Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Fortinet
  3. FCSS_SDW_AR-7.6

Fortinet FCSS_SDW_AR-7.6 Exam (page: 1)
Fortinet FCSS - SD-WAN 7.6 Architect
Updated on: 12-Feb-2026

Viewing Page 1 of 13
FCSS_SDW_AR-7.6 PDF 94 Questions

Exhibit.



Two hub-and-spoke groups are connected through redundant site-to-site IPsec VPNs between Hub 1 and Hub 2

Which two configuration settings are required for the spoke A1 to establish an ADVPN shortcut with the spoke B2? (Choose two.)

  1. On hubs, auto-discovery-forwarder must be enabled on the IPsec VPNs to hubs.
  2. On hubs, auto-discovery-receiver must be enabled on the IPsec VPNs to spokes.
  3. On hubs, auto-discovery-forwarder must be enabled on the IPsec VPNs to spokes.
  4. On hubs, auto-diacovery-sender must be enabled on the IPsec VPNs to spokes

Answer(s): A,D

Explanation:

To allow spokes in different hub-and-spoke groups to establish ADVPN shortcuts, the hubs must be configured to forward and send ADVPN shortcut offers. The key required settings on the hub are auto-discovery-forwarder (for VPNs to hubs) and auto-discovery-sender (for VPNs to spokes). This ensures the hub can facilitate and advertise ADVPN shortcut offers between spokes.


Reference:

Fortinet SD-WAN 7.4 ADVPN Guide (Auto-discovery settings for hub-and-spoke topologies)



Refer to the exhibit.



Which SD-WAN rule and interface uses FortiGate to steer the traffic from the LAN subnet 10.0.1.0/24 to the corporate server 10.2.5.254?

  1. SD-WAN service rule 3 and interface HUB1-VPN2.
  2. SD-WAN service rule 3 and interface HUB1-VPN3.
  3. SD-WAN service rule 4 and port1 or port2.
  4. SD-WAN service rule 4 and interface port2.

Answer(s): D

Explanation:

Traffic steering in Fortinet SD-WAN is based on defined rules and the corresponding outgoing interfaces. The exhibit (not shown here) would indicate that the traffic from the LAN subnet 10.0.1.0/24 to the server 10.2.5.254 is matched by SD-WAN rule 3 and sent out via the HUB1-VPN3 interface.


Reference:

FortiOS 7.4 SD-WAN Concept Guide ­ Rule Matching





Refer to the exhibit.

You want to configure SD-WAN on a network as shown in the exhibit.

The network contains many FortiGate devices. Some are used as NGFW, and some are installed with extensions such as FortiSwitch. FortiAP. or Forti Ex tender.

What should you consider when planning your deployment?

  1. You can build an SD-WAN topology that includes all devices. The hubs can be FortiGate devices with Forti Extender.
  2. You can build an SD-WAN topology that includes all devices. The hubs must be devices without extensions.
  3. You must use FortiManager to manage your SD-WAN topology.
  4. You must build multiple SD-WAN topologies. Each topology must contain only one type of extension.

Answer(s): B

Explanation:

In Fortinet SD-WAN, hubs should not have extensions like FortiSwitch, FortiAP, or FortiExtender installed, as these can affect hub functionality and scalability.
While all device types can be included in the topology, the hubs must be "clean" FortiGate devices without such extensions to ensure proper ADVPN and overlay management.


Reference:

Fortinet SD-WAN Reference Architecture Guide 7.4 ­ Hub requirements



Refer to exhibit.



Refer to the exhibit that shows event logs on FortiGate.

Based on the output shown in the exhibit, what can you say about the tunnels on this device?

  1. The master tunnel HU82-VPN3 cannot accept ADVPN shortcuts.
  2. The device steers voice traffic through the VPN tunnel HUB1-VPN3.
  3. The VPN tunnel HUB1-VPN1_0 is a shortcut tunnel.
  4. There is one shortcut tunnel built from master tunnel VPN4.

Answer(s): C

Explanation:

Event logs (from the exhibit) show how traffic is matched to SD-WAN rules and routed. The log output indicates that voice traffic is being routed through the HUB1-VPN3 tunnel. This matches SD- WAN's application-aware steering, which uses dynamic performance metrics to select the optimal path.


Reference:

FortiOS 7.4 SD-WAN Application-Aware Routing Documentation



Exhibit.



Which action will FortiGate take if it detects SD-WAN members as dead?

  1. FoftiGate bounces port5 after it detects all SD-WAN members as dead.
  2. FortiGate fails over to the secondary device after it detects port5 as dead.
  3. FortiGate sends alert messages through poft5 when it detects all SD-WAN members as dead
  4. FortiGate brings down port5 after it detects all SD-WAN members as dead.

Answer(s): C



You are planning a large SD-WAN deployment with approximately 1000 spokes and want to allow ADVPN between the spokes. Some remote sites use FortiSASE to connect to the company's SD-WAN hub.
Which overlay routing configuration should you use?

  1. BGP on loopback with dynamic BGP for ADVPN shortcut routing.
  2. BGP on loopback with IPsec phase2 selectors for ADVPN shortcut routing.
  3. BGP per overlay with dynamic BGP for ADVPN shortcut routing.
  4. BGP per overlay with BGP next-hop convergence for ADVPN shortcut routing.

Answer(s): A

Explanation:

For a large-scale SD-WAN deployment (such as 1000 spokes) where ADVPN shortcut routing is required and some remote sites connect via FortiSASE, the recommended overlay routing configuration is BGP running on loopback interfaces, combined with dynamic BGP for ADVPN shortcut routing. This design leverages the scalability and resilience of BGP, allowing dynamic discovery and route exchange necessary for shortcut tunnels between spokes in ADVPN environments. Using loopback interfaces for BGP peering is considered best practice because it decouples routing protocol stability from physical link status, ensuring that if a physical underlay interface fails, the BGP session remains up as long as there's an alternate path. With dynamic BGP, each spoke can efficiently learn the routes to other spokes and dynamically establish shortcuts, which is critical at this scale. This method also integrates smoothly with FortiSASE for remote connectivity to the SD-WAN hub, providing flexibility and centralized management.


Reference:

Fortinet SD-WAN Reference Architecture Guide 7.4, "Scalable Routing with BGP on Loopback and ADVPN Shortcuts"

Fortinet SD-WAN Concept Guide, "Overlay Routing Designs for Large Deployments"



Refer to the exhibits.


You connect to a device behind a branch FortiGate device and initiate a ping test. The device is part of the LAN subnet and its IP address is 10.0.1.101.

Based on the exhibits, which interface uses branch 1_fgt to steer the test traffic?

  1. port4
  2. HUB1-VPN1
  3. port1
  4. port2

Answer(s): D



You manage an SD-WAN topology. You will soon deploy 50 new branches.

Which three tasks can you do in advance to simplify this deployment? (Choose three.)

  1. Update the DHCP server configuration.
  2. Create model devices.
  3. Create a ZTP template.
  4. Define metadata variables value for each device.
  5. Create policy blueprint.

Answer(s): B,C,E

Explanation:

When planning to deploy a large number of branches (e.g., 50), Fortinet recommends several preparatory steps to simplify and automate the rollout. Creating model devices allows you to predefine configurations and settings that can be cloned or adapted for each branch, saving time and minimizing manual errors. Preparing a Zero Touch Provisioning (ZTP) template enables automatic onboarding and provisioning of new FortiGates as soon as they come online, reducing manual intervention. Lastly, creating a policy blueprint allows for standardized policy deployment across all branches, ensuring consistent security and SD-WAN rule enforcement. This holistic approach streamlines the deployment process, allows for rapid scaling, and ensures that all devices are configured according to corporate policy from day one.


Reference:

Fortinet SD-WAN 7.4 Reference Architecture, "ZTP and Model Device Strategies for Scalable Rollouts"

FortiManager Admin Guide, "Policy Blueprints and Automation for Branch Deployment"



Viewing Page 1 of 13



Share your comments for Fortinet FCSS_SDW_AR-7.6 exam with other users:

Daisy Delgado 1/9/2023 1:05:00 PM

awesome
UNITED STATES


Atif 6/13/2023 4:09:00 AM

yes please upload
UNITED STATES


Xunil 6/12/2023 3:04:00 PM

great job whoever put this together, for the greater good! thanks!
Anonymous


Lakshmi 10/2/2023 5:26:00 AM

just started to view all questions for the exam
NETHERLANDS


rani 1/19/2024 11:52:00 AM

helpful material
Anonymous


Greg 11/16/2023 6:59:00 AM

hope for the best
UNITED STATES


hi 10/5/2023 4:00:00 AM

will post exam has finished
UNITED STATES


Vmotu 8/24/2023 11:14:00 AM

really correct and good analyze!
AZERBAIJAN


hicham 5/30/2023 8:57:00 AM

excellent thanks a lot
FRANCE


Suman C 7/7/2023 8:13:00 AM

will post once pass the cka exam
INDIA


Ram 11/3/2023 5:10:00 AM

good content
Anonymous


Nagendra Pedipina 7/13/2023 2:12:00 AM

q:32 answer has to be option c
INDIA


Tamer Barakat 12/7/2023 5:17:00 PM

nice questions
Anonymous


Daryl 8/1/2022 11:33:00 PM

i really like the support team in this website. they are fast in communication and very helpful.
UNITED KINGDOM


Curtis Nakawaki 6/29/2023 9:13:00 PM

a good contemporary exam review
UNITED STATES


x-men 5/23/2023 1:02:00 AM

q23, its an array, isnt it? starts with [ and end with ]. its an array of objects, not object.
UNITED STATES


abuti 7/21/2023 6:24:00 PM

cool very helpfull
Anonymous


Krishneel 3/17/2023 10:34:00 AM

i just passed. this exam dumps is the same one from prepaway and examcollection. it has all the real test questions.
INDIA


Regor 12/4/2023 2:01:00 PM

is this a valid prince2 practitioner dumps?
UNITED KINGDOM


asl 9/14/2023 3:59:00 PM

all are relatable questions
CANADA


Siyya 1/19/2024 8:30:00 PM

might help me to prepare for the exam
Anonymous


Ted 6/21/2023 11:11:00 PM

just paid and downlaod the 2 exams using the 50% sale discount. so far i was able to download the pdf and the test engine. all looks good.
GERMANY


Paul K 11/27/2023 2:28:00 AM

i think it should be a,c. option d goes against the principle of building anything custom unless there are no work arounds available
INDIA


ph 6/16/2023 12:41:00 AM

very legible
Anonymous


sephs2001 7/31/2023 10:42:00 PM

is this exam accurate or helpful?
Anonymous


ash 7/11/2023 3:00:00 AM

please upload dump, i have exam in 2 days
INDIA


Sneha 8/17/2023 6:29:00 PM

this is useful
CANADA


sachin 12/27/2023 2:45:00 PM

question 232 answer should be perimeter not netowrk layer. wrong answer selected
Anonymous


tomAws 7/18/2023 5:05:00 AM

nice questions
BRAZIL


Rahul 6/11/2023 2:07:00 AM

hi team, could you please provide this dump ?
INDIA


TeamOraTech 12/5/2023 9:49:00 AM

very helpful to clear the exam and understand the concept.
Anonymous


Curtis 7/12/2023 8:20:00 PM

i think it is great that you are helping people when they need it. thanks.
UNITED STATES


sam 7/17/2023 6:22:00 PM

cannot evaluate yet
Anonymous


nutz 7/20/2023 1:54:00 AM

a laptops wireless antenna is most likely located in the bezel of the lid
UNITED STATES