1. Home
  2. Fortinet
  3. Fortinet Certified Solution Specialist
  4. FCSS_CDS_AR-7.6
  5. FCSS - Public Cloud Security 7.6 Architect Questions and Answers

Pass the Fortinet Fortinet Certified Solution Specialist FCSS_CDS_AR-7.6 Questions and answers with CertsForce

 Fortinet Exams      Go to Exam Detail      Get Premium Access
Viewing page 1 out of 2 pages
Viewing questions 1-10 out of questions
Questions # 1:

Refer to the exhibit.

Question # 1

In your Amazon Web Services (AWS), you must allow inbound HTTPS access to the Customer VPC FortiGate VM from the internet. However, your HTTPS connection to the FortiGate VM in the Customer VPC is not successful.

Also, you must ensure that the Customer VPC FortiGate VM sends all the outbound Internet traffic through the Security VPC.

How do you correct this issue with minimal configuration changes? (Choose three.)

Options:
A.

Add a route with your local internet public IP address as the destination and the internet gateway as the target.

B.

Add a route with your local internet public IP address as the destination and the transit gateway as the target.

C.

Add a route to the destination 0.0.0.0/0 with the transit gateway as the target.

D.

Deploy an internet gateway, associate an EIP with the Customer VPC private subnet, and then add a new route with destination 0.0.0.0/0 with the internet gateway as the target.

E.

Deploy an internet gateway, attach it to the Customer VPC, and then associate an EIP with the port1 of the FortiGate in the Customer VPC.

Expert Solution
Questions # 2:

The cloud administration team is reviewing an AWS deployment that was done using CloudFormation.

The deployment includes six FortiGate instances that required custom configuration changes after being deployed. The team notices that unwanted traffic is reaching some of the FortiGate instances because the template is missing a security group.

To resolve this issue, the team decides to update the JSON template with the missing security group and then apply the updated template directly, without using a change set.

What is the result of following this approach?

Options:
A.

If new FortiGate instances are deployed later they will include the updated changes.

B.

Some of the FortiGate instances may be deleted and replaced with new copies.

C.

The update is applied, and the security group is added to all instances without interruption.

D.

CloudFormation rejects the update and warns that a new full stack is required.

Expert Solution
Questions # 3:

Refer to the exhibit.

Question # 3

A managed security service provider (MSSP) administration team is trying to deploy a new HA cluster in Azure to filter traffic to and from a client that is also using Azure. However, every deployment attempt fails, and only some of the resources are deployed successfully. While troubleshooting this issue, the team runs the command shown in the exhibit.

What are the implications of the output of the command?

Options:
A.

The team will not be able to deploy an A-P FortiGate HA cluster with Azure gateway load balancer.

B.

The team will not be able to deploy an A-P FortiGate HA cluster with Azure load balancer.

C.

The team will not be able to deploy an active-passive (A-P) FortiGate high availability (HA) cluster with SDN connector.

D.

The team will not be able to deploy an active-active (A-A) FortiGate HA cluster with Azure load balancer.

Expert Solution
Questions # 4:

An administrator decides to use the Use managed identity option on the FortiGate SDN connector with Microsoft Azure. However, the SDN connector is failing on the connection.

What must the administrator do to correct this issue?

Options:
A.

Make sure to add the Client secret on FortiGate side of the configuration.

B.

Make sure to add the Tenant ID on FortiGate side of the configuration.

C.

Make sure to enable the system assigned managed identity on Azure.

D.

Make sure to set the type to system managed identity on FortiGate SDN connector settings.

Expert Solution
Questions # 5:

Refer to the exhibit.

Question # 5

You are troubleshooting a Microsoft Azure SDN connector issue on your FortiGate VM in Azure.

Which command can you use to examine details about API calls sent by the connector?

Options:
A.

diag debug application cloud-connector -1

B.

diag test application azd 1

C.

diag debug application azd -1

D.

get system sdn-connector

Expert Solution
Questions # 6:

Refer to the exhibit.

Question # 6

An experienced AWS administrator is creating a new virtual public cloud (VPC) flow log with the settings shown in the exhibit.

What is the purpose of this configuration?

Options:
A.

To maximize the number of logs saved

B.

To monitor logs in real time

C.

To retain logs for a long term

D.

To troubleshoot a log flow issue

Expert Solution
Questions # 7:

An organization is deploying FortiDevSec to enhance security for containerized applications, and they need to ensure containers are monitored for suspicious behavior at runtime.

Which FortiDevSec feature is best for detecting runtime threats?

Options:
A.

FortiDevSec software composition analysis (SCA)

B.

FortiDevSec static application security testing (SAST)

C.

FortiDevSec dynamic application security testing (DAST)

D.

FortiDevSec container scanner

Expert Solution
Questions # 8:

What would be the impact of confirming to delete all the resources in Terraform?

Question # 8

Options:
A.

It destroys all the resources tied to the AWS Identity and Access Management (IAM) user.

B.

It destroys all the resources in the resource group.

C.

It destroys all the resources in the .tfstate file.

D.

It destroys all the resources in the .tfvars file.

Expert Solution
Questions # 9:

Refer to the exhibit.

Question # 9

You are managing an active-passive FortiGate HA cluster in AWS that was deployed using CloudFormation. You have created a change set to examine the effects of some proposed changes to the current infrastructure. The exhibit shows some sections of the change set.

What will happen if you apply these changes?

Options:
A.

This deployment can be done without any traffic interruption.

B.

Both FortiGate VMs will get a new PhysicalResourceId.

C.

The updated FortiGate VMs will not have the latest configuration changes.

D.

CloudFormation checks if you will surpass your account quota.

Expert Solution
Questions # 10:

In an SD-WAN TGW Connect topology, which three initial steps are mandatory when routing traffic from a spoke VPC to a security VPC through a Transit Gateway? (Choose three.)

Options:
A.

From the security VPC TGW subnet routing table, point 0.0.0.0/0 traffic to the FortiGate internal port.

B.

From the security VPC TGW subnet routing table, point 0.0.0.0/0 traffic to the TGW.

C.

From both spoke VPCs, and the security VPC, point 0.0.0.0/0 traffic to the Internet Gateway.

D.

From the security VPC FortiGate internal subnet routing table, point 0.0.0.0/0 traffic to the TGW.

E.

From the spoke VPC internal routing table, point 0.0.0.0/0 traffic to the TGW.

Expert Solution
Viewing page 1 out of 2 pages
Viewing questions 1-10 out of questions