subnets only

Network security groups are stateless inbound and outbound rules used for traffic filtering.

An Amazon Web Services (AWS) auto-scale FortiGate cluster has just experienced a scale-down event, terminating a FortiGate in availability zone C. This has now black-holed the private subnet in this availability zone. What action will the worker node automatically perform to restore access to the black-holed subnet?

The worker node modifies the route table applied to the black-holed subnet changing its default route to point to a running FortiGate on the worker node's private subnet interface

The worker node applies a route table from a non-black-holed subnet to the black-holed subnet.

The worker node moves the virtual IP of the terminated FortiGate to a running FortiGate on the worker node's private subnet interface

The worker node migrates the subnet to a different availability zone.

Which two Amazon Web Services (AWS) topologies support east-west traffic inspection within the AWS cloud by the FortiGate VM? (Choose two.)

A multiple VPC deployment utilizing a transit VPC topology

A multiple VPC deployment utilizing a transit gateway

A single VPC deployment with multiple subnets and a NAT gateway

A single VPC deployment with multiple subnets

Refer to the exhibit. In your Amazon Web Services (AWS) virtual private cloud (VPC), you must allow outbound access to the internet and upgrade software on an EC2 instance, without using a NAT instance. This specific EC2 instance is running in a private subnet: 10.0.1.0/24. Also, you must ensure that the EC2 instance source IP address is not exposed to the public internet. There are two subnets in this VPC in the same availability zone, named public (10.0.0.0/24) and private (10.0.1.0/24). How do you achieve this outcome with minimum configuration?

Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Private-route and add a new route destination 0.0.0.0/0 to target the NAT gateway.

Deploy a NAT gateway with an EIP in the private subnet, edit the public main routing table, and change the destination route 0.0.0.0/0 to the target NAT gateway.

Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Public-route, and delete the route destination 10.0.0.0/16 to target local.

Deploy a NAT gateway with an EIP in the private subnet, edit route tables, select Private-route, and add a new route destination 0.0.0.0/0 to the target internet gateway.

You have been asked to develop an Azure Resource Manager infrastructure as a code template for the FortiGate-VM, that can be reused for multiple deployments. The deployment fails, and errors point to the storageAccount name. Which two are restrictions for a storageAccount name in an Azure Resource Manager template? (Choose two.)

The storageAccount name must be in lowercase.

The storageAccount name must contain between 3 and 24 alphanumeric characters.

he uniqueString() function must be used.

The storageAccount name must use special characters.

Cloud

Professional Development

•

30 Qs

Similar activities

ISC Lib 2023 Day 9

Professional Development

•

25 Qs

ICDL- Online Collaboration Quiz 3

Professional Development

•

25 Qs

IT support technician level-1 (MS. Word)

Professional Development

•

25 Qs

Web Application Development (WAD)

Professional Development

•

25 Qs

VIDEO GAMES

KG - Professional Development

•

26 Qs

Openstack

Professional Development

•

25 Qs

FUNCTIONS - FILES - OOPs CONCEPTS

Professional Development

•

25 Qs

Aptitude King

University - Professional Development

•

25 Qs

Cloud

Quiz

•

Computers

•

Professional Development

•

Practice Problem

•

Easy

Sergio Ortiz

Used 14+ times

FREE Resource

30 questions

Show all answers

MULTIPLE SELECT QUESTION

45 sec • 1 pt

Customer XYZ has an ExpressRoute connection from Microsoft Azure to a data center. they want to secure communication over ExpressRoute and to install an in-line fortigate to perform intrusion prevention system (IPS) and antivirus scannig

install fortigatein azure and build a vpn tunnel to the data center over expressRoute

configure a user defined route table

enable the redirect option in expressroute to send data center traffic to user defined route table

configure the gateway subnet as the subnet in the user-defined route table

define a default route where the next hop ip is the fortigate wan interface

MULTIPLE SELECT QUESTION

45 sec • 1 pt

which two statements about the amazon cloud services (AWS) network access control list (ACLS) are true?(choose two)

network ACLS are stateless and inbound and outbound rules are used for traffic filtering

network ACLS are stateful and inbound and outbound rules are used for traffic filtering

network ACLS must be manually applied to virtual network interfaces

network ACLS support allow rules and deny rules

MULTIPLE SELECT QUESTION

45 sec • 1 pt

which three properties are configurable microsoft azure network security group rule settings? Choose three

Action

Sequence number

source and destination ip ranges

destination port ranges

source port ranges

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

refer to the exhibit you attempted to deploy the fortigate VM in Microsoft azure with the JSON template, and it failed to boot up. the exhibit shows an excerpt the JSON template. What is incorrect with the template

the LUN ID is not defined

Fortigate VM does not support managed DISK from Azure

the caching parameter should be none

the create options parameter should be fromImage

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

refer to th exhibit you are configuring an active passive fortigate clustering protocol FGCP HA configuration in a single availability zone in amazon web services AWS using a cloud formation template. after deploying the template you notice that the AWS console has ip information listed in the fortigate VM firewalls in the HA configuration however within the configuration of FortiOS you notice that port1 is using anip of 10.0.013 and port2 is using an ip of 10.0.1..13

configure fortios to use static ip addresses with the ip addresses reflected in the ENI primary IP address configuration (as per the exhibit)

Delete the deployment and start again you have in put the wrong parameters during the cloud formation template deployment

configure fortios to use DHCP so that it will get the correct IP adresses on the ports

nothing in AWS cloud it is normal for a fortigate ENI primary ip address to be different that the fortios IP address configuation

MULTIPLE SELECT QUESTION

45 sec • 1 pt

refer to the exhibit which two conditions will enable you to segregate and secure the traffic between the hub and the spokes in Microsft Azure? Choose two

implement the fortigate VM network virtual appliance NVA in the hub and use user defined toutes UDRs in the spokes

use ExpressRoute to interconnect the hub VNets and spoke VNets

configure Vnet peering between the spokes only

configure Vnet peering between the hub and spokes

MULTIPLE SELECT QUESTION

45 sec • 1 pt

refer to th exhibit consider an active-passive HA deployment in microsoft azure the exhibit shows an excerpt from the passive fortigateVM node if the active fortigate VM fails what are the results of the API calls made by the fortigate named SSTENTAZFGT-0302 choose two

SSTENTAZFGT-03-FloatingPIP is assingned to the ip configuration with the same SSTENTAZFGT-0302-NIC-01 under the network interface SSTENTAZFGT-0302-NIC-01

172.29.32.71 is set as next hop IP for all routes under fortigateUDR-01

the network interface of the active unit moves to itself

SSTENTAZFGT-03-FloatingPIP public ip is a assigned to NIC SSTENTAZFGT-0302-NIC-01

Create a free account and access millions of resources

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

28 questions

Cyber Crime Investigation

Quiz

•

Professional Development

32 questions

A+ Core 1 - 1101 - Quiz 1

Quiz

•

Professional Development

25 questions

IP Addressing Quiz

Quiz

•

Professional Development

25 questions

SEC+ 001-025

Quiz

•

Professional Development

25 questions

RIP-IRGP-Quiz

Quiz

•

Professional Development

27 questions

Python Quiz

Quiz

•

Professional Development

28 questions

Christmas Trivia Game 2020

Quiz

•

Professional Development

27 questions

A+ - 9A - Deploy Printer and Multifunction Devices

Quiz

•

Professional Development

Popular Resources on Wayground

10 questions

Forest Self-Management

Lesson

•

1st - 5th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

30 questions

Thanksgiving Trivia

Quiz

•

9th - 12th Grade

30 questions

Thanksgiving Trivia

Quiz

•

6th Grade

11 questions

Would You Rather - Thanksgiving

Lesson

•

KG - 12th Grade

48 questions

The Eagle Way

Quiz

•

6th Grade

10 questions

Identifying equations

Quiz

•

KG - University

10 questions

Thanksgiving

Lesson

•

5th - 7th Grade

Discover more resources for Computers

20 questions

HS2C2 AB QUIZIZZ

Quiz

•

1st Grade - Professio...

Cloud

30 questions

Customer XYZ has an ExpressRoute connection from Microsoft Azure to a data center. they want to secure communication over ExpressRoute and to install an in-line fortigate to perform intrusion prevention system (IPS) and antivirus scannig

which two statements about the amazon cloud services (AWS) network access control list (ACLS) are true?(choose two)

which three properties are configurable microsoft azure network security group rule settings? Choose three

refer to the exhibit you attempted to deploy the fortigate VM in Microsoft azure with the JSON template, and it failed to boot up. the exhibit shows an excerpt the JSON template. What is incorrect with the template

refer to the exhibit which two conditions will enable you to segregate and secure the traffic between the hub and the spokes in Microsft Azure? Choose two

refer to th exhibit consider an active-passive HA deployment in microsoft azure the exhibit shows an excerpt from the passive fortigateVM node if the active fortigate VM fails what are the results of the API calls made by the fortigate named SSTENTAZFGT-0302 choose two

which statement about fortisandbox in amazon web services (AWS) is true?

what is the bandwidth ilimitation of an amazon web services AWS transit gateway VPC attachment?

an organization deploys a fortigate-VM in amazon web services AWS and configures two elastic network interfaces ENIS now the same organization wants to add additional ENIS to support different workloads in their enviroment.Which action can you take to accomplish this?

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers

an organization deploys a fortigate-VM in amazon web services AWS and configures two elastic network interfaces ENIS now the same organization wants to add additional ENIS to support different workloads in their enviroment.
Which action can you take to accomplish this?