Fortinet FCSS_CDS_AR-7.6 - FCSS - Public Cloud Security 7.6 Architect Exam
Page: 1 / 11
Total 54 questions
Question #1 (Topic: Exam A)
You have deployed a FortiGate HA cluster in Azure using a gateway load balancer for traffic inspection. However, traffic is not being routed correctly through the firewalls.
What can be the cause of the issue?
What can be the cause of the issue?
A. The health probes for the gateway load balancer are failing, which causes traffic to bypass the HA cluster.
B. The protected VMs are in a different Azure subscription, which prevents the gateway load balancer from forwarding traffic.
C. The Fortinet VMs have IP forwarding disabled, which is required for traffic inspection.
D. The gateway load balancer is not associated with the correct network security group (NSG) rules, which allow traffic to pass through.
Answer: C
Question #2 (Topic: Exam A)
Your organization has several FortiGate VMs deployed in Azure. You need to implement a solution with Azure native tools that allows you to determine whether packets are being permitted or blocked by the FortiGate VMs.
Which solution can you use to meet these requirements?
Which solution can you use to meet these requirements?
A. Insert the VM traffic logs in Azure Sentinel.
B. Install the Azure Monitor agent in all VMs.
C. Use IP flow verify for each of the VMs.
D. Configure Azure Advisor to analyze the network traffic.
Answer: C
Question #3 (Topic: Exam A)
An AWS administrator must ensure that each member of the cloud deployment team has the correct permissions to deploy and manage resources using CloudFormation. The administrator is researching which tasks must be executed with CloudFormation and therefore require CloudFormation permissions.
Which task is run using CloudFormation?
Which task is run using CloudFormation?
A. Installing a Helm chart to deploy a FortiWeb ingress controller in an EKS cluster
B. Creating an EKS cluster with the eksctl create cluster command
C. Changing the number of nodes in a EKS cluster from AWS CloudShell
D. Deploying a new pod with a service in an Elastic Kubernetes Service (EKS) cluster using the kubectl command
Answer: A
Question #4 (Topic: Exam A)
Refer to the exhibit.
An administrator deployed an HA active-active load balance sandwich in Microsoft Azure. The setup requires configuration synchronization between devices.
What can you conclude from the configured settings shown in the exhibit? (Choose two.)
An administrator deployed an HA active-active load balance sandwich in Microsoft Azure. The setup requires configuration synchronization between devices.
What can you conclude from the configured settings shown in the exhibit? (Choose two.)
A. FortiGate A and FortiGate B are two independent devices.
B. By default, FortiGate uses FGCP.
C. It does not synchronize the FortiGate hostname.
D. FortiGate-VM instances are scaled out automatically according to predefined workload levels.
Answer: BC
Question #5 (Topic: Exam A)
A VM in Azure is failing to communicate with other VMs in the same subnet.
What is the most likely cause?
What is the most likely cause?
A. Some of the VMs are beyond your allowed quota for the Azure region.
B. There is at least one user-defined route blocking traffic within the subnet.
C. The VMs do not have a public IP address configured.
D. A network security group (NSG) has overridden the default intrasubnet communication rule.
Answer: D
