TA-002-P HashiCorp Certified: Terraform Associate Exam

 

Cloud engineers can use the Terraform Associate exam from HashiCorp to verify their basic infrastructure automation skills.

HashiCorp Certified: Terraform Associate
The Terraform Associate certification is for Cloud Engineers specializing in operations, IT, or development who know the basic concepts and skills associated with open source HashiCorp Terraform. Candidates will be best prepared for this exam if they have professional experience using Terraform in production, but performing the exam objectives in a personal demo environment may also be sufficient. This person understands which enterprise features exist and what can and cannot be done using the open source offering. Visit our exam partner to schedule and take the exam.
HashiCorp Certification - Terraform Associate
Prerequisites
Basic terminal skills
Basic understanding of on premises and cloud architecture
Product Version Tested
Terraform 0.12 and higher.

Preparing for the Exam
The Terraform Associate exam has both a study guide and a review guide. While much of the information in these two guides are the same, they are presented differently for different uses. Use the study guide if you want to study all the exam objectives. Use the review guide if you already have Terraform experience and want to choose which objectives to review before taking the exam. We provide sample questions so you know what to expect when taking the exam.

Exam Details
Assessment Type Multiple choice
Format Online proctored
Duration 1 hour
Price $70.50 USD
plus locally applicable taxes and fees
Language English
Expiration 2 years

Exam Objectives
1 Understand infrastructure as code (IaC) concepts
1a Explain what IaC is
1b Describe advantages of IaC patterns
2 Understand Terraform's purpose (vs other IaC)
2a Explain multi-cloud and provider-agnostic benefits
2b Explain the benefits of state
3 Understand Terraform basics
3a Handle Terraform and provider installation and versioning
3b Describe plugin based architecture
3c Demonstrate using multiple providers
3d Describe how Terraform finds and fetches providers
3e Explain when to use and not use provisioners and when to use local-exec or remote-exec
4 Use the Terraform CLI (outside of core workflow)
4a Given a scenario: choose when to use terraform fmt to format code
4b Given a scenario: choose when to use terraform taint to taint Terraform resources
4c Given a scenario: choose when to use terraform import to import existing infrastructure into your Terraform state
4d Given a scenario: choose when to use terraform workspace to create workspaces
4e Given a scenario: choose when to use terraform state to view Terraform state
4f Given a scenario: choose when to enable verbose logging and what the outcome/value is
5 Interact with Terraform modules
5a Contrast module source options
5b Interact with module inputs and outputs
5c Describe variable scope within modules/child modules
5d Discover modules from the public Terraform Module Registry
5e Defining module version
6 Navigate Terraform workflow
6a Describe Terraform workflow ( Write -> Plan -> Create )
6b Initialize a Terraform working directory (terraform init)
6c Validate a Terraform configuration (terraform validate)
6d Generate and review an execution plan for Terraform (terraform plan)
6e Execute changes to infrastructure with Terraform (terraform apply)
6f Destroy Terraform managed infrastructure (terraform destroy)
7 Implement and maintain state
7a Describe default local backend
7b Outline state locking
7c Handle backend authentication methods
7d Describe remote state storage mechanisms and supported standard backends
7e Describe effect of Terraform refresh on state
7f Describe backend block in configuration and best practices for partial configurations
7g Understand secret management in state files
8 Read, generate, and modify configuration
8a Demonstrate use of variables and outputs
8b Describe secure secret injection best practice
8c Understand the use of collection and structural types
8d Create and differentiate resource and data configuration
8e Use resource addressing and resource parameters to connect resources together
8f Use Terraform built-in functions to write configuration
8g Configure resource using a dynamic block
8h Describe built-in dependency management (order of execution based)
9 Understand Terraform Cloud and Enterprise capabilities
9a Describe the benefits of Sentinel, registry, and workspaces
9b Differentiate OSS and TFE workspaces
9c Summarize features of Terraform Cloud

QUESTION 1
The terraform.tfstate file always matches your currently built infrastructure.

A. True
B. False

Correct Answer: B

QUESTION 2
One remote backend configuration always maps to a single remote workspace.

A. True
B. False

Correct Answer: A

QUESTION 3
How is the Terraform remote backend different than other state backends such as S3, Consul, etc.?

A. It can execute Terraform runs on dedicated infrastructure on premises or in Terraform Cloud
B. It doesn't show the output of a terraform apply locally
C. It is only available to paying customers
D. All of the above

Correct Answer: A

Actualkey HashiCorp TA-002-P Exam pdf, Certkingdom HashiCorp TA-002-P PDF

Best HashiCorp TA-002-P Certification, HashiCorp TA-002-P Training at certkingdom.com

NSE4_FGT-6.4 Fortinet NSE 4 - FortiOS 6.4 Exam

 

Exam series: NSE4_FGT-6.4
Number of questions: 60
Exam time: 105 minutes
Language: English and Japanese
Product version: FortiOS 6.4
Status: Available
Exam details: exam description

NSE 4 Certification
The Network Security Professional designation identifies your ability to configure, install, and manage the day-to-day configuration, monitoring, and operation of a FortiGate device to support specific corporate network security policies.
Visit the Fortinet NSE Certification Program page for information about certification requirements.

Fortinet NSE 4—FortiOS 6.4
The Fortinet NSE 4—FortiOS 6.4 exam is part of the NSE 4 Network Security Professional program, and recognizes the successful candidate’s knowledge of and expertise with FortiGate devices.
The exam tests applied knowledge of FortiGate configuration, operation, and day-to-day administration, and includes operational scenarios, configuration extracts, and troubleshooting captures.

Audience
The Fortinet NSE 4—FortiOS 6.4 exam is intended for network and security professionals responsible for the
configuration and administration of firewall solutions in an enterprise network security infrastructure.

Exam Details
Exam name Fortinet NSE 4—FortiOS 6.4
Exam series NSE4_FGT-6.4
Time allowed 105 minutes
Exam questions 60 multiple-choice questions
Scoring Pass or fail, a score report is available from your Pearson VUE account
Language English and Japanese
Product version FortiOS 6.4

Exam Topics
Successful candidates have applied knowledge and skills in the following areas and tasks:
l FortiGate deployment
l Perform initial configuration
l Implement the Fortinet Security Fabric
l Configure log settings and diagnose problems using the logs
l Describe and configure VDOMs to split a FortiGate device into multiple virtual devices
l Identify and configure different operation modes for an FGCP HA cluster
l Diagnose resource and connectivity problems
l Firewall and authentication
l Identify and Configure how firewall policy NAT and central NAT works
l Identify and configure different methods of firewall authentication
l Explain FSSO deployment and configuration
l Content inspection
l Describe and inspect encrypted traffic using certificates
l Identify FortiGate inspection modes and configure web and DNS filtering
l Configure application control to monitor and control network applications
l Explain and configure antivirus scanning modes to neutralize malware threats
l Configure IPS, DoS, and WAF to protect the network from hacking and DDoS attacks
l Configure FortiGate to act as an implicit and explicit web proxy
l Routing and Layer 2 switching
l Configure and route packets using static and policy-based routes
l Configure SD-WAN to load balance traffic between multiple WAN links effectively
l Configure FortiGate interfaces or VDOMs to operate as Layer 2 devices
l VPN
l Configure and implement different SSL-VPN modes to provide secure access to the private network
l Implement a meshed or partially redundant IPsec VPN

Training Resources
The following resources are recommended for attaining the knowledge and skills that are covered on the exam. The recommended training is available as a foundation for exam preparation. In addition to training, candidates are
strongly encouraged to have hands-on experience with the exam topics and objectives.

NSE Training Institute Courses
l NSE 4 FortiGate Security
l NSE 4 FortiGate Infrastructure

Other Resources
l FortiOS - Administration Guide
l FortiOS - New Features Guide

Experience
l Minimum of six months of hands-on experience with FortiGate

Exam Sample Questions
A set of sample questions is available from the NSE Training Institute. These questions sample the exam content in question type and content scope. However, the questions do not necessarily represent all the exam content, nor are
they intended to assess an individual’s readiness to take the certification exam.
See the NSE Training Institute for the course that includes the sample questions.

Examination Policies and Procedures
The NSE Training Institute recommends that candidates review exam policies and procedures before registering for the exam. Access important information on the Program Polices page, and find answers to common questions on the

QUESTION 1
Which two statements are true when FortiGate is in transparent mode? (Choose two.)

A. By default, all interfaces are part of the same broadcast domain.
B. The existing network IP schema must be changed when installing a transparent mode.
C. Static routes are required to allow traffic to the next hop.
D. FortiGate forwards frames without changing the MAC address.

Correct Answer: AD

QUESTION 2
What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?

A. Full Content inspection
B. Proxy-based inspection
C. Certificate inspection
D. Flow-based inspection

Correct Answer: B

QUESTION 3
Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)

A. For a stronger authentication, you can also enable extended authentication (XAuth) to request the remote peer to provide a username and password
B. FortiGate supports pre-shared key and signature as authentication methods.
C. Enabling XAuth results in a faster authentication because fewer packets are exchanged.
D. A certificate is not required on the remote peer when you set the signature as the authentication method.

Correct Answer: BD

QUESTION 4
Which scanning technique on FortiGate can be enabled only on the CLI?

A. Heuristics scan
B. Trojan scan
C. Antivirus scan
D. Ransomware scan

Correct Answer: C

QUESTION 5
Which two policies must be configured to allow traffic on a policy-based next-generation firewall (NGFW) FortiGate? (Choose two.)

A. Firewall policy
B. Policy rule
C. Security policy
D. SSL inspection and authentication policy

Correct Answer: AB

Actualkey Fortinet NSE4_FGT-6.4 Exam pdf, Certkingdom Fortinet NSE4_FGT-6.4 PDF

Best Fortinet NSE4_FGT-6.4 Certification, NetApp Fortinet NSE4_FGT-6.4 Training at certkingdom.com

NSE6_FML-6.2 Fortinet NSE 6 - FortiMail 6.2 Exam

 

Fortinet NSE 6 - FortiMail 6.2
Exam series: NSE6_FML-6.2
Number of questions: 30
Exam time: 60 minutes
Language: English and Japanese
Product version: FortiMail 6.2
Status: Available

QUESTION 1
An administrator sees that an excessive amount of storage space on a FortiMail device is being used up by quarantine accounts for invalid users.
The FortiMail is operating in transparent mode.
Which two FortiMail features can the administrator configure to tackle this issue? (Choose two.)

A. Automatic removal of quarantine accounts
B. Recipient address verification
C. Bounce address tag verification
D. Sender address rate control

Correct Answer: AD

QUESTION 2
FortiMail is configured with the protected domain example.com.
Which two envelope addresses will require an access receive rule, to relay for unauthenticated senders? (Choose two.)

A. MAIL FROM: accounts@example.com RCPT TO: sales@external.org
B. MAIL FROM: support@example.com RCPT TO: marketing@example.com
C. MAIL FROM: training@external.org RCPT TO: students@external.org
D. MAIL FROM: mis@hosted.net RCPT TO: noc@example.com

Correct Answer: BD

QUESTION 3
Which two antispam techniques query FortiGuard for rating information? (Choose two.)

A. DNSBL
B. SURBL
C. IP reputation
D. URI filter

Correct Answer: AB

Actualkey Fortinet NSE6_FML-6.2 Exam pdf, Certkingdom Fortinet NSE6_FML-6.2 PDF

Best Fortinet NSE6_FML-6.2 Certification, Fortinet NSE6_FML-6.2 Training at certkingdom.com

NSE6_FNC-8.5 Fortinet NSE 6 - FortiNAC 8.5 Exam

 

Fortinet NSE 6 - FortiNAC 8.5
Exam series: NSE6_FNC-8.5
Number of questions: 30
Exam time: 60 minutes
Language: English
Product version: FortiNAC 8.5
Status: Available

Network Security Specialist
The Network Security Specialist designation recognizes your comprehensive skills with fabric products beyond the firewall. This designation is recognized after you achieve at least four Fortinet Specialist certificates on Fortinet enhanced products. The Network Security Specialist curriculum offers nine courses. We recommend this curriculum for network and security professionals who are involved in managing and supporting specific Fortinet

The Fortinet NSE Certification Program
The Fortinet Network Security Expert (NSE) program is an eight-level training and certification program that is designed to provide interested technical professionals with an independent validation of their network security skills and experience. The NSE program includes a wide range of self-paced and instructor-led courses, as well as practical, experiential exercises that demonstrate mastery of complex network security concepts.

QUESTION 1
Which three communication methods are used by the FortiNAC to gather information from, and control, infrastructure devices? (Choose three.)

A. SNMP
B. RADIUS
C. FTP
D. CLI
E. SMTP

Correct Answer: ABC

Explanation:
Set up SNMP communication with FortiNAC
RADIUS Server that is used by FortiNAC to communicate
FortiNAC can be configured via CLI to use HTTP or HTTPS for OS updates instead of FTP.
Reference: https://docs.fortinet.com/document/fortinac/8.3.0/administration-guide/28966/snmp
https://docs.fortinet.com/document/fortinac/8.8.0/administration-guide/938271/configure-radius-settings
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/e7ebbdaa-cabf-11ea-8b7d-
00505692583a/FortiNAC_Deployment_Guide.pdf

QUESTION 2
Which three circumstances trigger Layer 2 polling of infrastructure devices? (Choose three.)

A. A matched security policy
B. Scheduled poll timings
C. Linkup and Linkdown traps
D. Manual polling
E. A failed Layer 3 poll

Correct Answer: BCD

QUESTION 3
How should you configure MAC notification traps on a supported switch?

A. Configure them only on ports set as 802.1q trunks
B. Configure them on all ports except uplink ports
C. Configure them on all ports on the switch
D. Configure them only after you configure linkup and linkdown traps

Correct Answer: B

Actualkey Fortinet NSE6_FNC-8.5 Exam pdf, Certkingdom Fortinet NSE6_FNC-8.5 PDF

Best Fortinet NSE6_FNC-8.5 Certification, NetApp Fortinet NSE6_FNC-8.5 Training at certkingdom.com