Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple70

Home
Fortinet
Public Cloud Security
FCP_GCS_AD-7.6
FCP - Google Cloud Security 7.6 Administrator Questions and Answers

Pass the Fortinet Public Cloud Security FCP_GCS_AD-7.6 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam FCP_GCS_AD-7.6 Premium Access

View all detail and faqs for the FCP_GCS_AD-7.6 exam

Go to Exam

402 Students Passed

91% Average Score

90% Same Questions

Viewing page 1 out of 1 pages

Viewing questions 1-10 out of questions

Questions # 1:

Your organization is running an application in their shared services virtual public cloud (VPC) and must control network access natively in the cloud.

How can your organization meet this requirement?

Options:

Create a firewall policy for the entire VPC that allows access from all networks.

Create another VPC in front of the shared services VPC and deploy FortiGate.

Create a firewall rule that allows access to the application instance only.

Create IAM access to allow access from specified resources only.

Answer

Explanation

Creating specific firewall rules that restrict access directly to the application instance allows precise native network access control within the shared services VPC.

Questions # 2:

Refer to the exhibit.

Question # 2

Which two types of traffic flow must the FortiGate cluster inspect, if the client at 198.51.100.10 sends traffic to the Workload A instance? (Choose two.)

Options:

North-bound

South-bound

West-bound

East-bound

Answer

B, D

Explanation

South-bound traffic refers to traffic coming from outside the network (the client 198.51.100.10) into the internal environment.

East-bound traffic refers to traffic moving laterally within the internal network, such as between VPCs or workloads, which the FortiGate cluster can inspect for internal threats.

Questions # 3:

Your organization has decided to deploy a high-availability (HA) cluster. One kye requirement of the deployment is to support configuration synchronization.

Which three deployment types should be considered? (Choose three.)

Options:

Active-passive HA using software-defined networking (SDN)

Active-passive HA using passthrough load balancers

Active-active HA using auto scaling

Active-passive HA using FGSP

Answer

A, B, D

Explanation

These three deployment types support configuration synchronization between HA cluster members, which is critical for maintaining consistent state and seamless failover.

Questions # 4:

Google Cloud network services offer vast functionality and inter-connectivity between the cloud and on-premises networks.

Which three additional functions does FortiGate offer when deployed in Google Cloud to complement the native services offered by Google Cloud? (Choose three.)

Options:

SSL VPN

SSL inspection

Secure SD-WAN with application visibility

Web filtering

OSPF over IPSec

Answer

A, B, C

Explanation

FortiGate provides SSL VPN capabilities for secure remote access.

It offers SSL inspection to decrypt and inspect encrypted traffic for threats.

FortiGate supports Secure SD-WAN with deep application visibility and control, enhancing network performance and security beyond native Google Cloud services.

Questions # 5:

Your organization has decided to deploy a Fortinet web application firewall (WAF) in Google Cloud.

Why would the organization choose FotiWeb Cloud over FortiWeb VM?

Options:

Because the organization requires a WAF with SSL offloading and load balancing

Because the organization requires a fully managed WAF solution

Because the organization requires a WAF with highly customizable WAF rules and settings

Because the organization requires advanced bot detection and mitigation

Answer

Explanation

FortiWeb Cloud is a fully managed web application firewall service, ideal for organizations seeking a cloud-native, hands-off WAF deployment without the need to manage virtual appliances.

Questions # 6:

Your organization has deployed an active-active high-availability (HA) FortiGate cluster in Google Cloud. You have noticed a significant increase in asymmetrical traffic flow.

Which two actions can you take to mitigate the issue? (Choose two.)

Options:

Enable source NAT for ingress traffic.

Enable symmetric hashing on the external load balancer.

Enable the layer 3 unified threat management (UTM) scanning feature if the FortiGate devices are on ForiOS 6.4 or later.

Enable destination NAT for ingress traffic.

Answer

A, B

Explanation

Enabling source NAT ensures consistent source IPs, promoting symmetric traffic flow.

Symmetric hashing on the load balancer helps distribute traffic flows evenly and consistently across cluster members, reducing asymmetric routing.

Questions # 7:

Which Fortinet proprietary protocol do you use when deploying an active-passive high-availability (HA) cluster in Google Cloud?

Options:

Broadcast FGCP

Unicast FGCP

Anycast FGSP

Multicast FGSP

Answer

Explanation

Unicast FGCP (FortiGate Clustering Protocol) is the proprietary protocol used for active-passive HA clusters in Google Cloud, enabling state synchronization and failover communication between cluster members.

Questions # 8:

An organization is deploying an active-passive high availability (HA) cluster using passthrough load balancers in Google Cloud.

What is a critical factor for ensuring successful HA formation, failover, and traffic flow?

Options:

Unicast FortiGate Clustering Protocol (FGCP) must be used.

VDOM exceptions must be configured.

Incoming traffic must be source NATed to ensure traffic flow symmetry.

There can be more than two cluster members.

Answer

Explanation

Source NAT ensures that traffic is symmetric by keeping the source IP consistent, which is critical for proper failover and session synchronization in an active-passive HA cluster using passthrough load balancers.

Questions # 9:

Refer to the exhibit.

Question # 9

In this hybrid environment, in which two ways does the traffic flow from a network node in the on-premises network to Workload B in Google Cloud? (Choose two.)

Options:

Traffic will not reach the FortiGate devices because both load balancers are internal.

Once the traffic has been inspected, the active FortiGate uses VPC peering to forward the traffic to the Server project A VPC.

When the packet reaches the external VPC, it is forwarded to the active FortiGate cluster member using a custom static route.

Traffic will be routed using VPC peering from the Internal VPC to the destination subnet.

Answer

C, D

Explanation

Traffic from on-premises enters the external VPC and is routed to the active FortiGate VM via custom routes for inspection.

After inspection, traffic is routed through VPC peering from the internal VPC to the service project subnet where Workload B resides.

Questions # 10:

Refer to the exhibit.

Question # 10

Which action must the administrator take to route traffic from VPC B to VPC A?

Options:

The administrator must create a new VPC peering connection between VPC A and VPC B.

The administrator must configure a custom route in VPC B and point the gateway to the VPC peering service.

The administrative must configure a custom route in VPC B and point the gateway to VPC A.

The administrator must deploy a FortiGate VM with at least three network interfaces.

Answer

Explanation

Because VPC peering is non-transitive, traffic cannot route from VPC B to VPC A via VPC C. To enable routing between VPC A and VPC B through VPC C, a FortiGate VM with multiple network interfaces can act as a firewall/router to manage traffic between the three VPCs.

Viewing page 1 out of 1 pages

Viewing questions 1-10 out of questions