A.  

Deploy FortiWeb Cloud in the same region where your web application is beinghosted.

B.  

Enable a content delivery network

C.  

Modify DNS entries to directly point to your web server.

D.  

Disable WAF functionality.

A.  

WAF signatures must be manually updated by FortiGuard.

B.  

The solution must meet PCI 6.6 compliance.

C.  

SSL inspection is a requirement.

D.  

Traffic must be inspected for malware.

A.  

To route packets directly from VPC B to VPC C through VPC A, you must add a route for network 192.168.0.0/16 in the VPC A routing table.

B.  

You cannot route packets directly from VPC B to VPC C through VPC A.

C.  

You can associate VPC ID pcx-23232323 with VPC B to form a VPC peering connection between VPC B and VPC

C.  

D.  

You cannot create a separate VPC peering connection between VPC B and VPC C to route packets directly.

A.  

The routing table for Fgt2 updated successfully, and port2 will provide internet access to Fgt2.

B.  

The Elastic IP is associated with port1 of Fgt2.

C.  

IP address 10.0.0.13 is now associated with eni-0b61d8afc0aefb8a2.

D.  

The Elastic IP is associated with port2 of Fgt2, and the secondary IP address for port1 and port2 was updated successfully.

A.  

FortiSandbox for AWS comes as a hybrid solution. The FortiSandbox manager is installed on-premises and analyzes the results of the sandboxing process received from AWS EC2 instances.

B.  

The FortiSandbox manager is installed on the AWS platform and analyzes the results of the sandboxing process received from on-premises Windows instances.

C.  

FortiSandbox for AWS does not need more resources because it performs only management and analysis tasks.

D.  

FortiSandbox deploys new EC2 instances with the custom Windows and Linux VMs, then it sends malware, runs it, and captures the results for analysis.

A.  

Use routable public IP addresses instead of private IP addresses for connectivity.

B.  

You cannot increase bandwidth the connection has a fixed limit.

C.  

No configuration change is required because GRE tunnels are scaled to provide higher bandwidth.

D.  

You add a Transit VPC between the organization's VPCs.

A.  

The DNS name for the application servers must point to FortiWeb Cloud.

B.  

FortiWeb Cloud filters the incoming traffic from users, blocking the OWASP Top 10 attacks, zero-day threats, and other application layer attacks.

C.  

FortiWeb Cloud can protect the application servers only if they are all located in the same virtual public cloud (VPC).

D.  

Step 2 requires an AWS S3 bucket to be created.

A.  

Wait for the EC2 instance to be created.

B.  

Provide a web application name.

C.  

Create DNS records in the domain server that hosts the application.

D.  

Enable a content delivery network (CDN) in the same region where your application is located.

A.  

GWLB forwards traffic to FortiGate without encapsulation in its dedicated subnet.

B.  

Inbound traffic is directed to the GWLB through a GWLB endpoint.

C.  

Inbound traffic is directed to the application subnet through a GWLB endpoint.

D.  

GWLB encapsulates traffic with the GENEVE protocol and sends it to FortiGate.

A.  

EC2 instance > NAT GW > IGW > internet

B.  

There is no route to the internet in the Private Route Table. The traffic does not reach the internet.

C.  

EC2 instance > GWLBe > NAT GW > IGW > internet

D.  

EC2 instance > GWLBe > internet