Download Fortinet NSE 7 Public Cloud Security 7.2 (FCSS).NSE7_PBC-7.2.ExamTopics.2025-08-07.34q.vcex
| Vendor: | Fortinet |
| Exam Code: | NSE7_PBC-7.2 |
| Exam Name: | Fortinet NSE 7 Public Cloud Security 7.2 (FCSS) |
| Date: | Aug 07, 2025 |
| File Size: | 5 MB |
How to open VCEX files?
Files with VCEX extension can be opened by ProfExam Simulator.
Purchase
Coupon: TAURUSSIM_20OFF
Discount: 20%
Demo Questions
Question 1
In an SD-WAN TGW Connect topology, which three initial steps are mandatory when routing traffic from a spoke VPC to a security VPC through a Transit Gateway? (Choose three.)
- From the security VPC TGW subnet routing table, point 0.0.0.0/0 traffic to the FortiGate internal port.
- From the security VPC FortiGate internal subnet routing table, point 0.0.0.0/0 traffic to the TGW.
- From the spoke VPC internal routing table, point 0.0.0.0/0 traffic to the TGW.
- From the security VPC TGW subnet routing table, point 0.0.0.0/0 traffic to the TGW.
- From both spoke VPCs, and the security VPC, point 0.0.0.0/0 traffic to the Internet Gateway.
Correct answer: BCD
Explanation:
ABC: 5 - Mosted ABC: 5 - Mosted
Question 2
Which two Amazon Web Services (AWS) features do you use for the transit virtual private cloud (VPC) automation process to add new spoke VPCs? (Choose two.)
- Amazon CloudWatch
- Amazon S3 bucket
- AWS Transit Gateway
- AWS Security Hub
Correct answer: AB
Explanation:
AB: 6 - Mosted AB: 6 - Mosted
Question 3
You are adding a new spoke to the existing transit VPC environment using the AWS CloudFormation template.
Which two components must you use for this deployment? (Choose two.)
- The Amazon CloudWatch tag value.
- The tag value of the spoke.
- The BGP ASN value used for the transit VPC.
- The OSPF AS value used for the hub.
Correct answer: BC
Explanation:
BC: 1 BC: 1
Question 4
What is the main advantage of using SD-WAN Transit Gateway Connect over traditional SD-WAN?
- You can use GRE-based tunnel attachments.
- You can use BGP over IPsec for maximum throughput.
- You can combine it with IPsec to achieve higher bandwidth.
- It eliminates the use of ECMP.
Correct answer: A
Explanation:
A: 1 A: 1
Question 5
Which two statements are true about Transit Gateway Connect peers in aniPv4 BGP configuration? (Choose two.)
- You cannot use IPv6 addresses.
- The inside CIDR blocks are used for BGP peering.
- You must configure the second address from the IPv4 range on the device as the BGP IP address.
- You must specify a /29 CIDR block from the 169.254.0.0/16 range.
Correct answer: AD
Explanation:
BD: 2 BD: 2
Question 6
Refer to the exhibit.
You deployed an HA active-passive FortiGate VM in Microsoft Azure.
Which two statements regarding this particular deployment are true? (Choose two.)
- Use the vdom-exception command to synchronize the configuration.
- In this example, the configuration does not synchronize between the primary and secondary devices.
- During the failover, the passive FortiGate issues API calls to Azure.
- There is no SLA for API calls from Microsoft Azure.
Correct answer: BC
Explanation:
CD: 2 - Mosted CD: 2 - Mosted
Question 7
Refer to the exhibit.
After the initial Terraform configuration in Microsoft Azure, the terraform plan command is run.
Which two statements about running the terraform plan command are true? (Choose two.)
- The terraform plan command will deploy the rest of the resources except the service principle details.
- You must run the terraform init command once, before the terraform plan command.
- The terraform plan command makes terraform do a dry run.
- You cannot run the terraform apply command before the terraform plan command.
Correct answer: B
Explanation:
B: 2 - MostedC: 1 B: 2 - MostedC: 1
Question 8
When adding the Amazon Web Services (AWS) account to the FortiCNP, which three mandatory configuration steps must you follow? (Choose three.)
- Add AWS accounts through FortiCNP.
- Enable cloud protection through AWS Guard Duty and AWS Inspector.
- Accept FortiCNP to create CloudTrail for the account.
- Launch the CloudFormation template.
- Enable cross-region aggregation.
Correct answer: ABD
Explanation:
ACD: 1 ACD: 1
Question 9
An administrator decides to use the Use managed identity option on the FortiGate SDN connector with Microsoft Azure. However, the SDN connector is failing on the connection.
What must the administrator do to correct this issue?
- Make sure to enable the system assigned managed identity on Azure.
- Make sure to add the Tenant ID on FortiGate side of the configuration.
- Make sure to set the type to system managed identity on FortiGate SDN connector settings.
- Make sure to add the Client secret on FortiGate side of the configuration.
Correct answer: A
Explanation:
A: 2 A: 2
Question 10
Refer to the exhibit.
You are troubleshooting a Microsoft Azure SDN connector issue on your FortiGate VM in Azure.
Which three settings should you check while troubleshooting this problem? (Choose three.)
- Use the diag sys vd list command.
- Ensure FortiGate port1 has internet access.
- Use the show vdom command to see hidden VDOMs.
- Ensure IP address 169.254.169.254 is not blocked.
- Ensure FortiGate management port can resolve DNS.
Correct answer: BDE
Explanation:
ADE: 1 ADE: 1
Question 11
Refer to the exhibit.
The exhibit shows the Connect Peers settings on Amazon Web Services (AWS) transit gateway attachments with two FortiGate VMs in a security VPC.
Which two statements are correct? (Choose two.)
- The Transit Gateway GRE address is auto-generated.
- The Peer GRE address is the FortiGate external interface IP address.
- The Peer GRE address is the FortiGate internal interface IP address.
- The BGP inside CIDR blocks can be any CIDR block with /29.
Correct answer: AD
Explanation:
AD: 1 AD: 1
HOW TO OPEN VCE FILES
Use VCE Exam Simulator to open VCE files
HOW TO OPEN VCEX FILES
Use ProfExam Simulator to open VCEX files
ProfExam at a 20% markdown
You have the opportunity to purchase ProfExam at a 20% reduced price
Get Now!