Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

FCP-FMG-AD-7-6 by Fortinet - Page 1 | ExamCademy

Mode Selection

Sort:

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Log In / Sign Up

Page 1 of 3 • Questions 1-25 of 62

1 2 3

→

Know a question that should be here? Contribute to this exam

Refer to the exhibit.

Question Image

An administrator has created a firewall address object that is used in multiple policy packages for multiple FortiGate devices in an ADOM.
After the installation operation is performed, which IP/netmask will be installed on Remote-Firewall [VDOM1] for the LAN firewall address object?

A 21.21.2.5/255.255.255.255
B 172.16.5.20/255.255.255.255
C 172.16.5.0/255.255.255.0
D 10.10.10.5/255.255.255.255

The administrator uses FortiManager to push a CLI script using the Remote FortiGate Directly (via CLI) option to configure an IPsec VPN. However, when running the script, the administrator receives the following error: config vpn ipsec phase2-interface [parameter(s) invalid. detail: object mismatch]
What must the administrator do to resolve the script error and successfully apply the IPsec configuration?

A Add the end command after finishing the IPsec phase 1-interface configuration block.
B Use IPsec templates to deploy provisioning templates.
C Add a second config vpn ipsec phase2-interface block without linking it to phase1.
D Run the script using the policy package or ADOM database method.

An administrator configures a new BGP peer in the FortiManager device-level database of FortiGate. They reinstall the policy package to the managed FortiGate device without any errors. However, when the administrator logs in to FortiGate, they do not see the BGP configuration changes.
What is the most likely reason why FortiManager did not push the BGP peer changes to FortiGate?

A The administrator must run a sanity check on FortiManager to make sure the database is not corrupted.
B Fortigate has a BGP template assigned on the FortiManager database.
C The administrator must use the Install Wizard and select Install device settings only to push BGP settings
D The FortiGate firmware version is different from the FortiManager ADOM version.

An administrator is copying a system template profile between ADOMs by running the following command: execute fmprofile export-profile ADOM 3547 /tmp/Backup_File output dump to file: [/tmp/Backup_File]
Where does this command export the system template profile from?

A FortiManager /tmp/Backup_File folder
B FortiManager ADOM policy database
C ADOM device database
D FortiManager configuration backup file

Refer to the exhibit.

Question Image

An administrator added a FortiGate device to FortiManager with the default object settings at the ADOM layer.
What can you conclude from the import policy package process of the HQ-NGFW- 1 device?

A The administrator must select Per Platform for all interfaces to correctly detect all interfaces from HQ-NGFW-1.
B The administrator must manually create the port4 interface on the ADOM layer to avoid import policy errors.
C FortiManager will create LAN, port4, and port6 as normalized interfaces at the ADOM layer.
D FortiGate may not work as expected when the administrator does not import all objects.

Refer to the exhibits.

Question Image

An administrator needed to recover all the configurations related to the user, Support. The configurations were saved in configuration revision ID 9.
The administrator reverted the configuration using the Configuration Revision History window and received the CLI output shown in the exhibit.
What can you conclude from the CLI output?

A The administrator set the flag to 0 to prevent configuration overrides.
B The administrator reinstalled the policy package.
C The administrator needs to retrieve the device to correctly detect the FortiGate firmware version.
D The administrator installed only the device-level configuration.

Refer to the exhibit.

Question Image

What can you conclude from the downloaded import report?

A FortiManager does not support per-device mapping for firewall addresses.
B The administrator will see a new policy package named Remote-FortiGate_root in the FortiManager ADOM database.
C ortiManager will change the configuration of REMOTE_SUBNET to match the interface mapping coming in from Remote-FortiGate.
D As a result of this policy import process, FortiManager will create a new firewall address called REMOTE_SUBNET in the ADOM database.

Refer to the exhibits.

Question Image

An administrator runs the reload failure command diagnose test deploymanager reloadconf 262 on FortiManager.
Why does the administrator receive an error message?

A The administrator must use the FortiGate name instead of the ID number.
B The administrator just recently added FortiGate HQ-NGFW as a model device.
C FortiManager requires the FortiGate serial number instead of the ID number.
D FortiManager does not support FortiOS version 7.0.

You want to let multiple administrators work in the same ADOM without creating configuration conflicts.
What is the best and the most effective solution to apply?

A Configure RADIUS authentication to assign ADOM roles to each user.
B Enable workflow mode, which is the only way to prevent concurrent configuration conflicts.
C Assign administrators with JSON API access to the FortiManager.
D Activate workspace mode in the ADOM settings.

Refer to the exhibits.

Question Image

FortiGate HQ-NGFW-1 downloads and validates FortiGuard databases from FortiManager which acts as a local FortiGuard Distribution Server (FDS) in a closed network. An administrator pushes a new firewall policy with an intrusion prevention system (IPS) profile from FortiManager to FortiGate HQ- NGFW-1 However, FortiGate does not recognize the new IPS signature from FortiManager.
What is the most likely reason why FortiGate HQ-NGFW-1 does not recognize the new IPS signature?

A FortiGate must enable rating for the FortiManager IP address, 192.168.1.120, in server list 1.
B FortiManager and FortiGate have different IPS database versions.
C The administrator must enable IPv6 connections for FortiGuard services on FortiManager.
D The administrator must enable the fortiguard-anycast option to correctly download all signatures from the local FDS.

While attempting to push a NetFlow configuration script through the FortiManager policy package: an administrator encounters an error stating that an object is unrecognized in line 4.

Question Image

What must the administrator do to successfully apply the NetFlow configuration script and avoid the object unrecognized error?

A Make sure the user running the script has full access to the VDOM—AGEUSR.
B Run the script on the device database.
C Use metadata variables if they use VDOMs in the script.
D Create a normalized interface on the policy layer before running the script.

What is the best explanation of how FortiManager helps with mass provisioning?

A It upgrades the OS of each FortiGate device.
B It provides local FortiGuard Distribution Server (FDS) services to the network.
C It uses templates to configure the same settings on many devices simultaneously.
D It sends email alerts when new devices connect.

Refer to the exhibit.

Question Image

If the monitored interface for the primary FortiManager device fails, what must you do to maintain high availability (HA)?

A The FortiManager HA failover is transparent to administrators and does not require any additional action.
B Manually promote one of the working secondary devices to the primary role: and reboot the original primary device to remove the peer IP address of the failed device.
C Reconfigure the primary device to remove the peer IP address of the failed device from its configuration.
D Check the integrity database of the primary device to force a secondary device to become the new primary with all active interfaces.

FCP-FMG-AD-7-6Preview

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

That's the end of the Preview