Fortinet FCP_ZCS-AD-7.4 - FCP - Azure Cloud Security 7.4 Administrator Exam
Page: 2 / 11
Total 55 questions
Question #6 (Topic: Exam A)
Refer to the exhibit.
The exhibit shows some of the properties of a virtual NIC that is used by a FortiGate VM deployed in Azure.
The virtual NIC shown is connected to a subnet (10.0.1.0/26) with several VMs that will be accessing the internet through the FortiGate VM.
Which statement is true for this scenario?
The exhibit shows some of the properties of a virtual NIC that is used by a FortiGate VM deployed in Azure.
The virtual NIC shown is connected to a subnet (10.0.1.0/26) with several VMs that will be accessing the internet through the FortiGate VM.
Which statement is true for this scenario?
A. The NIC in the exhibit needs to be assigned a public IP address.
B. The VMs in the 10.0.1.0/26 subnet can access the internet through FortiGate.
C. You must change the default gateway on the VMs in the Internal Subnet for this to work.
D. The parameters of the virtual NIC are not configured correctly.
Answer: C
Question #7 (Topic: Exam A)
Refer to the exhibits.
You are configuring an SDN connector for Azure on a FortiGate device You completed all the required steps on the Azure side. While configuring the FortiGate side, you notice that you did not save the client secret used in the Azure App Registration.
What is the quickest way to obtain the value of the client secret?
You are configuring an SDN connector for Azure on a FortiGate device You completed all the required steps on the Azure side. While configuring the FortiGate side, you notice that you did not save the client secret used in the Azure App Registration.
What is the quickest way to obtain the value of the client secret?
A. Create a new resource group
B. Create a new client secret
C. Create a new app registration
D. Create a new external connector for Azure
Answer: B
Question #8 (Topic: Exam A)
Your organization is in the process of optimizing its Azure network architecture and wants to dynamically manage and exchange routing information between its virtual networks and on-premises networks.
Which Azure service would help to provide a centralized point for efficient route management and dynamic routing?
Which Azure service would help to provide a centralized point for efficient route management and dynamic routing?
A. Azure Virtual WAN
B. Azure VPN Gateway
C. Azure ExpressRoute
D. Azure Route Server
Answer: D
Question #9 (Topic: Exam A)
A Linux server was deployed in a protected subnet with a dynamic IP address. A FortiGate VM in the internal subnet provides traffic filtering to it. and you must implement a firewall policy using the IP address of the Linux server.
Which feature could help integrate FortiGate using Linux server tags?
Which feature could help integrate FortiGate using Linux server tags?
A. Targets Management
B. Microsoft Entra ID
C. Software-defined network (SDN) connector
D. Service Fabric Cluster
Answer: C
Question #10 (Topic: Exam A)
Refer to the exhibits.
A high availability (HA) active-active FortiGate with Elastic Load Balancing (ELB) and Internal Load Balancing (ILB) was deployed with a default setup to filter traffic to a Linux server running Apache server.
Ports 80 and 22 are open on the Linux server, and on FortiGate a VIP and firewall policy are configured to allow traffic through ports 80 and 22. Traffic on port 80 is successful, but traffic on port 22 is not detected by FortiGate.
What configuration changes could you perform to allow SSH traffic?
A high availability (HA) active-active FortiGate with Elastic Load Balancing (ELB) and Internal Load Balancing (ILB) was deployed with a default setup to filter traffic to a Linux server running Apache server.
Ports 80 and 22 are open on the Linux server, and on FortiGate a VIP and firewall policy are configured to allow traffic through ports 80 and 22. Traffic on port 80 is successful, but traffic on port 22 is not detected by FortiGate.
What configuration changes could you perform to allow SSH traffic?
A. Configure a customized port under the Frontend IP configuration
B. Add a new Azure load balancing rule
C. Include the Linux server in the back-end pool options
D. Add a new Inbound NAT rule
Answer: D
