Description
The NSE 7 Network Security Architect designation recognizes your advanced skills ans ability to deploy, administer, and troubleshoot Fortinet security solutions.
Who Should Attempt the NSE 7 Certification
We recommend this course for network and security professionals who are involved in the design, administration, and support of security infrastructures using Fortinet solutions.
Program Requirements
You must successfully pass at least one of the NSE 7 exams:
Fortinet NSE 7 – Advanced Analytics
Fortinet NSE 7 – Advanced Threat Protection
Fortinet NSE 7 – Enterprise Firewall
Fortinet NSE 7 – OT Security
Fortinet NSE 7 – Public Cloud Security
Fortinet NSE 7 – SD-WAN
Fortinet NSE 7 – Secure Access
To prepare for the certification exams, we recommend that you take the NSE 7 product courses. The courses are optional.
Fortinet NSE 7 – Public Cloud Security 6.4
Exam series: NSE7_PBC-6.4
Number of questions: 30
Exam time: 60 minutes
Language: English
Product version: FortiOS 6.4, FortiWeb 6.4
Status: Available
Exam details: exam description
NSE 7 Network Security Architect—Public Cloud Security
NSE 7 Certification
The Fortinet Network Security Architect designation identifies your advanced skills in deploying, administering, and troubleshooting Fortinet security solutions. We recommend this certification for network and security professionals who are involved in the advanced administration and support of security infrastructures using Fortinet solutions. Visit the Fortinet NSE Certification Program page for information about certification requirements.
Fortinet NSE 7—Public Cloud Security 6.4 Exam
The Fortinet NSE 7—Public Cloud Security 6.4 exam is part of the NSE 7 Network Security Architect program, and recognizes the successful candidate’s knowledge and expertise with Fortinet solutions in public cloud network environments.
The exam tests applied knowledge of the integration and administration of Fortinet public cloud security solutions, and includes design scenarios, configuration extracts, and troubleshooting captures.
Audience
The Fortinet NSE 7—Public Cloud Security 6.4 exam is intended for network and security professionals who are responsible for the integration and administration of an enterprise public cloud security infrastructure composed of multiple Fortinet solutions.
Exam Details
Exam name Fortinet NSE 7— Public Cloud Security 6.4
Exam series NSE7_PBC-6.4
Time allowed 60 minutes
Exam questions 30 multiple-choice questions
Scoring Pass or fail, a score report is available from your Pearson VUE account
Language English and Japanese
Product version FortiGate 6.4
FortiWeb 6.4
Exam Topics
Successful candidates have applied knowledge and skills in the following areas and tasks:
Explain cloud-specific architectural requirements, deploy and integrate Fortinet solutions with public cloud providers, and troubleshoot public cloud components.
l Fortinet Solution for Amazon Web Services (AWS)
l Identify Fortinet WAF solutions for AWS
l Review AWS basic concepts and componets
l Configure high availability (HA), load balancing, and autoscaling
l Identify traffic patterns, MPLS, IPsec, Direct Connect
l Secure the public cloud
l Apply auto scaling, resilience / availability, transit VPCs, load balancing
l Implement marketplace deployment, templates, sizing, automation
l Apply FortiGate AWS SDN integration
l Choose Fortinet products licensing in AWS Marketplace: PAYG, BYOL
l Fortinet Solution for Microsoft Azure
l Identify Azure Security Center, Azure Stack
l Identify traffic patterns, MPLS, IPsec, ExpressRoute, Traffic Manager
l Configure resilience / availability, Transit VNet, load balancing, east-west inspection
l Configure HA, load balancing, and autoscaling
l Choose Fortinet products licensing in Azure Marketplace: PAYG, BYOL
l Implement marketplace deployment, templates, sizing, automation
l Fortinet Solution for Google Cloud Platform (GCP)
l Deploy FortiGate in GCP
l Identify traffic patterns, MPLS, IPsec, and dedicated interconnection
l Perform installation, sizing, and licensing: BYOL
l FortiCASB and FortiCWP
l Review FortiCASB architecture and supported applications
l Review FortiCWP architecture
l Configure FortiCASB
Training Resources
The following resources are recommended for attaining the knowledge and skills that are covered on the exam. The recommended training is available as a foundation for exam preparation. In addition to training, candidates are strongly encouraged to have hands-on experience with the exam topics and objectives.
NSE Training Institute Courses
l NSE 7 Public Cloud Security 6.4
Other Resources
l FortiOS – AWS Cookbook 6.4
l FortiOS – Azure Cookbook 6.4
l FortiOS – GCP Cookbook 6.4
Experience
l Familiarity with various deployments in AWS, Azure, and GCP
Exam Sample Questions
A set of sample questions is available from the NSE Training Institute. These questions sample the exam content in question type and content scope. However, the questions do not necessarily represent all the exam content, nor are they intended to assess an individual’s readiness to take the certification exam.
See the NSE Training Institute for the course that includes the sample questions.
Examination Policies and Procedures
The NSE Training Institute recommends that candidates review exam policies and procedures before registering for the exam. Access important information on the Program Policies page, and find answers to common questions on the FAQ page.
QUESTION 1
When configuring the FortiCASB policy, which three configuration options are available? (Choose three.)
A. Intrusion prevention policies
B. Threat protection policies
C. Data loss prevention policies
D. Compliance policies
E. Antivirus policies
Correct Answer: BCD
QUESTION 2
You have been tasked with deploying FortiGate VMs in a highly available topology on the Amazon Web
Services (AWS) cloud. The requirements for your deployment are as follows:
• You must deploy two FortiGate VMs in a single virtual private cloud (VPC), with an external elastic load balancer which will distribute ingress traffic from the internet to both FortiGate VMs in an active-active
topology.
• Each FortiGate VM must have two elastic network interfaces: one will connect to a public subnet and other will connect to a private subnet.
• To maintain high availability, you must deploy the FortiGate VMs in two different availability zones.
How many public and private subnets will you need to configure within the VPC?
A. One public subnet and two private subnets
B. Two public subnets and one private subnet
C. Two public subnets and two private subnets
D. One public subnet and one private subnet
Correct Answer: A
QUESTION 3
You are deploying Amazon Web Services (AWS) GuardDuty to monitor malicious or unauthorized behaviors related to AWS resources. You will also use the Fortinet aws-lambda-guardduty script to translate feeds from AWS GuardDuty findings into a list of malicious IP addresses. FortiGate can then consume this list as an external threat feed.
Which Amazon AWS services must you subscribe to in order to use this feature?
A. GuardDuty, CloudWatch, S3, Inspector, WAF, and Shield.
B. GuardDuty, CloudWatch, S3, and DynamoDB.
C. Inspector, Shield, GuardDuty, S3, and DynamoDB.
D. WAF, Shield, GuardDuty, S3, and DynamoDB.
Correct Answer: A
Actualkey Fortinet NSE7_PBC-6.4 Exam pdf, Certkingdom Fortinet NSE7_PBC-6.4 PDF
Best Fortinet NSE7_PBC-6.4 Certification, Fortinet NSE7_PBC-6.4 Training at certkingdom.com
