Most Recent Fortinet NSE7_PBC-7.2 Exam Dumps

Prepare for the Fortinet NSE 7 - Public Cloud Security 7.2 exam with our extensive collection of questions and answers. These practice Q&A are updated according to the latest syllabus, providing you with the tools needed to review and test your knowledge.

QA4Exam focus on the latest syllabus and exam objectives, our practice Q&A are designed to help you identify key topics and solidify your understanding. By focusing on the core curriculum, These Questions & Answers helps you cover all the essential topics, ensuring you're well-prepared for every section of the exam. Each question comes with a detailed explanation, offering valuable insights and helping you to learn from your mistakes. Whether you're looking to assess your progress or dive deeper into complex topics, our updated Q&A will provide the support you need to confidently approach the Fortinet NSE7_PBC-7.2 exam and achieve success.

The questions for NSE7_PBC-7.2 were last updated on Apr 22, 2026.

Viewing page 1 out of 12 pages.
Viewing questions 1-5 out of 59 questions

Get All 59 Questions & Answers

Question No. 1

Your goal is to deploy resources in multiple places and regions in the public cloud using Terraform.

What is the most efficient way to deploy resources without changing much of the Terraform code?

AUse multiple terraform.tfvars files With a variables.tf file.

BUse the provider. tf file to add all the new values

CInstall and configure two Terraform staging servers to deploy resources.

DUse the variable, tf file and edit its values to match multiple resources

Show Answer

Correct Answer: A

When deploying resources in multiple places and regions in the public cloud using Terraform, the most efficient way is:

A . Use multiple terraform.tfvars files with a variables.tf file.

Terraform.tfvars File: This file is used to assign values to variables defined in your Terraform configuration. By having multiple .tfvars files, you can define different sets of values for different deployments, such as for different regions or environments, without changing the main configuration.

Variables.tf File: This file contains the definition of variables that will be used within your Terraform configuration. It works in conjunction with terraform.tfvars files, allowing you to parameterize your configuration so that you can deploy the same template in multiple environments with different variables.

Question No. 2

Which two attachments are necessary to connect a transit gateway to an existing VPC with BGP? (Choose two )

AA transport attachment

BA BGP attachment

CA connect attachment

DA GRE attachment

Show Answer

Correct Answer: A, C

The correct answer is A and C. A transport attachment and a connect attachment are necessary to connect a transit gateway to an existing VPC with BGP.

According to the AWS documentation for Transit Gateway, a transit gateway is a network transit hub that connects VPCs and on-premises networks. To connect a transit gateway to an existing VPC with BGP, you need to do the following steps:

Create a transport attachment. A transport attachment is a resource that connects a VPC or VPN to a transit gateway. You can specify the BGP options for the transport attachment, such as the autonomous system number (ASN) and the BGP peer IP address.

Create a connect attachment. A connect attachment is a resource that enables you to use your own appliance to provide network services for traffic that flows through the transit gateway. You can use a connect attachment to route traffic between the transport attachment and your appliance using GRE tunnels and BGP.

The other options are incorrect because:

A BGP attachment is not a valid type of attachment for a transit gateway. BGP is a protocol that enables dynamic routing between the transit gateway and the VPC or VPN.

A GRE attachment is not a valid type of attachment for a transit gateway. GRE is a protocol that encapsulates packets for tunneling purposes. GRE tunnels are established between the connect attachment and your appliance.

: [Transit Gateways - Amazon Virtual Private Cloud] : [Transit Gateway Connect - Amazon Virtual Private Cloud]

Question No. 3

Refer to Exhibit:

After the initial Terraform configuration in Microsoft Azure, the terraform plan command is run Which two statements about running the plan command are true? (Choose two.)

AThe terraform plan command will deploy the rest of the resources except the service principle details.

BYou cannot run the terraform apply command before the terraform plan command.

CYou must run the terraform init command once, before the terraform plan command

DThe terraform plan command makes terraform do a dry run.

Show Answer

Correct Answer: C, D

A is incorrect because the terraform plan command will not deploy any resources at all. It will only show the changes that would be made if the terraform apply command was run.The error message in the exhibit indicates that the service principal details are invalid, which means that Terraform cannot authenticate to Azure and cannot create any resources1.

B is incorrect because you can run the terraform apply command without running the terraform plan command first.The terraform apply command will automatically generate a new plan and prompt you to approve it before applying it2. However, running the terraform plan command first can help you preview the changes and avoid any unwanted or unexpected actions.

C is correct because you must run the terraform init command once before the terraform plan command. The terraform init command initializes a working directory containing Terraform configuration files.It downloads and installs the provider plugins required for your configuration, such as the Azure provider2.It also creates a hidden directory called .terraform to store the plugin binaries and other metadata1. Without running the terraform init command, the terraform plan command will fail because it cannot find the required plugins or modules.

D is correct because the terraform plan command makes Terraform do a dry run. A dry run is a simulation of what would happen if you executed a certain action, without actually performing it.The terraform plan command creates an execution plan, which is a description of the actions that Terraform would take to make your infrastructure match your configuration2. The execution plan shows you what resources will be created, modified, or destroyed, and what attributes will be changed.The execution plan does not affect your infrastructure or state file until you apply it with the terraform apply command1.

Question No. 4

Which two Amazon Web Services (AWS) features support east-west traffic inspection within the AWS cloud by the FortiGate VM? (Choose two.)

AA NAT gateway with an EIP

BA transit gateway with an attachment

CAn Internet gateway with an EIP

DA transit VPC

Show Answer

Correct Answer: B, D

The correct answer is B and D. A transit gateway with an attachment and a transit VPC support east-west traffic inspection within the AWS cloud by the FortiGate VM.

According to the Fortinet documentation for Public Cloud Security, a transit gateway is a network transit hub that connects VPCs and on-premises networks. A transit gateway attachment is a resource that connects a VPC or VPN to a transit gateway. By using a transit gateway with an attachment, you can route traffic from your spoke VPCs to your security VPC, where the FortiGate VM can inspect the traffic1.

A transit VPC is a VPC that serves as a global network transit center for connecting multiple VPCs, remote networks, and virtual private networks (VPNs). By using a transit VPC, you can deploy the FortiGate VM as a virtual appliance that provides network security and threat prevention for your VPCs2.

The other options are incorrect because:

A NAT gateway with an EIP is a service that enables instances in a private subnet to connect to the internet or other AWS services, but prevents the internet from initiating a connection with those instances. A NAT gateway with an EIP does not support east-west traffic inspection within the AWS cloud by the FortiGate VM3.

An Internet gateway with an EIP is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet. An Internet gateway with an EIP does not support east-west traffic inspection within the AWS cloud by the FortiGate VM4.

1: Fortinet Documentation Library - Deploying FortiGate VMs on AWS 2: [Fortinet Documentation Library - Transit VPC on AWS] 3: [NAT Gateways - Amazon Virtual Private Cloud] 4: [Internet Gateways - Amazon Virtual Private Cloud]

Question No. 5

Refer to the exhibit

An administrator is trying to deploy a FortiGate VM in Microsoft Azure using Terraform However, during the configuration, the Azure client secret is no longer visible in the Azure portal.

How would the administrator obtain the Azure

client secret to configure on Terratorm?

AThe administrator must create a new Azure account

BLog in to the Azure CLI with power user to obtain the client secret

CThe administrator can create a new client secret

DThe administrator must obtain the client secret through Azure Cloud Shell.

Show Answer

Correct Answer: C

The Azure client secret is a one-time value that is only visible when it is created. If the administrator loses or forgets the client secret, they cannot retrieve it from the Azure portal. However, they can create a new client secret and use it to configure Terraform.To create a new client secret, they need to follow these steps12:

Select the application name under the App Registrations.

Select Certificates & Secrets > New client secret to create a new client secret.

Add a description and an expiration date for the client secret and select Add.