746 お客様のコメント
質問 1:
Refer to the exhibit. Consider an active-passive HA deployment in Microsoft Azure. The exhibit shows an excerpt from the passive FortiGate-VM node.
If the active FortiGate-VM fails, what are the results of the API calls made by the FortiGate named SSTENTAZFGT-0302? (Choose two.)
A. SSTENTAZFGT-03-FloatingPIP public IP is assigned to NIC SSTENTAZFGT-0302-Nic-01
B. SSTENTAZFGT-03-FloatingPIP is assigned to the IP configuration with the name SSTENTAZFGT- 0302-Nic-01, under the network interface SSTENTAZFGT-0302-Nic-01
C. 172.29.32.71 is set as a next hop IP for all routes under FortigateUDR-01
D. The network interface of the active unit moves to itself
正解:B,C
質問 2:
Your administrator instructed you to deploy an Azure vWAN solution to create a connection between the main company site and branch sites to the other company VNETs.
What are the two best connection solutions available between your company headquarters, branch sites, and the Azure vWAN hub? (Choose two.)
A. ExpressRoute
B. VPN Gateway
C. An L2TP connection
D. SSL VPN connections
E. GRE tunnels
正解:A,B
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Refer to Exhibit. You are troubleshooting a Microsoft Azure SDN connector issue on your FortiGate VM in Azure.
Which three settings should you check while troubleshooting this problem? (Choose three.)
A. Ensure FortiGate port4 can resolve DNS.
B. Use the show vdom command to see hidden VDOMs.
C. Ensure FortiGate port1 has internet access
D. Ensure IP address 169.254.169.254 is not blocked
E. use the diag sys va command.
正解:A,C,D
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Which two Amazon Web Services (AWS) features do you use for the transit virtual private cloud (VPC) automation process to add new spoke N/PCs? (Choose two )
A. Amazon CloudWatch
B. Amazon S3 bucket
C. AWS Transit Gateway
D. AWS Security Hub
正解:A,C
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
Refer to the exhibit. A customer has deployed an environment in Amazon Web Services (AWS) and is now trying to send outbound traffic from the Web servers to the Internet. The FortiGate policies are configured to allow all outbound traffic; however, the traffic is not reaching the FortiGate internal interface.
What are two possible reasons for this behavior? (Choose two.)
A. The Internet gateway (IGW) is not added to VPC (virtual private cloud).
B. The web servers are not configured with the default gateway.
C. AWS source and destination checks are enabled on the FortiGate interfaces.
D. AWS security groups may be blocking the traffic.
正解:C,D
質問 6:
Refer to the exhibit. You are deploying a FortiGate-VM in Microsoft Azure using the PAYG/On- demand licensing model. After you configure the FortiGate-VM, the validation process fails, displaying the error shown in the exhibit.
What caused the validation process to fail?
A. You selected the Bring Your Own License (BYOL) licensing mode.
B. You selected the PAYG/On-demand licensing model, but did not associate a valid Azure subscription.
C. You selected the incorrect resource group.
D. You selected the PAYG/On-demand licensing model, but did not select correct virtual machine size.
正解:B
質問 7:
Refer to the exhibit. Which two conditions will enable you to segregate and secure the traffic between the hub and the spokes in Microsoft Azure? (Choose two.)
A. Use ExpressRoute to interconnect the hub VNets and spoke VNets.
B. Configure VNet peering between the spokes only.
C. Implement the FortiGate-VM network virtual appliance (NVA) in the hub and use user-defined routes (UDRs) in the spokes.
D. Configure VNet peering between the hub and spokes.
正解:C,D
Refer to the exhibit. Consider an active-passive HA deployment in Microsoft Azure. The exhibit shows an excerpt from the passive FortiGate-VM node.
If the active FortiGate-VM fails, what are the results of the API calls made by the FortiGate named SSTENTAZFGT-0302? (Choose two.)
A. SSTENTAZFGT-03-FloatingPIP public IP is assigned to NIC SSTENTAZFGT-0302-Nic-01
B. SSTENTAZFGT-03-FloatingPIP is assigned to the IP configuration with the name SSTENTAZFGT- 0302-Nic-01, under the network interface SSTENTAZFGT-0302-Nic-01
C. 172.29.32.71 is set as a next hop IP for all routes under FortigateUDR-01
D. The network interface of the active unit moves to itself
正解:B,C
質問 2:
Your administrator instructed you to deploy an Azure vWAN solution to create a connection between the main company site and branch sites to the other company VNETs.
What are the two best connection solutions available between your company headquarters, branch sites, and the Azure vWAN hub? (Choose two.)
A. ExpressRoute
B. VPN Gateway
C. An L2TP connection
D. SSL VPN connections
E. GRE tunnels
正解:A,B
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Refer to Exhibit. You are troubleshooting a Microsoft Azure SDN connector issue on your FortiGate VM in Azure.
Which three settings should you check while troubleshooting this problem? (Choose three.)
A. Ensure FortiGate port4 can resolve DNS.
B. Use the show vdom command to see hidden VDOMs.
C. Ensure FortiGate port1 has internet access
D. Ensure IP address 169.254.169.254 is not blocked
E. use the diag sys va command.
正解:A,C,D
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Which two Amazon Web Services (AWS) features do you use for the transit virtual private cloud (VPC) automation process to add new spoke N/PCs? (Choose two )
A. Amazon CloudWatch
B. Amazon S3 bucket
C. AWS Transit Gateway
D. AWS Security Hub
正解:A,C
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
Refer to the exhibit. A customer has deployed an environment in Amazon Web Services (AWS) and is now trying to send outbound traffic from the Web servers to the Internet. The FortiGate policies are configured to allow all outbound traffic; however, the traffic is not reaching the FortiGate internal interface.
What are two possible reasons for this behavior? (Choose two.)
A. The Internet gateway (IGW) is not added to VPC (virtual private cloud).
B. The web servers are not configured with the default gateway.
C. AWS source and destination checks are enabled on the FortiGate interfaces.
D. AWS security groups may be blocking the traffic.
正解:C,D
質問 6:
Refer to the exhibit. You are deploying a FortiGate-VM in Microsoft Azure using the PAYG/On- demand licensing model. After you configure the FortiGate-VM, the validation process fails, displaying the error shown in the exhibit.
What caused the validation process to fail?
A. You selected the Bring Your Own License (BYOL) licensing mode.
B. You selected the PAYG/On-demand licensing model, but did not associate a valid Azure subscription.
C. You selected the incorrect resource group.
D. You selected the PAYG/On-demand licensing model, but did not select correct virtual machine size.
正解:B
質問 7:
Refer to the exhibit. Which two conditions will enable you to segregate and secure the traffic between the hub and the spokes in Microsoft Azure? (Choose two.)
A. Use ExpressRoute to interconnect the hub VNets and spoke VNets.
B. Configure VNet peering between the spokes only.
C. Implement the FortiGate-VM network virtual appliance (NVA) in the hub and use user-defined routes (UDRs) in the spokes.
D. Configure VNet peering between the hub and spokes.
正解:C,D
井料** -
NSE7_PBC-7.2しっかり学習。教科書と過去問題 を一冊に集約。