← Back to exam page

NSE7_PBC-6.4 Fortinet NSE 7 - Public Cloud Security 6.4

Loading demo links...

Showing 4–5 of 5 questions

Question 4

You have previously deployed an Amazon Web Services (AWS) transit virtual private cloud (VPC) with a pair of FortiGate firewalls (VM04 / c4.xlarge) as your security perimeter. You are beginning to see high CPU usage on the FortiGate instances.

Which action will fix this issue?

Select an option, then click Submit answer.

  • Convert the c4.xlarge instances to m4.xlarge instances.

  • Migrate the transit VPNs to new and larger instances (VM08 / c4.2xlarge).

  • Convert from IPsec tunnels to generic routing encapsulation (GRE) tunnels, for the VPC peering connections.

  • Convert the transit VPC firewalls into an auto-scaling group and launch additional EC2 instances in that group.
Question 5

You are deploying Amazon Web Services (AWS) GuardDuty to monitor malicious or unauthorized behaviors related to AWS resources. You will also use the Fortinet aws-lambda-guardduty script to translate feeds from AWS GuardDuty findings into a list of malicious IP addresses. FortiGate can then consume this list as an external threat feed.

Which Amazon AWS services must you subscribe to in order to use this feature?

Select an option, then click Submit answer.

  • GuardDuty, CloudWatch, S3, Inspector, WAF, and Shield.

  • GuardDuty, CloudWatch, S3, and DynamoDB.

  • Inspector, Shield, GuardDuty, S3, and DynamoDB.

  • WAF, Shield, GuardDuty, S3, and DynamoDB.