Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

Discussions
  1. Home
  2. Fortinet
  3. Fortinet Certified Solution Specialist
  4. FCSS_CDS_AR-7.6
  5. FCSS - Public Cloud Security 7.6 Architect Questions and Answers

Pass the Fortinet Certified Solution Specialist FCSS_CDS_AR-7.6 Questions and answers with ValidTests

Exam FCSS_CDS_AR-7.6 All Questions
Exam FCSS_CDS_AR-7.6 Premium Access

View all detail and faqs for the FCSS_CDS_AR-7.6 exam

Go to Exam
Viewing page 1 out of 2 pages
Viewing questions 1-10 out of questions
Questions # 1:

Exhibit.

Question # 1

In which type of FortiCNP insights can an administrator examine the findings triggered by this policy?

Options:

A.

Data

B.

Threat

C.

Risk

D.

User activity

Expert Solution
Questions # 2:

What is the main advantage of using SD-WAN Transit Gateway Connect over traditional SD-WAN?

Options:

A.

You can use BGP over IPsec for maximum throughput.

B.

You can combine it with IPsec to achieve higher bandwidth.

C.

It eliminates the use of ECMP.

D.

You can use GRE-based tunnel attachments.

Expert Solution
Questions # 3:

You have deployed a FortiGate HA cluster in Azure using a gateway load balancer for traffic inspection. However, traffic is not being routed correctly through the firewalls.

What can be the cause of the issue?

Options:

A.

The FortiNet VMs have IP forwarding disabled, which is required for traffic inspection.

B.

The health probes for the gateway load balancer are failing, which causes traffic to bypass the HA cluster.

C.

The gateway load balancer is not associated with the correct network security group (NSG) rules, which allow traffic to pass through.

D.

The protected VMs are in a different Azure subscription, which prevents the gateway load balancer from forwarding traffic.

Expert Solution
Questions # 4:

A Network security administrator is searching for a solution to secure traffic going in and out of the container infrastructure.

In which two ways can Fortinet container security help secure container infrastructures? (Choose two.)

Options:

A.

FortiGate NGFW can inspect north-south container traffic with label aware policies.

B.

FortiGate NGFW and FortiWeb can be used to secure container traffic.

C.

FortiGate NGFW can connect to the worker nodes and protect the containers.

D.

FortiGate NGFW can be placed between each application container for north-south traffic inspection.

Expert Solution
Questions # 5:

An organization is deploying FortiDevSec to enhance security for containerized applications, and they need to ensure containers are monitored for suspicious behavior at runtime.

Which FortiDevSec feature is best for detecting runtime threats?

Options:

A.

FortiDevSec software composition analysis (SCA)

B.

FortiDevSec static application security testing (SAST)

C.

FortiDevSec dynamic application security testing (DAST)

D.

FortiDevSec container scanner

Expert Solution
Questions # 6:

Your DevOps team is evaluating different Infrastructure as Code (IaC) solutions for deploying complex Azure environments.

What is an advantage of choosing Azure Bicep over other IaC tools available?

Options:

A.

Azure Bicep generates deployment logs that are optimized to improve error handling.

B.

Azure Bicep provides immediate support for all Azure services, including those in preview.

C.

Azure Bicep requires less frequent schema updates than Azure Resource Manager (ARM) templates.

D.

Azure Bicep can reduce deployment costs by limiting resource utilization during testing.

Expert Solution
Questions # 7:

Refer to the exhibit.

Question # 7

The exhibit shows an active-passive high availability FortiGate pair with external and internal Azure load balancers There is no SDN connector used in this solution.

Which configuration must the administrator implement on each FortiGate?

Options:

A.

Single BGP route to Azure probe IP address.

B.

One static route to Azure Lambda IP address.

C.

Two static routes to Azure probe IP address.

D.

Two BGP routes lo Azure probe IP address.

Expert Solution
Questions # 8:

Refer to the exhibit.

Question # 8

You are managing an active-passive FortiGate HA cluster in AWS that was deployed using CloudFormation. You have created a change set to examine the effects of some proposed changes to the current infrastructure. The exhibit shows some sections of the change set.

What will happen if you apply these changes?

Options:

A.

This deployment can be done without any traffic interruption.

B.

Both FortiGate VMs will get a new PhysicalResourceId.

C.

The updated FortiGate VMs will not have the latest configuration changes.

D.

CloudFormation checks if you will surpass your account quota.

Expert Solution
Questions # 9:

An administrator implements FortiWeb ingress controller to protect containerized web applications in an AWS Elastic Kubernetes Service (EKS) cluster.

Question # 9

What can you conclude about the topology shown in FortiView?

Options:

A.

The FortiWeb VM gets the latest cluster information through an SDN connector.

B.

This topology has two services and two ingress controllers deployed.

C.

Both services will be load balanced among the two nodes and the four pods.

D.

Adding a new service will update the FortiWeb configuration automatically.

Expert Solution
Questions # 10:

Refer to the exhibit.

Question # 10

You deployed a FortiGate HA active-passive cluster in Microsoft Azure.

Which two statements regarding this particular deployment are true? (Choose two.)

Options:

A.

You can use the vdom-exception command to synchronize the configuration.

B.

During a failover, all existing sessions are transferred to the new active FortiGate.

C.

The configuration does not synchronize between the primary and secondary devices.

D.

There is no SLA for API calls from Microsoft Azure.

Expert Solution
Viewing page 1 out of 2 pages
Viewing questions 1-10 out of questions