Exam2pass
0 items Sign In or Register
  • Home
  • IT Exams
  • Guarantee
  • FAQs
  • Reviews
  • Contact Us
  • Demo
Exam2pass > Fortinet > Fortinet Certifications > NSE7_PBC-6.4 > NSE7_PBC-6.4 Online Practice Questions and Answers

NSE7_PBC-6.4 Online Practice Questions and Answers

Questions 4

You have been tasked with deploying FortiGate VMs in a highly available topology on the Amazon Web

Services (AWS) cloud. The requirements for your deployment are as follows:

You must deploy two FortiGate VMs in a single virtual private cloud (VPC), with an external elastic load

balancer which will distribute ingress traffic from the internet to both FortiGate VMs in an active-active

topology.

Each FortiGate VM must have two elastic network interfaces: one will connect to a public subnet and other

will connect to a private subnet.

To maintain high availability, you must deploy the FortiGate VMs in two different availability zones.

How many public and private subnets will you need to configure within the VPC?

A. One public subnet and two private subnets

B. Two public subnets and one private subnet

C. Two public subnets and two private subnets

D. One public subnet and one private subnet

Buy Now

Correct Answer: A

Questions 5

Refer to the exhibit. A customer has deployed an environment in Amazon Web Services (AWS) and is now trying to send outbound traffic from the Web servers to the Internet. The FortiGate policies are configured to allow all outbound traffic; however, the traffic is not reaching the FortiGate internal interface.

What are two possible reasons for this behavior? (Choose two.)

A. The web servers are not configured with the default gateway.

B. The Internet gateway (IGW) is not added to VPC (virtual private cloud).

C. AWS source and destination checks are enabled on the FortiGate interfaces.

D. AWS security groups may be blocking the traffic.

Buy Now

Correct Answer: AD

Questions 6

Refer to the exhibit. You are deploying a FortiGate-VM in Microsoft Azure using the PAYG/On-demand licensing model. After you configure the FortiGate-VM, the validation process fails, displaying the error shown in the exhibit.

What caused the validation process to fail?

A. You selected the incorrect resource group.

B. You selected the Bring Your Own License (BYOL) licensing mode.

C. You selected the PAYG/On-demand licensing model, but did not select correct virtual machine size.

D. You selected the PAYG/On-demand licensing model, but did not associate a valid Azure subscription.

Buy Now

Correct Answer: A

Questions 7

Which two statements about Microsoft Azure network security groups are true? (Choose two.)

A. Network security groups can be applied to subnets and virtual network interfaces.

B. Network security groups can be applied to subnets only.

C. Network security groups are stateless inbound and outbound rules used for traffic filtering.

D. Network security groups are a stateful inbound and outbound rules used for traffic filtering.

Buy Now

Correct Answer: BD

Reference: https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

Refer to the exhibit. In your Amazon Web Services (AWS) virtual private cloud (VPC), you must allow outbound access to the internet and upgrade software on an EC2 instance, without using a NAT instance. This specific EC2 instance is running in a private subnet: 10.0.1.0/24.

Also, you must ensure that the EC2 instance source IP address is not exposed to the public internet. There are two subnets in this VPC in the same availability zone, named public (10.0.0.0/24) and private (10.0.1.0/24).

How do you achieve this outcome with minimum configuration?

A. Deploy a NAT gateway with an EIP in the private subnet, edit the public main routing table, and change the destination route 0.0.0.0/0 to the target NAT gateway.

B. Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Public-route, and delete the route destination 10.0.0.0/16 to target local.

C. Deploy a NAT gateway with an EIP in the private subnet, edit route tables, select Private-route, and add a new route destination 0.0.0.0/0 to the target internet gateway.

D. Deploy a NAT gateway with an EIP in the public subnet, edit route tables, select Private-route and add a new route destination 0.0.0.0/0 to target the NAT gateway.

Questions 8

You have been asked to secure your organization's salesforce application that is running on Microsoft Azure, and find an effective method for inspecting shadow IT activities in the organization. After an initial investigation, you find that many users access the salesforce application remotely as well as on-premises. Your goal is to find a way to get more visibility, control over shadow IT-related activities, and identify any data leaks in the salesforce application.

Which three steps should you take to achieve your goal? (Choose three.)

A. Deploy and configure FortiCASB with a Fortinet FortiCASB subscription license.

B. Configure FortiCASB and set up access rights, privileges, and data protection policies.

C. Use FortiGate, FortiGuard, and FortiAnalyzer solutions.

D. Deploy and configure FortiCWP with a workload guardian license.

E. Deploy and configure FortiGate with Security Fabric solutions, and FortiCWP with a storage guardian advance license.

Buy Now

Correct Answer: ABC

Questions 9

You have previously deployed an Amazon Web Services (AWS) transit virtual private cloud (VPC) with a pair of FortiGate firewalls (VM04 / c4.xlarge) as your security perimeter. You are beginning to see high CPU usage on the FortiGate instances.

Which action will fix this issue?

A. Convert the c4.xlarge instances to m4.xlarge instances.

B. Migrate the transit VPNs to new and larger instances (VM08 / c4.2xlarge).

C. Convert from IPsec tunnels to generic routing encapsulation (GRE) tunnels, for the VPC peering connections.

D. Convert the transit VPC firewalls into an auto-scaling group and launch additional EC2 instances in that group.

Buy Now

Correct Answer: D

Questions 10

An organization deploys a FortiGate-VM (VM04 / c4.xlarge) in Amazon Web Services (AWS) and configures two elastic network interfaces (ENIs). Now, the same organization wants to add additional ENIs to support different workloads in their environment.

Which action can you take to accomplish this?

A. None, you cannot create and add additional ENIs to an existing FortiGate-VM.

B. Create the ENI, shut down FortiGate, attach the ENI to FortiGate, and then start FortiGate.

C. Create the ENI, attach it to FortiGate, and then restart FortiGate.

D. Create the ENI and attach it to FortiGate.

Buy Now

Correct Answer: B

Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/9e3b59dc-ba0b-11e9a989-00505692583a/FortiOS_6.2_AWS_Cookbook.pdf

Questions 11

An organization deployed a FortiGate-VM in the Google Cloud Platform and initially configured it with two vNICs. Now, the same organization wants to add additional vNICs to this existing FortiGate-VM to support different workloads in their environment.

How can they do this?

A. They can create additional vNICs using the Cloud Shell.

B. They cannot create and add additional vNICs to an existing FortiGate-VM.

C. They can create additional vNICs in the UI console.

D. They can use the Compute Engine API Explorer.

Buy Now

Correct Answer: D

Reference: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/62d32ecf-687f-11ea9384-00505692583a/FortiOS-6.4-GCP_Cookbook.pdf

Questions 12

Refer to the exhibit. You are configuring an active-passive FortiGate clustering protocol (FGCP) HA configuration in a single availability zone in Amazon Web Services (AWS), using a cloud formation template.

After deploying the template, you notice that the AWS console has IP information listed in the FortiGate VM firewalls in the HA configuration. However, within the configuration of FortiOS, you notice that port1 is using an IP of 10.0.0.13, and port2 is using an IP of 10.0.1.13.

What should you do to correct this issue?

A. Configure FortiOS to use static IP addresses with the IP addresses reflected in the ENI primary IP address configuration (as per the exhibit).

B. Delete the deployment and start again. You have in put the wrong parameters during the cloud formation template deployment.

C. Configure FortiOS to use DHCP so that it will get the correct IP addresses on the ports.

D. Nothing, in AWS cloud, it is normal for a FortiGate ENI primary IP address to be different than the FortiOS IP address configuration.

Buy Now

Correct Answer: C

Questions 13

You need to deploy FortiGate VM devices in a highly available topology in the Microsoft Azure cloud. The

following are the requirements of your deployment:

Two FortiGate devices must be deployed; each in a different availability zone.

Each FortiGate requires two virtual network interfaces: one will connect to a public subnet and the other

will connect to a private subnet.

An external Microsoft Azure load balancer will distribute ingress traffic to both FortiGate devices in an

active-active topology.

An internal Microsoft Azure load balancer will distribute egress traffic from protected virtual machines to

both FortiGate devices in an active-active topology.

Traffic should be accepted or denied by a firewall policy in the same way by either FortiGate device in this

topology.

Which FortiOS CLI configuration can help reduce the administrative effort required to maintain the

FortiGate devices, by synchronizing firewall policy and object configuration between the FortiGate

devices?

A. config system sdn-connector

B. config system ha

C. config system auto-scale

D. config system session-sync

Buy Now

Correct Answer: B

Reference: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/84777/using-standaloneconfiguration-synchronization

Exam Code: NSE7_PBC-6.4
Exam Name: Fortinet NSE 7 - Public Cloud Security 6.4
Last Update: Jul 08, 2026
Questions: 30

PDF (Q&A)

$45.99
ADD TO CART

VCE

$49.99
ADD TO CART

PDF + VCE

$59.99
ADD TO CART

Exam2Pass----The Most Reliable Exam Preparation Assistance

There are tens of thousands of certification exam dumps provided on the internet. And how to choose the most reliable one among them is the first problem one certification candidate should face. Exam2Pass provide a shot cut to pass the exam and get the certification. If you need help on any questions or any Exam2Pass exam PDF and VCE simulators, customer support team is ready to help at any time when required.

Home | Guarantee & Policy |  Privacy & Policy |  Terms & Conditions |  How to buy |  FAQs |  About Us |  Contact Us |  Demo |  Reviews

2026 Copyright @ exam2pass.com All trademarks are the property of their respective vendors. We are not associated with any of them.