• Home
  • Articles
  • [Nov-2021] NSE7_PBC-6.4 exam torrent Fortinet study guide [Q15-Q37]

[Nov-2021] NSE7_PBC-6.4 exam torrent Fortinet study guide [Q15-Q37]

Share

[Nov-2021] NSE7_PBC-6.4 exam torrent Fortinet study guide

Use Valid New NSE7_PBC-6.4 Test Notes & NSE7_PBC-6.4 Valid Exam Guide

NEW QUESTION 15
What is the bandwidth limitation of an Amazon Web Services (AWS) transit gateway VPC attachment?

  • A. Up to 10 Gbps per attachment
  • B. Up to 1 Gbps per attachment
  • C. Up to 1.25 Gbps per attachment
  • D. Up to 50 Gbps per attachment

Answer: C

 

NEW QUESTION 16
You have previously deployed an Amazon Web Services (AWS) transit virtual private cloud (VPC) with a pair of FortiGate firewalls (VM04 / c4.xlarge) as your security perimeter. You are beginning to see high CPU usage on the FortiGate instances.
Which action will fix this issue?

  • A. Convert from IPsec tunnels to generic routing encapsulation (GRE) tunnels, for the VPC peering connections.
  • B. Migrate the transit VPNs to new and larger instances (VM08 / c4.2xlarge).
  • C. Convert the transit VPC firewalls into an auto-scaling group and launch additional EC2 instances in that group.
  • D. Convert the c4.xlarge instances to m4.xlarge instances.

Answer: C

 

NEW QUESTION 17
Refer to the exhibit.

A customer has deployed an environment in Amazon Web Services (AWS) and is now trying to send outbound traffic from the Web servers to the Internet. The FortiGate policies are configured to allow all outbound traffic; however, the traffic is not reaching the FortiGate internal interface.
What are two possible reasons for this behavior? (Choose two.)

  • A. The Internet gateway (IGW) is not added to VPC (virtual private cloud).
  • B. AWS source and destination checks are enabled on the FortiGate interfaces.
  • C. AWS security groups may be blocking the traffic.
  • D. The web servers are not configured with the default gateway.

Answer: C,D

 

NEW QUESTION 18
An organization deployed a FortiGate-VM in the Google Cloud Platform and initially configured it with two vNICs. Now, the same organization wants to add additional vNICs to this existing FortiGate-VM to support different workloads in their environment.
How can they do this?

  • A. They cannot create and add additional vNICs to an existing FortiGate-VM.
  • B. They can create additional vNICs in the UI console.
  • C. They can use the Compute Engine API Explorer.
  • D. They can create additional vNICs using the Cloud Shell.

Answer: C

 

NEW QUESTION 19
Refer to the exhibit.

In your Amazon Web Services (AWS) virtual private cloud (VPC), you must allow outbound access to the internet and upgrade software on an EC2 instance, without using a NAT instance. This specific EC2 instance is running in a private subnet: 10.0.1.0/24.
Also, you must ensure that the EC2 instance source IP address is not exposed to the public internet. There are two subnets in this VPC in the same availability zone, named public (10.0.0.0/24) and private (10.0.1.0/24).
How do you achieve this outcome with minimum configuration?

  • A. Deploy a NAT gateway with an EIP in the private subnet, edit the public main routing table, and change the destination route 0.0.0.0/0 to the target NAT gateway.
  • B. Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Public-route, and delete the route destination 10.0.0.0/16 to target local.
  • C. Deploy a NAT gateway with an EIP in the private subnet, edit route tables, select Private-route, and add a new route destination 0.0.0.0/0 to the target internet gateway.
  • D. Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Private-route and add a new route destination 0.0.0.0/0 to target the NAT gateway.

Answer: C

 

NEW QUESTION 20
Which three properties are configurable Microsoft Azure network security group rule settings? (Choose three.)

  • A. Action
  • B. Destination port ranges
  • C. Source port ranges
  • D. Sequence number
  • E. Source and destination IP ranges

Answer: A,B,C

Explanation:
Explanation/Reference: https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

 

NEW QUESTION 21

Refer to the exhibit. Which two conditions will enable you to segregate and secure the traffic between the hub and the spokes in Microsoft Azure? (Choose two.)

  • A. Implement the FortiGate-VM network virtual appliance (NVA) in the hub and use user-defined routes (UDRs) in the spokes.
  • B. Configure VNet peering between the hub and spokes.
  • C. Use ExpressRoute to interconnect the hub VNets and spoke VNets.
  • D. Configure VNet peering between the spokes only.

Answer: B,C

 

NEW QUESTION 22
A company deployed a FortiGate-VM with an on-demand license using Amazon Web Services (AWS) Market Place Cloud Formation template. After deployment, the administrator cannot remember the default admin password.
What is the default admin password for the FortiGate-VM instance?

  • A. The admin password cannot be recovered and the customer needs to deploy the FortiGate-VM again.
  • B. <blank>
  • C. The instance-ID value
  • D. admin

Answer: C

Explanation:
Explanation/Reference: https://docs.fortinet.com/document/fortigate/6.2.0/aws-cookbook/828256/connecting-to-the- fortigate-vm

 

NEW QUESTION 23
What is the bandwidth limitation of an Amazon Web Services (AWS) transit gateway VPC attachment?

  • A. Up to 10 Gbps per attachment
  • B. Up to 1 Gbps per attachment
  • C. Up to 1.25 Gbps per attachment
  • D. Up to 50 Gbps per attachment

Answer: C

Explanation:
Explanation/Reference: https://d1.awsstatic.com/whitepapers/building-a-scalable-and-secure-multi-vpc-aws-network- infrastructure.pdf (5)

 

NEW QUESTION 24
You have been asked to develop an Azure Resource Manager infrastructure as a code template for the FortiGate-VM, that can be reused for multiple deployments. The deployment fails, and errors point to the storageAccount name.
Which two are restrictions for a storageAccount name in an Azure Resource Manager template? (Choose two.)

  • A. The uniqueString() function must be used.
  • B. The storageAccount name must contain between 3 and 24 alphanumeric characters.
  • C. The storageAccount name must be in lowercase.
  • D. The storageAccount name must use special characters.

Answer: A,C

 

NEW QUESTION 25
An organization deployed a FortiGate-VM in the Google Cloud Platform and initially configured it with two vNICs. Now, the same organization wants to add additional vNICs to this existing FortiGate-VM to support different workloads in their environment.
How can they do this?

  • A. They cannot create and add additional vNICs to an existing FortiGate-VM.
  • B. They can create additional vNICs in the UI console.
  • C. They can use the Compute Engine API Explorer.
  • D. They can create additional vNICs using the Cloud Shell.

Answer: C

Explanation:
Explanation/Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/62d32ecf-687f-11ea-
9384-00505692583a/FortiOS-6.4-GCP_Cookbook.pdf

 

NEW QUESTION 26
Which two statements about the Amazon Cloud Services (AWS) network access control lists (ACLs) are true? (Choose two.)

  • A. Network ACLs must be manually applied to virtual network interfaces.
  • B. Network ACLs support allow rules and deny rules.
  • C. Network ACLs are stateless, and inbound and outbound rules are used for traffic filtering.
  • D. Network ACLs are stateful, and inbound and outbound rules are used for traffic filtering.

Answer: B,C

 

NEW QUESTION 27
Refer to the exhibit.

You are configuring an active-passive FortiGate clustering protocol (FGCP) HA configuration in a single availability zone in Amazon Web Services (AWS), using a cloud formation template.
After deploying the template, you notice that the AWS console has IP information listed in the FortiGate VM firewalls in the HA configuration. However, within the configuration of FortiOS, you notice that port1 is using an IP of 10.0.0.13, and port2 is using an IP of 10.0.1.13.
What should you do to correct this issue?

  • A. Delete the deployment and start again. You have in put the wrong parameters during the cloud formation template deployment.
  • B. Nothing, in AWS cloud, it is normal for a FortiGate ENI primary IP address to be different than the FortiOS IP address configuration.
  • C. Configure FortiOS to use DHCP so that it will get the correct IP addresses on the ports.
  • D. Configure FortiOS to use static IP addresses with the IP addresses reflected in the ENI primary IP address configuration (as per the exhibit).

Answer: C

 

NEW QUESTION 28

Refer to the exhibit. Your senior administrator successfully configured a FortiGate fabric connector with the Azure resource manager, and created a dynamic address object on the FortiGate VM to connect with a windows server in Microsoft Azure. However, there is now an error on the dynamic address object, and you must resolve the issue.
How do you resolve this issue?

  • A. In the Microsoft Azure portal, access the windows server, obtain the private IP address, and assign the IP address under the FortiGate-VM AzureLab address object.
  • B. In the Microsoft Azure portal, set the correct tag values for the windows server.
  • C. Delete the address object and recreate a new address object with the type set to FQDN.
  • D. Run diagnose debug application azd -lon FortiGate.

Answer: A

Explanation:
Explanation

 

NEW QUESTION 29
Refer to the exhibit.

Which two conditions will enable you to segregate and secure the traffic between the hub and the spokes in Microsoft Azure? (Choose two.)

  • A. Implement the FortiGate-VM network virtual appliance (NVA) in the hub and use user-defined routes (UDRs) in the spokes.
  • B. Configure VNet peering between the hub and spokes.
  • C. Use ExpressRoute to interconnect the hub VNets and spoke VNets.
  • D. Configure VNet peering between the spokes only.

Answer: B,C

 

NEW QUESTION 30
When configuring the FortiCASB policy, which three configuration options are available? (Choose three.)

  • A. Intrusion prevention policies
  • B. Data loss prevention policies
  • C. Antivirus policies
  • D. Threat protection policies
  • E. Compliance policies

Answer: B,D,E

 

NEW QUESTION 31
Which two statements about the Amazon Cloud Services (AWS) network access control lists (ACLs) are true?
(Choose two.)

  • A. Network ACLs must be manually applied to virtual network interfaces.
  • B. Network ACLs support allow rules and deny rules.
  • C. Network ACLs are stateless, and inbound and outbound rules are used for traffic filtering.
  • D. Network ACLs are stateful, and inbound and outbound rules are used for traffic filtering.

Answer: B,C

Explanation:
Explanation/Reference: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html

 

NEW QUESTION 32
......

NSE7_PBC-6.4 Exam questions and answers: https://www.dumpstillvalid.com/NSE7_PBC-6.4-prep4sure-review.html

Related Articles

more
Fortinet NSE7_PBC-6.4 Certification Practice Exam

All the exam dumps and exam training material of DumpStillValid are valid and reliable. DumpStillValid provides you with the up to date exam dumps and keeps the latest information for you. Dumps are still valid, to make your decision.

Contact Us

Our Working Time: ( GMT 0:00-15:00 )   From Monday to Saturday

Contact now

Copyright © 2026 DumpStillValid NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy