Your customers have been reporting slow response times when accessing your web application. What are two possible ways to increase response times from web servers protected by FortiWeb Cloud? (Choose two.)
A.
Deploy FortiWeb Cloud in the same region where your web application is being hosted.
B.
Enable a content delivery network (CDN).
C.
Modify DNS entries to directly point to your web server.
D.
Disable WAF functionality.
Answer:
ab
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 2
Refer to the exhibit.
Which two statements are true about inbound traffic based on the IGW ingress route table and GWLB deployment shown in the exhibit? (Choose two.)
A.
GWLB forwards traffic to FortiGate without encapsulation in its dedicated subnet.
B.
Inbound traffic is directed to the GWLB through a GWLB endpoint.
C.
Inbound traffic is directed to the application subnet through a GWLB endpoint.
D.
GWLB encapsulates traffic with the GENEVE protocol and sends it to FortiGate.
Answer:
bd
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 3
AWS native network services offer vast functionality and inter-connectivity between the cloud and on-premises networks. Which three additional functions can FortiGate for AWS offer to complement the native services offered by AWS? (Choose three.)
A.
Higher VPN throughput
B.
Web filtering
C.
OSPF over IPSec
D.
Advanced dynamic routing
E.
Secure SD-WAN with application visibility
Answer:
abe
User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
0/ 1000
Question 4
You want to deploy the Fortinet HA CloudFormation template to stage and bootstrap the FortiGate configuration in the same region in which you created your VPC, which is Ohio US-East-2. Based on this information, which statement is correct?
A.
You create an S3 bucket to stage and bootstrap FortiGate with an FGCP unicast configuration. The S3 bucket can be hosted in any region.
B.
The Fortinet HA cloud formation template automatically creates an S3 bucket.
C.
You create an S3 bucket to stage and bootstrap FortiGate with an FGCP unicast configuration. The S3 bucket needs to be hosted in the Ohio US-East-2 region.
D.
You create a DynamoDB to stage and bootstrap FortiGate with an FGCP unicast configuration. It needs to be hosted in the Ohio US-East-2 region.
Answer:
c
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 5
You are troubleshooting network connectivity issues between two VMs deployed in AWS. One VM is a FortiGate located on subnet LAN that is part of the VPC Encryption. The other VM is a Windows server located on the subnet servers which is also in the Encryption VPC. You are unable to ping the Windows server from FortiGate. What are two reasons for this? (Choose two.)
A.
The firewall in the Windows VM is blocking the traffic.
B.
The default AWS Network Access Control List (NACL) does not allow this traffic.
C.
By default, AWS does not allow ICMP traffic between subnets.
D.
Add an inbound allow ICMP rule in the security group attached to the windows server.
Answer:
ad
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 6
An administrator wants to deploy a solution to automatically create firewall rules on FortiGate to accelerate time-to-protection for threats. Which AWS service can be integrated with FortiGate to accomplish this?
A.
AWS Firewall Manager
B.
AWS network access control list (NACL)
C.
SDN Connector for AWS
D.
AWS GuardDuty
Answer:
d
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 7
Which three statements correctly describe FortiGate Cloud-Native Firewall (CNF)? (Choose three.)
A.
It provides carrier-grade protection.
B.
It scales seamlessly.
C.
It uses AWS Elastic Load Balancing (ELB).
D.
It is considered to be a Firewall-as-a-Service (FWaaS).
E.
It can be managed by FortiManager and AWS firewall manager.
Answer:
abd
User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
0/ 1000
Question 8
Refer to the exhibit.
Traffic is initiated from the EC2 instance and is destined for the internet. Which traffic flow is correct?
A.
EC2 instance > NAT GW > IGW > internet
B.
There is no route to the internet in the Private Route Table. The traffic does not reach the internet.
C.
EC2 instance > GWLBe > NAT GW > IGW > internet
D.
EC2 instance > GWLBe > internet
Answer:
a
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 9
A customer is attempting to deploy an active-passive high availability (HA) cluster using the software-defined network (SDN) connector in the AWS cloud. What is an important consideration to ensure a successful formation of HA, failover, and traffic flow?
A.
Both cluster members must be in the same availability zone.
B.
VDOM exceptions must be configured.
C.
Unicast FortiGate Clustering Protocol (FGCP) must be used.
D.
Both cluster members must show as healthy in the elastic load balancer (ELB) configuration.
Answer:
c
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 10
Your company deployed a FortiSandbox for AWS. Which statement is correct about FortiSandbox for AWS?
A.
FortiSandbox for AWS comes as a hybrid solution. The FortiSandbox manager is installed on-premises and analyzes the results of the sandboxing process received from AWS EC2 instances.
B.
The FortiSandbox manager is installed on the AWS platform and analyzes the results of the sandboxing process received from on-premises Windows instances.
C.
FortiSandbox for AWS does not need more resources because it performs only management and analysis tasks.
D.
FortiSandbox deploys new EC2 instances with the custom Windows and Linux VMs, then it sends malware, runs it, and captures the results for analysis.