918 お客様のコメント
質問 1:
An administrator is adding a web application to be protected by FortiWeb Cloud.
Which two steps are necessary to successfully onboard the application? (Choose two.) An administrator is adding a web application to be protected by FortiWeb Cloud.
Which two steps are necessary to successfully onboard the application? (Choose two.)
A. Provide a web application name.
B. Enable a content delivery network (CDN) in the same region where your application is located.
C. Create DNS records in the domain server that hosts the application.
D. Wait for the EC2 instance to be created.
正解:A,C
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
Refer to the exhibit.
Traffic is initiated from the EC2 instance and is destined for the internet.
Which traffic flow is correct?
A. There is no route to the internet in the Private Route Table. The traffic does not reach the internet.
B. EC2 instance > GWLBe > internet
C. EC2 instance > NAT GW > IGW > internet
D. EC2 instance > GWLBe > NAT GW > IGW > internet
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
You are troubleshooting network connectivity issues between two VMs deployed in AWS.
One VM is a FortiGate located on subnet "LAN" that is part of the VPC "Encryption". The other VM is a Windows server located on the subnet "servers" which is also in the "Encryption" VPC. You are unable to ping the Windows server from FortiGate.
What are two reasons for this? (Choose two.)
A. Add an inbound allow ICMP rule in the security group attached to the windows server.
B. By default, AWS does not allow ICMP traffic between subnets.
C. The default AWS Network Access Control List (NACL) does not allow this traffic.
D. The firewall in the Windows VM is blocking the traffic.
正解:A,D
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
An organization has created a VPC with two subnets and deployed a FortiGate-VM (VM04/c4.xlarge) in AWS.
The EC2 instance is initially configured with two Elastic Network Interfaces (ENIs). The primary ENI is configured on the public subnet, and the secondary ENI is configured on the private subnet. To provide internet access for the FortiGate-VM, they now want to associate an EIP to its primary ENI, but the assignment is failing.
Which action would allow the EIP assignment to be successful?
A. Create and attach a public routing table to the public subnet, associate the public subnet with the primary ENI of the FortiGate VM, and then assign the EIP to the primary ENI.
B. Create and attach an internet gateway to the VPC, and then assign the EIP to the primary ENI of the FortiGate VM.
C. Create and associate a public subnet with the primary ENI of the FortiGate VM, and then assign the EIP to the primary ENI.
D. Shut down the FortiGate VM, if it is running, assign the EIP to the primary ENI, and then power it on.
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
An administrator is adding a web application to be protected by FortiWeb Cloud.
Which two steps are necessary to successfully onboard the application? (Choose two.) An administrator is adding a web application to be protected by FortiWeb Cloud.
Which two steps are necessary to successfully onboard the application? (Choose two.)
A. Provide a web application name.
B. Enable a content delivery network (CDN) in the same region where your application is located.
C. Create DNS records in the domain server that hosts the application.
D. Wait for the EC2 instance to be created.
正解:A,C
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
Refer to the exhibit.
Traffic is initiated from the EC2 instance and is destined for the internet.
Which traffic flow is correct?
A. There is no route to the internet in the Private Route Table. The traffic does not reach the internet.
B. EC2 instance > GWLBe > internet
C. EC2 instance > NAT GW > IGW > internet
D. EC2 instance > GWLBe > NAT GW > IGW > internet
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
You are troubleshooting network connectivity issues between two VMs deployed in AWS.
One VM is a FortiGate located on subnet "LAN" that is part of the VPC "Encryption". The other VM is a Windows server located on the subnet "servers" which is also in the "Encryption" VPC. You are unable to ping the Windows server from FortiGate.
What are two reasons for this? (Choose two.)
A. Add an inbound allow ICMP rule in the security group attached to the windows server.
B. By default, AWS does not allow ICMP traffic between subnets.
C. The default AWS Network Access Control List (NACL) does not allow this traffic.
D. The firewall in the Windows VM is blocking the traffic.
正解:A,D
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
An organization has created a VPC with two subnets and deployed a FortiGate-VM (VM04/c4.xlarge) in AWS.
The EC2 instance is initially configured with two Elastic Network Interfaces (ENIs). The primary ENI is configured on the public subnet, and the secondary ENI is configured on the private subnet. To provide internet access for the FortiGate-VM, they now want to associate an EIP to its primary ENI, but the assignment is failing.
Which action would allow the EIP assignment to be successful?
A. Create and attach a public routing table to the public subnet, associate the public subnet with the primary ENI of the FortiGate VM, and then assign the EIP to the primary ENI.
B. Create and attach an internet gateway to the VPC, and then assign the EIP to the primary ENI of the FortiGate VM.
C. Create and associate a public subnet with the primary ENI of the FortiGate VM, and then assign the EIP to the primary ENI.
D. Shut down the FortiGate VM, if it is running, assign the EIP to the primary ENI, and then power it on.
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
Yoshizawa -
読み続けているうちに要点が頭に入っているので苦手な過去問を解けるようになっていることが嬉しいです。