FortiManager 5.4 Specialist v1.0 (NSE5-FMG-5.4)

Page:    1 / 4   
Total 56 questions

View the following exhibit:


Which one of the following statements is true regarding installation targets in the Install On column?

  • A. Policy seq.# 3 will be installed on all managed devices and VDOMs that are listed under Installation Targets.
  • B. Policy seq.# 3 will be installed on the Trainer[NAT] VDOM only.
  • C. Policy seq.# 3 will not be installed on any managed device.
  • D. The Install On column value represents successful installations on the managed devices.


Answer : B

Refer to the following exhibit:


Which of the following statements are true based on this configuration? (Choose two.)

  • A. Unlocking an ADOM will submit configuration changes automatically to the approval administrator.
  • B. Unlocking an ADOM will install configuration changes automatically on managed devices.
  • C. Ungraceful closed sessions will keep the ADOM in a locked state until the administrator session times out.
  • D. The same administrator can lock more than one ADOM at the same time.


Answer : CD

Explanation: To enable ADOM locking and disable concurrent ADOM access: config system global set workspace-mode normal end
Reference:
http://help.fortinet.com/fmgr/cli/5-6-2/Document/0800_ADOMs/200_Configuring+.htm

View the following exhibit:


An administrator is importing a new device to FortiManager and has selected the shown options. What will happen if the administrator makes the changes and installs the modified policy package on this managed FortiGate?

  • A. The unused objects that are not tied to the firewall policies will be installed on FortiGate.
  • B. The unused objects that are not tied to the firewall policies will remain as read-only locally on FortiGate.
  • C. The unused objects that are not tied to the firewall policies in policy package will be deleted from the FortiManager database.
  • D. The unused objects that are not tied to the firewall policies locally on FortiGate will be deleted.


Answer : A

In the event that the primary FortiManager fails, which of the following actions must be performed to return the FortiManager HA to a working state?

  • A. Secondary device with highest priority will automatically be promoted to the primary role, and manually reconfigure all other secondary devices to point to the new primary device.
  • B. FortiManager HA state transition is transparent to administrators and does not require any reconfiguration.
  • C. Manually promote one of the secondary devices to the primary role, and reconfigure all other secondary devices to point to the new primary device.
  • D. Reboot one of the secondary devices to promote it automatically to the primary role, and reconfigure all other secondary devices to point to the new primary device.


Answer : C

Explanation:
If the primary FortiManager unit fails you must manually configure one of the backup units to become the primary unit. The new primary unit will have the same IP addresses as it did when it was the backup unit
Reconfigure the cluster by removing the failed unit from the cluster configuration. If the primary unit has failed, this means configuring one of the backup units to be the primary unit and adding peer IPs for all of the remaining backup units to the new primary unit configuration.
Reference:
http://help.fortinet.com/fmgr/50hlp/60/6-0-0/FMG-FAZ/2600_HA/0000_HA.htm http://help.fortinet.com/fmgr/50hlp/60/6-0-0/FMG-FAZ/2600_HA/0010_FMG%20Primary%20or%20Backup%20Fails.htm

In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices. The administrator sent a device registration request to FortiManager from a remote FortiGate. Which one of the following statements is true?

  • A. The FortiGate will be automatically added to the Training ADOM.
  • B. By default, the unregistered FortiGate will appear in the root ADOM.
  • C. The FortiManager administrator must add the unregistered device manually to the Training ADOM using the Add Device wizard.
  • D. The FortiGate will be added automatically to the default ADOM named FortiGate.


Answer : B

Which of the following statements are true regarding VPN Gateway configuration in VPN Manager? (Choose two.)

  • A. Managed gateways are devices managed by FortiManager in the same ADOM
  • B. External gateways are third-party VPN gateway devices only
  • C. Protected subnets are the subnets behind the device that you don"™t want to allow access to over the IPsec VPN
  • D. Managed devices in other ADOMs must be treated as external gateways


Answer : AD

Reference:
http://help.fortinet.com/fmgr/50hlp/56/5-6-1/FMG-FAZ/1300_VPN_Manager/0800_IPsec_VPN_Gateway/0400_Create_mngd_gateway.htm

An administrator"™s PC crashed before the administrator could submit a workflow session for approval. After the PC restarted, the administrator noticed that the
ADOM was locked from the session before the crash. How can the administrator unlock the ADOM?

  • A. The administrator must log in as Super_User in order to unlock the ADOM.
  • B. The administrator must restore the configuration from a previous backup.
  • C. Delete the previous admin session manually through the FortiManager"™s GUI or CLI.
  • D. The administrator must log in using the same administrator account to unlock the ADOM


Answer : D

An administrator removed one of the secondary devices from the FortiManager HA cluster. What change will be pushed by the primary FortiManager device?

  • A. FortiManager will remove the secondary device"™s IP address and serial number immediately from the central management configuration of managed devices.
  • B. FortiManager will remove the secondary device"™s serial number immediately from the central management configuration of managed devices.
  • C. FortiManager will remove the secondary device"™s IP address immediately from the central management configuration of managed devices.
  • D. FortiManager will remove the secondary device"™s IP address from the server-list configuration central management configuration of managed devices.


Answer : A

Which of the following are included in the FortiManager backup? (Choose two.)

  • A. Global database
  • B. FortiGuard database
  • C. Logs
  • D. All devices


Answer : CD

Which of the following statements are true regarding reverting to previous revision version from the revision history? (Choose two.)

  • A. To push these changes to a managed device, it required an install operation to the managed FortiGate.
  • B. Reverting to a previous revision history will generate a new version ID and remove all other history versions.
  • C. Reverting to a previous revision history will tag the device settings status as Auto-Update.
  • D. It will modify device-level database


Answer : AD

View the following exhibit:


An administrator logs in to the FortiManager GUI and sees these panes. Which of the following can be the reason the FortiAnalyzer feature panes don"™t appear?
(Choose two.)

  • A. The administrator IP address is not a part of the trusted hosts configured on FortiManager"™s interfaces.
  • B. FortiAnalyzer features are not enabled on FortiManager.
  • C. The administrator logged in using unsecure protocol HTTP, so the view is restricted.
  • D. The administrator profile does not have full access privileges like the Super_User profile


Answer : AB

An administrator has assigned a global policy package to custom ADOM1. Then the administrator created a new policy package, Fortinet, in the custom ADOM1.
Which one of the following statements is true regarding global policy package assignment to the newly-created policy package Fortinet?

  • A. When a new policy package is created, you need to reapply the global policy package to the ADOM.
  • B. When a new policy package is created, it automatically assigns the global policies to the new package.
  • C. When a new policy package is created, you need to assign the global policy package from the global ADOM.
  • D. When a new policy package is created, you can select the option to assign the global policies to the new package.


Answer : B

An administrator has enabled Service Access on FortiManager. What is the purpose of Service Access on the FortiManager interface?

  • A. Allows FortiManager to run real-time debugs on the managed devices.
  • B. Allows FortiManager to respond to requests for FortiGuard services from FortiGate devices.
  • C. Allows FortiManager to automatically configure a default route.
  • D. Allows FortiManager to download IPS packages.


Answer : B

What is the purpose of the ADOM revisions?

  • A. To revert individual policy packages and device-level settings for a managed FortiGate by reverting to a specific ADOM revision.
  • B. To create System Checkpoints for the FortiManager configuration.
  • C. To save the current state of all policy packages and objects for an ADOM.
  • D. To save the current state of the whole ADOM.


Answer : C

An administrator configured a new firewall policy on FortiManager and has yet pushed to the managed FortiGate. In which database will the configuration be saved?

  • A. Configuration-level database
  • B. Device-level database
  • C. ADOM-level database
  • D. Revision history database


Answer : B

Page:    1 / 4   
Total 56 questions