Weekend Sale - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

dumpscollection live chat
Page: 1 / 2
Total 11 questions
Exam Code: FCSS_CDS_AR-7.6                Update: Sep 14, 2025
Exam Name: FCSS - Public Cloud Security 7.6 Architect
Get Full Access Now

Fortinet FCSS - Public Cloud Security 7.6 Architect FCSS_CDS_AR-7.6 Exam Dumps: Updated Questions & Answers (September 2025)

Question # 1

Refer to the exhibit.

An experienced AWS administrator is creating a new virtual public cloud (VPC) flow log with the settings shown in the exhibit.

What is the purpose of this configuration?

A.

To maximize the number of logs saved

B.

To monitor logs in real time

C.

To retain logs for a long term

D.

To troubleshoot a log flow issue

Question # 2

Refer to the exhibit.

A senior administrator in a multinational organization needs to include a comment in the template shown in the exhibit to ensure that administrators from other regions change the Amazon Machine Image (AMI) ID to one that is valid in their location.

How can the administrator add the required comment in that section of the file?

A.

The administrator can include the comment with the aws cloudformation update-stack command.

B.

The administrator must convert the template file to YAML format to add a comment.

C.

The administrator can add the comment starting with the # character next to the "Resources" section.

D.

The administrator must update the AWSTemplateFormatVersion to the latest version.

Question # 3

In an SD-WAN TGW Connect topology, which three initial steps are mandatory when routing traffic from a spoke VPC to a security VPC through a Transit Gateway? (Choose three.)

A.

From the security VPC TGW subnet routing table, point 0.0.0.0/0 traffic to the FortiGate internal port.

B.

From the security VPC TGW subnet routing table, point 0.0.0.0/0 traffic to the TGW.

C.

From both spoke VPCs, and the security VPC, point 0.0.0.0/0 traffic to the Internet Gateway.

D.

From the security VPC FortiGate internal subnet routing table, point 0.0.0.0/0 traffic to the TGW.

E.

From the spoke VPC internal routing table, point 0.0.0.0/0 traffic to the TGW.

Question # 4

An administrator is configuring a software-defined network (SDN) connector in FortiWeb to dynamically obtain information about existing objects in an Amazon Elastic Kubernetes Service (EKS) cluster.

Which AWS policy should the administrator attach to a user to achieve this goal?

A.

AmazonEKSConnectorServiceRolePolicy

B.

AmazonEKSComputePolicy

C.

AmazonEKSServicePolicy

D.

AmazonEKSClusterPolicy

Question # 5

You have deployed a FortiGate HA cluster in Azure using a gateway load balancer for traffic inspection. However, traffic is not being routed correctly through the firewalls.

What can be the cause of the issue?

A.

The FortiNet VMs have IP forwarding disabled, which is required for traffic inspection.

B.

The health probes for the gateway load balancer are failing, which causes traffic to bypass the HA cluster.

C.

The gateway load balancer is not associated with the correct network security group (NSG) rules, which allow traffic to pass through.

D.

The protected VMs are in a different Azure subscription, which prevents the gateway load balancer from forwarding traffic.

Question # 6

Refer to the exhibit.

In your Amazon Web Services (AWS), you must allow inbound HTTPS access to the Customer VPC FortiGate VM from the internet. However, your HTTPS connection to the FortiGate VM in the Customer VPC is not successful.

Also, you must ensure that the Customer VPC FortiGate VM sends all the outbound Internet traffic through the Security VPC.

How do you correct this issue with minimal configuration changes? (Choose three.)

A.

Add a route with your local internet public IP address as the destination and the internet gateway as the target.

B.

Add a route with your local internet public IP address as the destination and the transit gateway as the target.

C.

Add a route to the destination 0.0.0.0/0 with the transit gateway as the target.

D.

Deploy an internet gateway, associate an EIP with the Customer VPC private subnet, and then add a new route with destination 0.0.0.0/0 with the internet gateway as the target.

E.

Deploy an internet gateway, attach it to the Customer VPC, and then associate an EIP with the port1 of the FortiGate in the Customer VPC.

Question # 7

The cloud administration team is reviewing an AWS deployment that was done using CloudFormation.

The deployment includes six FortiGate instances that required custom configuration changes after being deployed. The team notices that unwanted traffic is reaching some of the FortiGate instances because the template is missing a security group.

To resolve this issue, the team decides to update the JSON template with the missing security group and then apply the updated template directly, without using a change set.

What is the result of following this approach?

A.

If new FortiGate instances are deployed later they will include the updated changes.

B.

Some of the FortiGate instances may be deleted and replaced with new copies.

C.

The update is applied, and the security group is added to all instances without interruption.

D.

CloudFormation rejects the update and warns that a new full stack is required.

Question # 8

Which statement about Transit Gateway (TGW) in Amazon Web Services (AWS) is true?

A.

Both the TGW attachment and propagation must be in the same TGW route table.

B.

TGW can have multiple TGW route tables.

C.

A TGW attachment can be associated with multiple TGW route tables.

D.

The TGW default route table cannot be disabled.

Question # 9

An administrator is trying to implement FortiCNP with Microsoft Azure Security integration. However, FortiCNP is not able to extract any cloud integration data from Azure; therefore, real-time cloud security monitoring is not possible.

What is causing this issue?

A.

The organization is using a free Azure AD license.

B.

The Azure account doesn't have the global administrator role.

C.

The administrator enabled the wrong defender plan for servers.

D.

The FortiCNP account in Azure has the Storage Blob Data Reader role.

Question # 10

Exhibit.

In which type of FortiCNP insights can an administrator examine the findings triggered by this policy?

A.

Data

B.

Threat

C.

Risk

D.

User activity

Page: 1 / 2
Total 11 questions
Get Full Access Now

Most Popular Certification Exams

PAM-DEF
SAA-C03
L5M1
PEGAPCSSA86V1
PL-600
DP-203
SC-200
DMF-1220
HPE2-K45
CSC-110
Nonprofit-Cloud-Consultant
200-901
MCIA-Level-1
AZ-120
HPE6-A70
Marketing-Cloud-Email-Specialist
MCPA-Level-1

Site Map

Help

Payment

       

Contact us

dumpscollection live chat

Site Secure

mcafee secure

TESTED 14 Sep 2025

Copyright © 2014-2025 DumpsCollection. All Rights Reserved