Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. Fortinet
  3. FCSS_SDW_AR-7.6

Fortinet FCSS_SDW_AR-7.6 Exam (page: 1)
Fortinet FCSS - SD-WAN 7.6 Architect
Updated on: 31-Mar-2026

Viewing Page 1 of 13
FCSS_SDW_AR-7.6 PDF 94 Questions

Exhibit.



Two hub-and-spoke groups are connected through redundant site-to-site IPsec VPNs between Hub 1 and Hub 2

Which two configuration settings are required for the spoke A1 to establish an ADVPN shortcut with the spoke B2? (Choose two.)

  1. On hubs, auto-discovery-forwarder must be enabled on the IPsec VPNs to hubs.
  2. On hubs, auto-discovery-receiver must be enabled on the IPsec VPNs to spokes.
  3. On hubs, auto-discovery-forwarder must be enabled on the IPsec VPNs to spokes.
  4. On hubs, auto-diacovery-sender must be enabled on the IPsec VPNs to spokes

Answer(s): A,D

Explanation:

To allow spokes in different hub-and-spoke groups to establish ADVPN shortcuts, the hubs must be configured to forward and send ADVPN shortcut offers. The key required settings on the hub are auto-discovery-forwarder (for VPNs to hubs) and auto-discovery-sender (for VPNs to spokes). This ensures the hub can facilitate and advertise ADVPN shortcut offers between spokes.


Reference:

Fortinet SD-WAN 7.4 ADVPN Guide (Auto-discovery settings for hub-and-spoke topologies)



Refer to the exhibit.



Which SD-WAN rule and interface uses FortiGate to steer the traffic from the LAN subnet 10.0.1.0/24 to the corporate server 10.2.5.254?

  1. SD-WAN service rule 3 and interface HUB1-VPN2.
  2. SD-WAN service rule 3 and interface HUB1-VPN3.
  3. SD-WAN service rule 4 and port1 or port2.
  4. SD-WAN service rule 4 and interface port2.

Answer(s): D

Explanation:

Traffic steering in Fortinet SD-WAN is based on defined rules and the corresponding outgoing interfaces. The exhibit (not shown here) would indicate that the traffic from the LAN subnet 10.0.1.0/24 to the server 10.2.5.254 is matched by SD-WAN rule 3 and sent out via the HUB1-VPN3 interface.


Reference:

FortiOS 7.4 SD-WAN Concept Guide ­ Rule Matching





Refer to the exhibit.

You want to configure SD-WAN on a network as shown in the exhibit.

The network contains many FortiGate devices. Some are used as NGFW, and some are installed with extensions such as FortiSwitch. FortiAP. or Forti Ex tender.

What should you consider when planning your deployment?

  1. You can build an SD-WAN topology that includes all devices. The hubs can be FortiGate devices with Forti Extender.
  2. You can build an SD-WAN topology that includes all devices. The hubs must be devices without extensions.
  3. You must use FortiManager to manage your SD-WAN topology.
  4. You must build multiple SD-WAN topologies. Each topology must contain only one type of extension.

Answer(s): B

Explanation:

In Fortinet SD-WAN, hubs should not have extensions like FortiSwitch, FortiAP, or FortiExtender installed, as these can affect hub functionality and scalability.
While all device types can be included in the topology, the hubs must be "clean" FortiGate devices without such extensions to ensure proper ADVPN and overlay management.


Reference:

Fortinet SD-WAN Reference Architecture Guide 7.4 ­ Hub requirements



Refer to exhibit.



Refer to the exhibit that shows event logs on FortiGate.

Based on the output shown in the exhibit, what can you say about the tunnels on this device?

  1. The master tunnel HU82-VPN3 cannot accept ADVPN shortcuts.
  2. The device steers voice traffic through the VPN tunnel HUB1-VPN3.
  3. The VPN tunnel HUB1-VPN1_0 is a shortcut tunnel.
  4. There is one shortcut tunnel built from master tunnel VPN4.

Answer(s): C

Explanation:

Event logs (from the exhibit) show how traffic is matched to SD-WAN rules and routed. The log output indicates that voice traffic is being routed through the HUB1-VPN3 tunnel. This matches SD- WAN's application-aware steering, which uses dynamic performance metrics to select the optimal path.


Reference:

FortiOS 7.4 SD-WAN Application-Aware Routing Documentation



Exhibit.



Which action will FortiGate take if it detects SD-WAN members as dead?

  1. FoftiGate bounces port5 after it detects all SD-WAN members as dead.
  2. FortiGate fails over to the secondary device after it detects port5 as dead.
  3. FortiGate sends alert messages through poft5 when it detects all SD-WAN members as dead
  4. FortiGate brings down port5 after it detects all SD-WAN members as dead.

Answer(s): C



You are planning a large SD-WAN deployment with approximately 1000 spokes and want to allow ADVPN between the spokes. Some remote sites use FortiSASE to connect to the company's SD-WAN hub.
Which overlay routing configuration should you use?

  1. BGP on loopback with dynamic BGP for ADVPN shortcut routing.
  2. BGP on loopback with IPsec phase2 selectors for ADVPN shortcut routing.
  3. BGP per overlay with dynamic BGP for ADVPN shortcut routing.
  4. BGP per overlay with BGP next-hop convergence for ADVPN shortcut routing.

Answer(s): A

Explanation:

For a large-scale SD-WAN deployment (such as 1000 spokes) where ADVPN shortcut routing is required and some remote sites connect via FortiSASE, the recommended overlay routing configuration is BGP running on loopback interfaces, combined with dynamic BGP for ADVPN shortcut routing. This design leverages the scalability and resilience of BGP, allowing dynamic discovery and route exchange necessary for shortcut tunnels between spokes in ADVPN environments. Using loopback interfaces for BGP peering is considered best practice because it decouples routing protocol stability from physical link status, ensuring that if a physical underlay interface fails, the BGP session remains up as long as there's an alternate path. With dynamic BGP, each spoke can efficiently learn the routes to other spokes and dynamically establish shortcuts, which is critical at this scale. This method also integrates smoothly with FortiSASE for remote connectivity to the SD-WAN hub, providing flexibility and centralized management.


Reference:

Fortinet SD-WAN Reference Architecture Guide 7.4, "Scalable Routing with BGP on Loopback and ADVPN Shortcuts"

Fortinet SD-WAN Concept Guide, "Overlay Routing Designs for Large Deployments"



Refer to the exhibits.


You connect to a device behind a branch FortiGate device and initiate a ping test. The device is part of the LAN subnet and its IP address is 10.0.1.101.

Based on the exhibits, which interface uses branch 1_fgt to steer the test traffic?

  1. port4
  2. HUB1-VPN1
  3. port1
  4. port2

Answer(s): D



You manage an SD-WAN topology. You will soon deploy 50 new branches.

Which three tasks can you do in advance to simplify this deployment? (Choose three.)

  1. Update the DHCP server configuration.
  2. Create model devices.
  3. Create a ZTP template.
  4. Define metadata variables value for each device.
  5. Create policy blueprint.

Answer(s): B,C,E

Explanation:

When planning to deploy a large number of branches (e.g., 50), Fortinet recommends several preparatory steps to simplify and automate the rollout. Creating model devices allows you to predefine configurations and settings that can be cloned or adapted for each branch, saving time and minimizing manual errors. Preparing a Zero Touch Provisioning (ZTP) template enables automatic onboarding and provisioning of new FortiGates as soon as they come online, reducing manual intervention. Lastly, creating a policy blueprint allows for standardized policy deployment across all branches, ensuring consistent security and SD-WAN rule enforcement. This holistic approach streamlines the deployment process, allows for rapid scaling, and ensures that all devices are configured according to corporate policy from day one.


Reference:

Fortinet SD-WAN 7.4 Reference Architecture, "ZTP and Model Device Strategies for Scalable Rollouts"

FortiManager Admin Guide, "Policy Blueprints and Automation for Branch Deployment"



Viewing Page 1 of 13



Share your comments for Fortinet FCSS_SDW_AR-7.6 exam with other users:

sarra 1/17/2024 3:44:00 AM

the aaa triad in information security is authentication, accounting and authorisation so the answer should be d 1, 3 and 5.
UNITED KINGDOM


DBS 5/14/2023 12:56:00 PM

need to attend this
UNITED STATES


Da_costa 8/1/2023 5:28:00 PM

these are free brain dumps i understand, how can one get free pdf
Anonymous


vikas 10/28/2023 6:57:00 AM

provide access
EUROPEAN UNION


Abdullah 9/29/2023 2:06:00 AM

good morning
Anonymous


Raj 6/26/2023 3:12:00 PM

please upload the ncp-mci 6.5 dumps, really need to practice this one. thanks guys
Anonymous


Miguel 10/5/2023 12:21:00 PM

question 16: https://help.salesforce.com/s/articleview?id=sf.care_console_overview.htm&type=5
SPAIN


Hiren Ladva 7/8/2023 10:34:00 PM

yes i m prepared exam
Anonymous


oliverjames 10/24/2023 5:37:00 AM

my experience was great with this site as i studied for the ms-900 from here and got 900/1000 on the test. my main focus was on the tutorials which were provided and practice questions. thanks!
GERMANY


Bhuddhiman 7/20/2023 11:52:00 AM

great course
UNITED STATES


Anuj 1/14/2024 4:07:00 PM

very good question
Anonymous


Saravana Kumar TS 12/8/2023 9:49:00 AM

question: 93 which statement is true regarding the result? sales contain 6 columns and values contain 7 columns so c is not right answer.
INDIA


Lue 3/30/2023 11:43:00 PM

highly recommend just passed my exam.
CANADA


DC 1/7/2024 10:17:00 AM

great practice! thanks
UNITED STATES


Anonymus 11/9/2023 5:41:00 AM

anyone who wrote this exam recently?
SOUTH AFRICA


Khalid Javid 11/17/2023 3:46:00 PM

kindly share the dump
Anonymous


Na 8/9/2023 8:39:00 AM

could you please upload cfe fraud prevention and deterrence questions? it will be very much helpful.
Anonymous


shime 10/23/2023 10:03:00 AM

this is really very very helpful for mcd level 1
ETHIOPIA


Vnu 6/3/2023 2:39:00 AM

very helpful!
Anonymous


Steve 8/17/2023 2:19:00 PM

question #18s answer should be a, not d. this should be corrected. it should be minvalidityperiod
CANADA


RITEISH 12/24/2023 4:33:00 AM

thanks for the exact solution
Anonymous


SB 10/15/2023 7:58:00 AM

need to refer the questions and have to give the exam
INDIA


Mike Derfalem 7/16/2023 7:59:00 PM

i need it right now if it was possible please
Anonymous


Isak 7/6/2023 3:21:00 AM

i need it very much please share it in the fastest time.
Anonymous


Maria 6/23/2023 11:40:00 AM

correct answer is d for student.java program
IRELAND


Nagendra Pedipina 7/12/2023 9:10:00 AM

q:37 c is correct
INDIA


John 9/16/2023 9:37:00 PM

q6 exam topic: terramearth, c: correct answer: copy 1petabyte to encrypted usb device ???
GERMANY


SAM 12/4/2023 12:56:00 AM

explained answers
INDIA


Andy 12/26/2023 9:35:00 PM

plan to take theaws certified developer - associate dva-c02 in the next few weeks
SINGAPORE


siva 5/17/2023 12:32:00 AM

very helpfull
Anonymous


mouna 9/27/2023 8:53:00 AM

good questions
Anonymous


Bhavya 9/12/2023 7:18:00 AM

help to practice csa exam
Anonymous


Malik 9/28/2023 1:09:00 PM

nice tip and well documented
Anonymous


rodrigo 6/22/2023 7:55:00 AM

i need the exam
Anonymous