Page: 1
/ 3
Total 38 questions
An administrator would like to review, approve, or reject all the firewall policy changes made by the junior administrators.
How should the Workspace mode be configured on FortiManager?
- A. Set to workflow and use the ADOM locking feature
- B. Set to read/write and use the policy locking feature
- C. Set to normal and use the policy locking feature
- D. Set to disable and use the policy locking feature
Answer : A
You are moving managed FortiGate devices from one ADOM to a new ADOM.
Which statement correctly describes the expected result?
- A. Any pending device settings will be installed automatically
- B. Any unused objects from a previous ADOM are moved to the new ADOM automatically
- C. The shared policy package will not be moved to the new ADOM
- D. Policy packages will be imported into the new ADOM automatically
Answer : D
Refer to the exhibit.
An administrator has configured the command shown in the exhibit on FortiManager. A configuration change has been installed from FortiManager to the managed FortiGate that causes the FGFM tunnel to go down for more than 15 minutes.
What is the purpose of this command?
- A. It allows FortiGate to unset central management settings.
- B. It allows FortiGate to reboot and recover the previous configuration from its configuration file.
- C. It allows the FortiManager to revert and install a previous configuration revision on the managed FortiGate.
- D. It allows FortiGate to reboot and restore a previously working firmware image.
Answer : B
Reference:
https://docs.fortinet.com/document/fortimanager/6.2.0/fortigate-fortimanager-communications-protocol-guide/141304/fgfm-recovery-logic
Which two items does an FGFM keepalive message include? (Choose two.)
- A. FortiGate configuration checksum
- B. FortiGate IPS version
- C. FortiGate license information
- D. FortiGate uptime
Answer : AB
An administrator would like to create an SD-WAN using central management in the Training ADOM.
To create an SD-WAN using central management, which two steps must be completed? (Choose two.)
- A. Specify a gateway address when you create a default SD-WAN static route
- B. Enable SD-WAN central management in the Training ADOM
- C. Configure and install the SD-WAN firewall policy and SD-WAN static route before installing the SD-WAN template settings
- D. Remove all the interface references such as routes or policies that will be a part of SD-WAN member interfaces
Answer : BD
What is the purpose of ADOM revisions?
- A. To create System Checkpoints for the FortiManager configuration.
- B. To save the current state of the whole ADOM.
- C. To save the current state of all policy packages and objects for an ADOM.
- D. To revert individual policy packages and device-level settings for a managed FortiGate by reverting to a specific ADOM revision
Answer : C
Refer to the exhibit.
What can you conclude from the failed installation log shown in the exhibit?
- A. Policy ID 2 will not be installed.
- B. Policy ID 2 is installed without a source device.
- C. Policy ID 2 is installed without a source address.
- D. Policy ID 2 is installed in the disabled state.
Answer : B
An administrator has assigned a global policy package to custom ADOM1. Then the administrator creates a new policy package, Fortinet, in the custom ADOM1.
Which statement about the global policy package assignment to the newly-created policy package Fortinet is true?
- A. When a new policy package is created, it automatically assigns the global policies to the new package.
- B. When a new policy package is created, you need to assign the global policy package from the global ADOM.
- C. When a new policy package is created, you need to reapply the global policy package to the ADOM.
- D. When a new policy package is created, you can select the option to assign the global policies to the new package.
Answer : A
Refer to the exhibit.
Review the Download Import Report.
Why is it failing to import firewall policy ID 2?
- A. Policy ID 2 does not have ADOM Interface mapping configured on FortiManager.
- B. Policy ID 2 for this managed FortiGate already exists on FortiManager in policy package named Remote-FortiGate.
- C. The address object used in policy ID 2 already exists in the ADOM database with any as the interface association, and conflicts with the address object interface association locally on FortiGate.
- D. Policy ID 2 is configured from the interface any to port6. FortiManager rejects to import this policy because the any interface does not exist on FortiManager.
Answer : C
An administrator with the Super_User profile is unable to log in to FortiManager because of an authentication failure message.
Which troubleshooting step should you take to resolve the issue?
- A. Make sure the administrator IP address is part of the trusted hosts
- B. Make sure ADOMs are enabled and the administrator has access to the Global ADOM
- C. Make sure FortiManager Access is enabled in the administrator profile
- D. Make sure Offline Mode is disabled
Answer : A
In the event that the primary FortiManager fails, which action must be performed to return the FortiManager HA to a working state?
- A. The secondary device with highest priority will automatically be promoted to the primary role, and you must manually reconfigure all other secondary devices to point to the new primary device.
- B. Manually promote one of the secondary devices to the primary role, and reconfigure all other secondary devices to point to the new primary device.
- C. Reboot one of the secondary devices to promote it automatically to the primary role, and reconfigure all other secondary devices to point to the new primary device.
- D. FortiManager HA state transition is transparent to administrators and does not require any reconfiguration.
Answer : B
Refer to the exhibit.
If both FortiManager and FortiGate are behind the NAT devices, what are the two expected results? (Choose two.)
- A. During discovery, the FortiManager NATed IP address is not set by default on FortiGate.
- B. FortiGate can announce itself to FortiManager only if the FortiManager non-NATed IP address is configured on FortiGate under central management.
- C. FortiGate is discovered by FortiManager through the FortiGate NATed IP address.
- D. If the FGFM tunnel is torn down, FortiManager will try to re-establish the FGFM tunnel.
Answer : AC
Refer to the exhibit.
Given the configurations shown in the exhibit, what can you conclude from the installation targets in the Install On column?
- A. Policy seq.# 3 will not be installed on any managed device.
- B. Policy seq.# 3 will be installed on the Trainer[NAT] VDOM only.
- C. Policy seq.# 3 will be installed on all managed devices and VDOMs that are listed under Installation Targets.
- D. The Install On column value represents successful installations on the managed devices.
Answer : C
What will be the result of reverting to a previous revision version in the revision history?
- A. It will install configuration changes to managed device automatically
- B. It will tag the device settings status as Auto-Update
- C. It will generate a new version ID and remove all other revision history versions
- D. It will modify the device-level database
Answer : D
What does a policy package status of Conflict indicate?
- A. The policy package reports inconsistencies and conflicts during a Policy Consistency Check.
- B. The policy package does not have a FortiGate as the installation target.
- C. The policy package configuration has been changed on both FortiManager and the managed device independently.
- D. The policy configuration has never been imported after a device was registered on FortiManager.
Answer : A
30 days access 