When configuring the FortiCASB policy, which three configuration options are available? (Choose three.)

A. Intrusion prevention policies

B. Threat protection policies

C. Data loss prevention policies

D. Compliance policies

E. Antivirus policies

Refer to the exhibit. Your senior administrator successfully configured a FortiGate fabric connector with the Azure resource manager, and created a dynamic address object on the FortiGate VM to connect with a windows server in Microsoft Azure. However, there is now an error on the dynamic address object, and you must resolve the issue.

How do you resolve this issue?

A. Run diagnose debug application azd -l on FortiGate.

B. In the Microsoft Azure portal, set the correct tag values for the windows server.

C. In the Microsoft Azure portal, access the windows server, obtain the private IP address, and assign the IP address under the FortiGate-VM AzureLab address object.

D. Delete the address object and recreate a new address object with the type set to FQDN.

An Amazon Web Services (AWS) auto-scale FortiGate cluster has just experienced a scale-down event, terminating a FortiGate in availability zone C.

What action will the worker node automatically perform to restore access to the black-holed subnet?

A. The worker node applies a route table from a non-black-holed subnet to the black-holed subnet.

B. The worker node moves the virtual IP of the terminated FortiGate to a running FortiGate on the worker node's private subnet interface.

C. The worker node modifies the route table applied to the black-holed subnet changing its default route to point to a running FortiGate on the worker node's private subnet interface.

D. The worker node migrates the subnet to a different availability zone.

When an organization deploys a FortiGate-VM in a high availability (HA) (active/active) architecture in Microsoft Azure, they need to determine the default timeout values of the load balancer probes.

In the event of failure, how long will Azure take to mark a FortiGate-VM as unhealthy, considering the default timeout values?

A. Less than 10 seconds

B. 30 seconds

C. 20 seconds

D. 16 seconds

Which two statements about Microsoft Azure network security groups are true? (Choose two.)

A. Network security groups can be applied to subnets and virtual network interfaces.

B. Network security groups can be applied to subnets only.

C. Network security groups are stateless inbound and outbound rules used for traffic filtering.

D. Network security groups are a stateful inbound and outbound rules used for traffic filtering.

What is the bandwidth limitation of an Amazon Web Services (AWS) transit gateway VPC attachment?

A. Up to 1.25 Gbps per attachment

B. Up to 50 Gbps per attachment

C. Up to 10 Gbps per attachment

D. Up to 1 Gbps per attachment

Refer to the exhibit. Consider an active-passive HA deployment in Microsoft Azure. The exhibit shows an excerpt from the passive FortiGate-VM node.

If the active FortiGate-VM fails, what are the results of the API calls made by the FortiGate named SSTENTAZFGT-0302? (Choose two.)

A. SSTENTAZFGT-03-FloatingPIP is assigned to the IP configuration with the name SSTENTAZFGT0302-Nic-01, under the network interface SSTENTAZFGT-0302-Nic-01

B. 172.29.32.71 is set as a next hop IP for all routes under FortigateUDR-01

C. The network interface of the active unit moves to itself

D. SSTENTAZFGT-03-FloatingPIP public IP is assigned to NIC SSTENTAZFGT-0302-Nic-01

You have previously deployed an Amazon Web Services (AWS) transit virtual private cloud (VPC) with a pair of FortiGate firewalls (VM04 / c4.xlarge) as your security perimeter. You are beginning to see high CPU usage on the FortiGate instances.

Which action will fix this issue?

A. Convert the c4.xlarge instances to m4.xlarge instances.

B. Migrate the transit VPNs to new and larger instances (VM08 / c4.2xlarge).

C. Convert from IPsec tunnels to generic routing encapsulation (GRE) tunnels, for the VPC peering connections.

D. Convert the transit VPC firewalls into an auto-scaling group and launch additional EC2 instances in that group.

Refer to the exhibit. Which two conditions will enable you to segregate and secure the traffic between the hub and the spokes in Microsoft Azure? (Choose two.)

A. Implement the FortiGate-VM network virtual appliance (NVA) in the hub and use user-defined routes (UDRs) in the spokes.

B. Use ExpressRoute to interconnect the hub VNets and spoke VNets.

C. Configure VNet peering between the spokes only.

D. Configure VNet peering between the hub and spokes.

Customer XYZ has an ExpressRoute connection from Microsoft Azure to a data center. They want to secure communication over ExpressRoute, and to install an in-line FortiGate to perform intrusion prevention system (IPS) and antivirus scanning.

Which three methods can the customer use to ensure that all traffic from the data center is sent through A. Install FortiGate in Azure and build a VPN tunnel to the data center over ExpressRoute

B. Configure a user-defined route table

C. Enable the redirect option in ExpressRoute to send data center traffic to a user-defined route table

D. Configure the gateway subnet as the subnet in the user-defined route table

E. Define a default route where the next hop IP is the FortiGate WAN interface