You are deploying Amazon Web Services (AWS) GuardDuty to monitor malicious or unauthorized behaviors related to AWS resources. You will also use the Fortinet aws-lambda-guardduty script to translate feeds from AWS GuardDuty findings into a list of malicious IP addresses. FortiGate can then consume this list as an external threat feed.

Which Amazon AWS services must you subscribe to in order to use this feature?

A. GuardDuty, CloudWatch, S3, Inspector, WAF, and Shield.

B. GuardDuty, CloudWatch, S3, and DynamoDB.

C. Inspector, Shield, GuardDuty, S3, and DynamoDB.

D. WAF, Shield, GuardDuty, S3, and DynamoDB.

Refer to the exhibit. A customer has deployed an environment in Amazon Web Services (AWS) and is now trying to send outbound traffic from the Web servers to the Internet. The FortiGate policies are configured to allow all outbound traffic; however, the traffic is not reaching the FortiGate internal interface.

What are two possible reasons for this behavior? (Choose two.)

A. The web servers are not configured with the default gateway.

B. The Internet gateway (IGW) is not added to VPC (virtual private cloud).

C. AWS source and destination checks are enabled on the FortiGate interfaces.

D. AWS security groups may be blocking the traffic.

An Amazon Web Services (AWS) auto-scale FortiGate cluster has just experienced a scale-down event, terminating a FortiGate in availability zone C.

What action will the worker node automatically perform to restore access to the black-holed subnet?

A. The worker node applies a route table from a non-black-holed subnet to the black-holed subnet.

B. The worker node moves the virtual IP of the terminated FortiGate to a running FortiGate on the worker node's private subnet interface.

C. The worker node modifies the route table applied to the black-holed subnet changing its default route to point to a running FortiGate on the worker node's private subnet interface.

D. The worker node migrates the subnet to a different availability zone.

Which two statements about the Amazon Cloud Services (AWS) network access control lists (ACLs) are true? (Choose two.)

A. Network ACLs are stateless, and inbound and outbound rules are used for traffic filtering.

B. Network ACLs are stateful, and inbound and outbound rules are used for traffic filtering.

C. Network ACLs must be manually applied to virtual network interfaces.

D. Network ACLs support allow rules and deny rules.

Refer to the exhibit. You attempted to deploy the FortiGate-VM in Microsoft Azure with the JSON template, and it failed to boot up. The exhibit shows an excerpt from the JSON template.

What is incorrect with the template?

A. The LUN ID is not defined.

B. FortiGate-VM does not support managedDisk from Azure.

C. The caching parameter should be None.

D. The CreateOptions parameter should be FromImage.

Which two statements about Microsoft Azure network security groups are true? (Choose two.)

A. Network security groups can be applied to subnets and virtual network interfaces.

B. Network security groups can be applied to subnets only.

C. Network security groups are stateless inbound and outbound rules used for traffic filtering.

D. Network security groups are a stateful inbound and outbound rules used for traffic filtering.

A company deployed a FortiGate-VM with an on-demand license using Amazon Web Services (AWS) Market Place Cloud Formation template. After deployment, the administrator cannot remember the default admin password.

What is the default admin password for the FortiGate-VM instance?

A. The admin password cannot be recovered and the customer needs to deploy the FortiGate-VM again.

B.

C. admin

D. The instance-ID value

Refer to the exhibit. The exhibit shows a topology where multiple connections from clients to the same FortiGate-VM instance, regardless of the protocol being used, are required.

Which two statements are correct? (Choose two.)

A. The design shows an active-active FortiGate-VM architecture.

B. The Cloud Load Balancer Session Affinity setting should be changed to CLIENT_IP.

C. The design shows an active-passive FortiGate-VM architecture.

D. The Cloud Load Balancer Session Affinity setting should use the default value.

You have been asked to develop an Azure Resource Manager infrastructure as a code template for the FortiGate-VM, that can be reused for multiple deployments. The deployment fails, and errors point to the storageAccount name.

Which two are restrictions for a storageAccount name in an Azure Resource Manager template? (Choose two.)

A. The uniqueString() function must be used.

B. The storageAccount name must use special characters.

C. The storageAccount name must be in lowercase.

D. The storageAccount name must contain between 3 and 24 alphanumeric characters.

Which statement about FortiSandbox in Amazon Web Services (AWS) is true?

A. In AWS, virtual machines (VMs) that inspect files do not have to be reset after inspecting a file.

B. FortiSandbox in AWS uses Windows virtual machines (VMs) to inspect files.

C. In AWS, virtual machines (VMs) that inspect files are constantly up and running.

D. FortiSandbox in AWS can have a maximum of eight virtual machines (VMs) that inspect files.