Fortinet fcss cds ar 7 6 practice test

Refer to the exhibit.

Refer to the exhibit.
You are managing an active-passive FortiGate HA cluster in AWS that was deployed using
CloudFormation. You have created a change set to examine the effects of some proposed changes to
the current infrastructure. The exhibit shows some sections of the change set.
What will happen if you apply these changes?

• A. This deployment can be done without any traffic interruption.
• B. Both FortiGate VMs will get a new PhysicalResourceId.
• C. The updated FortiGate VMs will not have the latest configuration changes.
• D. CloudFormation checks if you will surpass your account quota.

Refer to the exhibit.

What is the purpose of this section of an Azure Bicep file?

• A. To restrict which FortiOS versions are accepted for deployment
• B. To indicate the correct FortiOS upgrade path after deployment
• C. To add a comment with the permitted FortiOS versions that can be deployed
• D. To document the FortiOS versions in the resulting topology

In an SD-WAN TGW Connect topology, which three initial steps are mandatory when routing traffic
from a spoke VPC to a security VPC through a Transit Gateway? (Choose three.)

• A. From the security VPC TGW subnet routing table, point 0.0.0.0/0 traffic to the FortiGate internal port.
• B. From the security VPC TGW subnet routing table, point 0.0.0.0/0 traffic to the TGW.
• C. From both spoke VPCs and the security VPC, point 0.0.0.0/0 traffic to the Internet Gateway.
• D. From the security VPC FortiGate internal subnet routing table, point 0.0.0.0/0 traffic to the TGW.
• E. From the spoke VPC internal routing table, point 0.0.0.0/0 traffic to the TGW.

An AWS administrator must ensure that each member of the cloud deployment team has the correct
permissions to deploy and manage resources using CloudFormation. The administrator is researching
which tasks must be executed with CloudFormation and therefore require CloudFormation
permissions.
Which task is run using CloudFormation?

• A. Deploying a new pod with a service in an Elastic Kubernetes Service (EKS) cluster using the kubectl command
• B. Installing a Helm chart to deploy a FortiWeb ingress controller in an EKS cluster
• C. Creating an EKS cluster with the eksctl create cluster command
• D. Changing the number of nodes in an EKS cluster from AWS CloudShell

An administrator decides to use the Use managed identity option on the FortiGate SDN connector
with Microsoft Azure. However, the SDN connector is failing on the connection.
What must the administrator do to correct this issue?

• A. Make sure to add the Client Secret on the FortiGate side of the configuration.
• B. Make sure to add the Tenant ID on the FortiGate side of the configuration.
• C. Make sure to enable the system-assigned managed identity on Azure.
• D. Make sure to set the type to system managed identity on FortiGate SDN connector settings.

Refer to the exhibit.

Refer to the exhibit.
A Managed Security Service Provider (MSSP) administration team is trying to deploy a new HA
cluster in Azure to filter traffic to and from a client that is also using Azure. However, every
deployment attempt fails, and only some of the resources are deployed successfully. While
troubleshooting this issue, the team runs the command shown in the exhibit.
What are the implications of the output of the command?

• A. The team will not be able to deploy an A-P FortiGate HA cluster with Azure Gateway Load Balancer.
• B. The team will not be able to deploy an A-P FortiGate HA cluster with Azure Load Balancer.
• C. The team will not be able to deploy an active-passive (A-P) FortiGate high availability (HA) cluster with SDN connector.
• D. The team will not be able to deploy an active-active (A-A) FortiGate HA cluster with Azure Load Balancer.

Refer to the exhibit.

Refer to the exhibit.
You deployed a FortiGate HA active-passive cluster in Microsoft Azure.
Which two statements regarding this particular deployment are true? (Choose two.)

• A. You can use the vim-exception command to synchronize the configuration.
• B. During a failover, all existing sessions are transferred to the new active FortiGate.
• C. The configuration does not synchronize between the primary and secondary devices.
• D. There is no SLA for API calls from Microsoft Azure.

Refer to the exhibit.

You are tasked with deploying FortiGate using Terraform. When you run the terraform version
command during the Terraform installation, you get an error message.
What could you do to resolve the command not found error?

• A. You must move the binary file to the bin directory.
• B. You must reinstall Terraform.
• C. You must change the directory location to the root directory.
• D. You must assign correct permissions to the ec2-user.

Refer to the exhibit.

Refer to the exhibit.
An administrator used the what-if tool to preview changes to an Azure Bicep file.
What will happen if the administrator decides to apply these changes in Azure?

• A. Subnet 10.0.1.0/24 will replace subnet 10.0.2.0/24.
• B. This deployment will fail and no changes will be applied.
• C. A new subnet will be added to ServerApps.
• D. The ServerApps VNet will be renamed.

Refer to the exhibit.

Refer to the exhibit.
After analyzing the native monitoring tools available in Azure, an administrator decides to use the
tool displayed in the exhibit.
Why would an administrator choose this tool?

• A. To view details about Azure resources and their relationships across multiple regions.
• B. To obtain, and later examine, traffic flow data with a visualization tool.
• C. To help debug issues affecting virtual network gateways.
• D. To compare the latency of an on-premises site with the latency of an Azure application.