Do you know that you can access more real exam questions via Premium Access? ()
Refer to the exhibit.
You are troubleshooting a FortiGate HA floating IP issue with Microsoft Azure. After the failover, the new primary
device does not have the previous primary device floating IP
address.
Answer : D
In this scenario, the issue is caused by the Azure service principle account not having a contributor role. This is required for the FortiGate HA floating IP to work properly. Without this role, the new primary device will not have the previous primary device floating IP address after failover.Reference: Fortinet Public Cloud Security knowledge source documents or study guide.
https://docs.fortinet.com/product/fortigate-public-cloud/7.2
Refer to the exhibit.
The exhibit shows an active-passive high availability FortiGate pair with external and internal Azure load balancers. There is no SDN connector used in this solution
Which configuration should the administrator implement?
Answer : B
Based on the provided exhibit showing an active-passive FortiGate High Availability (HA) pair with external and internal Azure load balancers and without the use of an SDN connector, the administrator should implement a Probe IP address with two static routes (Option B).
Probe IP Address: Azure load balancers use a health probe to determine the health of the instances in the backend pool. The health probe ensures that the load balancer only directs traffic to the active (primary) FortiGate in an HA pair.
Two Static Routes: Given that this is an active-passive setup, static routing should be used to ensure deterministic traffic flow. Two static routes would be configured to ensure that traffic can flow to the active unit and be correctly routed to the protected subnets in failover scenarios.
Your goal is to deploy resources in multiple places and regions in the public cloud using Terraform.
What is the most efficient way to deploy resources without changing much of the Terraform code?
Answer : A
When deploying resources in multiple places and regions in the public cloud using Terraform, the most efficient way is:
A . Use multiple terraform.tfvars files with a variables.tf file.
Terraform.tfvars File: This file is used to assign values to variables defined in your Terraform configuration. By having multiple .tfvars files, you can define different sets of values for different deployments, such as for different regions or environments, without changing the main configuration.
Variables.tf File: This file contains the definition of variables that will be used within your Terraform configuration. It works in conjunction with terraform.tfvars files, allowing you to parameterize your configuration so that you can deploy the same template in multiple environments with different variables.
You are using Red Hat Ansible to change the FortiGate VM configuration.
What is the minimum number of files you must create and which file must you use to configure the target FortiGate IP address?
Answer : A
In using Red Hat Ansible for changing the configuration of a FortiGate VM, the minimum number of files you must create and the file to configure the target FortiGate IP address are:
B . Create two files and use the hosts file.
Ansible Playbook File (YAML): The playbook file, which is typically a YAML file, contains the desired states and tasks that Ansible will execute on the target hosts.
Inventory File (Hosts): The inventory file, commonly named hosts, is where you define the target machines, including the FortiGate VM's IP address. Ansible uses this file to determine on which machines to run the playbook.
By creating these two files, you will have the necessary components to configure Ansible for the deployment. The playbook contains the automation tasks, and the hosts file lists the machines where those tasks will be executed.
Refer to the exhibit.
You deployed an HA active-active load balance sandwich with two FortiGate VMs in Microsoft Azure.
After the deployment, you prefer to use FGSP to synchronize sessions, and allow asymmetric return traffic In the environment, FortiGate port 1 and port 2 are facing external and internal load balancers respectively
What IP address must you use in the peerip configuration?
Answer : D, D
In an HA active-active load balance configuration with FortiGate VMs, especially in Microsoft Azure where FGSP (FortiGate Session Life Support Protocol) is used for session synchronization, the correct configuration for the peerip is: