FCP – FortiWAN and Cloud Security Administrator 7.4 — Question 27

An organization has created a VPC with two subnets and deployed a FortiGate-VM (VM04/c4.xlarge) in AWS.
The EC2 instance is initially configured with two Elastic Network Interfaces (ENIs). The primary ENI is configured on the public subnet, and the secondary ENI is configured on the private subnet. To provide internet access for the FortiGate-VM, they now want to associate an EIP to its primary ENI, but the assignment is failing.
Which action would allow the EIP assignment to be successful?

Answer options

• A. Create and associate a public subnet with the primary ENI of the FortiGate VM, and then assign the EIP to the primary ENI.
• B. Shut down the FortiGate VM, if it is running, assign the EIP to the primary ENI, and then power it on.
• C. Create and attach an internet gateway to the VPC, and then assign the EIP to the primary ENI of the FortiGate VM.
• D. Create and attach a public routing table to the public subnet, associate the public subnet with the primary ENI of the FortiGate VM, and then assign the EIP to the primary ENI.

Correct answer: C

Explanation

The correct answer is C because an internet gateway is essential for enabling internet access to resources in a VPC. Without the internet gateway, the EIP cannot be successfully associated with the primary ENI. Options A, B, and D do not address the requirement of having an internet gateway, which is critical for the EIP to function correctly.