Fortinet fcp wcs ad 7 4 practice test

Refer to the exhibit.

Which statement is correct about the VPC peering connections shown in the exhibit?

• A. To route packets directly from VPC B to VPC C through VPC A, you must add a route for network 192.168.0.0/16 in the VPC A routing table.
• B. You cannot route packets directly from VPC B to VPC C through VPC A.
• C. You can associate VPC ID pcx-23232323 with VPC B to form a VPC peering connection between VPC B and VPC C.
• D. You cannot create a separate VPC peering connection between VPC B and VPC C to route packets directly.

Your organization is deciding between deploying an active-active (A-A) or active-passive (A-P) FortiGate high availability (HA) cluster in AWS cloud.
Which two statements are true about A-A clusters compared to A-P clusters? (Choose two.)

• A. For A-A clusters, FortiGate must perform SNAT inbound to ensure symmetric traffic flow.
• B. A-A clusters rely on API calls for failovers.
• C. A-A clusters always require a load balancer.
• D. A-A clusters can use a software-defined network (SDN) to perform a failover.

An organization has the requirement to connect a data VPC to the on-premises infrastructure of a branch office in a hybrid cloud environment. The connectivity needs the higher bandwidth but the organization does not want to use multiple connections between sites.
Which AWS solution meets the requirement?

• A. Transit VPC with IPSec
• B. Internet Gateway
• C. Transit Gateway multicast
• D. Transit Gateway Connect

A customer has deployed FortiGate Cloud-Native Firewall (CNF).
Which two statements are correct about policy sets? (Choose two.)

• A. There is an implicit deny rule at the bottom of the policy set.
• B. The policy set must be manually synchronized to the CNF instance each time it is modified.
• C. A new policy set is created with each deployed CNF instance.
• D. Multiple policy sets can be applied to a single CNF instance.

Refer to the exhibit.

What two conclusions can you draw from the FortiGate debug output? (Choose two.)

• A. The dynamic address object is automatically updated if the IP changes.
• B. The address object AWS Windows Server Lab can be manually changed on FortiGate.
• C. The SDN connector is correctly configured and authorized.
• D. The AWS user account used for software-defined network (SDN) integration must have full administrative rights.

Refer to the exhibit.

A customer is using the AWS Elastic Load Balancer (ELB).
Which two statements are correct about the ELB configuration? (Choose two.)

• A. The load balancer is configured to load balance traffic among multiple availability zones.
• B. The Amazon Resource Name is used to access the load balancer node and targets.
• C. You can use the DNS name to reach the targets behind the ELB.
• D. The load balancer is configured for the internal traffic of the virtual public cloud (VPC).

Refer to the exhibit.

Which two statements are correct about traffic flow in FortiWeb Cloud? (Choose two.)

• A. The DNS name for the application servers must point to FortiWeb Cloud.
• B. FortiWeb Cloud filters the incoming traffic from users, blocking the OWASP Top 10 attacks, zero-day threats, and other application layer attacks.
• C. FortiWeb Cloud can protect the application servers only if they are all located in the same virtual public cloud (VPC).
• D. Step 2 requires an AWS S3 bucket to be created.

Refer to the exhibit.

An administrator configured a FortiGate device to connect to the AWS API to retrieve resource values from the AWS console to create dynamic objects for the FortiGate policies. The administrator is unable to retrieve AWS dynamic objects on FortiGate.
Which two reasons can explain why? (Choose two.)

• A. The AWS API call is not supported on XML version 1.0.
• B. AWS was not able to validate credentials provided by the AWS Lab SDN connector because of a clock skew between FortiGate and AWS.
• C. The AWS Lab SDN connector is configured with an invalid AWS access or secret key.
• D. The AWS Lab SDN connector failed to connect on port 401.
• E. The AWS Lab SDN did not find any instances in the configured VPC.

A customer has implemented GWLB between the partner and application VPCs. FortiGate appliances are deployed in the partner VPC with multiple AZs to inspect traffic transparently.
Which two things will happen to application traffic based on the GWLB deployment? (Choose two.)

• A. Inbound and outbound traffic will go to multiple devices, which will perform load balancing.
• B. Inbound and outbound traffic will go to the same device, which will perform stateful processing.
• C. The content of the original traffic exchanged between the GWLB and FortiGate will be preserved.
• D. The original traffic exchanged between the GWLB and FortiGate will be hashed for data integrity.

A global organization with cloud networks deployed in several AWS regions wants to set up next-generation firewall (NGFW) protection using FortiGate Cloud-Native Firewall (CNF).
What are two deployment considerations for the organization? (Choose two.)

• A. They must choose AWS Firewall Manager to provision a CNF instance.
• B. A CNF instance is required for each AWS region that must be protected.
• C. More than one AWS account can be associated with a CNF instance.
• D. Only one CNF instance is required to protect all AWS regions.