NSE7-PBC-7-2 Free Sample Questions

A financial services firm is deploying a FortiGate-VM High Availability (HA) cluster in Azure using Terraform. To meet compliance requirements, all HA-related traffic, including FGCP heartbeat packets, must be isolated on a dedicated subnet. The lead architect has mandated that the Azure Load Balancer health probe must target a specific, non-standard port on the FortiGate's internal interface to monitor service health. Which Terraform resource and attribute is essential for configuring this custom health probe port?

A healthcare provider is automating the deployment of a multi-VPC environment in AWS using Terraform. The architecture requires a centralized security VPC with a FortiGate-VM auto-scaling group for egress traffic inspection. A critical requirement is that newly launched FortiGate instances must automatically register with a central FortiManager and retrieve their base configuration without manual intervention. How can this be achieved in the Terraform configuration?

A DevOps engineer is using an Ansible playbook to manage a fleet of FortiGate-VMs in Azure. The playbook needs to idempotently create a new firewall address object. Which combination of Ansible module and parameters is the correct approach to ensure the object is created only if it doesn't exist, and left unchanged if it already exists with the correct configuration?

A retail company has deployed a FortiGate-VM in AWS to inspect traffic between their on-premises data center and multiple spoke VPCs, connected via an AWS Transit Gateway (TGW). The security team observes that traffic from a specific on-premises subnet (10.10.20.0/24) to a spoke VPC (192.168.1.0/24) is being dropped. All other traffic flows correctly. A packet capture on the FortiGate shows the traffic arriving on the internal interface but not leaving the external interface. Which is the most likely cause of this issue?

An organization is using FortiCNP to monitor its AWS environment. A security analyst receives a high-priority alert indicating a publicly accessible S3 bucket contains files with sensitive data patterns (e.g., credit card numbers). According to Fortinet best practices, what are the most effective immediate mitigation steps the analyst should take using FortiCNP's capabilities? (Select TWO)

True or False: When using the Azure SDN Connector on a FortiGate-VM, it is mandatory to assign an Azure AD Managed Identity to the VM for the connector to dynamically pull metadata about Azure resources.

A global logistics company is designing a secure network architecture in AWS. They are using an AWS Transit Gateway (TGW) to connect hundreds of VPCs across multiple regions. They plan to deploy a centralized security VPC in each region, containing a FortiGate-VM HA pair to inspect all inter-VPC and VPC-to-internet traffic. To maintain traffic isolation between different business units (e.g., Shipping, Warehousing, Finance), which two TGW features are essential to implement? (Select TWO)

A media streaming company is deploying a containerized application on Azure Kubernetes Service (AKS). To secure east-west traffic between pods, they have deployed FortiGate CNF. A security requirement states that all traffic from pods in the 'frontend' namespace to pods in the 'database' namespace must be inspected for SQL injection attacks. Which FortiGate CNF feature should be used to achieve this specific requirement?

When configuring an SD-WAN using AWS Transit Gateway (TGW) Connect, what is the primary purpose of the GRE tunnel that is established between the FortiGate-VM and the TGW?

A large enterprise has established a global network using Azure Virtual WAN (vWAN). They have deployed a FortiGate-VM as a Network Virtual Appliance (NVA) in the vWAN hub for centralized security inspection. An architect needs to ensure that all traffic from a spoke VNet destined for the internet is routed through the FortiGate NVA. What is the correct way to configure this routing in Azure?