Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

Refer to the exhibit.

What is the purpose of this section of an Azure Bicep file?

A.

To restrict which FortiOS versions are accepted for deployment

B.

To indicate the correct FortiOS upgrade path after deployment

C.

To add a comment with the permitted FortiOS versions that can be deployed

D.

To document the FortiOS versions in the resulting topology

A Network security administrator is searching for a solution to secure traffic going in and out of the container infrastructure.

In which two ways can Fortinet container security help secure container infrastructures? (Choose two.)

A.

FortiGate NGFW can inspect north-south container traffic with label aware policies.

B.

FortiGate NGFW and FortiWeb can be used to secure container traffic.

C.

FortiGate NGFW can connect to the worker nodes and protect the containers.

D.

FortiGate NGFW can be placed between each application container for north-south traffic inspection.

Refer to the exhibit.

You are troubleshooting a Microsoft Azure SDN connector issue on your FortiGate VM in Azure.

Which command can you use to examine details about API calls sent by the connector?

A.

diag debug application cloud-connector -1

B.

diag test application azd 1

C.

diag debug application azd -1

D.

get system sdn-connector

Your DevOps team is evaluating different Infrastructure as Code (IaC) solutions for deploying complex Azure environments.

What is an advantage of choosing Azure Bicep over other IaC tools available?

A.

Azure Bicep generates deployment logs that are optimized to improve error handling.

B.

Azure Bicep provides immediate support for all Azure services, including those in preview.

C.

Azure Bicep requires less frequent schema updates than Azure Resource Manager (ARM) templates.

D.

Azure Bicep can reduce deployment costs by limiting resource utilization during testing.

An AWS administrator must ensure that each member of the cloud deployment team has the correct permissions to deploy and manage resources using CloudFormation. The administrator is researching which tasks must be executed with CloudFormation and therefore require CloudFormation permissions.

Which task is run using CloudFormation?

A.

Deploying a new pod with a service in an Elastic Kubernetes Service (EKS) cluster using the kubectl command

B.

Installing a Helm chart to deploy a FortiWeb ingress controller in an EKS cluster

C.

Creating an EKS cluster with the eksctl create cluster command

D.

Changing the number of nodes in a EKS cluster from AWS CloudShell

As part of your organization's monitoring plan, you have been tasked with obtaining and analyzing detailed information about the traffic sourced at one of your FortiGate EC2 instances.

What can you do to achieve this goal?

A.

Use AWS CloudTrail to capture and then examine traffic from the EC2 instance.

B.

Create a virtual public cloud (VPC) flow log at the network interface level for the EC2 instance.

C.

Add the EC2 instance as a target in CloudWatch to collect its traffic logs.

D.

Configure a network access analyzer scope with the EC2 instance as a match finding.

Your monitoring team reports performance issues with a web application hosted in Azure. You suspect that the bottleneck might be due to unexpected inbound traffic spikes.

Which method should you use to identify and analyze the traffic pattern?

A.

Deploy Azure Firewall to log traffic by IP address.

B.

Enable Azure DDoS protection to prevent inbound traffic spikes.

C.

Use Azure Traffic Manager to visualize all traffic to the application.

D.

Enable NSG Flow Logs and analyze logs with Azure Monitor.

Refer to the exhibit.

You have deployed a Linux EC2 instance in Amazon Web Services (AWS) with the settings shown on the exhibit.

What next step must the administrator take to access this instance from the internet?

A.

Allocate an Elastic IP address and assign it to the instance.

B.

Create a VIP on FortiGate to allow access.

C.

Enable SSH and allocate it to the device.

D.

Configure the user name and password.

Refer to the exhibit.

A senior administrator in a multinational organization needs to include a comment in the template shown in the exhibit to ensure that administrators from other regions change the Amazon Machine Image (AMI) ID to one that is valid in their location.

How can the administrator add the required comment in that section of the file?

A.

The administrator can include the comment with the aws cloudformation update-stack command.

B.

The administrator must convert the template file to YAML format to add a comment.

C.

The administrator can add the comment starting with the # character next to the "Resources" section.

D.

The administrator must update the AWSTemplateFormatVersion to the latest version.

An administrator decides to use the Use managed identity option on the FortiGate SDN connector with Microsoft Azure. However, the SDN connector is failing on the connection.

What must the administrator do to correct this issue?

A.

Make sure to add the Client secret on FortiGate side of the configuration.

B.

Make sure to add the Tenant ID on FortiGate side of the configuration.

C.

Make sure to enable the system assigned managed identity on Azure.

D.

Make sure to set the type to system managed identity on FortiGate SDN connector settings.