Fortinet FCP_WCS_AD-7.4 Practice Exams
Last updated on Apr 01,2025- Exam Code: FCP_WCS_AD-7.4
- Exam Name: FCP - AWS Cloud Security 7.4 Administrator
- Certification Provider: Fortinet
- Latest update: Apr 01,2025
Your company deployed a FortiSandbox for AWS.
Which statement is correct about FortiSandbox for AWS?
- A . FortiSandbox for AWS comes as a hybrid solution. The FortiSandbox manager is installed on-premises and analyzes the results of the sandboxing process received from AWS EC2 instances.
- B . The FortiSandbox manager is installed on the AWS platform and analyzes the results of the sandboxing process received from on-premises Windows instances.
- C . FortiSandbox for AWS does not need more resources because it performs only management and analysis tasks.
- D . FortiSandbox deploys new EC2 instances with the custom Windows and Linux VMs, then it sends malware, runs it, and captures the results for analysis.
You need to deploy a new Windows server in AWS to offload web traffic from an existing web server in a different availability zone.
According to the AWS shared responsibility model, what three actions must you take to secure the new EC2 instance? (Choose three.)
- A . Update software on the instance.
- B . Change the existing elastic load balancer (ELB) to a gateway load balancer
- C . Configure security groups.
- D . Manage the operating system on the instance.
- E . Move all web servers into the same availability zone.
What is a drawback of deploying a FortiWeb VM inside a virtual public cloud (VPC) compared to FortiWeb Cloud?
- A . It is unable to support web applications from OWASP Top 10 threats.
- B . It does not support zero-day protection.
- C . It is slower than FortiWeb Cloud to apply advanced WAF protection.
- D . Only applications going through the VPC are protected.
Which two statements about the FortiCloud portal are true? (Choose two.)
- A . You can gain remote access to your FortiGate VM directly from the portal.
- B . To assign permissions in the identity and access management (JAM) portal, you must write a JSON script.
- C . You can access the FortiFlex portal only after you purchase a FortiFlex license and register it on FortiCare.
- D . You can access only cloud services that you have subscribed to on AWS marketplace.
Refer to the exhibit.
What occurs during a failover for an active-passive (A-P) cluster that is deployed in two different availability zones? (Choose two.)
- A . The cluster elastic IP address (EIP) is moved from Port1 of FGT-1 to Port1 of FGT-2.
- B . The secondary IP address of Port2 of FGT-1 is moved to Port2 of FGT-2.
- C . The default static route in the Private-AZ1 subnet route table is modified to forward all traffic to Port2 of FGT2.
- D . An additional route is added to the route table of the HA Sync AZ2 subnet to forward all traffic to the Internet GW.
You want to deploy the Fortinet HA CloudFormation template to stage and bootstrap the FortiGate configuration in the same region in which you created your VPC, which is Ohio US-East-2.
Based on this information, which statement is correct?
- A . You create an S3 bucket to stage and bootstrap FortiGate with an FGCP unicast configuration. The S3 bucket can be hosted in any region.
- B . The Fortinet HA cloud formation template automatically creates an S3 bucket.
- C . You create an S3 bucket to stage and bootstrap FortiGate with an FGCP unicast configuration. The S3 bucket needs to be hosted in the Ohio US-East-2 region.
- D . You create a DynamoDB to stage and bootstrap FortiGate with an FGCP unicast configuration. It needs to be hosted in the Ohio US-East-2 region.
An organization has the requirement to connect a data VPC to the on-premises infrastructure of a branch office in a hybrid cloud environment. The connectivity needs the higher bandwidth but the organization does not want to use multiple connections between sites.
Which AWS solution meets the requirement?
- A . Transit VPC with IPSec
- B . Internet Gateway
- C . Transit Gateway multicast
- D . Transit Gateway Connect
An administrator must deploy a web application firewall (WAF) solution to protect the web applications of their organization.
Why would the administrator choose FortiWeb Cloud over AWS WAF with Fortinet managed rules?
- A . WAF signatures must be manually updated by FortiGuard.
- B . The solution must meet PCI 6.6 compliance.
- C . SSL inspection is a requirement.
- D . Traffic must be inspected for malware.
Your organization is deciding between deploying an active-active (A-A) or active-passive (A-P) FortiGate high availability (HA) cluster in AWS cloud.
Which two statements are true about A-A clusters compared to A-P clusters? (Choose two.)
- A . For A-A clusters, FortiGate must perform SNAT inbound to ensure symmetric traffic flow.
- B . A-A clusters rely on API calls for sfailovers.
- C . A-A clusters always require a load balancer.
- D . A-A clusters can use a software-defined network (SDN) to perform a failover.
An administrator wants to deploy a solution to automatically create firewall rules on FortiGate to accelerate time-to-protection for threats.
Which AWS service can be integrated with FortiGate to accomplish this?
- A . AWS Firewall Manager
- B . AWS network access control list
- C . SDN Connector for AWS
- D . AWS GuardDuty