CertsTopics Logo

Month End Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Fortinet FCSS_CDS_AR-7.6 Dumps Questions Answers

Page: 1 / 3
Total 38 questions
Get FCSS_CDS_AR-7.6 Full Access Download FCSS_CDS_AR-7.6 PDF

FCSS - Public Cloud Security 7.6 Architect Questions and Answers

Question 1

An administrator would like to use FortiCNP to keep track ofsensitive data files located in the Amazon Web Services (AWS) S3bucket and protect it from malware. Which FortiCNP feature should the administrator use?

Options:

A.

FortiCNP Threat Detection policies

B.

FortiCNP Risk Management policies

C.

FortiCNP Data Scan policies

D.

FortiCNP Compliance policies

Buy Now
Question 2

You must add an Amazon Web Services (AWS) network access list (NACL) rule to allow SSH traffic to a subnet for temporary testing purposes. When you review the current inbound and outbound NACL rules, you notice that the rules with number 5 deny SSH and telnet traffic to the subnet.

What can you do to allow SSH traffic?

Options:

A.

You do not have to create any NACL rules because the default security group rule automatically allows SSH traffic to the subnet.

B.

You must create a new allow SSH rule anywhere in the network ACL rule base to allow SSH traffic.

C.

You must create two new allow SSH rules, each with a number bigger than 5.

D.

You must create two new allow SSH rules, each with a number smaller than 5.

Question 3

Which statement about Transit Gateway (TGW) in Amazon Web Services (AWS) is true?

Options:

A.

Both the TGW attachment and propagation must be in the same TGW route table.

B.

TGW can have multiple TGW route tables.

C.

A TGW attachment can be associated with multiple TGW route tables.

D.

The TGW default route table cannot be disabled.

Question 4

You have deployed a FortiGate HA cluster in Azure using a gateway load balancer for traffic inspection. However, traffic is not being routed correctly through the firewalls.

What can be the cause of the issue?

Options:

A.

The FortiNet VMs have IP forwarding disabled, which is required for traffic inspection.

B.

The health probes for the gateway load balancer are failing, which causes traffic to bypass the HA cluster.

C.

The gateway load balancer is not associated with the correct network security group (NSG) rules, which allow traffic to pass through.

D.

The protected VMs are in a different Azure subscription, which prevents the gateway load balancer from forwarding traffic.

Question 5

Refer to the exhibit.

The exhibit shows an active-passive high availability FortiGate pair with external and internal Azure load balancers There is no SDN connector used in this solution.

Which configuration must the administrator implement on each FortiGate?

Options:

A.

Single BGP route to Azure probe IP address.

B.

One static route to Azure Lambda IP address.

C.

Two static routes to Azure probe IP address.

D.

Two BGP routes lo Azure probe IP address.

Question 6

Refer to the exhibit.

You are troubleshooting a Microsoft Azure SDN connector issue on your FortiGate VM in Azure.

Which command can you use to examine details about API calls sent by the connector?

Options:

A.

diag debug application cloud-connector -1

B.

diag test application azd 1

C.

diag debug application azd -1

D.

get system sdn-connector

Question 7

As part of your organization's monitoring plan, you have been tasked with obtaining and analyzing detailed information about the traffic sourced at one of your FortiGate EC2 instances.

What can you do to achieve this goal?

Options:

A.

Use AWS CloudTrail to capture and then examine traffic from the EC2 instance.

B.

Create a virtual public cloud (VPC) flow log at the network interface level for the EC2 instance.

C.

Add the EC2 instance as a target in CloudWatch to collect its traffic logs.

D.

Configure a network access analyzer scope with the EC2 instance as a match finding.

Question 8

Refer to the exhibit.

What is the purpose of this section of an Azure Bicep file?

Options:

A.

To restrict which FortiOS versions are accepted for deployment

B.

To indicate the correct FortiOS upgrade path after deployment

C.

To add a comment with the permitted FortiOS versions that can be deployed

D.

To document the FortiOS versions in the resulting topology

Question 9

Refer to the exhibit.

A managed security service provider (MSSP) administration team is trying to deploy a new HA cluster in Azure to filter traffic to and from a client that is also using Azure. However, every deployment attempt fails, and only some of the resources are deployed successfully. While troubleshooting this issue, the team runs the command shown in the exhibit.

What are the implications of the output of the command?

Options:

A.

The team will not be able to deploy an A-P FortiGate HA cluster with Azure gateway load balancer.

B.

The team will not be able to deploy an A-P FortiGate HA cluster with Azure load balancer.

C.

The team will not be able to deploy an active-passive (A-P) FortiGate high availability (HA) cluster with SDN connector.

D.

The team will not be able to deploy an active-active (A-A) FortiGate HA cluster with Azure load balancer.

Question 10

Your DevOps team is evaluating different Infrastructure as Code (IaC) solutions for deploying complex Azure environments.

What is an advantage of choosing Azure Bicep over other IaC tools available?

Options:

A.

Azure Bicep generates deployment logs that are optimized to improve error handling.

B.

Azure Bicep provides immediate support for all Azure services, including those in preview.

C.

Azure Bicep requires less frequent schema updates than Azure Resource Manager (ARM) templates.

D.

Azure Bicep can reduce deployment costs by limiting resource utilization during testing.

Question 11

You need a solution to safeguard public cloud-hosted web applications from the OWASP Top 10 vulnerabilities. The solution must support the same region in which your applications reside, with minimum traffic cost.

Which solution meets the requirements?

Options:

A.

Use FortiGate

B.

Use FortiCNP

C.

Use FortiWeb

D.

Use FortiADC

Exam Detail
Vendor: Fortinet
Certification: Fortinet Certified Solution Specialist
Exam Code: FCSS_CDS_AR-7.6
Exam Name: FCSS - Public Cloud Security 7.6 Architect
Last Update: Sep 1, 2025
FCSS_CDS_AR-7.6 Question Answers
Page: 1 / 3
Total 38 questions
Get FCSS_CDS_AR-7.6 Full Access Download FCSS_CDS_AR-7.6 PDF