PassLeader just published the NEWEST Fortinet NSE7_PBC-7.2 exam dumps! And, PassLeader offer two types of the NSE7_PBC-7.2 dumps — NSE7_PBC-7.2 VCE dumps and NSE7_PBC-7.2 PDF dumps, both VCE and PDF contain the NEWEST NSE7_PBC-7.2 exam questions, they will help you PASSING the Fortinet NSE7_PBC-7.2 exam easily! Now, get the NEWEST NSE7_PBC-7.2 dumps in VCE and PDF from PassLeader — https://www.passleader.com/nse7-pbc-7-2.html (37 Q&As Dumps)
What’s more, part of that PassLeader NSE7_PBC-7.2 dumps now are free — https://drive.google.com/drive/folders/16v8cct9KZmGWD1YTHa78eT-UqYus9Ziu
NEW QUESTION 1
An organization deploys a FortiGate-VM (VM04 / c4.xlarge) in Amazon Web Services (AWS) and configures two elastic network interfaces (ENIs). Now, the same organization wants to add additional ENIs to support different workloads in their environment. Which action can you take to accomplish this?
A. None, you cannot create and add additional ENIs to an existing FortiGate-VM.
B. Create the ENI, shut down FortiGate, attach the ENI to FortiGate, and then start FortiGate.
C. Create the ENI, attach it to FortiGate, and then restart FortiGate.
D. Create the ENI and attach it to FortiGate.
Answer: D
Explanation:
AWS says that you can attach a network interface to an instance when it’s running (hot attach), when it’s stopped (warm attach), or when the instance is being launched (cold attach). It applies to Windows.
https://docs.fortinet.com/document/fortigate-public-cloud/6.2.0/aws-administration-guide/903457
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/best-practices-for-configuring-network-interfaces.html
NEW QUESTION 2
Which two statements about Amazon Web Services (AWS) networking are correct? (Choose two.)
A. Proxy ARP entries are disregarded.
B. 802.1q VLAN tags are allowed inside the same virtual private cloud.
C. AWS DNS reserves the first host IP address of each subnet.
D. Multicast traffic is not allowed.
Answer: AD
Explanation:
https://blog.ipspace.net/2018/05/amazon-web-services-networking-overview.html
NEW QUESTION 3
You have previously deployed an Amazon Web Services (AWS) transit virtual private cloud (VPC) with a pair of FortiGate firewalls (VM04 / c4.xlarge) as your security perimeter. You are beginning to see high CPU usage on the FortiGate instances. Which action will fix this issue?
A. Convert the c4.xlarge instances to m4.xlarge instances.
B. Migrate the transit VPNs to new and larger instances (VM08 / c4.2xlarge).
C. Convert from IPsec tunnels to generic routing encapsulation (GRE) tunnels, for the VPC peering connections.
D. Convert the transit VPC firewalls into an auto-scaling group and launch additional EC2 instances in that group.
Answer: D
Explanation:
Multiple FortiGate-VM instances form an Auto Scaling group to provide highly efficient clustering at times of high workloads. FortiGate-VM instances can be scaled out automatically according to predefined workload levels.
https://docs.fortinet.com/document/fortigate-public-cloud/6.2.0/aws-administration-guide/397979/deploying-auto-scaling-on-aws
NEW QUESTION 4
Which two Amazon Web Services (AWS) topologies support east-west traffic inspection within the AWS cloud by the FortiGate VM? (Choose two.)
A. A single VPC deployment with multiple subnets and a NAT gateway.
B. A single VPC deployment with multiple subnets.
C. A multiple VPC deployment utilizing a transit VPC topology.
D. A multiple VPC deployment utilizing a transit gateway.
Answer: CD
Explanation:
Multi-VPC design. AWS recommends segmenting networks at the VPC level. In this approach, workloads are grouped together at the VPC level instead of the subnet level. All traffic between VPCs will be inspected by network security virtual firewalls at each VPC or at a shared VPC. Design patterns such as Transit VPC or AWS Transit Gateway can be used to achieve this in an automated and scalable fashion.
NEW QUESTION 5
Your company deploys FortiGate VM devices in high availability (HA) (active-active) mode with Microsoft Azure load balancers using the Microsoft Azure ARM template. Your senior administrator instructs you to connect to one of the FortiGate devices and configure the necessary firewall rules. However, you are not sure now to obtain the correct public IP address of the deployed FortiGate VM and identify the access ports. How do you obtain the public IP address of the FortiGate VM and identify the correct ports to access the device?
A. In the configured load balancer, access the inbound NAT rules section.
B. In the configured load balancer, access the backend pools section.
C. In the configured load balancer, access the inbound and outbound NAT rules section.
D. In the configured load balancer, access the health probes section.
Answer: A
Explanation:
From the resource group Overview page, click the external load balancer name to load it. From the navigation column, click Inbound NAT Rules. It is more economical and secure to associate a public IP address to a load balancer or to an individual virtual machine (also known as a jumpbox), which then routes incoming connections to scale set virtual machines as needed (for example, through inbound NAT rules).
https://docs.fortinet.com/document/fortigate-public-cloud/6.4.0/azure-administration-guide/889158/connecting-to-the-fortigate-vm-instances
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-networking#azure-virtual-machine-scale-sets-with-azure-load-balancer
NEW QUESTION 6
You have been asked to secure your organization’s salesforce application that is running on Microsoft Azure and find an effective method for inspecting shadow IT activities in the organization. After an initial investigation, you find that many users access the salesforce application remotely as well as on-premises. Your goal is to find a way to get more visibility, control over shadow IT-related activities, and identify any data leaks in the salesforce application. Which three steps should you take to achieve your goal? (Choose three.)
A. Deploy and configure FortiCASB with a Fortinet FortiCASB subscription license.
B. Configure FortiCASB and set up access rights, privileges, and data protection policies.
C. Use FortiGate, FortiGuard, and FortiAnalyzer solutions.
D. Deploy and configure FortiCWP with a workload guardian license.
E. Deploy and configure FortiGate with Security Fabric solutions, and FortiCWP with a storage guardian advance license.
Answer: ABC
NEW QUESTION 7
A company deployed a FortiGate-VM with an on-demand license using Amazon Web Services (AWS) Market Place Cloud Formation template. After deployment, the administrator cannot remember the default admin password. What is the default admin password for the FortiGate-VM instance?
A. the admin password cannot be recovered and the customer needs to deploy the FortiGate-VM again
B. <blank>
C. admin
D. the instance-ID value
Answer: D
Explanation:
https://docs.fortinet.com/document/fortigate/6.2.0/aws-cookbook/828256/connecting- to-the-fortigate-vm
NEW QUESTION 8
What is the bandwidth limitation of an Amazon Web Services (AWS) transit gateway VPC attachment?
A. Up to 1.25 Gbps per attachment.
B. Up to 50 Gbps per attachment.
C. Up to 10 Gbps per attachment.
D. Up to 1 Gbps per attachment.
Answer: B
Explanation:
The maximum bandwidth per “VPC attachment”, AWS Direct Connect gateway, or peered transit gateway connection Up to 50 Gbps. With Transit Gateway, maximum bandwidth (burst) per Availability Zone per VPC connection is 50 Gbps. VPC peering has no aggregate bandwidth. Individual instance network performance limits and flow limits (10 Gbps within a placement group and 5 Gbps otherwise) apply to both options. Only VPC peering supports placement groups.
https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-quotas.html
https://d1.awsstatic.com/whitepapers/building-a-scalable-and-secure-multi-vpc-aws-network-infrastructure.pdf
NEW QUESTION 9
Which two statements about Microsoft Azure network security groups are true? (Choose two.)
A. Network security groups can be applied to subnets and virtual network interfaces.
B. Network security groups can be applied to subnets only.
C. Network security groups are stateless inbound and outbound rules used for traffic filtering.
D. Network security groups are a stateful inbound and outbound rules used for traffic filtering.
Answer: AD
Explanation:
You can deploy resources from several Azure services into an Azure virtual network. For a complete list, see Services that can be deployed into a virtual network. You can associate zero, or one, network security group to each virtual network subnet and network interface in a virtual machine. The same network security group can be associated to as many subnets and network interfaces as you choose.
https://learn.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works
NEW QUESTION 10
Which three properties are configurable Microsoft Azure network security group rule settings? (Choose three.)
A. Action.
B. Sequence number.
C. Source and destination IP ranges.
D. Destination port ranges.
E. Source port ranges.
Answer: ADE
Explanation:
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
NEW QUESTION 11
When an organization deploys a FortiGate-VM in a high availability (HA) (active/active) architecture in Microsoft Azure, they need to determine the default timeout values of the load balancer probes. In the event of failure, how long will Azure take to mark a FortiGate-VM as unhealthy, considering the default timeout values?
A. Less than 10 seconds.
B. 30 seconds.
C. 20 seconds.
D. 16 seconds.
Answer: A
Explanation:
-If your application produces a time-out response just before the next probe arrives, the detection of the events will take 5 seconds plus the duration of the application time-out when the probe arrives. You can assume the detection to take slightly over 5 seconds.
-If your application produces a time-out response just after the next probe arrives, the detection of the events won’t begin until the probe arrives and times out, plus another 5 seconds. You can assume the detection to take just under 10 seconds.
Assume the reaction to a time-out response will take a minimum of 5 seconds and a maximum of 10 seconds to react to the change.
https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-custom-probe-overview
NEW QUESTION 12
Which two statements about the Amazon Cloud Services (AWS) network access control lists (ACLs) are true? (Choose two.)
A. Network ACLs are stateless, and inbound and outbound rules are used for traffic filtering.
B. Network ACLs are stateful, and inbound and outbound rules are used for traffic filtering.
C. Network ACLs must be manually applied to virtual network interfaces.
D. Network ACLs support allow rules and deny rules.
Answer: AD
Explanation:
Network ACLs are stateless. You must define rules for both outbound and inbound traffic.
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html
https://aws.amazon.com/premiumsupport/knowledge-center/security-network-acl-vpc-endpoint/
NEW QUESTION 13
……
Learning the PassLeader NSE7_PBC-7.2 dumps with VCE and PDF for 100% passing Fortinet certification — https://www.passleader.com/nse7-pbc-7-2.html (37 Q&As Dumps)
BONUS!!! Download part of PassLeader NSE7_PBC-7.2 dumps for free — https://drive.google.com/drive/folders/16v8cct9KZmGWD1YTHa78eT-UqYus9Ziu