Weekend Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

FCP_WCS_AD-7.4 Exam Dumps - Fortinet Public Cloud Security Questions and Answers

Question # 4

You are troubleshooting network connectivity issues between two VMs deployed in AWS.

One VM is a FortiGate located on subnet "LAN" that is part of the VPC "Encryption". The other VM is a Windows server located on the subnet "servers" which is also in the "Encryption" VPC. You are unable to ping the Windows server from FortiGate.

What are two reasons for this? (Choose two.)

Options:

A.

The firewall in the Windows VM is blocking the traffic.

B.

The default AWS Network Access Control List (NACL) does not allow this traffic.

C.

By default, AWS does not allow ICMP traffic between subnets.

D.

Add an inbound allow ICMP rule in the security group attached to the windows server.

Buy Now
Question # 5

Refer to the exhibit.

A customer is using the AWS Elastic Load Balancer (ELB).

Which two statements are correct about the ELB configuration? (Choose two.)

Options:

A.

The load balancer is configured to load balance traffic among multiple availability zones.

B.

The Amazon Resource Name is used to access the load balancer node and targets.

C.

You can use the DNS name to reach the targets behind the ELB.

D.

The load balancer is configured for the internal traffic of the virtual public cloud (VPC).

Buy Now
Question # 6

A global organization with cloud networks deployed in several AWS regions wants to set up next-generation firewall (NGFW) protection using FortiGate Cloud-Native Firewall (CNF).

What are two deployment considerations for the organization? (Choose two.)

Options:

A.

They must choose AWS Firewall Manager to provision a CNF instance.

B.

A CNF instance is required for each AWS region that must be protected.

C.

More than one AWS account can be associated with a CNF instance.

D.

Only one CNF instance is required to protect all AWS regions.

Buy Now
Question # 7

Refer to the exhibit.

Traffic is initiated from the EC2 instance and is destined for the internet.

Which traffic flow is correct?

Options:

A.

EC2 instance > NAT GW > IGW > internet

B.

There is no route to the internet in the Private Route Table. The traffic does not reach the internet.

C.

EC2 instance > GWLBe > NAT GW > IGW > internet

D.

EC2 instance > GWLBe > internet

Buy Now
Question # 8

A cloud administrator is tasked with protecting web applications hosted in AWS cloud.

Which three Fortinet cloud offerings can the administrator choose from to accomplish the task? (Choose three.)

Options:

A.

AWS WAF

B.

FortiEDR

C.

FortiGate Cloud-Native Firewall (CNF)

D.

Fortinet Managed Rules for AWS WAF

E.

FortiWeb Cloud

Buy Now
Question # 9

An administrator must deploy a web application firewall (WAF) solution to protect the web applications of their organization.

Why would the administrator choose FortiWeb Cloud over AWS WAF with Fortinet managed rules?

Options:

A.

WAF signatures must be manually updated by FortiGuard.

B.

The solution must meet PCI 6.6 compliance.

C.

SSL inspection is a requirement.

D.

Traffic must be inspected for malware.

Buy Now
Question # 10

An organization has the requirement to connect a data VPC to the on-premises infrastructure of a branch office in a hybrid cloud environment. The connectivity needs the higher bandwidth but the organization does not want to use multiple connections between sites.

Which AWS solution meets the requirement?

Options:

A.

Transit VPC with IPSec

B.

Internet Gateway

C.

Transit Gateway multicast

D.

Transit Gateway Connect

Buy Now
Question # 11

An administrator wants to deploy a solution to automatically create firewall rules on FortiGate to accelerate time-to-protection for threats.

Which AWS service can be integrated with FortiGate to accomplish this?

Options:

A.

AWS Firewall Manager

B.

AWS network access control list

C.

SDN Connector for AWS

D.

AWS GuardDuty

Buy Now
Question # 12

A customer is attempting to deploy an active-passive high availability (HA) cluster using the software-defined network (SDN) connector in the AWS cloud.

What is an important consideration to ensure a successful formation of HA, failover, and traffic flow?

Options:

A.

Both cluster members must be in the same availability zone.

B.

VDOM exceptions must be configured.

C.

Unicast FortiGate Clustering Protocol (FGCP) must be used.

D.

Both cluster members must show as healthy in the elastic load balancer (ELB) configuration.

Buy Now
Question # 13

Refer to the exhibit.

Which two statements are true about inbound traffic based on the IGW ingress route table and GWLB deployment shown in the exhibit? (Choose two.)

Options:

A.

GWLB forwards traffic to FortiGate without encapsulation in its dedicated subnet.

B.

Inbound traffic is directed to the GWLB through a GWLB endpoint.

C.

Inbound traffic is directed to the application subnet through a GWLB endpoint.

D.

GWLB encapsulates traffic with the GENEVE protocol and sends it to FortiGate.

Buy Now
Exam Code: FCP_WCS_AD-7.4
Exam Name: FCP - AWS Cloud Security 7.4 Administrator Exam
Last Update: Feb 22, 2025
Questions: 35
FCP_WCS_AD-7.4 pdf

FCP_WCS_AD-7.4 PDF

$25.5  $84.99
 Add to Cart
FCP_WCS_AD-7.4 Engine

FCP_WCS_AD-7.4 Testing Engine

$28.5  $94.99
 Add to Cart
FCP_WCS_AD-7.4 PDF + Engine

FCP_WCS_AD-7.4 PDF + Testing Engine

$40.5  $134.99
 Add to Cart