• Home
  • Articles
  • NSE7_PBC-6.4 Dumps Updated Jan 13, 2022 Practice Test and 30 unique questions [Q10-Q26]

NSE7_PBC-6.4 Dumps Updated Jan 13, 2022 Practice Test and 30 unique questions [Q10-Q26]

Share

NSE7_PBC-6.4 Dumps Updated Jan 13, 2022 Practice Test and 30 unique questions

2022 Latest 100% Exam Passing Ratio - NSE7_PBC-6.4 Dumps PDF 

NEW QUESTION 10
You are deploying Amazon Web Services (AWS) GuardDuty to monitor malicious or unauthorized behaviors related to AWS resources. You will also use the Fortinet aws-lambda-guardduty script to translate feeds from AWS GuardDuty findings into a list of malicious IP addresses. FortiGate can then consume this list as an external threat feed.
Which Amazon AWS services must you subscribe to in order to use this feature?

  • A. GuardDuty, CloudWatch, S3, Inspector, WAF, and Shield.
  • B. Inspector, Shield, GuardDuty, S3, and DynamoDB.
  • C. WAF, Shield, GuardDuty, S3, and DynamoDB.
  • D. GuardDuty, CloudWatch, S3, and DynamoDB.

Answer: A

 

NEW QUESTION 11
You have previously deployed an Amazon Web Services (AWS) transit virtual private cloud (VPC) with a pair of FortiGate firewalls (VM04 / c4.xlarge) as your security perimeter. You are beginning to see high CPU usage on the FortiGate instances.
Which action will fix this issue?

  • A. Convert from IPsec tunnels to generic routing encapsulation (GRE) tunnels, for the VPC peering connections.
  • B. Migrate the transit VPNs to new and larger instances (VM08 / c4.2xlarge).
  • C. Convert the transit VPC firewalls into an auto-scaling group and launch additional EC2 instances in that group.
  • D. Convert the c4.xlarge instances to m4.xlarge instances.

Answer: C

 

NEW QUESTION 12
Refer to the exhibit.

Your senior administrator successfully configured a FortiGate fabric connector with the Azure resource manager, and created a dynamic address object on the FortiGate VM to connect with a windows server in Microsoft Azure. However, there is now an error on the dynamic address object, and you must resolve the issue.
How do you resolve this issue?

  • A. In the Microsoft Azure portal, access the windows server, obtain the private IP address, and assign the IP address under the FortiGate-VM AzureLab address object.
  • B. Run diagnose debug application azd -l on FortiGate.
  • C. In the Microsoft Azure portal, set the correct tag values for the windows server.
  • D. Delete the address object and recreate a new address object with the type set to FQDN.

Answer: A

 

NEW QUESTION 13
You have been asked to develop an Azure Resource Manager infrastructure as a code template for the FortiGate-VM, that can be reused for multiple deployments. The deployment fails, and errors point to the storageAccount name.
Which two are restrictions for a storageAccount name in an Azure Resource Manager template? (Choose two.)

  • A. The uniqueString() function must be used.
  • B. The storageAccount name must contain between 3 and 24 alphanumeric characters.
  • C. The storageAccount name must be in lowercase.
  • D. The storageAccount name must use special characters.

Answer: A,C

 

NEW QUESTION 14
Which two statements about Microsoft Azure network security groups are true? (Choose two.)

  • A. Network security groups can be applied to subnets and virtual network interfaces.
  • B. Network security groups are a stateful inbound and outbound rules used for traffic filtering.
  • C. Network security groups are stateless inbound and outbound rules used for traffic filtering.
  • D. Network security groups can be applied to subnets only.

Answer: B,D

 

NEW QUESTION 15
A company deployed a FortiGate-VM with an on-demand license using Amazon Web Services (AWS) Market Place Cloud Formation template. After deployment, the administrator cannot remember the default admin password.
What is the default admin password for the FortiGate-VM instance?

  • A. The admin password cannot be recovered and the customer needs to deploy the FortiGate-VM again.
  • B. <blank>
  • C. The instance-ID value
  • D. admin

Answer: C

 

NEW QUESTION 16
An organization deploys a FortiGate-VM (VM04 / c4.xlarge) in Amazon Web Services (AWS) and configures two elastic network interfaces (ENIs). Now, the same organization wants to add additional ENIs to support different workloads in their environment.
Which action can you take to accomplish this?

  • A. Create the ENI and attach it to FortiGate.
  • B. Create the ENI, attach it to FortiGate, and then restart FortiGate.
  • C. None, you cannot create and add additional ENIs to an existing FortiGate-VM.
  • D. Create the ENI, shut down FortiGate, attach the ENI to FortiGate, and then start FortiGate.

Answer: D

 

NEW QUESTION 17
Refer to the exhibit.

You are deploying a FortiGate-VM in Microsoft Azure using the PAYG/On-demand licensing model. After you configure the FortiGate-VM, the validation process fails, displaying the error shown in the exhibit.
What caused the validation process to fail?

  • A. You selected the PAYG/On-demand licensing model, but did not associate a valid Azure subscription.
  • B. You selected the incorrect resource group.
  • C. You selected the PAYG/On-demand licensing model, but did not select correct virtual machine size.
  • D. You selected the Bring Your Own License (BYOL) licensing mode.

Answer: B

 

NEW QUESTION 18
Refer to the exhibit.

A customer has deployed an environment in Amazon Web Services (AWS) and is now trying to send outbound traffic from the Web servers to the Internet. The FortiGate policies are configured to allow all outbound traffic; however, the traffic is not reaching the FortiGate internal interface.
What are two possible reasons for this behavior? (Choose two.)

  • A. The Internet gateway (IGW) is not added to VPC (virtual private cloud).
  • B. AWS source and destination checks are enabled on the FortiGate interfaces.
  • C. AWS security groups may be blocking the traffic.
  • D. The web servers are not configured with the default gateway.

Answer: C,D

 

NEW QUESTION 19
An organization deployed a FortiGate-VM in the Google Cloud Platform and initially configured it with two vNICs. Now, the same organization wants to add additional vNICs to this existing FortiGate-VM to support different workloads in their environment.
How can they do this?

  • A. They cannot create and add additional vNICs to an existing FortiGate-VM.
  • B. They can create additional vNICs in the UI console.
  • C. They can use the Compute Engine API Explorer.
  • D. They can create additional vNICs using the Cloud Shell.

Answer: C

 

NEW QUESTION 20
Which three properties are configurable Microsoft Azure network security group rule settings? (Choose three.)

  • A. Action
  • B. Destination port ranges
  • C. Source port ranges
  • D. Sequence number
  • E. Source and destination IP ranges

Answer: A,B,C

Explanation:
Explanation/Reference: https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

 

NEW QUESTION 21

Refer to the exhibit. Which two conditions will enable you to segregate and secure the traffic between the hub and the spokes in Microsoft Azure? (Choose two.)

  • A. Implement the FortiGate-VM network virtual appliance (NVA) in the hub and use user-defined routes (UDRs) in the spokes.
  • B. Configure VNet peering between the hub and spokes.
  • C. Use ExpressRoute to interconnect the hub VNets and spoke VNets.
  • D. Configure VNet peering between the spokes only.

Answer: B,C

 

NEW QUESTION 22
An Amazon Web Services (AWS) auto-scale FortiGate cluster has just experienced a scale-down event, terminating a FortiGate in availability zone C.
This has now black-holed the private subnet in this availability zone.
What action will the worker node automatically perform to restore access to the black-holed subnet?

  • A. The worker node applies a route table from a non-black-holed subnet to the black-holed subnet.
  • B. The worker node moves the virtual IP of the terminated FortiGate to a running FortiGate on the worker node's private subnet interface.
  • C. The worker node migrates the subnet to a different availability zone.
  • D. The worker node modifies the route table applied to the black-holed subnet changing its default route to point to a running FortiGate on the worker node's private subnet interface.

Answer: C

 

NEW QUESTION 23
Which three properties are configurable Microsoft Azure network security group rule settings? (Choose three.)

  • A. Action
  • B. Destination port ranges
  • C. Source port ranges
  • D. Sequence number
  • E. Source and destination IP ranges

Answer: A,B,C

 

NEW QUESTION 24
Refer to the exhibit.

You attempted to deploy the FortiGate-VM in Microsoft Azure with the JSON template, and it failed to boot up. The exhibit shows an excerpt from the JSON template.
What is incorrect with the template?

  • A. FortiGate-VM does not support managedDisk from Azure.
  • B. The caching parameter should be None.
  • C. The CreateOptions parameter should be FromImage.
  • D. The LUN ID is not defined.

Answer: C

 

NEW QUESTION 25
Refer to the exhibit.

In your Amazon Web Services (AWS) virtual private cloud (VPC), you must allow outbound access to the internet and upgrade software on an EC2 instance, without using a NAT instance. This specific EC2 instance is running in a private subnet: 10.0.1.0/24.
Also, you must ensure that the EC2 instance source IP address is not exposed to the public internet. There are two subnets in this VPC in the same availability zone, named public (10.0.0.0/24) and private (10.0.1.0/24).
How do you achieve this outcome with minimum configuration?

  • A. Deploy a NAT gateway with an EIP in the private subnet, edit the public main routing table, and change the destination route 0.0.0.0/0 to the target NAT gateway.
  • B. Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Public-route, and delete the route destination 10.0.0.0/16 to target local.
  • C. Deploy a NAT gateway with an EIP in the private subnet, edit route tables, select Private-route, and add a new route destination 0.0.0.0/0 to the target internet gateway.
  • D. Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Private-route and add a new route destination 0.0.0.0/0 to target the NAT gateway.

Answer: C

 

NEW QUESTION 26
......

Verified NSE7_PBC-6.4 dumps Q&As - 100% Pass from RealVCE: https://www.realvce.com/NSE7_PBC-6.4_free-dumps.html

Pass Exam With Full Sureness - NSE7_PBC-6.4 Dumps with 30 Questions: https://drive.google.com/open?id=14KLDSTK29meuOSQ2mdMhVvx-PHEIpdYf

Related Articles

more
Fortinet NSE7_PBC-6.4 Certification Practice Exam

Our premium VCE file helps you pass exam 100% for sure. We serve every customer heart and soul. We guarantee No Helpful Full Refund.

Latest Real Exam VCE

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 RealVCE NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy