Question No. 1

Which statement about immutable infrastructure in automation is true?

AIt is the practice of deploying a new server for every configuration change

BIt is the practice of modifying the existing server configuration after it is deployed

CIt is the practice of deploying two parallel servers for high availability.

DIt is the practice of applying hotfixes and OS patches after deployment

Show Answer

Correct Answer: A

The statement that best describes the concept of immutable infrastructure in the context of automation is:

A . It is the practice of deploying a new server for every configuration change.

Immutable Infrastructure Concept: This approach to infrastructure management involves replacing servers or components entirely rather than making changes to existing configurations once they are deployed. When a change is needed, a new server instance is provisioned with the desired configuration and the old one is decommissioned after the new one is successfully deployed and tested.

Benefits: Immutable infrastructure minimizes the risks associated with in-place updates, such as inconsistencies or failures due to configuration drift. It enhances reliability and predictability by ensuring that the deployed environment matches exactly what was tested in staging. This practice is particularly aligned with modern deployment strategies like blue/green or canary deployments.

Question No. 2

Refer to the exhibit

You are tasked with deploying FortiGate using Terraform. When you run the terraform version command during the Terraform installation, you get an error message.

What could be the reason that you are getting the command not found error?

AYou must move the binary file to the bin directory.

BYou must change the directory location to the root directory

CYou must assign correct permissions to the ec2-user.

DYou must reinstall Terraform

Show Answer

Correct Answer: A

According to the Terraform documentation for installing Terraform on Linux1, you need to download a zip archive that contains a single binary file called terraform. You need to unzip the archive and move the binary file to a directory that is included in your system's PATH environment variable, such as /usr/local/bin.This way, you can run the terraform command from any directory without specifying the full path1.

If you do not move the binary file to the bin directory, you will get a command not found error when you try to run the terraform version command, as shown in the screenshot.To fix this error, you need to move the binary file to the bin directory or specify the full path of the binary file when running the command1.

1:Install Terraform | Terraform - HashiCorp Learn

Question No. 3

A customer would like to use FortiGate fabric integration With FortiCNP

When configuring a FortiGate VM to add to FortiCNP, which three mandatory configuration steps must you follow on FortiGate? (Choose three.)

AEnable send logs-

BCreate and IPS sensor and a firewall policy

CCreate an IPsec tunnel.

DCreate an SSL]SSH inspection profile.

EEnable two-factor authentication.

Show Answer

Correct Answer: A, B, D

To configure a FortiGate VM to add to FortiCNP, you need to perform three steps on FortiGate:

Enable send logs in FortiGate to allow FortiCNP to receive the IPS logs from FortiGate.

Create an SSL/SSH inspection profile on FortiGate to inspect the encrypted traffic and apply IPS protection.

Create an IPS sensor and a firewall policy on FortiGate to enable IPS detection and prevention for the traffic.

FortiCNP 22.4.a Administration Guide, page 22-24

FortiGate IPS Administration Guide, page 9-10

Question No. 4

An administrator would like to keep track of sensitive data files located in the Amazon Web Services (AWS) S3 bucket and protect it from malware. Which Fortinet product or feature should the administrator use?

AFortiCNP application control policies

BFortiCNP web sensitive polices

CFortiCNP DLP policies

DFortiCNP compliance scanning policies

Show Answer

Correct Answer: C

To keep track of sensitive data files located in AWS S3 buckets and protect them from malware, the administrator should use:

C . FortiCNP DLP policies.

Data Loss Prevention (DLP): DLP policies are designed to detect and prevent unauthorized access or sharing of sensitive data. In the context of AWS S3, DLP policies can be used to scan for sensitive information stored in S3 objects and enforce protective measures to prevent data exfiltration or compromise.

FortiCNP Integration: FortiCNP is Fortinet's cloud-native protection platform that offers security and compliance solutions across cloud environments. By applying DLP policies within FortiCNP, the administrator can ensure sensitive data within S3 is monitored and protected consistently.

Question No. 5

What are three important steps required to get Terraform ready using Microsoft Azure Cloud Shell? (Choose three.)

ASet up a storage account in Azure.

Buse the -O command to download Terraform.

CSubscribe to Terraform in Azure.

DMove the Terraform file to the bin directory.

EUse the wget (te=aform vession) command to upload Terraform.

Show Answer

Correct Answer: A, D, E

To get Terraform ready using Microsoft Azure Cloud Shell, you need to perform the following steps:

Set up a storage account in Azure.This is required to store the Terraform state file in a blob container, which enables collaboration and persistence of the infrastructure configuration1.

Use the wget (terraform_version) command to upload Terraform.This command downloads the latest version of Terraform from the official website and saves it as a zip file in the current directory2.