ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE7_PBC-6.4 All Questions

View all questions & answers for the NSE7_PBC-6.4 exam
Go to Exam

Exam NSE7_PBC-6.4 topic 1 question 4 discussion

Actual exam question from Fortinet's NSE7_PBC-6.4
Question #: 4
Topic #: 1
[All NSE7_PBC-6.4 Questions]


Refer to the exhibit. A customer has deployed an environment in Amazon Web Services (AWS) and is now trying to send outbound traffic from the Web servers to the Internet. The FortiGate policies are configured to allow all outbound traffic; however, the traffic is not reaching the FortiGate internal interface.
What are two possible reasons for this behavior? (Choose two.)

  • A. The web servers are not configured with the default gateway.
  • B. The Internet gateway (IGW) is not added to VPC (virtual private cloud).
  • C. AWS source and destination checks are enabled on the FortiGate interfaces.
  • D. AWS security groups may be blocking the traffic.
Show Suggested Answer Hide Answer
Suggested Answer: CD 🗳️
by RueDizz at March 31, 2022, 9:33 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
charruco
2 years, 7 months ago
Selected Answer: CD
CD are correct
upvoted 1 times
...
cciesam
2 years, 8 months ago
Selected Answer: CD
Ans - CD
upvoted 2 times
...
Nkay17
2 years, 9 months ago
I think it must be AC A- Default gateway needs to be applied to get the traffic reach Fortinet for Internet as there is no default route available by default. C- Src/Dst is enabled by default. So it has to enabled unless you are delpoying via CF template. B - Not required as the Nating will be done via EIP D- Default Outbound NSG allows internet
upvoted 1 times
...
Nkay17
2 years, 10 months ago
AD - since traffic is not reaching fortinet means that the traffic is denied prior
upvoted 1 times
...
kinge2
3 years ago
Selected Answer: CD
Answer is CD
upvoted 3 times
...
elgato01
3 years, 1 month ago
Selected Answer: CD
C and D Check if check is enable (Public_Cloud_6.4_Study_Guide Page 67), by default is enable in AWS and in Azure is disable; and of course the SG has to be checked to make sure that the service/port is allowed is allowed
upvoted 3 times
...
Spippolo
3 years, 2 months ago
Selected Answer: CD
You need to check if source/destination are enabled. Public_Cloud_6.4_Study_Guide Page 67
upvoted 3 times
...
rteo82
3 years, 2 months ago
A and D is correct. C is incorrect, Public_Cloud_6.4_Study_Guide Page 67 n AWS, the source/destination check feature is enabled by default. And is correct behaviour.
upvoted 1 times
smahah
2 years, 6 months ago
If the check is enabled, IP addresses that are different from the assigned IP address of the interface are NOT allowed
upvoted 1 times
...
...
RueDizz
3 years, 4 months ago
Selected Answer: AD
A. The web servers are not configured with the default gateway. D. AWS security groups may be blocking the traffic.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel