Download FCP - AWS Cloud Security 7.4 Administrator.FCP_WCS_AD-7.4.ExamTopics.2025-05-22.35q.vcex
| Vendor: | Fortinet |
| Exam Code: | FCP_WCS_AD-7.4 |
| Exam Name: | FCP - AWS Cloud Security 7.4 Administrator |
| Date: | May 22, 2025 |
| File Size: | 3 MB |
How to open VCEX files?
Files with VCEX extension can be opened by ProfExam Simulator.
Discount: 20%
Demo Questions
Question 1
Refer to the exhibit.
An organization deployed the application servers in the AWS VPC that connects to the corporate data center using Transit Gateway Connect. Demand for the applications has grown and the connection requires more bandwidth.
What is required to achieve higher bandwidth?
- Use routable public IP addresses instead of private IP addresses for connectivity.
- You cannot increase bandwidth the connection has a fixed limit.
- No configuration change is required because GRE tunnels are scaled to provide higher bandwidth.
- You add a Transit VPC between the organization's VPCs.
Correct answer: C
Question 2
Your organization is deciding between deploying an active-active (A-A) or active-passive (A-P) FortiGate high availability (HA) cluster in AWS cloud.
Which two statements are true about A-A clusters compared to A-P clusters? (Choose two.)
- For A-A clusters, FortiGate must perform SNAT inbound to ensure symmetric traffic flow.
- A-A clusters rely on API calls for failovers.
- A-A clusters always require a load balancer.
- A-A clusters can use a software-defined network (SDN) to perform a failover.
Correct answer: AC
Question 3
Refer to the exhibit.
Which statement is correct about the VPC peering connections shown in the exhibit?
- To route packets directly from VPC B to VPC C through VPC A, you must add a route for network 192.168.0.0/16 in the VPC A routing table.
- You cannot route packets directly from VPC B to VPC C through VPC A.
- You can associate VPC ID pcx-23232323 with VPC B to form a VPC peering connection between VPC B and VPC C.
- You cannot create a separate VPC peering connection between VPC B and VPC C to route packets directly.
Correct answer: B
Question 4
Refer to the exhibit.
What two conclusions can you draw from the FortiGate debug output? (Choose two.)
- The dynamic address object is automatically updated if the IP changes.
- The address object AWS Windows Server Lab can be manually changed on FortiGate.
- The SDN connector is correctly configured and authorized.
- The AWS user account used for software-defined network (SDN) integration must have full administrative rights.
Correct answer: AC
Question 5
Which three statements are correct about VPC flow logs? (Choose three.)
- Flow logs do not capture traffic to and from 169.254.169.254 for instance metadata.
- Flow logs do not capture DHCP traffic.
- Flow logs can capture traffic to the reserved IP address for the default VPC router.
- Flow logs can be used as a security tool to monitor the traffic that is reaching the instance.
- Flow logs can capture real-time log streams for the network interfaces.
Correct answer: ABD
Question 6
An administrator is adding a web application to be protected by FortiWeb Cloud.
Which two steps are necessary to successfully onboard the application? (Choose two.)
- Wait for the EC2 instance to be created.
- Provide a web application name.
- Create DNS records in the domain server that hosts the application.
- Enable a content delivery network (CDN) in the same region where your application is located.
Correct answer: BC
Question 7
An administrator must deploy a web application firewall (WAF) solution to protect the web applications of their organization.
Why would the administrator choose FortiWeb Cloud over AWS WAF with Fortinet managed rules?
- WAF signatures must be manually updated by FortiGuard.
- The solution must meet PCI 6.6 compliance.
- SSL inspection is a requirement.
- Traffic must be inspected for malware.
Correct answer: C
Question 8
A customer is attempting to deploy an active-passive high availability (HA) cluster using the software-defined network (SDN) connector in the AWS cloud.
What is an important consideration to ensure a successful formation of HA, failover, and traffic flow?
- Both cluster members must be in the same availability zone.
- VDOM exceptions must be configured.
- Unicast FortiGate Clustering Protocol (FGCP) must be used.
- Both cluster members must show as healthy in the elastic load balancer (ELB) configuration.
Correct answer: C
Question 9
A cloud administrator is tasked with protecting web applications hosted in AWS cloud.
Which three Fortinet cloud offerings can the administrator choose from to accomplish the task? (Choose three.)
- AWS WAF
- FortiEDR
- FortiGate Cloud-Native Firewall (CNF)
- Fortinet Managed Rules for AWS WAF
- FortiWeb Cloud
Correct answer: CDE
Question 10
Refer to the exhibit.
An administrator configured a FortiGate device to connect to the AWS API to retrieve resource values from the AWS console to create dynamic objects for the FortiGate policies. The administrator is unable to retrieve AWS dynamic objects on FortiGate.
Which two reasons can explain why? (Choose two.)
- The AWS API call is not supported on XML version 1.0.
- AWS was not able to validate credentials provided by the AWS Lab SDN connector because of a clock skew between FortiGate and AWS.
- The AWS Lab SDN connector is configured with an invalid AWS access or secret key.
- The AWS Lab SDN connector failed to connect on port 401.
- The AWS Lab SDN did not find any instances in the configured VPC.
Correct answer: BC
Question 11
Your organization is deciding between deploying FortiWeb VM or Fortinet Managed Rules for AWS WAF.
What are two benefits of choosing FortiWeb VM? (Choose two.)
- Only pay for what is used.
- Up-to-date WAF signatures powered by FortiGuard.
- Zero-day protection.
- Advanced WAF functionality.
Correct answer: CD
HOW TO OPEN VCE FILES
Use VCE Exam Simulator to open VCE files
HOW TO OPEN VCEX AND EXAM FILES
Use ProfExam Simulator to open VCEX and EXAM files
ProfExam at a 20% markdown
You have the opportunity to purchase ProfExam at a 20% reduced price
Get Now!