You have been tasked with deploying FortiGate VMs in a highly available topology on the Amazon Web
Services (AWS) cloud. The requirements for your deployment are as follows:
You must deploy two FortiGate VMs in a single virtual private cloud (VPC), with an external elastic load
balancer which will distribute ingress traffic from the internet to both FortiGate VMs in an active-active
topology.
Each FortiGate VM must have two elastic network interfaces: one will connect to a public subnet and other
will connect to a private subnet.
To maintain high availability, you must deploy the FortiGate VMs in two different availability zones.
How many public and private subnets will you need to configure within the VPC?
A. One public subnet and two private subnets
B. Two public subnets and one private subnet
C. Two public subnets and two private subnets
D. One public subnet and one private subnet
You are deploying Amazon Web Services (AWS) GuardDuty to monitor malicious or unauthorized behaviors related to AWS resources. You will also use the Fortinet aws-lambda-guardduty script to translate feeds from AWS GuardDuty findings into a list of malicious IP addresses. FortiGate can then consume this list as an external threat feed.
Which Amazon AWS services must you subscribe to in order to use this feature?
A. GuardDuty, CloudWatch, S3, Inspector, WAF, and Shield.
B. GuardDuty, CloudWatch, S3, and DynamoDB.
C. Inspector, Shield, GuardDuty, S3, and DynamoDB.
D. WAF, Shield, GuardDuty, S3, and DynamoDB.
An Amazon Web Services (AWS) auto-scale FortiGate cluster has just experienced a scale-down event, terminating a FortiGate in availability zone C.
What action will the worker node automatically perform to restore access to the black-holed subnet?
A. The worker node applies a route table from a non-black-holed subnet to the black-holed subnet.
B. The worker node moves the virtual IP of the terminated FortiGate to a running FortiGate on the worker node's private subnet interface.
C. The worker node modifies the route table applied to the black-holed subnet changing its default route to point to a running FortiGate on the worker node's private subnet interface.
D. The worker node migrates the subnet to a different availability zone.
Which two statements about the Amazon Cloud Services (AWS) network access control lists (ACLs) are true? (Choose two.)
A. Network ACLs are stateless, and inbound and outbound rules are used for traffic filtering.
B. Network ACLs are stateful, and inbound and outbound rules are used for traffic filtering.
C. Network ACLs must be manually applied to virtual network interfaces.
D. Network ACLs support allow rules and deny rules.
When an organization deploys a FortiGate-VM in a high availability (HA) (active/active) architecture in Microsoft Azure, they need to determine the default timeout values of the load balancer probes.
In the event of failure, how long will Azure take to mark a FortiGate-VM as unhealthy, considering the default timeout values?
A. Less than 10 seconds
B. 30 seconds
C. 20 seconds
D. 16 seconds
Which two statements about Microsoft Azure network security groups are true? (Choose two.)
A. Network security groups can be applied to subnets and virtual network interfaces.
B. Network security groups can be applied to subnets only.
C. Network security groups are stateless inbound and outbound rules used for traffic filtering.
D. Network security groups are a stateful inbound and outbound rules used for traffic filtering.
What is the bandwidth limitation of an Amazon Web Services (AWS) transit gateway VPC attachment?
A. Up to 1.25 Gbps per attachment
B. Up to 50 Gbps per attachment
C. Up to 10 Gbps per attachment
D. Up to 1 Gbps per attachment
A company deployed a FortiGate-VM with an on-demand license using Amazon Web Services (AWS) Market Place Cloud Formation template. After deployment, the administrator cannot remember the default admin password.
What is the default admin password for the FortiGate-VM instance?
A. The admin password cannot be recovered and the customer needs to deploy the FortiGate-VM again.
B.
C. admin
D. The instance-ID value
Which two Amazon Web Services (AWS) topologies support east-west traffic inspection within the AWS A. A single VPC deployment with multiple subnets and a NAT gateway
B. A single VPC deployment with multiple subnets
C. A multiple VPC deployment utilizing a transit VPC topology
D. A multiple VPC deployment utilizing a transit gateway
Refer to the exhibit. Which two conditions will enable you to segregate and secure the traffic between the hub and the spokes in Microsoft Azure? (Choose two.)
A. Implement the FortiGate-VM network virtual appliance (NVA) in the hub and use user-defined routes (UDRs) in the spokes.
B. Use ExpressRoute to interconnect the hub VNets and spoke VNets.
C. Configure VNet peering between the spokes only.
D. Configure VNet peering between the hub and spokes.
