[Aug 14, 2025] Prepare For The NSE7_PBC-7.2 Question Papers In Advance
NSE7_PBC-7.2 PDF Dumps Real 2025 Recently Updated Questions
NEW QUESTION # 42
Your goal is to deploy resources in multiple places and regions in the public cloud using Terraform. What is the most efficient way to deploy resources without changing much of the Terraform code?
- A. Install and configure two Terraform staging servers to deploy resources.
- B. Use the provider. tf file to add all the new values
- C. Use multiple terraform.tfvars files With a variables.tf file.
- D. Use the variable, tf file and edit its values to match multiple resources
Answer: C
Explanation:
When deploying resources in multiple places and regions in the public cloud using Terraform, the most efficient way is: A. Use multiple terraform.tfvars files with a variables.tf file.
Terraform.tfvars File: This file is used to assign values to variables defined in your Terraform configuration. By having multiple .tfvars files, you can define different sets of values for different deployments, such as for different regions or environments, without changing the main configuration.
Variables.tf File: This file contains the definition of variables that will be used within your Terraform configuration. It works in conjunction with terraform.tfvars files, allowing you to parameterize your configuration so that you can deploy the same template in multiple environments with different variables.
NEW QUESTION # 43
Which two statements about Amazon Web Services (AWS) networking are correct? (Choose two.)
- A. 802.1q VLAN tags are allowed inside the same virtual private cloud.
- B. AWS DNS reserves the first host IP address of each subnet.
- C. Proxy ARP entries are disregarded.
- D. Multicast traffic is not allowed.
Answer: C,D
NEW QUESTION # 44
You are automating configuration changes on one of the FortiGate VMS using Linux Red Hat Ansible.
How does Linux Red Hat Ansible connect to FortiGate to make the configuration change?
- A. It uses a FortiGate internal or external IP address with TCP port 21
- B. It uses YAML
- C. It uses an API.
- D. It uses SSH as a connection method to FortiOS.
Answer: C
Explanation:
Ansible connects to FortiGate using an API, which is a method of communication between different software components. Ansible uses the fortios_* modules to interact with the FortiOS API, which is a RESTful API that allows configuration and monitoring of FortiGate devices.
Ansible can use either HTTP or HTTPS as the transport protocol, and can authenticate with either a username and password or an API token.
NEW QUESTION # 45
You must allow an SSH traffic rule in an Amazon Web Services (AWS) network access list (NACL) to allow SSH traffic to travel to a subnetfor temporary testing purposes. When you review the current inbound network ACL rules, you notice that rule number 5 demes SSH and telnet traffic to the subnet What can you do to allow SSH traffic?
- A. You must create a new allow SSH rule anywhere in the network ACL rule base to allow SSH traffic.
- B. You must create a new allow SSH rule above rule number 5-
- C. You do not have to create any NACL rules because the default security group rule automatically allows SSH traffic to the subnet.
- D. You must create a new allow SSH rule below rule number 5
Answer: B
Explanation:
Explanation
Network ACLs are stateless, and they evaluate each packet separately based on the rules that you define. The rules are processed in order, starting with the lowest numbered rule1. If the traffic matches a rule, the rule is applied and no further rules are evaluated1. Therefore, if you want to allow SSH traffic to a subnet, you must create a new allow SSH rule above rule number 5, which denies SSH and telnet traffic. Otherwise, the deny rule will take precedence and block the SSH traffic.
The other options are incorrect because:
Creating a new allow SSH rule below rule number 5 will not allow SSH traffic, because the deny rule will be evaluated first and block the traffic.
Creating a new allow SSH rule anywhere in the network ACL rule base will not guarantee that SSH traffic will be allowed, because it depends on the order of the rules. If the allow SSH rule is below the deny rule, it will not be effective.
You cannot rely on the default security group rule to allow SSH traffic to the subnet, because network ACLs act as an additional layer of security for your VPC. Even if your security group allows SSH traffic, your network ACL must also allow it. Otherwise, the traffic will be blocked at the subnet level.
NEW QUESTION # 46
Which statement about immutable infrastructure in automation is true?
- A. It is the practice of applying hotfixes and OS patches after deployment
- B. It is the practice of modifying the existing server configuration after it is deployed
- C. It is the practice of deploying a new server for every configuration change
- D. It is the practice of deploying two parallel servers for high availability.
Answer: C
Explanation:
The statement that best describes the concept of immutable infrastructure in the context of automation is:
A . It is the practice of deploying a new server for every configuration change.
Immutable Infrastructure Concept: This approach to infrastructure management involves replacing servers or components entirely rather than making changes to existing configurations once they are deployed. When a change is needed, a new server instance is provisioned with the desired configuration and the old one is decommissioned after the new one is successfully deployed and tested.
Benefits: Immutable infrastructure minimizes the risks associated with in-place updates, such as inconsistencies or failures due to configuration drift. It enhances reliability and predictability by ensuring that the deployed environment matches exactly what was tested in staging. This practice is particularly aligned with modern deployment strategies like blue/green or canary deployments.
NEW QUESTION # 47
Refer to the exhibit
You are tasked with deploying FortiGate using Terraform. When you run the terraform version command during the Terraform installation, you get an error message.
What could be the reason that you are getting the command not found error?
- A. You must change the directory location to the root directory
- B. You must move the binary file to the bin directory.
- C. You must reinstall Terraform
- D. You must assign correct permissions to the ec2-user.
Answer: B
Explanation:
According to the Terraform documentation for installing Terraform on Linux1, you need to download a zip archive that contains a single binary file called terraform. You need to unzip the archive and move the binary file to a directory that is included in your system's PATH environment variable, such as /usr/local/bin. This way, you can run the terraform command from any directory without specifying the full path1.
If you do not move the binary file to the bin directory, you will get a command not found error when you try to run the terraform version command, as shown in the screenshot. To fix this error, you need to move the binary file to the bin directory or specify the full path of the binary file when running the command1.
1: Install Terraform | Terraform - HashiCorp Learn
NEW QUESTION # 48
Which two attachments are necessary to connect a transit gateway to an existing VPC with BGP?
(Choose two )
- A. A connect attachment
- B. A transport attachment
- C. A GRE attachment
- D. A BGP attachment
Answer: A,B
Explanation:
A transport attachment and a connect attachment are necessary to connect a transit gateway to an existing VPC with BGP. According to the AWS documentation for Transit Gateway, a transit gateway is a network transit hub that connects VPCs and on-premises networks. To connect a transit gateway to an existing VPC with BGP, you need to do the following steps:
- Create a transport attachment. A transport attachment is a resource that connects a VPC or VPN to a transit gateway. You can specify the BGP options for the transport attachment, such as the autonomous system number (ASN) and the BGP peer IP address.
- Create a connect attachment. A connect attachment is a resource that enables you to use your own appliance to provide network services for traffic that flows through the transit gateway. You can use a connect attachment to route traffic between the transport attachment and your appliance using GRE tunnels and BGP.
NEW QUESTION # 49
An administrator would like to keep track of sensitive data files located in the Amazon Web Services (AWS) S3 bucket and protect it from malware. Which Fortinet product or feature should the administrator use?
- A. FortiCNP compliance scanning policies
- B. FortiCNP DLP policies
- C. FortiCNP web sensitive polices
- D. FortiCNP application control policies
Answer: B
Explanation:
To keep track of sensitive data files located in AWS S3 buckets and protect them from malware, the administrator should use:
C:FortiCNP DLP policies.
* Data Loss Prevention (DLP):DLP policies are designed to detect and prevent unauthorized access or sharing of sensitive data. In the context of AWS S3, DLP policies can be used to scan for sensitive information stored in S3 objects and enforce protective measures to prevent data exfiltration or compromise.
* FortiCNP Integration:FortiCNP is Fortinet's cloud-native protection platform that offers security and compliance solutions across cloud environments. By applying DLP policies within FortiCNP, the administrator can ensure sensitive data within S3 is monitored and protected consistently.
References:Fortinet's FortiCNP documentation provides information on implementing DLP policies within cloud environments, highlighting the capabilities for protecting sensitive data within cloud storage services like AWS S3.
NEW QUESTION # 50
Refer to the exhibit
You deployed an HA active-passive FortiGate VM in Microsoft Azure.
Which two statements regarding this particular deployment are true? (Choose two.)
- A. During the failover, the passive FortiGate issues API calls to Azure
- B. There is no SLA for API calls from Microsoft Azure.
- C. By default, the configuration does not synchromze between the primary and secondary devices.
- D. Use the vdom-excepticn command to synchronize the configuration.
Answer: A,C
Explanation:
A is correct because in this deployment, the passive FortiGate issues API calls to Azure to update the routing table and the public IP address of the active FortiGate123. This way, the traffic is redirected to the new active FortiGate after a failover.
B is incorrect because the vdom-exception command is used to exclude specific VDOMs from being synchronized in an HA cluster.This command is not related to this deployment scenario.
C is incorrect because Microsoft Azure does provide an SLA for API calls. According to the Azure Service Level Agreements, the API Management service has a monthly uptime percentage of at least
99.9% for the standard tier and higher.
D is correct because by default, the configuration is not synchronized between the primary and secondary devices in this deployment. The administrator needs to manually enable configuration synchronization on both devices123. Alternatively, the administrator can use FortiManager to manage and synchronize the configuration of both devices4.
NEW QUESTION # 51
Refer to the exhibit
A customer has deployed an environment in Amazon Web Services (AWS) and is now trying to send outbound traffic from the Linux1 and Linux2 instances to the internet through the security VPC (virtual private cloud). The FortiGate policies are configured to allow all outbound traffic; however, the traffic is not reaching the FortiGate internal interface. Assume there are no issues with the Transit Gateway (TGW) configuration Which two settings must the customer add to correct the issue? (Choose two.)
- A. Both landing subnets in the security VPC must have a 0.0.0.0/0 traffic route to the FortiGate port2.
- B. Both landing subnets in the spoke VPCs must have a 0.0 00/0 traffic route to the TGW
- C. Both landing subnets in the spoke VPCs must have a 0.0.0.0/0 traffic route to the Internet Gateway (IOW).
- D. The four landing subnets in all the VPCs must have a 0.0 0 0/0 traffic route to the TGW
Answer: A,B
Explanation:
Explanation
The correct answer is B and C. Both landing subnets in the spoke VPCs must have a 0.0.0.0/0 traffic route to the TGW. Both landing subnets in the security VPC must have a 0.0.0.0/0 traffic route to the FortiGate port2.
According to the AWS documentation for Transit Gateway, a transit gateway is a network transit hub that connects VPCs and on-premises networks. To send outbound traffic from the Linux instances to the internet through the security VPC, you need to do the following steps:
In the main subnet routing table in the spoke VPCs, add a new route with destination 0.0.0.0/0, next hop TGW. This route directs all traffic from the Linux instances to the TGW, which can then forward it to the appropriate destination based on the TGW route table.
In the main subnet routing table in the security VPC, add a new route with destination 0.0.0.0/0, next hop FortiGate port2. This route directs all traffic from the TGW to the FortiGate internal interface, where it can be inspected and allowed by the FortiGate policies.
The other options are incorrect because:
Adding a 0.0.0.0/0 traffic route to the Internet Gateway (IGW) in the spoke VPCs is not correct, as this would bypass the TGW and the security VPC and send all traffic directly to the internet.
Adding a 0.0.0.0/0 traffic route to the TGW in all the VPCs is not necessary, as only the spoke VPCs need to send traffic to the TGW. The security VPC needs to send traffic to the FortiGate port2.
Transit Gateways - Amazon Virtual Private Cloud:Fortinet Documentation Library - Deploying FortiGate VMs on AWS
NEW QUESTION # 52
A customer would like to use FortiGate fabric integration With FortiCNP When configuring a FortiGate VM to add to FortiCNP, which three mandatory configuration steps must you follow on FortiGate? (Choose three.)
- A. Enable two-factor authentication.
- B. Create an SSL]SSH inspection profile.
- C. Create and IPS sensor and a firewall policy
- D. Create an IPsec tunnel.
- E. Enable send logs-
Answer: B,C,E
Explanation:
Explanation
To configure a FortiGate VM to add to FortiCNP, you need to perform three steps on FortiGate:
Enable send logs in FortiGate to allow FortiCNP to receive the IPS logs from FortiGate.
Create an SSL/SSH inspection profile on FortiGate to inspect the encrypted traffic and apply IPS protection.
Create an IPS sensor and a firewall policy on FortiGate to enable IPS detection and prevention for the traffic.
References:
FortiCNP 22.4.a Administration Guide, page 22-24
FortiGate IPS Administration Guide, page 9-10
NEW QUESTION # 53
Your administrator instructed you to deploy an Azure vWAN solution to create a connection between the main company site and branch sites to the other company VNETs.
What are the two best connection solutions available between your company headquarters, branch sites, and the Azure vWAN hub? (Choose two.)
- A. ExpressRoute
- B. An L2TP connection
- C. SSL VPN connections
- D. VPN Gateway
- E. GRE tunnels
Answer: A,D
Explanation:
The two best connection solutions available between your company headquarters, branch sites, and the Azure vWAN hub are A. ExpressRoute and E. VPN Gateway.
According to the Azure documentation for Virtual WAN, ExpressRoute and VPN Gateway are two of the supported connectivity options for connecting your on-premises sites and Azure virtual networks to the Azure vWAN hub1. These options provide secure, reliable, and high-performance connectivity for your network traffic.
ExpressRoute is a service that lets you create private connections between your on-premises sites and Azure.ExpressRoute connections do not go over the public internet, and offer more reliability, faster speeds, lower latencies, and higher security than typical connections over the internet2.
VPN Gateway is a service that lets you create encrypted connections between your on-premises sites and Azure over the internet using IPsec/IKE protocols.VPN Gateway also supports point-to-site VPN connections for individual clients using OpenVPN or IKEv2 protocols3.
The other options are incorrect because:
* GRE tunnels are not a supported connectivity option for Azure vWAN. GRE is a protocol that encapsulates packets for tunneling purposes.GRE tunnels are established between the connect attachment and your appliance in Azure vWAN4.
* SSL VPN connections are not a supported connectivity option for Azure vWAN. SSL VPN is a type of VPN that uses the Secure Sockets Layer (SSL) protocol to secure the connection between a client and a server.SSL VPN is not compatible with the Azure vWAN hub5.
* An L2TP connection is not a supported connectivity option for Azure vWAN. L2TP is a protocol that creates a tunnel between two endpoints at the data link layer (Layer 2) of the OSI model.L2TP is not compatible with the Azure vWAN hub.
1:Azure Virtual WAN Overview | Microsoft Learn2: [ExpressRoute overview - Azure ExpressRoute | Microsoft Docs]3: [VPN Gateway - Virtual Networks | Microsoft Azure]4: [Transit Gateway Connect - Amazon Virtual Private Cloud]5: [SSL VPN - Wikipedia] : [Layer 2 Tunneling Protocol - Wikipedia]
NEW QUESTION # 54
You are tasked with deploying a FortiGate HA solution in Amazon Web Services (AWS) using Terraform What are two steps you must take to complete this deployment? (Choose two.)
- A. Enable automation on the AWS portal.
- B. Create an AWS Active Directory user with permissions.
- C. Create an AWS Identity and Access Management (IAM) user With permissions.
- D. Use CloudSheIl to install Terraform.
Answer: C,D
Explanation:
To deploy a FortiGate HA solution in AWS using Terraform, you need to create an AWS IAM user with permissions to access the AWS resources and services required by the FortiGate-VM. You also need to use CloudShell to install Terraform, which is a tool for building, changing, and versioning infrastructure as code.
References:
* Deploying FortiGate-VM using Terraform | AWS Administration Guide
* Setting up IAM roles | AWS Administration Guide
* Launching the instance using roles and user data | AWS Administration Guide
* Terraform by HashiCorp
NEW QUESTION # 55
A Network security administrator is searching for a solution to secure traffic going in and out of the container infrastructure.
In which two ways can Fortinet container security help secure container infrastructure?(Choose two.)
- A. FortiGate NGFW can connect to the worker node and protects the container-
- B. FortiGate NGFW can inspect north-south container traffic with label aware policies
- C. FortiGate NGFW and FortiSandbox can be used to secure container traffic
- D. FortiGate NGFW can be placed between each application container for north-south traffic inspection
Answer: B,C
Explanation:
Explanation
The correct answer is C and D. FortiGate NGFW can inspect north-south container traffic with label aware policies and FortiGate NGFW and FortiSandbox can be used to secure container traffic.
According to the Fortinet documentation for container security1, FortiGate NGFW can provide the following benefits for securing container infrastructure:
It can inspect north-south traffic between containers and external networks using label aware policies, which allow for dynamic policy enforcement based on Kubernetes labels and metadata.
It can integrate with FortiSandbox to provide advanced threat protection for container traffic, by sending suspicious files or URLs to a cloud-based sandbox for analysis and detection.
It can leverage FortiGuard Security Services to provide real-time threat intelligence and updates for container traffic, such as antivirus, web filtering, IPS, and application control.
The other options are incorrect because:
FortiGate NGFW cannot be placed between each application container for north-south traffic inspection, as this would create unnecessary complexity and overhead. Instead, FortiGate NGFW can be deployed at the edge of the container network or as a sidecar proxy to inspect traffic at the ingress and egress points.
FortiGate NGFW cannot connect to the worker node and protect the container, as this would not provide sufficient visibility and control over the container traffic. Instead, FortiGate NGFW can leverage the native Kubernetes APIs and services to monitor and secure the container traffic.
1:Fortinet Documentation Library - Container Security
NEW QUESTION # 56
Which two Amazon Web Services (AWS) features support east-west traffic inspection within the AWS cloud by the FortiGate VM? (Choose two.)
- A. A transit VPC
- B. A transit gateway with an attachment
- C. A NAT gateway with an EIP
- D. An Internet gateway with an EIP
Answer: A,B
Explanation:
The correct answer is B and D. A transit gateway with an attachment and a transit VPC support east-west traffic inspection within the AWS cloud by the FortiGate VM.
According to the Fortinet documentation for Public Cloud Security, a transit gateway is a network transit hub that connects VPCs and on-premises networks. A transit gateway attachment is a resource that connects a VPC or VPN to a transit gateway.By using a transit gateway with an attachment, you can route traffic from your spoke VPCs to your security VPC, where the FortiGate VM can inspect the traffic1.
A transit VPC is a VPC that serves as a global network transit center for connecting multiple VPCs, remote networks, and virtual private networks (VPNs).By using a transit VPC, you can deploy the FortiGate VM as a virtual appliance that provides network security and threat prevention for your VPCs2.
The other options are incorrect because:
* A NAT gateway with an EIP is a service that enables instances in a private subnet to connect to the internet or other AWS services, but prevents the internet from initiating a connection with those instances.A NAT gateway with an EIP does not support east-west traffic inspection within the AWS cloud by the FortiGate VM3.
* An Internet gateway with an EIP is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet.An Internet gateway with an EIP does not support east-west traffic inspection within the AWS cloud by the FortiGate VM4.
1:Fortinet Documentation Library - Deploying FortiGate VMs on AWS2: [Fortinet Documentation Library - Transit VPC on AWS]3: [NAT Gateways - Amazon Virtual Private Cloud]4: [Internet Gateways - Amazon Virtual Private Cloud]
NEW QUESTION # 57
Refer to the exhibit
The exhibit shows a customer deployment of two Linux instances and their main routing table in Amazon Web Services (AWS). The customer also created a Transit Gateway (TGW) and two attachments Which two steps are required to route traffic from Linux instances to the TGWQ (Choose two.)
- A. In the main subnet routing table in VPC A and B, add a new route with destination 0_0.0.0/0, next hop Internet gateway(IGW).
- B. In the TGW route table, add route propagation to 192.168.0 0/16
- C. In the main subnet routing table in VPC A and B, add a new route with destination 0_0.0.0/0, next hop TGW.
- D. In the TGW route table, associate two attachments.
Answer: C,D
Explanation:
According to the AWS documentation for Transit Gateway, a Transit Gateway is a network transit hub that connects VPCs and on-premises networks. To route traffic from Linux instances to the TGW, you need to do the following steps:
* In the TGW route table, associate two attachments. An attachment is a resource that connects a VPC or VPN to a Transit Gateway. By associating the attachments to the TGW route table, you enable the TGW to route traffic between the VPCs and the VPN.
* In the main subnet routing table in VPC A and B, add a new route with destination 0_0.0.0/0, next hop TGW. This route directs all traffic from the Linux instances to the TGW, which can then forward it to the appropriate destination based on the TGW route table.
The other options are incorrect because:
* In the TGW route table, adding route propagation to 192.168.0 0/16 is not necessary, as this is already the default route for the TGW. Route propagation allows you to automatically propagate routes from your VPC or VPN to your TGW route table.
* In the main subnet routing table in VPC A and B, adding a new route with destination 0_0.0.0/0, next hop Internet gateway (IGW) is not correct, as this would bypass the TGW and send all traffic directly to the internet. An IGW is a VPC component that enables communication between instances in your VPC and the internet.
[Transit Gateways - Amazon Virtual Private Cloud]
NEW QUESTION # 58
Refer to the exhibit. You attempted to access the Linux1 EC2 instance directly from the internet using its public IP address in AWS.
However, your connection is not successful.
Given the network topology, what can be the issue?
- A. The Transit Gateway BGP IP address is incorrect.
- B. There is no elastic IP address attached to FortiGate in the Security VPC.
- C. There is no internet gateway attached to the Spoke VPC A.
- D. There is no connection between VPC A and VPC B.
Answer: C
Explanation:
This is because the Linux1 EC2 instance is not accessible directly from the internet using its public IP address in AWS.
An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet. Without an internet gateway, the Linux1 EC2 instance cannot receive or send traffic to or from the internet, even if it has a public IP address assigned to it.
To fix this issue, you need to attach an internet gateway to the Spoke VPC A and configure a route table that directs internet-bound traffic to the internet gateway. You also need to ensure that the Linux1 EC2 instance has a security group that allows inbound and outbound traffic on the desired ports.
NEW QUESTION # 59
Refer to the exhibit
An administrator deployed an HA active-active load balance sandwich in Microsoft Azure. The setup requires configuration synchronization between devices- What are two outcomes from the configured settings? (Choose two.)
- A. By default, FortiGate uses FGCP
- B. It does not synchronize the FortiGate hostname
- C. FortiGate-VM instances are scaled out automatically according to predefined workload levels.
- D. FortiGate A and FortiGate B are two independent devices.
Answer: B,D
Explanation:
Explanation
B: FortiGate A and FortiGate B are two independent devices. This means that they are not part of a cluster or a high availability group, and they do not share the same configuration or state information. They are configured as standalone FortiGates with standalone configuration synchronization enabled1. This feature allows them to synchronize most of their configuration settings with each other, except for some settings that identify the FortiGate to the network, such as the hostname1. D. It does not synchronize the FortiGate hostname. This is one of the settings that are excluded from the standalone configuration synchronization, as mentioned above. The hostname is a unique identifier for each FortiGate device, and it should not be changed by the synchronization process1.
The other options are incorrect because:
FortiGate-VM instances are not scaled out automatically according to predefined workload levels. This is a feature of the auto scaling solution for FortiGate-VM on Azure, which requires a different deployment and configuration than the one shown in the exhibit2. The exhibit shows a static deployment of two FortiGate-VM instances behind an Azure load balancer, which does not support auto scaling.
By default, FortiGate does not use FGCP. FGCP stands for FortiGate Clustering Protocol, which is used to synchronize configuration and state information between FortiGate devices in a cluster or a high availability group3. However, the exhibit shows that the FortiGates are not in a cluster or a high availability group, and they use standalone configuration synchronization instead of FGCP.
NEW QUESTION # 60
Which statement about Transit Gateway (TGW) in Amazon Web Services (AWS) is true?
- A. A TGW attachment can be associated with multiple TGW route tables.
- B. The TGW default route table cannot be disabled.
- C. TGW can have multiple TGW route tables.
- D. Both the TGW attachment and propagation must be in the same TGW route table
Answer: C
Explanation:
Explanation
According to the AWS documentation for Transit Gateway, a transit gateway is a network transit hub that connects VPCs and on-premises networks. A transit gateway route table is a set of rules that determines how traffic is routed among the attachments to the transit gateway1.
A transit gateway can have multiple route tables, and you can associate different attachments with different route tables. This allows you to control how traffic is routed between your VPCs and VPNs based on your network design and security requirements1.
The other options are incorrect because:
Both the TGW attachment and propagation must be in the same TGW route table is not true. You can associate an attachment with one route table and enable propagation from another attachment to a different route table. This allows you to separate the routing domains for your attachments1.
A TGW attachment can be associated with multiple TGW route tables is not true. You can only associate an attachment with one route table at a time. However, you can change the association at any time1.
The TGW default route table cannot be disabled is not true. You can disable the default route table by deleting all associations and propagations from it. However, you cannot delete the default route table itself1.
1: Transit Gateways - Amazon Virtual Private Cloud
NEW QUESTION # 61
Refer to the exhibit. You are tasked with deploying FortiGate using Terraform. When you run the terraform version command during the Terraform installation, you get an error message.
What could be the reason that you are getting the command not found error?
- A. You must change the directory location to the root directory
- B. You must move the binary file to the bin directory.
- C. You must reinstall Terraform
- D. You must assign correct permissions to the ec2-user.
Answer: B
Explanation:
According to the Terraform documentation for installing Terraform on Linux, you need to download a zip archive that contains a single binary file called terraform. You need to unzip the archive and move the binary file to a directory that is included in your system's PATH environment variable, such as /usr/local/bin. This way, you can run the terraform command from any directory without specifying the full path.
If you do not move the binary file to the bin directory, you will get a command not found error when you try to run the terraform version command, as shown in the screenshot. To fix this error, you need to move the binary file to the bin directory or specify the full path of the binary file when running the command.
NEW QUESTION # 62
You are adding more spoke VPCs to an existing hub and spoke topology Your goal is to finish this task in the minimum amount of time without making errors.
Which Amazon AWS services must you subscribe to accomplish your goal?
- A. GuardDuty, CloudWatch
- B. Inspector, S3
- C. CloudWatch, S3
- D. WAF, DynamoDB
Answer: C
Explanation:
The correct answer is D. CloudWatch and S3.
According to the GitHub repository for the Fortinet aws-lambda-tgw script1, this function requires the following AWS services:
* CloudWatch: A monitoring and observability service that collects and processes events from various AWS resources, including Transit Gateway attachments and route tables.
* S3: A scalable object storage service that can store the configuration files and logs generated by the Lambda function.
By using the Fortinet aws-lambda-tgw script, you can automate the creation and configuration of Transit Gateway Connect attachments for your FortiGate devices.This can help you save time and avoid errors when adding more spoke VPCs to an existing hub and spoke topology1.
The other AWS services mentioned in the options are not required for this task. GuardDuty is a threat detection service that monitors for malicious and unauthorized behavior to help protect AWS accounts and workloads. WAF is a web application firewall that helps protect web applications from common web exploits.
Inspector is a security assessment service that helps improve the security and compliance of applications deployed on AWS. DynamoDB is a fast and flexible NoSQL database service that can store various types of data.
1:GitHub - fortinet/aws-lambda-tgw
NEW QUESTION # 63
......
NSE7_PBC-7.2 Dumps and Practice Test (91 Exam Questions): https://www.topexamcollection.com/NSE7_PBC-7.2-vce-collection.html
Released Fortinet NSE7_PBC-7.2 Updated Questions PDF: https://drive.google.com/open?id=1CYYZ8_neS8oIa2x3m9o3-CJFbNVCo60s

