You have previously deployed an Amazon Web Services (AWS) transit virtual private cloud (VPC) with a pair of FortiGate firewalls (VM04 / c4.xlarge) as your security perimeter. You are beginning to see high CPU usage on the FortiGate instances.
Which action will fix this issue?
Which three properties are configurable Microsoft Azure network security group rule settings? (Choose three.)
Under 'Default security rules' we read source, destination, source port, destination port and access. However under 'Security rules' we read action, port ranges and source and destination, and essentially Options A, C, D and E are valid are those parameters can be configured. I would mark A D and E and source/destination port are to be seen in the table, maybe old documentation. https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
Refer to the exhibit.
In your Amazon Web Services (AWS) virtual private cloud (VPC), you must allow outbound access to the internet and upgrade software on an EC2 instance, without using a NAT instance. This specific EC2 instance is running in a private subnet: 10.0.1.0/24.
Also, you must ensure that the EC2 instance source IP address is not exposed to the public internet. There are two subnets in this VPC in the same availability zone, named public (10.0.0.0/24) and private (10.0.1.0/24).
How do you achieve this outcome with minimum configuration?
AWS NAT gateway allows instances in a private subnet to connect to the internet or other AWS services without using NAT instance. the main routing table sends internet traffic from the private subnet instances to the NAT gateway, then NAT gateway sends traffic to the IGW using the source IP address of the elastic IP address.
Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Private-route and add a new route destination 0.0.0.0/0 to target the NAT gateway.
You have been asked to develop an Azure Resource Manager infrastructure as a code template for the FortiGate-VM, that can be reused for multiple deployments. The deployment fails, and errors point to the storageAccount name.
Which two are restrictions for a storageAccount name in an Azure Resource Manager template? (Choose two.)
https://docs.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts?tabs=bicep
Property values / storageAccounts
name --> The resource name :
* string (required)
* Character limit: 3-24
* Valid characters: Lowercase letters and numbers.
* Resource name must be unique across Azure.
Refer to the exhibit.
A customer has deployed an environment in Amazon Web Services (AWS) and is now trying to send outbound traffic from the Web servers to the Internet. The FortiGate policies are configured to allow all outbound traffic; however, the traffic is not reaching the FortiGate internal interface.
What are two possible reasons for this behavior? (Choose two.)
You need to check if source/destination are enabled. Public_Cloud_6.4_Study_Guide Page 67