Fortinet FCP_WCS_AD-7.4 Übungsprüfungen
Zuletzt aktualisiert am 26.04.2025- Prüfungscode: FCP_WCS_AD-7.4
- Prüfungsname: FCP - AWS Cloud Security 7.4 Administrator
- Zertifizierungsanbieter: Fortinet
- Zuletzt aktualisiert am: 26.04.2025
You need to deploy a new Windows server in AWS to offload web traffic from an existing web server in a different availability zone.
According to the AWS shared responsibility model, what three actions must you take to secure the new EC2 instance? (Choose three.)
- A . Update software on the instance.
- B . Change the existing elastic load balancer (ELB) to a gateway load balancer
- C . Configure security groups.
- D . Manage the operating system on the instance.
- E . Move all web servers into the same availability zone.
An administrator is adding a web application to be protected by FortiWeb Cloud.
Which two steps are necessary to successfully onboard the application? (Choose two.)
- A . Wait for the EC2 instance to be created.
- B . Provide a web application name.
- C . Create DNS records in the domain server that hosts the application.
- D . Enable a content delivery network (CDN) in the same region where your application is located.
Refer to the exhibit.
Which two statements are true about inbound traffic based on the IGW ingress route table and GWLB deployment shown in the exhibit? (Choose two.)
- A . GWLB forwards traffic to FortiGate without encapsulation in its dedicated subnet.
- B . Inbound traffic is directed to the GWLB through a GWLB endpoint.
- C . Inbound traffic is directed to the application subnet through a GWLB endpoint.
- D . GWLB encapsulates traffic with the GENEVE protocol and sends it to FortiGate.
An organization has the requirement to connect a data VPC to the on-premises infrastructure of a branch office in a hybrid cloud environment. The connectivity needs the higher bandwidth but the organization does not want to use multiple connections between sites.
Which AWS solution meets the requirement?
- A . Transit VPC with IPSec
- B . Internet Gateway
- C . Transit Gateway multicast
- D . Transit Gateway Connect
Your organization is deciding between deploying an active-active (A-A) or active-passive (A-P) FortiGate high availability (HA) cluster in AWS cloud.
Which two statements are true about A-A clusters compared to A-P clusters? (Choose two.)
- A . For A-A clusters, FortiGate must perform SNAT inbound to ensure symmetric traffic flow.
- B . A-A clusters rely on API calls for sfailovers.
- C . A-A clusters always require a load balancer.
- D . A-A clusters can use a software-defined network (SDN) to perform a failover.
Which three statements are correct about VPC flow logs? (Choose three.)
- A . Flow logs do not capture traffic to and from 169.254.169.254 for instance metadata.
- B . Flow logs do not capture DHCP traffic.
- C . Flow logs can capture traffic to the reserved IP address for the default VPC router.
- D . Flow logs can be used as a security tool to monitor the traffic that is reaching the instance.
- E . Flow logs can capture real-time log streams for the network interfaces.
An administrator has been asked to deploy an active-passive (A-P) FortiGate cluster in the AWS cloud across two availability zones.
In addition to enhanced redundancy, which other major difference is there compared to deploying A-P high availability in the same availability zone?
- A . The FortiGate devices act as a single, logical instance.
- B . Secondary IP address configuration is used.
- C . The number of subnets required is less.
- D . IP addressing and subnetting are not shared.
How can you achieve automatic configuration of FortiGate instances in AWS using the Fortinet HA CloudFormation template?
- A . By creating a DynamoDB table
- B . By staging in an S3 bucket in the same region
- C . By using a default S3 bucket created by the CloudFormation template
- D . By utilizing an Elastic Load Balancer
Refer to the exhibit.
An organization deployed the application servers in the AWS VPC that connects to the corporate data center using Transit Gateway Connect. Demand for the applications has grown and the connection requires more bandwidth.
What is required to achieve higher bandwidth?
- A . Use routable public IP addresses instead of private IP addresses for connectivity.
- B . You cannot increase bandwidth the connection has a fixed limit.
- C . No configuration change is required because GRE tunnels are scaled to provide higher bandwidth.
- D . You add a Transit VPC between the organization’s VPCs.
Refer to the exhibit.
Which statement is correct about the VPC peering connections shown in the exhibit?
- A . To route packets directly from VPC B to VPC C through VPC A, you must add a route for network 192.168.0.0/16 in the VPC A routing table.
- B . You cannot route packets directly from VPC B to VPC C through VPC A.
- C . You can associate VPC ID pcx-23232323 with VPC B to form a VPC peering connection between VPC B and VPC C.
- D . You cannot create a separate VPC peering connection between VPC B and VPC C to route packets directly.