Free FCP_WCS_AD-7.4 Sample Questions — FCP - AWS Cloud Security 7.4 Administrator

Your organization has decided to deploy FortiGate Cloud-Native Firewall (CNF) because of its simplified operations. Which steps are required to successfully deploy a CNF instance? (Choose three.)

• A. Procure a CNF license in FortiCloud
• B. Define the virtual public cloud (VPC) and subnets to place the instance in
• C. Associate the AWS account with the CNF console
• D. Manually deploy GWLB in the CNF subnet
• E. Create a CNF instance on the CNF console or AWS Firewall Manager

Which three statements are correct about VPC flow logs? (Choose three.)

• A. Flow logs do not capture traffic to and from 169.254.169.254 for instance metadata
• B. Flow logs do not capture DHCP traffic
• C. Flow logs can capture traffic to the reserved IP address for the default VPC router
• D. Flow logs can be used as a security tool to monitor the traffic that is reaching the instance
• E. Flow logs can capture real-time log streams for the network interfaces

Your company deployed a FortiSandbox for AWS. Which statement is correct about FortiSandbox for AWS?

• A. FortiSandbox for AWS comes as a hybrid solution. The FortiSandbox manager is installed on-premises and analyzes the results of the sandboxing process received from AWS EC2 instances
• B. The FortiSandbox manager is installed on the AWS platform and analyzes the results of the sandboxing process received from on-premises Windows instances
• C. FortiSandbox for AWS does not need more resources because it performs only management and analysis tasks
• D. FortiSandbox deploys new EC2 instances with the custom Windows and Linux VMs, then it sends malware, runs it, and captures the results for analysis

You are troubleshooting network connectivity issues between two VMs deployed in AWS. One VM is a FortiGate located on subnet "LAN" that is part of the VPC "Encryption". The other VM is a Windows server located on the subnet "servers" which is also in the "Encryption" VPC. You are unable to ping the Windows server from FortiGate. What are two reasons for this? (Choose two.)

• A. The firewall in the Windows VM is blocking the traffic
• B. The default AWS Network Access Control List (NACL) does not allow this traffic
• C. By default, AWS does not allow ICMP traffic between subnets
• D. Add an inbound allow ICMP rule in the security group attached to the windows server

What is a drawback of deploying a FortiWeb VM inside a virtual public cloud (VPC) compared to FortiWeb Cloud?

• A. It is unable to support web applications from OWASP Top 10 threats
• B. It does not support zero-day protection
• C. It is slower than FortiWeb Cloud to apply advanced WAF protection
• D. Only applications going through the VPC are protected