You want to deploy the Fortinet HA CloudFormation template to stage and bootstrap the FortiGate configuration in the same region in which you created your VPC, which is Ohio US-East-2. Based on this information, which statement is correct?
A.
You create an S3 bucket to stage and bootstrap FortiGate with an FGCP unicast configuration. The S3 bucket can be hosted in any region.
B.
The Fortinet HA cloud formation template automatically creates an S3 bucket.
C.
You create an S3 bucket to stage and bootstrap FortiGate with an FGCP unicast configuration. The S3 bucket needs to be hosted in the Ohio US-East-2 region.
D.
You create a DynamoDB to stage and bootstrap FortiGate with an FGCP unicast configuration. It needs to be hosted in the Ohio US-East-2 region.
Answer: C
You must create an S3 bucket to stage and bootstrap the FortiGate configuration, and this S3 bucket must reside in the same region where the VPC and CloudFormation stack are being deployed—in this case, the Ohio (us-east-2) region.
Explanation: The Fortinet HA CloudFormation templates rely on S3 for storing configuration files and bootstrap data for the FortiGate instances. To ensure that the template functions correctly and to comply with AWS regional resource dependencies, the S3 bucket that hosts these files should be in the same region as the resources it supports. In this scenario, since the VPC is created in Ohio (us-east-2), the S3 bucket hosting the bootstrap configuration also needs to be in the Ohio (us-east-2) region.
B. Page 157: This cloud formation template creates an Amazon S3 bucket for writing and storing logs, allows FortiGate CNF read-only access to your VPCs, and grants access to your AWS Security Lake, if applicable.
The correct statement is C:
You create an S3 bucket to stage and bootstrap FortiGate with an FGCP unicast configuration. The S3 bucket needs to be hosted in the Ohio US-East-2 region.
This is because when deploying the Fortinet HA CloudFormation template and bootstrapping the FortiGate in a specific region (Ohio US-East-2 in your case), it is important to ensure that resources like S3 buckets used for staging and bootstrapping are in the same region to reduce latency and comply with any regional restrictions.
It is B, This cloud formation template creates an Amazon S3 bucket for writing and storing logs, allows FortiGate CNF read-only access to your VPCs, and grants access to your AWS Security Lake, if applicable.
Based on the information from pages 136 and 137 of the document, there is no indication that the Fortinet HA CloudFormation template automatically creates an S3 bucket. The text explains that CloudFormation templates can automate and streamline the deployment of AWS infrastructure, but it does not specify that the template itself creates an S3 bucket as part of the FortiGate HA setup.
The document does, however, highlight the use of CloudFormation templates to create resources like subnets and IP addresses, but staging and bootstrapping FortiGate typically require manual creation of an S3 bucket in the specified region.
Are you serious? Page 157: This cloud formation template creates an Amazon S3 bucket for writing and storing logs, allows FortiGate CNF read-only access to your VPCs, and grants access to your AWS Security Lake, if applicable.
He's really serious. Plus, you're mixing up FortiGate CNF and FortiGate VM. It's not in the official docs, but it's mentioned in Fortinet's GitHub repo: ´Create a new S3 bucket in the same region where the template will be deployed. If the bucket is in a different region than the template deployment, bootstrapping will fail and the FGTs will be unaccessable´
The information on page 156 of the document indicates that a CloudFormation template, when executed in the FortiGate CNF console, automatically creates an S3 bucket for storing logs. However, this applies specifically to FortiGate CNF setup, which might differ slightly from the traditional Fortinet HA CloudFormation template deployment. This suggests that while FortiGate CNF does automate the creation of an S3 bucket, there is no direct mention of this feature in a standard HA deployment scenario.
Again, are you serious? Page 157: This cloud formation template creates an Amazon S3 bucket for writing and storing logs, allows FortiGate CNF read-only access to your VPCs, and grants access to your AWS Security Lake, if applicable.
upvoted 1 times
...
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
havokdu
2 weeks, 4 days agolucient
2 months, 1 week agomyrmidon3
2 months, 2 weeks agoyerno1
2 months, 3 weeks agoDataConsult
4 months agoipv84
4 months, 1 week agoSpawni81
4 months, 2 weeks agomyrmidon3
2 months, 2 weeks agolucient
2 months, 1 week agohecgonvi
1 month agoe5c20bb
4 months, 2 weeks agomyrmidon3
2 months, 2 weeks agolucient
2 months, 1 week ago