A . Use the terraform destroy command.This command is used to remove all the resources that were created using the Terraform configuration1. It is the opposite of the terraform apply command, which is used to create resources. The terraform destroy command will first show a plan of what resources will be destroyed, and then ask for confirmation before proceeding. The command will also update the state file to reflect the changes. D. The administrator must manually delete the Linux server.This is because the Linux server was not deployed using Terraform, but using AWS Marketplace2. Therefore, Terraform does not have any information about the Linux server in its state file, and cannot manage or destroy it. The administrator will have to use the AWS console or CLI to delete the Linux server manually.

The other options are incorrect because:

There is no terraform validate command.The correct command is terraform plan, which is used to show a plan of what changes will be made by applying the configuration3. However, this command does not delete any resources, it only shows what will happen if terraform apply or terraform destroy is run.

There is no terraform destroy all command.The correct command is terraform destroy, which will destroy all the resources in the current configuration by default1. There is no need to add an all argument to the command.

The correct answer is D. CloudWatch and S3.

According to the GitHub repository for the Fortinet aws-lambda-tgw script1, this function requires the following AWS services:

CloudWatch: A monitoring and observability service that collects and processes events from various AWS resources, including Transit Gateway attachments and route tables.

S3: A scalable object storage service that can store the configuration files and logs generated by the Lambda function.

By using the Fortinet aws-lambda-tgw script, you can automate the creation and configuration of Transit Gateway Connect attachments for your FortiGate devices. This can help you save time and avoid errors when adding more spoke VPCs to an existing hub and spoke topology1.

The other AWS services mentioned in the options are not required for this task. GuardDuty is a threat detection service that monitors for malicious and unauthorized behavior to help protect AWS accounts and workloads. WAF is a web application firewall that helps protect web applications from common web exploits. Inspector is a security assessment service that helps improve the security and compliance of applications deployed on AWS. DynamoDB is a fast and flexible NoSQL database service that can store various types of data.

1: GitHub - fortinet/aws-lambda-tgw

In using Red Hat Ansible for changing the configuration of a FortiGate VM, the minimum number of files you must create and the file to configure the target FortiGate IP address are:

B . Create two files and use the hosts file.

Ansible Playbook File (YAML): The playbook file, which is typically a YAML file, contains the desired states and tasks that Ansible will execute on the target hosts.

Inventory File (Hosts): The inventory file, commonly named hosts, is where you define the target machines, including the FortiGate VM's IP address. Ansible uses this file to determine on which machines to run the playbook.

By creating these two files, you will have the necessary components to configure Ansible for the deployment. The playbook contains the automation tasks, and the hosts file lists the machines where those tasks will be executed.

B . FortiGate A and FortiGate B are two independent devices. This means that they are not part of a cluster or a high availability group, and they do not share the same configuration or state information.They are configured as standalone FortiGates with standalone configuration synchronization enabled1.This feature allows them to synchronize most of their configuration settings with each other, except for some settings that identify the FortiGate to the network, such as the hostname1. D. It does not synchronize the FortiGate hostname. This is one of the settings that are excluded from the standalone configuration synchronization, as mentioned above.The hostname is a unique identifier for each FortiGate device, and it should not be changed by the synchronization process1.

The other options are incorrect because:

FortiGate-VM instances are not scaled out automatically according to predefined workload levels.This is a feature of the auto scaling solution for FortiGate-VM on Azure, which requires a different deployment and configuration than the one shown in the exhibit2. The exhibit shows a static deployment of two FortiGate-VM instances behind an Azure load balancer, which does not support auto scaling.

By default, FortiGate does not use FGCP.FGCP stands for FortiGate Clustering Protocol, which is used to synchronize configuration and state information between FortiGate devices in a cluster or a high availability group3. However, the exhibit shows that the FortiGates are not in a cluster or a high availability group, and they use standalone configuration synchronization instead of FGCP.