Download FCSS - Public Cloud Security 7.6 Architect.FCSS_CDS_AR-7.6.ExamTopics.2026-05-06.40q.tqb

Vendor: Fortinet
Exam Code: FCSS_CDS_AR-7.6
Exam Name: FCSS - Public Cloud Security 7.6 Architect
Date: May 06, 2026
File Size: 4 MB
Download Exam

How to open TQB files?

Files with TQB (Taurus Question Bank) extension can be opened by Taurus Exam Studio.

Download
Taurus Exam Studio

Purchase
Coupon: TAURUSSIM_20OFF

Discount: 20%

Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator

Demo Questions

Question 1
Refer to the exhibit.
The exhibit shows a customer deployment of two Linux instances and their main routing table in Amazon Web Services (AWS). The customer also created a Transit Gateway (TGW) and two attachments.
Which two steps are required to route traffic from Linux instances to the TGW? (Choose two.)
  1. In the main subnet routing table in VPC A and B, add a new route with destination 0.0.0.0/0, next hop TGW.
  2. In the TGW route table, associate two attachments.
  3. In the TGW route table, add route propagation to 192.168.0.0/16.
  4. In the main subnet routing table in VPC A and B, add a new route with destination 0.0.0.0/0, next hop Internet gateway (IGW).
Correct answer: A, B
Question 2
Refer to the exhibit.
Which FortiCNP policy type generated the finding shown in the exhibit?
  1. This finding was generated by a file collection policy.
  2. This finding was generated by a threat detection policy.
  3. This finding was generated by a risk management policy.
  4. This finding was generated by a data scan policy.
Correct answer: B
Question 3
Refer to the exhibit.
The exhibit shows an active-passive high availability FortiGate pair with external and internal Azure load balancers. There is no SDN connector used in this solution.
Which configuration must the administrator implement on each FortiGate?
  1. Two static routes to Azure probe IP address.
  2. Single BGP route to Azure probe IP address.
  3. One static route to Azure Lambda IP address.
  4. Two BGP routes to Azure probe IP address.
Correct answer: A
Question 4
Refer to the exhibit.
You are tasked with deploying FortiGate using Terraform. When you run the terraform version command during the Terraform installation, you get an error message.
What could you do to resolve the command not found error?
  1. You must change the directory location to the root directory.
  2. You must assign correct permissions to the ec2-user.
  3. You must move the binary file to the bin directory.
  4. You must reinstall Terraform.
Correct answer: C
Question 5
As part of your organization monitoring plan, you have been tasked with obtaining and analyzing detailed information about the traffic sourced at one of your FortiGate EC2 instances.
What can you do to achieve this goal?
  1. Add the EC2 instance as a target in CloudWatch to collect its traffic logs.
  2. Use AWS CloudTrail to capture and then examine traffic from the EC2 instance.
  3. Configure a network access analyzer scope with the EC2 instance as a match finding.
  4. Create a virtual public cloud (VPC) flow log at the network interface level for the EC2 instance.
Correct answer: D
Question 6
You must add an Amazon Web Services (AWS) network access list (NACL) rule to allow SSH traffic to a subnet for temporary testing purposes. When you review the current inbound and outbound NACL rules, you notice that the rules with number 5 deny SSH and telnet traffic to the subnet.
What can you do to allow SSH traffic?
  1. You do not have to create any NACL rules because the default security group rule automatically allows SSH traffic to the subnet.
  2. You must create two new allow SSH rules, each with a number bigger than 5.
  3. You must create a new allow SSH rule anywhere in the network ACL rule base to allow SSH traffic.
  4. You must create two new allow SSH rules, each with a number smaller than 5.
Correct answer: D
Question 7
An administrator decides to use the Use managed identity option on the FortiGate SDN connector with Microsoft Azure. However, the SDN connector is failing on the connection.
What must the administrator do to correct this issue?
  1. Make sure to add the Tenant ID on FortiGate side of the configuration.
  2. Make sure to enable the system assigned managed identity on Azure.
  3. Make sure to add the Client secret on FortiGate side of the configuration.
  4. Make sure to set the type to system managed identity on FortiGate SDN connector settings.
Correct answer: B
Question 8
Refer to the exhibit.
An administrator implements FortiWeb ingress controller to protect containerized web applications in an AWS Elastic Kubernetes Service (EKS) cluster.
What can you conclude about the topology shown in FortiView?
  1. This topology has two services and two ingress controllers deployed.
  2. Adding a new service will update the FortiWeb configuration automatically.
  3. The FortiWeb VM gets the latest cluster information through an SDN connector.
  4. Both services will be load balanced among the two nodes and the four pods.
Correct answer: B
Question 9
Refer to the exhibit.
You are managing an active-passive FortiGate HA cluster in AWS that was deployed using CloudFormation. You have created a change set to examine the effects of some proposed changes to the current infrastructure. The exhibit shows some sections of the change set.
What will happen if you apply these changes?
  1. This deployment can be done without any traffic interruption.
  2. The updated FortiGate VMs will not have the latest configuration changes.
  3. CloudFormation checks if you will surpass your account quota.
  4. Both FortiGate VMs will get a new PhysicalResourceId.
Correct answer: A
Question 10
An administrator is relying on an Azure Bicep linter to find possible issues in Bicep files.
Which problem can the administrator expect to find?
  1. The resources to be deployed exceed the quota for a region.
  2. There are output statements that contain passwords.
  3. One or more modules are not using runtime values as parameters.
  4. Some resources are missing dependsON statements.
Correct answer: B
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!