Summer Special Discount 60% Offer - Ends in 0d 00h 00m 00s - Coupon code: brite60

ExamsBrite Dumps

FCSS - Public Cloud Security 7.6 Architect Question and Answers

FCSS - Public Cloud Security 7.6 Architect

Last Update Sep 22, 2025
Total Questions : 38

We are offering FREE FCSS_CDS_AR-7.6 Fortinet exam questions. All you do is to just go and sign up. Give your details, prepare FCSS_CDS_AR-7.6 free exam questions and then go for complete pool of FCSS - Public Cloud Security 7.6 Architect test questions that will help you more.

FCSS_CDS_AR-7.6 pdf

FCSS_CDS_AR-7.6 PDF

$42  $104.99
 Add to Cart
FCSS_CDS_AR-7.6 Engine

FCSS_CDS_AR-7.6 Testing Engine

$50  $124.99
 Add to Cart
FCSS_CDS_AR-7.6 PDF + Engine

FCSS_CDS_AR-7.6 PDF + Testing Engine

$66  $164.99
 Add to Cart
Questions 1

An administrator would like to use FortiCNP to keep track ofsensitive data files located in the Amazon Web Services (AWS) S3bucket and protect it from malware. Which FortiCNP feature should the administrator use?

Options:

A.  

FortiCNP Threat Detection policies

B.  

FortiCNP Risk Management policies

C.  

FortiCNP Data Scan policies

D.  

FortiCNP Compliance policies

Discussion 0
Questions 2

Refer to the exhibit.

You deployed a FortiGate HA active-passive cluster in Microsoft Azure.

Which two statements regarding this particular deployment are true? (Choose two.)

Options:

A.  

You can use the vdom-exception command to synchronize the configuration.

B.  

During a failover, all existing sessions are transferred to the new active FortiGate.

C.  

The configuration does not synchronize between the primary and secondary devices.

D.  

There is no SLA for API calls from Microsoft Azure.

Discussion 0
Questions 3

An AWS administrator must ensure that each member of the cloud deployment team has the correct permissions to deploy and manage resources using CloudFormation. The administrator is researching which tasks must be executed with CloudFormation and therefore require CloudFormation permissions.

Which task is run using CloudFormation?

Options:

A.  

Deploying a new pod with a service in an Elastic Kubernetes Service (EKS) cluster using the kubectl command

B.  

Installing a Helm chart to deploy a FortiWeb ingress controller in an EKS cluster

C.  

Creating an EKS cluster with the eksctl create cluster command

D.  

Changing the number of nodes in a EKS cluster from AWS CloudShell

Discussion 0
Questions 4

Refer to the exhibit.

An experienced AWS administrator is creating a new virtual public cloud (VPC) flow log with the settings shown in the exhibit.

What is the purpose of this configuration?

Options:

A.  

To maximize the number of logs saved

B.  

To monitor logs in real time

C.  

To retain logs for a long term

D.  

To troubleshoot a log flow issue

Discussion 0
Questions 5

An administrator decides to use the Use managed identity option on the FortiGate SDN connector with Microsoft Azure. However, the SDN connector is failing on the connection.

What must the administrator do to correct this issue?

Options:

A.  

Make sure to add the Client secret on FortiGate side of the configuration.

B.  

Make sure to add the Tenant ID on FortiGate side of the configuration.

C.  

Make sure to enable the system assigned managed identity on Azure.

D.  

Make sure to set the type to system managed identity on FortiGate SDN connector settings.

Discussion 0
Questions 6

In an SD-WAN TGW Connect topology, which three initial steps are mandatory when routing traffic from a spoke VPC to a security VPC through a Transit Gateway? (Choose three.)

Options:

A.  

From the security VPC TGW subnet routing table, point 0.0.0.0/0 traffic to the FortiGate internal port.

B.  

From the security VPC TGW subnet routing table, point 0.0.0.0/0 traffic to the TGW.

C.  

From both spoke VPCs, and the security VPC, point 0.0.0.0/0 traffic to the Internet Gateway.

D.  

From the security VPC FortiGate internal subnet routing table, point 0.0.0.0/0 traffic to the TGW.

E.  

From the spoke VPC internal routing table, point 0.0.0.0/0 traffic to the TGW.

Discussion 0
Questions 7

Which statement about Transit Gateway (TGW) in Amazon Web Services (AWS) is true?

Options:

A.  

Both the TGW attachment and propagation must be in the same TGW route table.

B.  

TGW can have multiple TGW route tables.

C.  

A TGW attachment can be associated with multiple TGW route tables.

D.  

The TGW default route table cannot be disabled.

Discussion 0
Questions 8

An organization is deploying FortiDevSec to enhance security for containerized applications, and they need to ensure containers are monitored for suspicious behavior at runtime.

Which FortiDevSec feature is best for detecting runtime threats?

Options:

A.  

FortiDevSec software composition analysis (SCA)

B.  

FortiDevSec static application security testing (SAST)

C.  

FortiDevSec dynamic application security testing (DAST)

D.  

FortiDevSec container scanner

Discussion 0
Questions 9

Refer to the exhibit.

A senior administrator in a multinational organization needs to include a comment in the template shown in the exhibit to ensure that administrators from other regions change the Amazon Machine Image (AMI) ID to one that is valid in their location.

How can the administrator add the required comment in that section of the file?

Options:

A.  

The administrator can include the comment with the aws cloudformation update-stack command.

B.  

The administrator must convert the template file to YAML format to add a comment.

C.  

The administrator can add the comment starting with the # character next to the "Resources" section.

D.  

The administrator must update the AWSTemplateFormatVersion to the latest version.

Discussion 0
Questions 10

Refer to the exhibit.

In your Amazon Web Services (AWS), you must allow inbound HTTPS access to the Customer VPC FortiGate VM from the internet. However, your HTTPS connection to the FortiGate VM in the Customer VPC is not successful.

Also, you must ensure that the Customer VPC FortiGate VM sends all the outbound Internet traffic through the Security VPC.

How do you correct this issue with minimal configuration changes? (Choose three.)

Options:

A.  

Add a route with your local internet public IP address as the destination and the internet gateway as the target.

B.  

Add a route with your local internet public IP address as the destination and the transit gateway as the target.

C.  

Add a route to the destination 0.0.0.0/0 with the transit gateway as the target.

D.  

Deploy an internet gateway, associate an EIP with the Customer VPC private subnet, and then add a new route with destination 0.0.0.0/0 with the internet gateway as the target.

E.  

Deploy an internet gateway, attach it to the Customer VPC, and then associate an EIP with the port1 of the FortiGate in the Customer VPC.

Discussion 0
Questions 11

Refer to the exhibit.

After the initial Terraform configuration in Microsoft Azure, the terraform plan command is run.

Which two statements about running the terraform plan command are true? (Choose two.)

Options:

A.  

The terraform plan command will deploy the rest of the resources except the service principle details.

B.  

You cannot run the terraform apply command before the terraform plan command.

C.  

The terraform plan command makes terraform do a dry run.

D.  

You must run the terraform init command once, before the terraform plan command.

Discussion 0