Fortinet FCP_WCS_AD-7.4 Online Practice Questions and Exam Preparation

Fortinet FCP_WCS_AD-7.4 Online Questions & Answers

• Question 1:

  Which three statements are correct about VPC flow logs? (Choose three.)

  A. Flow logs do not capture traffic to and from 169.254.169.254 for instance metadata.
  B. Flow logs do not capture DHCP traffic.
  C. Flow logs can capture traffic to the reserved IP address for the default VPC router.
  D. Flow logs can be used as a security tool to monitor the traffic that is reaching the instance.
  E. Flow logs can capture real-time log streams for the network interfaces.
  A. Flow logs do not capture traffic to and from 169.254.169.254 for instance metadata.
  B. Flow logs do not capture DHCP traffic.
  D. Flow logs can be used as a security tool to monitor the traffic that is reaching the instance.

• Question 2:

  Refer to the exhibit.

  

  What two conclusions can you draw from the FortiGate debug output? (Choose two.)

  A. The dynamic address object is automatically updated if the IP changes.
  B. The address object AWS Windows Server Lab can be manually changed on FortiGate.
  C. The SDN connector is correctly configured and authorized.
  D. The AWS user account used for software-defined network (SDN) integration must have full administrative rights.
  A. The dynamic address object is automatically updated if the IP changes.
  C. The SDN connector is correctly configured and authorized.

• Question 3:

  A customer has deployed FortiGate Cloud-Native Firewall (CNF). Which two statements are correct about policy sets? (Choose two.)

  A. There is an implicit deny rule at the bottom of the policy set.
  B. The policy set must be manually synchronized to the CNF instance each time it is modified.
  C. A new policy set is created with each deployed CNF instance.
  D. Multiple policy sets can be applied to a single CNF instance.
  A. There is an implicit deny rule at the bottom of the policy set.
  C. A new policy set is created with each deployed CNF instance.

• Question 4:

  What is a drawback of deploying a FortiWeb VM inside a virtual public cloud (VPC) compared to FortiWeb Cloud?

  A. It is unable to support web applications from OWASP Top 10 threats.
  B. It does not support zero-day protection.
  C. It is slower than FortiWeb Cloud to apply advanced WAF protection.
  D. Only applications going through the VPC are protected.
  D. Only applications going through the VPC are protected.

• Question 5:

  Your customers have been reporting slow response times when accessing your web application.

  What are two possible ways to increase response times from web servers protected by FortiWeb Cloud? (Choose two.)

  A. Deploy FortiWeb Cloud in the same region where your web application is beinghosted.
  B. Enable a content delivery network
  C. Modify DNS entries to directly point to your web server.
  D. Disable WAF functionality.
  A. Deploy FortiWeb Cloud in the same region where your web application is beinghosted.
  B. Enable a content delivery network

• Question 6:

  An organization has the requirement to connect a data VPC to the on-premises infrastructure of a branch office in a hybrid cloud environment. The connectivity needs the higher bandwidth but the organization does not want to use multiple connections between sites.

  Which AWS solution meets the requirement?

  A. Transit VPC with IPSec
  B. Internet Gateway
  C. Transit Gateway multicast
  D. Transit Gateway Connect
  D. Transit Gateway Connect

• Question 7:

  Which three statements correctly describe FortiGate Cloud-Native Firewall (CNF)? (Choose three.)

  A. It provides carrier-grade protection.
  B. It scales seamlessly.
  C. It uses AWS Elastic Load Balancing (ELB).
  D. It is considered to be a Firewall-as-a-Service (FWaaS).
  E. It can be managed by FortiManager and AWS firewall manager.
  B. It scales seamlessly.
  D. It is considered to be a Firewall-as-a-Service (FWaaS).
  E. It can be managed by FortiManager and AWS firewall manager.

• Question 8:

  Which two statements about the FortiCloud portal are true? (Choose two.)

  A. You can gain remote access to your FortiGate VM directly from the portal.
  B. To assign permissions in the identity and access management (JAM) portal, you must write a JSON script.
  C. You can access the FortiFlex portal only after you purchase a FortiFlex license and register it on FortiCare.
  D. You can access only cloud services that you have subscribed to on AWS marketplace.
  A. You can gain remote access to your FortiGate VM directly from the portal.
  C. You can access the FortiFlex portal only after you purchase a FortiFlex license and register it on FortiCare.

• Question 9:

  Refer to the exhibit.

  

  You deployed an active-passive FortiGate HA cluster using a CloudFormation template on an existing VPC. Now you want to test active-passive FortiGate HA failover by running a debug so you can see the API calls to change the Elastic and secondary IP addresses.

  Which statement is correct about the output of the debug?

  A. The routing table for Fgt2 updated successfully, and port2 will provide internet access to Fgt2.
  B. The Elastic IP is associated with port1 of Fgt2.
  C. IP address 10.0.0.13 is now associated with eni-0b61d8afc0aefb8a2.
  D. The Elastic IP is associated with port2 of Fgt2, and the secondary IP address for port1 and port2 was updated successfully.
  B. The Elastic IP is associated with port1 of Fgt2.

• Question 10:

  Your company deployed a FortiSandbox for AWS.

  Which statement is correct about FortiSandbox for AWS?

  A. FortiSandbox for AWS comes as a hybrid solution. The FortiSandbox manager is installed on-premises and analyzes the results of the sandboxing process received from AWS EC2 instances.
  B. The FortiSandbox manager is installed on the AWS platform and analyzes the results of the sandboxing process received from on-premises Windows instances.
  C. FortiSandbox for AWS does not need more resources because it performs only management and analysis tasks.
  D. FortiSandbox deploys new EC2 instances with the custom Windows and Linux VMs, then it sends malware, runs it, and captures the results for analysis.
  D. FortiSandbox deploys new EC2 instances with the custom Windows and Linux VMs, then it sends malware, runs it, and captures the results for analysis.