FCP - AWS Cloud Security 7.4 Administrator

Here you have the best Fortinet FCP_WCS_AD-7.4 practice exam questions

You have 35 total questions to study from
Each page has 5 questions, making a total of 7 pages
You can navigate through the pages using the buttons at the bottom
This questions were last updated on May 13, 2025
This site is not affiliated with or endorsed by Fortinet.

Question 1 of 35

Refer to the exhibit.

An organization deployed the application servers in the AWS VPC that connects to the corporate data center using Transit Gateway Connect. Demand for the applications has grown and the connection requires more bandwidth.

What is required to achieve higher bandwidth?

Use routable public IP addresses instead of private IP addresses for connectivity.

You cannot increase bandwidth the connection has a fixed limit.

No configuration change is required because GRE tunnels are scaled to provide higher bandwidth.

You add a Transit VPC between the organization's VPCs.

Correct Answer: C

Question 2 of 35

You want to deploy the Fortinet HA CloudFormation template to stage and bootstrap the FortiGate configuration in the same region in which you created your VPC, which is Ohio US-East-2.

Based on this information, which statement is correct?

You create an S3 bucket to stage and bootstrap FortiGate with an FGCP unicast configuration. The S3 bucket can be hosted in any region.

The Fortinet HA cloud formation template automatically creates an S3 bucket.

You create an S3 bucket to stage and bootstrap FortiGate with an FGCP unicast configuration. The S3 bucket needs to be hosted in the Ohio US-East-2 region.

You create a DynamoDB to stage and bootstrap FortiGate with an FGCP unicast configuration. It needs to be hosted in the Ohio US-East-2 region.

Correct Answer: C

Question 3 of 35

An organization has the requirement to connect a data VPC to the on-premises infrastructure of a branch office in a hybrid cloud environment. The connectivity needs the higher bandwidth but the organization does not want to use multiple connections between sites.

Which AWS solution meets the requirement?

Transit VPC with IPSec

Internet Gateway

Transit Gateway multicast

Transit Gateway Connect

Correct Answer: D

Question 4 of 35

Refer to the exhibit.

Traffic is initiated from the EC2 instance and is destined for the internet.

Which traffic flow is correct?

EC2 instance > NAT GW > IGW > internet

There is no route to the internet in the Private Route Table. The traffic does not reach the internet.

EC2 instance > GWLBe > NAT GW > IGW > internet

EC2 instance > GWLBe > internet

Correct Answer: C

The traffic flow for an EC2 instance destined for the internet, based on the provided route tables and architecture, should follow the path where it first goes through the Gateway Load Balancer Endpoint (GWLBe) for inspection or security purposes, then through the NAT Gateway to map to a public IP, and finally reaches the internet through the Internet Gateway (IGW). Therefore, the correct traffic flow is EC2 instance > GWLBe > NAT GW > IGW > internet.

Question 5 of 35

A customer has implemented GWLB between the partner and application VPCs. FortiGate appliances are deployed in the partner VPC with multiple AZs to inspect traffic transparently.

Which two things will happen to application traffic based on the GWLB deployment? (Choose two.)

Inbound and outbound traffic will go to multiple devices, which will perform load balancing.

Inbound and outbound traffic will go to the same device, which will perform stateful processing.

The content of the original traffic exchanged between the GWLB and FortiGate will be preserved.

The original traffic exchanged between the GWLB and FortiGate will be hashed for data integrity.

Correct Answer: B, C

When using Gateway Load Balancer (GWLB) for traffic inspection with FortiGate appliances, inbound and outbound traffic must go to the same device to enable stateful processing. This ensures that the firewall can properly track and manage the connection states. Additionally, the content of the original traffic exchanged between the GWLB and FortiGate will be preserved, leveraging encapsulation methods such as GENEVE to maintain traffic integrity.