Examice

Exam nse8_812 All QuestionsBrowse all questions from this exam

Question 29

A customer is planning on moving their secondary data center to a cloud-based IaaS. They want to place all the Oracle-based systems on Oracle Cloud, while the other systems will be on Microsoft Azure with ExpressRoute service to their main data center.

They have about 200 branches with two internet services as their only WAN connections. As a security consultant you are asked to design an architecture using Fortinet products with security, redundancy, and performance as a priority.

Which two design options are true based on these requirements? (Choose two.)

Systems running on Azure will need to go through the main data center to access the services on Oracle Cloud.

Use FortiGate VM for IPSEC over ExpressRoute, as traffic is not encrypted by Azure.

Branch FortiGate devices must be configured as VPN clients for the branches’ internal network to be able to access Oracle services without using public IPs.

Two ExpressRoute services to the main data center are required to implement SD-WAN between a FortiGate VM in Azure and a FortiGate device at the data center edge.

Correct Answer: B, C

To meet the requirements of security, redundancy, and performance, the systems running on Azure do not necessarily need to go through the main data center to access services on Oracle Cloud, as this would not optimize performance. Using FortiGate VM for IPSEC over ExpressRoute is essential because traffic is not encrypted by default, ensuring the data security. Additionally, configuring branch FortiGate devices as VPN clients allows the branches’ internal network to securely and efficiently access Oracle services without using public IPs, providing necessary redundancy.

Discussion

ama6

B is wrong Whenever Azure customer traffic moves between datacenters, Microsoft applies a data-link layer encryption method using the IEEE 802.1AE MAC Security Standards (MACsec). This encryption is implemented to secure the traffic outside physical boundaries

ama6Options: AC

A and C Whenever Azure customer traffic moves between datacenters, Microsoft applies a data-link layer encryption method using the IEEE 802.1AE MAC Security Standards (MACsec). This encryption is implemented to secure the traffic outside physical boundaries

Viewable8041Options: BC

Azure Expressroute is not encrypted.

Pat1361Options: BD

Azure does not encrypt by default so B is correct.

node345Options: BC

ExpressRoute supports a couple of encryption technologies to ensure confidentiality and integrity of the data traversing between your network and Microsoft's network. By default traffic over an ExpressRoute connection isn't encrypted.