FCSS_CDS_AR-7.6 FCSS - Public Cloud Security 7.6 Architect Questions and Answers

Questions 4

Refer to the exhibit.

FCSS_CDS_AR-7.6 Question 4

In your Amazon Web Services (AWS), you must allow inbound HTTPS access to the Customer VPC FortiGate VM from the internet. However, your HTTPS connection to the FortiGate VM in the Customer VPC is not successful.

Also, you must ensure that the Customer VPC FortiGate VM sends all the outbound Internet traffic through the Security VPC.

How do you correct this issue with minimal configuration changes? (Choose three.)

Options:

Add a route with your local internet public IP address as the destination and the internet gateway as the target.

Add a route with your local internet public IP address as the destination and the transit gateway as the target.

Add a route to the destination 0.0.0.0/0 with the transit gateway as the target.

Deploy an internet gateway, associate an EIP with the Customer VPC private subnet, and then add a new route with destination 0.0.0.0/0 with the internet gateway as the target.

Deploy an internet gateway, attach it to the Customer VPC, and then associate an EIP with the port1 of the FortiGate in the Customer VPC.

Buy Now

Questions 5

Refer to the exhibit.

FCSS_CDS_AR-7.6 Question 5

The exhibit shows an active-passive high availability FortiGate pair with external and internal Azure load balancers There is no SDN connector used in this solution.

Which configuration must the administrator implement on each FortiGate?

Options:

Single BGP route to Azure probe IP address.

One static route to Azure Lambda IP address.

Two static routes to Azure probe IP address.

Two BGP routes lo Azure probe IP address.

Buy Now

Questions 6

An administrator decides to use the Use managed identity option on the FortiGate SDN connector with Microsoft Azure. However, the SDN connector is failing on the connection.

What must the administrator do to correct this issue?

Options:

Make sure to add the Client secret on FortiGate side of the configuration.

Make sure to add the Tenant ID on FortiGate side of the configuration.

Make sure to enable the system assigned managed identity on Azure.

Make sure to set the type to system managed identity on FortiGate SDN connector settings.

Buy Now

Questions 7

Refer to the exhibit.

FCSS_CDS_AR-7.6 Question 7

A managed security service provider (MSSP) administration team is trying to deploy a new HA cluster in Azure to filter traffic to and from a client that is also using Azure. However, every deployment attempt fails, and only some of the resources are deployed successfully. While troubleshooting this issue, the team runs the command shown in the exhibit.

What are the implications of the output of the command?

Options:

The team will not be able to deploy an A-P FortiGate HA cluster with Azure gateway load balancer.

The team will not be able to deploy an A-P FortiGate HA cluster with Azure load balancer.

The team will not be able to deploy an active-passive (A-P) FortiGate high availability (HA) cluster with SDN connector.

The team will not be able to deploy an active-active (A-A) FortiGate HA cluster with Azure load balancer.

Buy Now

Questions 8

Refer to the exhibit.

FCSS_CDS_AR-7.6 Question 8

You deployed an HA active-active load balance sandwich with two FortiGate VMs in Microsoft Azure.

After the deployment, you prefer to use FGSP to synchronize sessions, and allow asymmetric return traffic. In the environment, FortiGate port 1 and port 2 are facing external and internal load balancers respectively.

What IP address must you use in the peerip configuration?

Options:

The opposite FortiGate port 2 IP address.

The public load balancer port 2 IP address.

The internal load balancer port 1 IP address.

The opposite FortiGate port 1 IP address.

Buy Now

Questions 9

Your monitoring team reports performance issues with a web application hosted in Azure. You suspect that the bottleneck might be due to unexpected inbound traffic spikes.

Which method should you use to identify and analyze the traffic pattern?

Options:

Deploy Azure Firewall to log traffic by IP address.

Enable Azure DDoS protection to prevent inbound traffic spikes.

Use Azure Traffic Manager to visualize all traffic to the application.

Enable NSG Flow Logs and analyze logs with Azure Monitor.

Buy Now

Questions 10

You are using Ansible to modify the configuration of several FortiGate VMs.

What is the minimum number of files you need to creat, and in which file should you configure the target FortiGate IP addresses?

Options:

One playbook file for each target and the required tasks, and one inventory file.

One .yaml file with the targets IP addresses, and oneplaybook Tile with the tasks.

One inventory file for each target device, and one playbook file.

One text lite for all target devices, and one playbook file.

Buy Now

Questions 11

An administrator is trying to implement FortiCNP with Microsoft Azure Security integration. However, FortiCNP is not able to extract any cloud integration data from Azure; therefore, real-time cloud security monitoring is not possible.

What is causing this issue?

Options:

The organization is using a free Azure AD license.

The Azure account doesn't have the global administrator role.

The administrator enabled the wrong defender plan for servers.

The FortiCNP account in Azure has the Storage Blob Data Reader role.

Buy Now

Exam Code: FCSS_CDS_AR-7.6

Exam Name: FCSS - Public Cloud Security 7.6 Architect

Last Update: May 31, 2026

Questions: 38

PDF + Testing Engine

$64.99 ~~$185.69~~

Testing Engine

$49.99 ~~$142.83~~

PDF (Q&A)

$54.99 ~~$157.11~~

Spring Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

marks4sure logo

Navigation:

FCSS_CDS_AR-7.6 FCSS - Public Cloud Security 7.6 Architect Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

PDF + Testing Engine

Testing Engine

PDF (Q&A)