Free Fortinet NSE7_PBC-6.4 Exam Actual Questions

The questions for NSE7_PBC-6.4 were last updated On Nov 3, 2024

Question No. 1

You have previously deployed an Amazon Web Services (AWS) transit virtual private cloud (VPC) with a pair of FortiGate firewalls (VM04 / c4.xlarge) as your security perimeter. You are beginning to see high CPU usage on the FortiGate instances.

Which action will fix this issue?

Show Answer Hide Answer
Question No. 2

Which three properties are configurable Microsoft Azure network security group rule settings? (Choose three.)

Show Answer Hide Answer
Correct Answer: A, D, E

Under 'Default security rules' we read source, destination, source port, destination port and access. However under 'Security rules' we read action, port ranges and source and destination, and essentially Options A, C, D and E are valid are those parameters can be configured. I would mark A D and E and source/destination port are to be seen in the table, maybe old documentation. https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview


Question No. 3

Refer to the exhibit.

In your Amazon Web Services (AWS) virtual private cloud (VPC), you must allow outbound access to the internet and upgrade software on an EC2 instance, without using a NAT instance. This specific EC2 instance is running in a private subnet: 10.0.1.0/24.

Also, you must ensure that the EC2 instance source IP address is not exposed to the public internet. There are two subnets in this VPC in the same availability zone, named public (10.0.0.0/24) and private (10.0.1.0/24).

How do you achieve this outcome with minimum configuration?

Show Answer Hide Answer
Correct Answer: D

AWS NAT gateway allows instances in a private subnet to connect to the internet or other AWS services without using NAT instance. the main routing table sends internet traffic from the private subnet instances to the NAT gateway, then NAT gateway sends traffic to the IGW using the source IP address of the elastic IP address.

Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Private-route and add a new route destination 0.0.0.0/0 to target the NAT gateway.


Question No. 4

You have been asked to develop an Azure Resource Manager infrastructure as a code template for the FortiGate-VM, that can be reused for multiple deployments. The deployment fails, and errors point to the storageAccount name.

Which two are restrictions for a storageAccount name in an Azure Resource Manager template? (Choose two.)

Show Answer Hide Answer
Correct Answer: C, D

-Storage account names must be between 3 and 24 characters in length and may contain numbers and lowercase letters only. https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview

https://docs.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts?tabs=bicep

Property values / storageAccounts

name --> The resource name :

* string (required)

* Character limit: 3-24

* Valid characters: Lowercase letters and numbers.

* Resource name must be unique across Azure.


Question No. 5

Refer to the exhibit.

A customer has deployed an environment in Amazon Web Services (AWS) and is now trying to send outbound traffic from the Web servers to the Internet. The FortiGate policies are configured to allow all outbound traffic; however, the traffic is not reaching the FortiGate internal interface.

What are two possible reasons for this behavior? (Choose two.)

Show Answer Hide Answer
Correct Answer: C, D

You need to check if source/destination are enabled. Public_Cloud_6.4_Study_Guide Page 67