Page: 1
/ 3
Total 38 questions
What does a policy package status of Modified indicate?
- A. The policy configuration has been changed on a managed device and changes have not yet been imported into FortiManager.
- B. The policy package was never imported after a device was registered on FortiManager.
- C. FortiManager is unable to determine the policy package status.
- D. The policy configuration has been changed on FortiManager and changes have not yet been installed on the managed device.
Answer : D
Reference: http://help.fortinet.com/fmgr/50hlp/56/5-6-1/FortiManager_Admin_Guide/1200_Policy%20and%20Objects/0800_Managing%20policy%20packages/2200_Policy%20Package%20Installation%20targets.htm
Refer to the exhibit.
If both FortiManager and FortiGate are behind the NAT devices, what are the two expected results? (Choose two.)
- A. FortiGate can announce itself to FortiManager only if the FortiManager non-NATed IP address is configured on FortiGate under central management.
- B. If the FGFM tunnel is torn down, FortiManager will try to re-establish the FGFM tunnel.
- C. FortiGate is discovered by FortiManager through the FortiGate NATed IP address.
- D. During discovery, the FortiManager NATed IP address is not set by default on FortiGate.
Answer : CD
Fortimanager can discover FortiGate through a NATed FortiGate IP address. If a FortiManager NATed IP address is configured on FortiGate, then FortiGate can announce itself to FortiManager. FortiManager will not attempt to re-establish the FGFM tunnel to the FortiGate NATed IP address, if the FGFM tunnel is interrupted. Just like it was in the NATed FortiManager scenario, the FortiManager NATed IP address in this scenario is not configured under FortiGate central management configuration.
Which two settings must be configured for SD-WAN Central Management? (Choose two.)
- A. The first step in creating an SD-WAN using FortiManager is to create two SD-WAN firewall policies.
- B. You must create multiple SD-WAN interfaces per VDOM.
- C. When you configure an SD-WAN, you must specify at least two member interfaces.
- D. SD-WAN must be enabled on a per-ADOM basis.
Answer : CD
An administrator wants to delete an address object that is currently referenced in a firewall policy.
What can the administrator expect to happen?
- A. FortiManager will replace the deleted address object with the none address object in the referenced firewall policy.
- B. FortiManager will replace the deleted address object with the all address object in the referenced firewall policy.
- C. FortiManager will disable the status of the referenced firewall policy.
- D. FortiManager will not allow the administrator to delete a referenced address object.
Answer : A
Reference: https://help.fortinet.com/fmgr/50hlp/56/5-6-2/FortiManager_Admin_Guide/1200_Policy%20and%20Objects/1200_Managing%20objects/0800_Remove%20an%20object.htm
An administrator would like to review, approve, or reject all the firewall policy changes made by the junior administrators.
How should the Workspace mode be configured on FortiManager?
- A. Set to workflow and use the ADOM locking feature
- B. Set to disable and use the policy locking feature
- C. Set to normal and use the policy locking feature
- D. Set to read/write and use the policy locking feature
Answer : A
Reference: https://help.fortinet.com/fmgr/50hlp/52/5-2-0/FMG_520_Online_Help/200_What's-New.03.03.html
Refer to the exhibit.
Given the configuration shown in the exhibit, which two statements are true? (Choose two.)
- A. Ungraceful closed sessions will keep the ADOM in a locked state until the administrator session times out.
- B. The same administrator can lock more than one ADOM at the same time.
- C. Unlocking an ADOM will submit configuration changes automatically to the approval administrator.
- D. Unlocking an ADOM will install configuration changes automatically on managed devices.
Answer : AB
Reference: http://help.fortinet.com/fmgr/cli/5-6-2/Document/0800_AD0Ms/200_Configuring+.htm
Refer to the exhibits.
An administrator created a new system template named Training with two new DNS addresses on FortiManager. During the installation preview stage, the administrator notices that many unset commands need to be pushed.
What could be the main reason for these unset commands?
- A. The DNS addresses in the default system settings are the same as the Training system template.
- B. The ADOM is locked by another administrator.
- C. The Training system template does not have assigned devices.
- D. The Training system template has other default settings.
Answer : D
An administrator would like to create an SD-WAN using central management in the Training ADOM.
To create an SD-WAN using central management, which two steps must be completed? (Choose two.)
- A. Remove all the interface references for policies that will be a part of SD-WAN member interfaces.
- B. Configure and install the SD-WAN firewall policy and SD-WAN static route before installing the SD-WAN template settings.
- C. Enable SD-WAN central management in the Training ADOM.
- D. Specify a gateway address when you create a default SD-WAN static route.
Answer : AC
Reference: https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/676493/removing-existing-configuration-references-to-interfaces
Refer to the exhibit.
What can you conclude from the failed installation log shown in the exhibit?
- A. Policy ID 2 is installed in the disabled state.
- B. Policy ID 2 is installed without a source address.
- C. Policy ID 2 is installed without the remote user student.
- D. Policy ID 2 will not be installed.
Answer : C
Refer to the exhibit.
Which statement about the object named ALL is true?
- A. FortiManager updated the object ALL using the FortiGate value
- B. FortiManager updated the object ALL using the FortiManager value in its database.
- C. FortiManager created the object ALL as a unique entity in its database, which can be only used by this managed FortiGate.
- D. FortiManager installed the object ALL with the updated value
Answer : B
If a conflict is detected, FortiManager updates the object associated with the selected device. When you choose the FortiGate device value and import the address object ALL, an entry named update previous object is added to the import report
Refer to the exhibit.
What is the purpose of setting ADOM Mode to Advanced?
- A. This setting enables the ADOMs feature on FortiManager.
- B. This setting allows automatic updates to the policy package configuration for a managed device.
- C. This setting allows you to assign different VDOMs from the same FortiGate to different ADOMs.
- D. This setting disables concurrent ADOM access and adds ADOM locking.
Answer : C
Reference: https://docs.fortinet.com/document/fortianalyzer/7.0.0/administration-guide/66530/adom-device-modes
Refer to the exhibit.
An administrator, Trainer, who is assigned the Super_User profile, is trying to approve a workflow session that was submitted by another administrator, Student. However, Trainer is unable to approve the workflow session.
What can prevent an admin account that has Super_User rights over the device from approving a workflow session?
- A. Trainer must close Student's workflow session before approving the request.
- B. Trainer does not have full rights over this ADOM.
- C. Student, who submitted the workflow session, must first self-approve the request.
- D. Trainer is not a part of workflow approval group.
Answer : D
Reference: https://help.fortinet.com/fmgr/50hlp/56/5-6-1/FMG-FAZ/0800_ADOMs/1800_Workflow/0600_Workflow%20sessions.htm
Refer to the exhibit.
You are using the Quick Install option to install configuration changes on the managed FortiGate.
Which two statements correctly describe the result? (Choose two.)
- A. It will not create a new revision in the revision history.
- B. It provides the option to preview configuration changes prior to installing them.
- C. It cannot be canceled once initiated and changes will be installed on the managed device.
- D. It installs device-level changes to FortiGate without launching the Install Wizard.
Answer : CD
The Install Config option allows you to perform a quick installation of device-level settings without launching the Install Wizard. When you use this option, you cannot preview the changes prior to committing. Administrator should be certain of the changes before using this install option, because the install can’t be cancelled after the process is initiated.
Refer to the exhibit.
How will FortiManager try to get updates for antivirus and IPS?
- A. From the list of configured override servers that have the ability to fall back to public FDN servers.
- B. From the default server fdsl.fortinet.com.
- C. From public FDNI servers with the highest index number only.
- D. From the configured override server list only.
Answer : A
Reference: https://community.fortinet.com/t5/Fortinet-Forum/Clarification-of-FortiManager-s-quot-Server-Override-Mode-quot/td-p/89973
Refer to the exhibit.
Given the configurations shown in the exhibit, what can you conclude from the installation targets in the Install On column?
- A. Policy seq.# 3 will be installed on the TrainerNAT VDOM only.
- B. Policy seq.# 3 will be installed on all managed devices and VDOMs that are listed under Installation Targets.
- C. The Install On column value represents successful installations on the managed devices.
- D. Policy seq.# 3 will not be installed on any managed device.
Answer : B
30 days access 