Cloud_Forti

You are tasked with deploying FortiGate using Terraform. When you run the terraform version command during the Terraform installation, you get an error message. What could you do to resolve the command not found error?. You must move the binary file to the bin directory. You must reinstall Terraform. You must change the directory location to the root directory. You must assign correct permissions to the ec2-user.

What is the purpose of this section of an Azure Bicep file?. To restrict which FortiOS versions are accepted for deployment. To indicate the correct FortiOS upgrade path after deployment. To add a comment with the permitted FortiOS versions that can be deployed. To document the FortiOS versions in the resulting topology.

An administrator used the what-if tool to preview changes to an Azure Bicep file. What will happen if the administrator decides to apply these changes in Azure?. Subnet 10.0.1.0/24 will replace subnet 10.0.2.0/24. This deployment will fail and no changes will be applied. A new subnet will be added to ServerApps. The ServerApps VNet will be renamed.

An administrator installed a FortiWeb ingress controller to protect a containerized web application. What is the reason for the status shown in FortiView? (Choose one answer). The SDN connector is not authenticated correctly. The FortiWeb VM is missing a route to the node subnet. The manifest file deployed is configured with the wrong node IP addresses. The load balancing type is not set to round-robin.

You are investigating an attack path for a top risky host. You notice that the Common Vulnerability Scoring System (CVSS) and the vulnerability impact scores are very high. However, the attack path severity for the top risky host itself is low. Which two pieces of contextualized information can help you understand why? (Choose two answers). The FortiCNAPP risk score. The package status. The vulnerability score. The fix version.

An AWS administrator must ensure that each member of the cloud deployment team has the correct permissions to deploy and manage resources using CloudFormation. The administrator is researching which tasks must be executed with CloudFormation and therefore require CloudFormation permissions. Which task is run using CloudFormation?. Deploying a new pod with a service in an Elastic Kubernetes Service (EKS) cluster using the kubectl command. Installing a Helm chart to deploy a FortiWeb ingress controller in an EKS cluster. Creating an EKS cluster with the eksctl create cluster command. Changing the number of nodes in a EKS cluster from AWS CloudShell.

How does an administrator secure container environments in Amazon AWS from newly emerged security threats? (Choose one answer). Using Docker-related application control signatures. Using Amazon AWS-related application control signatures. Using distributed network-related application control signatures. Using Amazon AWS_S3-related application control signatures.

The exhibit shows a customer deployment of two Linux instances and their main routing table in Amazon Web Services (AWS). The customer also created a Transit Gateway (TGW) and two attachments. Which two steps are required to route traffic from Linux instances to the TGW? (Choose two answers). In the main subnet routing table in VPC A and B, add a new route with destination 0.0.0.0/0, next hop TGW.12. In the TGW route table, associate two attachments.34. In the TGW route table, add route propagation to 192.168.0.0/16.56. In the main subnet routing table in VPC A and B, add a new route with7 destination 0.0.0.0/0, next hop Internet 8gateway (IGW).

An administrator implements FortiWeb ingress controller to protect containerized web applications in an AWS Elastic Kubernetes Service (EKS) cluster. What can you conclude about the topology shown in FortiView?. The FortiWeb VM gets the latest cluster information through an SDN connector. This topology has two services and two ingress controllers deployed. Both services will be load balanced among the two nodes and the four pods. Adding a new service will update the FortiWeb configuration automatically.

You are troubleshooting a Microsoft Azure SDN connector issue on your FortiGate VM in Azure. Which command can you use to examine details about API calls sent by the connector?. diag debug application cloud-connector -1. diag test application azd 1. diag debug application azd -1. get system sdn-connector.

A FortiCNAPP administrator used the FortiCNAPP Explorer to reveal all hosts exposed to the internet that are running active packages with vulnerabilities of all severity levels. Why do only the first two results have an attack path? (Choose one answer). Attack paths are available only for AWS resources with public IP addresses. Attack paths are available only for AWS resources with high impact scores. Attack paths are available only for resources with potential multi-hop exposure. Attack paths are available only for resources that have critical vulnerabilities.

After the initial Terraform configuration in Microsoft Azure, the terraform plan command is run. Which two statements about running the terraform plan command are true? (Choose two.). The terraform plan command will deploy the rest of the resources except the service principle details. You cannot run the terraform apply command before the terraform plan command. The terraform plan command makes terraform do a dry run. You must run the terraform init command once, before the terraform plan command.

An administrator is configuring a software-defined network (SDN) connector in FortiWeb to dynamically obtain information about existing objects in an Amazon Elastic Kubernetes Service (EKS) cluster. Which AWS policy should the administrator attach to a user to achieve this goal?. AmazonEKSConnectorServiceRolePolicy. AmazonEKSComputePolicy. AmazonEKSServicePolicy. AmazonEKSClusterPolicy.

You are tasked to deploy a FortiGate VM with private and public subnets in Amazon Web Services (AWS). You examined the variables.tf file. Assume that all the other terraform files are in place. What will be the final result after running the terraform init and terraform apply commands? (Choose one answer). Terraform will not deploy a FortiGate VM. Terraform will deploy a FortiGate VM in the eu-West-1a availability zone without any subnets. Terraform will deploy a FortiGate VM in the eu-West-1 region with private and public subnets. Terraform will deploy a FortiGate VM in the eu-West-1a availability zone with two subnets and BYOL license.

You have deployed a Linux EC2 instance in Amazon Web Services (AWS) with the settings shown on the exhibit. What next step must the administrator take to access this instance from the internet?. Allocate an Elastic IP address and assign it to the instance. Create a VIP on FortiGate to allow access. Enable SSH and allocate it to the device. Configure the user name and password.

Which FortiCNP policy type generated the finding shown in the exhibit? (Choose one answer). This finding was generated by a data scan policy. This finding was generated by a threat detection policy. This finding was generated by a risk management policy. This finding was generated by a file collection policy.

You deployed an HA active-active load balance sandwich with two FortiGate VMs in Microsoft Azure. After the deployment, you prefer to use FGSP to synchronize sessions, and allow asymmetric return traffic. In the environment, FortiGate port 1 and port 2 are facing external and internal load balancers respectively. What IP address must you use in the peerip configuration?. The opposite FortiGate port 2 IP address. The public load balancer port 2 IP address. The internal load balancer port 1 IP address. The opposite FortiGate port 1 IP address.

An administrator would like to use FortiCNP to keep track of sensitive data files located in the Amazon Web Services (AWS) S3 bucket and protect it from malware. Which FortiCNP feature should the administrator use?. FortiCNP Threat Detection policies. FortiCNP Risk Management policies. FortiCNP Data Scan policies. FortiCNP Compliance policies.

Your DevOps team is evaluating different Infrastructure as Code (IaC) solutions for deploying complex Azure environments. What is an advantage of choosing Azure Bicep over other IaC tools available?. Azure Bicep generates deployment logs that are optimized to improve error handling. Azure Bicep provides immediate support for all Azure services, including those in preview. Azure Bicep requires less frequent schema updates than Azure Resource Manager (ARM) templates. Azure Bicep can reduce deployment costs by limiting resource utilization during testing.

A Network security administrator is searching for a solution to secure traffic going in and out of the container infrastructure. In which two ways can Fortinet container security help secure container infrastructures? (Choose two.). FortiGate NGFW can be placed between each application container for north-south traffic inspection. FortiGate NGFW can connect to the worker nodes and protect the containers. FortiGate NGFW and FortiWeb can be used to secure container traffic. FortiGate NGFW can inspect north-south container traffic with label aware policies.

An administrator is relying on an Azure Bicep linter to find possible issues in Bicep files. Which problem can the administrator expect to find?. The resources to be deployed exceed the quota for a region. Some resources are missing dependsOn statements. There are output statements that contain passwords. One or more modules are not using runtime values as parameters.

You are experiencing intermittent connectivity issues in a FortiGate HA cluster deployed with Azure gateway load balancer. Traffic is being dropped when it passes through the cluster. What is the cause of the issue? (Choose one answer)1. The FortiGate firewalls are using the default maximum transmission unit (M2TU) size supported by Azure. The Azure gateway load balancer is configured with an incorrect health probe port. The Azure gateway load balancer is blocking large packets, causing traffic failures. The protected VMs are running an application that fragments packets.

An administrator is looking for a solution that can provide insight into users and data stored in major SaaS applications in the multicloud environment. Which product should the administrator deploy to have secure access to SaaS applications? (Choose one answer). FortiSandbox. FortiCASB. FortiWeb. FortiSIEM.

A senior administrator in a multinational organization needs to include a comment in the template shown in the exhibit to ensure that administrators from other regions change the Amazon Machine Image (AMI) ID to one that is valid in their location. How can the administrator add the required comment in that section of the file?. The administrator can include the comment with the aws cloudformation update-stack command. The administrator must convert the template file to YAML format to add a comment. The administrator can add the comment starting with the # character next to the "Resources" section. The administrator must update the AWSTemplateFormatVersion to the latest version.