Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Login / Register

Question # 4

Refer to the exhibit.

A customer has deployed an environment in Amazon Web Services (AWS) and is now trying to send outbound traffic from the Web servers to the Internet. The FortiGate policies are configured to allow all outbound traffic; however, the traffic is not reaching the FortiGate internal interface.

What are two possible reasons for this behavior? (Choose two.)

A.

The web servers are not configured with the default gateway.

B.

The Internet gateway (IGW) is not added to VPC (virtual private cloud).

C.

AWS source and destination checks are enabled on the FortiGate interfaces.

D.

AWS security groups may be blocking the traffic.

Full Access
Question # 5

Refer to the exhibit.

Which two conditions will enable you to segregate and secure the traffic between the hub and the spokes in Microsoft Azure? (Choose two.)

A.

Implement the FortiGate-VM network virtual appliance (NVA) in the hub and use user-defined routes (UDRs) in the spokes.

B.

Use ExpressRoute to interconnect the hub VNets and spoke VNets.

C.

Configure VNet peering between the spokes only.

D.

Configure VNet peering between the hub and spokes.

Full Access
Question # 6

Refer to the exhibit.

The exhibit shows a topology where multiple connections from clients to the same FortiGate-VM instance, regardless of the protocol being used, are required.

Which two statements are correct? (Choose two.)

A.

The design shows an active-active FortiGate-VM architecture.

B.

The Cloud Load Balancer Session Affinity setting should be changed to CLIENT_IP.

C.

The design shows an active-passive FortiGate-VM architecture.

D.

The Cloud Load Balancer Session Affinity setting should use the default value.

Full Access
Question # 7

Which two statements about Microsoft Azure network security groups are true? (Choose two.)

A.

Network security groups can be applied to subnets and virtual network interfaces.

B.

Network security groups can be applied to subnets only.

C.

Network security groups are stateless inbound and outbound rules used for traffic filtering.

D.

Network security groups are a stateful inbound and outbound rules used for traffic filtering.

Full Access
Question # 8

Which two statements about Amazon Web Services (AWS) networking are correct? (Choose two.)

A.

Proxy ARP entries are disregarded.

B.

802.1q VLAN tags are allowed inside the same virtual private cloud.

C.

AWS DNS reserves the first host IP address of each subnet.

D.

Multicast traffic is not allowed.

Full Access
Question # 9

Refer to the exhibit.

In your Amazon Web Services (AWS) virtual private cloud (VPC), you must allow outbound access to the internet and upgrade software on an EC2 instance, without using a NAT instance. This specific EC2 instance is running in a private subnet: 10.0.1.0/24.

Also, you must ensure that the EC2 instance source IP address is not exposed to the public internet. There are two subnets in this VPC in the same availability zone, named public (10.0.0.0/24) and private (10.0.1.0/24).

How do you achieve this outcome with minimum configuration?

A.

Deploy a NAT gateway with an EIP in the private subnet, edit the public main routing table, and change the destination route 0.0.0.0/0 to the target NAT gateway.

B.

Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Public-route, and delete the route destination 10.0.0.0/16 to target local.

C.

Deploy a NAT gateway with an EIP in the private subnet, edit route tables, select Private-route, and add a new route destination 0.0.0.0/0 to the target internet gateway.

D.

Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Private-route and add a new route destination 0.0.0.0/0 to target the NAT gateway.

Full Access