01. A DevOps team is using Terraform to manage their infrastructure across multiple environments. Currently, the Terraform state file is stored locally on a developer’s machine. The team decides to migrate the state file to a remote back-end machine.
Why is storing the Terraform state file in a remote location considered a best practice in this scenario?
a) It eliminates the need to define provider configurations in the state file.
b) It ensures that the state file is encrypted.
c) It prevents the accidental deletion of the state file.
d) It enables collaboration among multiple team members.
02. An Azure administration team is looking for a FortiGate high availability (HA) solution that is able to:
- Filter east-west traffic
- Filter north-south traffic
- Scale up
- Scale out
Which HA deployment meets all of the requirements?
a) Active-passive with external and internal load balancers
b) Active-passive with SDN connector
c) Active-active with external and internal load balancers
d) Active-active with Azure Gateway load balancer
03. The DevOps team is troubleshooting a FortiGate software-defined network(SDN) connector that is failing to integrate with a Kubernetes cluster. While using several debug commands, they find that the connector connection generates an error code 401.
What is the cause of this error?
a) The Kubernetes cluster is using an unsupported API version.
b) The service principal being used has the correct role assigned.
c) The FortiGate firewall is using HTTP to send API calls instead of HTTPS.
d) The configured client secret credentials are incorrect.
04. Which two statements about the Amazon Web Services (AWS) security groups are true?
(Choose two.)
a) Security groups are applicable at the instance level.
b) EC2 instances, elastic network interfaces (ENIs), and subnets may have security groups configured on them.
c) A security group is a stateful list of ingress and egress traffic rules.
d) Configured traffic rules may have an action of allow or deny.
05. You are tasked with adding public cloud accounts to FortiCNP cloud protection. After adding an Azure account, you notice the status shows as Partially running. What can you conclude from that status?
a) FortiCNP detected that you are using a free Azure account.
b) FortiCNP is verifying if there are enough license seats to add the account.
c) FortiCNP will take approximately 15 minutes to change the status to Running.
d) FortiCNP may still be able to monitor the cloud account.
06. A DevOps team is configuring Terraform to deploy Amazon Web Services (AWS) resources. They want to use environment variables to authenticate Terraform with AWS, while ensuring that the setup works across multiple developers' machines without exposing credentials in configuration files.
Which two environment variables must the team configure, at a minimum, to allow Terraform to authenticate with AWS?
(Choose two.)
a) AWS_ROLE_ARN
b) AWS_SECRET_ACCESS_KEY
c) AWS_ACCOUNT_ID
d) AWS_ACCESS_KEY_ID
07. An administrator is planning to use FortiDevSec to detect vulnerabilities in container images and is researching any platform limitations that they must take into account when using that tool. What is a limitation of FortiDevSec container security scanning?
a) It does not support scanning private images that require Docker login.
b) It is limited to dynamic application testing of container images.
c) It focuses on scanning for encrypted secrets in containerized applications.
d) It can detect vulnerabilities in containerized applications in Amazon Web Services (AWS) environments only.
08. Refer to the exhibit.
An experienced AWS administrator is creating a new virtual public cloud (VPC) flow log with the settings shown in the exhibit. What is the purpose of this configuration?
a) To maximize the number of logs saved
b) To store the logs for further analysis
c) To monitor the logs in real time
d) To troubleshoot a log flow issue
09. Which statement about Amazon Web Services (AWS) Transit Gateway is true for SD-WAN transit gateway (TGW) Connect with FortiGate?
a) The TGW plugin must be used with a VPN to achieve higher bandwidth.
b) TGW supports BGP to share routes with FortiGate.
c) Attaching a virtual private cloud (VPC) to the TGW automatically adds new routes to the subnet route table.
d) The Generic Routing Encapsulation (GRE)-based tunnel attachments are slower than IPsec tunnels.
10. While working with Terraform files, an administrator notices that some of the variables do not have their type explicitly declared.
What type of variable is vpccidr in the exhibit?
a) String
b) Set
c) Map
d) Number
Before you write the Fortinet Public Cloud Security Architect (FCSS_CDS_AR-7.6) certification exam, you may have certain doubts in your mind regarding the pattern of the test, the types of questions asked in it, the difficulty level of the questions and time required to complete the questions. These Fortinet Certified Solution Specialist - Public Cloud Security sample questions and demo exam help you in removing these doubts and prepare you to take the test.
