Month End Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

  1. Home
  2. Fortinet
  3. Fortinet Certified Solution Specialist
  4. FCSS_CDS_AR-7.6
  5. FCSS - Public Cloud Security 7.6 Architect Questions and Answers

FCSS_CDS_AR-7.6 FCSS - Public Cloud Security 7.6 Architect Questions and Answers

Questions 4

Which statement about Transit Gateway (TGW) in Amazon Web Services (AWS) is true?

Options:

A.

Both the TGW attachment and propagation must be in the same TGW route table.

B.

TGW can have multiple TGW route tables.

C.

A TGW attachment can be associated with multiple TGW route tables.

D.

The TGW default route table cannot be disabled.

Buy Now
Questions 5

You areusing Ansible to modify the configuration ofseveral FortiGate VMs.

What is the minimum number of files you need to creat,and in which file should you configure the target FortiGate IP addresses?

Options:

A.

One playbook file for each target and the requiredtasks,and one inventory file.

B.

One .yaml file with the targets IP addresses, and oneplaybook Tile with the tasks.

C.

One inventory file for each target device, and one playbook file.

D.

One text lite for all target devices, and one playbook file.

Buy Now
Questions 6

Refer to the exhibit.

FCSS_CDS_AR-7.6 Question 6

You deployed a FortiGate HA active-passive cluster in Microsoft Azure.

Which two statements regarding this particular deployment are true? (Choose two.)

Options:

A.

You can use the vdom-exception command to synchronize the configuration.

B.

During a failover, all existing sessions are transferred to the new active FortiGate.

C.

The configuration does not synchronize between the primary and secondary devices.

D.

There is no SLA for API calls from Microsoft Azure.

Buy Now
Questions 7

Refer to the exhibit.

FCSS_CDS_AR-7.6 Question 7

After the initial Terraform configuration in Microsoft Azure, the terraform plan command is run.

Which two statements about running the terraform plan command are true? (Choose two.)

Options:

A.

The terraform plan command will deploy the rest of the resources except the service principle details.

B.

You cannot run the terraform apply command before the terraform plan command.

C.

The terraform plan command makes terraform do a dry run.

D.

You must run the terraform init command once, before the terraform plan command.

Buy Now
Questions 8

Refer to the exhibit.

FCSS_CDS_AR-7.6 Question 8

You deployed an HA active-active load balance sandwich with two FortiGate VMs in Microsoft Azure.

After the deployment, you prefer to use FGSP to synchronize sessions, and allow asymmetric return traffic. In the environment, FortiGate port 1 and port 2 are facing external and internal load balancers respectively.

What IP address must you use in the peerip configuration?

Options:

A.

The opposite FortiGate port 2 IP address.

B.

The public load balancer port 2 IP address.

C.

The internal load balancer port 1 IP address.

D.

The opposite FortiGate port 1 IP address.

Buy Now
Questions 9

Refer to the exhibit.

FCSS_CDS_AR-7.6 Question 9

You attempted to access the Linux1 EC2 instance directly from the internet using its public IP address in AWS. However, your connection is not successful.

Given the network topology, what can be the issue?

Options:

A.

There is no connection between VPC A and VPC B.

B.

There is no internet gateway attached to the Spoke VPC A.

C.

The Transit Gateway BGP IP address is incorrect.

D.

There is no elastic IP address attached to FortiGate in the Security VPC.

Buy Now
Questions 10

An AWS administrator must ensure that each member of the cloud deployment team has the correct permissions to deploy and manage resources using CloudFormation. The administrator is researching which tasks must be executed with CloudFormation and therefore require CloudFormation permissions.

Which task is run using CloudFormation?

Options:

A.

Deploying a new pod with a service in an Elastic Kubernetes Service (EKS) cluster using the kubectl command

B.

Installing a Helm chart to deploy a FortiWeb ingress controller in an EKS cluster

C.

Creating an EKS cluster with the eksctl create cluster command

D.

Changing the number of nodes in a EKS cluster from AWS CloudShell

Buy Now
Questions 11

You must add an Amazon Web Services (AWS) network access list (NACL) rule to allow SSH traffic to a subnet for temporary testing purposes. When you review the current inbound and outbound NACL rules, you notice that the rules with number 5 deny SSH and telnet traffic to the subnet.

What can you do to allow SSH traffic?

Options:

A.

You do not have to create any NACL rules because the default security group rule automatically allows SSH traffic to the subnet.

B.

You must create a new allow SSH rule anywhere in the network ACL rule base to allow SSH traffic.

C.

You must create two new allow SSH rules, each with a number bigger than 5.

D.

You must create two new allow SSH rules, each with a number smaller than 5.

Buy Now
Exam Code: FCSS_CDS_AR-7.6
Exam Name: FCSS - Public Cloud Security 7.6 Architect
Last Update: Aug 26, 2025
Questions: 38

PDF + Testing Engine

$63.52  $181.49
buy now FCSS_CDS_AR-7.6 pdf + testing engine

Testing Engine

$50.57  $144.49
buy now FCSS_CDS_AR-7.6 testing engine

PDF (Q&A)

$43.57  $124.49
buy now FCSS_CDS_AR-7.6 pdf