918 お客様のコメント
質問 1:
Customer XYZ has an ExpressRoute connection from Microsoft Azure to a data center. They want to secure communication over ExpressRoute, and to install an in-line FortiGate to perform intrusion prevention system (IPS) and antivirus scanning.
Which three methods can the customer use to ensure that all traffic from the data center is sent through FortiGate over ExpressRoute? (Choose three.)
A. Configure a user-defined route table
B. Install FortiGate in Azure and build a VPN tunnel to the data center over ExpressRoute
C. Enable the redirect option in ExpressRoute to send data center traffic to a user-defined route table
D. Define a default route where the next hop IP is the FortiGate WAN interface
E. Configure the gateway subnet as the subnet in the user-defined route table
正解:B,D,E
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
Refer to the exhibit.
You are configuring an active-passive FortiGate clustering protocol (FGCP) HA configuration in a single availability zone in Amazon Web Services (AWS), using a cloud formation template.
After deploying the template, you notice that the AWS console has IP information listed in the FortiGate VM firewalls in the HA configuration. However, within the configuration of FortiOS, you notice that port1 is using an IP of 10.0.0.13, and port2 is using an IP of 10.0.1.13.
What should you do to correct this issue?
A. Configure FortiOS to use DHCP so that it will get the correct IP addresses on the ports.
B. Configure FortiOS to use static IP addresses with the IP addresses reflected in the ENI primary IP address configuration (as per the exhibit).
C. Nothing, in AWS cloud, it is normal for a FortiGate ENI primary IP address to be different than the FortiOS IP address configuration.
D. Delete the deployment and start again. You have in put the wrong parameters during the cloud formation template deployment.
正解:C
質問 3:
You have been tasked with deploying FortiGate VMs in a highly available topology on the Amazon Web Services (AWS) cloud. The requirements for your deployment are as follows:
*You must deploy two FortiGate VMs in a single virtual private cloud (VPC), with an external elastic load balancer which will distribute ingress traffic from the internet to both FortiGate VMs in an active-active topology.
*Each FortiGate VM must have two elastic network interfaces: one will connect to a public subnet and other will connect to a private subnet.
*To maintain high availability, you must deploy the FortiGate VMs in two different availability zones.
How many public and private subnets will you need to configure within the VPC?
A. One public subnet and two private subnets
B. Two public subnets and one private subnet
C. One public subnet and one private subnet
D. Two public subnets and two private subnets
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
Customer XYZ has an ExpressRoute connection from Microsoft Azure to a data center. They want to secure communication over ExpressRoute, and to install an in-line FortiGate to perform intrusion prevention system (IPS) and antivirus scanning.
Which three methods can the customer use to ensure that all traffic from the data center is sent through FortiGate over ExpressRoute? (Choose three.)
A. Configure a user-defined route table
B. Install FortiGate in Azure and build a VPN tunnel to the data center over ExpressRoute
C. Enable the redirect option in ExpressRoute to send data center traffic to a user-defined route table
D. Define a default route where the next hop IP is the FortiGate WAN interface
E. Configure the gateway subnet as the subnet in the user-defined route table
正解:B,D,E
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
Refer to the exhibit.
You are configuring an active-passive FortiGate clustering protocol (FGCP) HA configuration in a single availability zone in Amazon Web Services (AWS), using a cloud formation template.
After deploying the template, you notice that the AWS console has IP information listed in the FortiGate VM firewalls in the HA configuration. However, within the configuration of FortiOS, you notice that port1 is using an IP of 10.0.0.13, and port2 is using an IP of 10.0.1.13.
What should you do to correct this issue?
A. Configure FortiOS to use DHCP so that it will get the correct IP addresses on the ports.
B. Configure FortiOS to use static IP addresses with the IP addresses reflected in the ENI primary IP address configuration (as per the exhibit).
C. Nothing, in AWS cloud, it is normal for a FortiGate ENI primary IP address to be different than the FortiOS IP address configuration.
D. Delete the deployment and start again. You have in put the wrong parameters during the cloud formation template deployment.
正解:C
質問 3:
You have been tasked with deploying FortiGate VMs in a highly available topology on the Amazon Web Services (AWS) cloud. The requirements for your deployment are as follows:
*You must deploy two FortiGate VMs in a single virtual private cloud (VPC), with an external elastic load balancer which will distribute ingress traffic from the internet to both FortiGate VMs in an active-active topology.
*Each FortiGate VM must have two elastic network interfaces: one will connect to a public subnet and other will connect to a private subnet.
*To maintain high availability, you must deploy the FortiGate VMs in two different availability zones.
How many public and private subnets will you need to configure within the VPC?
A. One public subnet and two private subnets
B. Two public subnets and one private subnet
C. One public subnet and one private subnet
D. Two public subnets and two private subnets
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
Koide -
Pass4Testさんには本当にお世話になってます。おかげでNSE7_PBC-6.4を無事合格して就職始めました。これからも宜しくお願いします。