An administrator has created a firewall address object that is used in multiple policy packages for multiple FortiGate devices in an ADOM.
After the installation operation is performed, which IP/netmask will be installed on Remote-Firewall [VDOM1] for the LAN firewall address object?
The administrator uses FortiManager to push a CLI script using the Remote FortiGate Directly (via CLI) option to configure an IPsec VPN. However, when running the script, the administrator receives the following error: config vpn ipsec phase2-interface [parameter(s) invalid. detail: object mismatch]
What must the administrator do to resolve the script error and successfully apply the IPsec configuration?
AAdd the end command after finishing the IPsec phase 1-interface configuration block.
BUse IPsec templates to deploy provisioning templates.
CAdd a second config vpn ipsec phase2-interface block without linking it to phase1.
DRun the script using the policy package or ADOM database method.
An administrator configures a new BGP peer in the FortiManager device-level database of FortiGate. They reinstall the policy package to the managed FortiGate device without any errors. However, when the administrator logs in to FortiGate, they do not see the BGP configuration changes.
What is the most likely reason why FortiManager did not push the BGP peer changes to FortiGate?
AThe administrator must run a sanity check on FortiManager to make sure the database is not corrupted.
BFortigate has a BGP template assigned on the FortiManager database.
CThe administrator must use the Install Wizard and select Install device settings only to push BGP settings
DThe FortiGate firmware version is different from the FortiManager ADOM version.
An administrator is copying a system template profile between ADOMs by running the following command: execute fmprofile export-profile ADOM 3547 /tmp/Backup_File output dump to file: [/tmp/Backup_File]
Where does this command export the system template profile from?
AFortiManager /tmp/Backup_File folder
BFortiManager ADOM policy database
CADOM device database
DFortiManager configuration backup file
Refer to the exhibit.
An administrator added a FortiGate device to FortiManager with the default object settings at the ADOM layer.
What can you conclude from the import policy package process of the HQ-NGFW- 1 device?
AThe administrator must select Per Platform for all interfaces to correctly detect all interfaces from HQ-NGFW-1.
BThe administrator must manually create the port4 interface on the ADOM layer to avoid import policy errors.
CFortiManager will create LAN, port4, and port6 as normalized interfaces at the ADOM layer.
DFortiGate may not work as expected when the administrator does not import all objects.
Question 6
Centralized management
0
Question 7
Centralized management
Question 8
Rules and routing
Question 9
Centralized management
Question 10
Centralized management
Question 11
Centralized management
Question 12
Centralized management
Question 13
Centralized management
Question 14
Centralized management
Question 15
Centralized management
Question 16
Centralized management
Question 17
Centralized management
Question 18
Centralized management
Question 19
Centralized management
Question 20
Centralized management
Question 21
Centralized management
Question 22
Centralized management
Question 23
Centralized management
Question 24
Centralized management
Question 25
Rules and routing
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Refer to the exhibits.
An administrator needed to recover all the configurations related to the user, Support. The configurations were saved in configuration revision ID 9.
The administrator reverted the configuration using the Configuration Revision History window and received the CLI output shown in the exhibit.
What can you conclude from the CLI output?
AThe administrator set the flag to 0 to prevent configuration overrides.
BThe administrator reinstalled the policy package.
CThe administrator needs to retrieve the device to correctly detect the FortiGate firmware version.
DThe administrator installed only the device-level configuration.
You want to let multiple administrators work in the same ADOM without creating configuration conflicts.
What is the best and the most effective solution to apply?
AConfigure RADIUS authentication to assign ADOM roles to each user.
BEnable workflow mode, which is the only way to prevent concurrent configuration conflicts.
CAssign administrators with JSON API access to the FortiManager.
DActivate workspace mode in the ADOM settings.
Refer to the exhibit.
What can you conclude from the downloaded import report?
AFortiManager does not support per-device mapping for firewall addresses.
BThe administrator will see a new policy package named Remote-FortiGate_root in the FortiManager ADOM database.
CortiManager will change the configuration of REMOTE_SUBNET to match the interface mapping coming in from Remote-FortiGate.
DAs a result of this policy import process, FortiManager will create a new firewall address called REMOTE_SUBNET in the ADOM database.
Refer to the exhibits.
An administrator runs the reload failure command diagnose test deploymanager reloadconf 262 on FortiManager.
Why does the administrator receive an error message?
AThe administrator must use the FortiGate name instead of the ID number.
BThe administrator just recently added FortiGate HQ-NGFW as a model device.
CFortiManager requires the FortiGate serial number instead of the ID number.
DFortiManager does not support FortiOS version 7.0.
Refer to the exhibits.
FortiGate HQ-NGFW-1 downloads and validates FortiGuard databases from FortiManager which acts as a local FortiGuard Distribution Server (FDS) in a closed network. An administrator pushes a new firewall policy with an intrusion prevention system (IPS) profile from FortiManager to FortiGate HQ- NGFW-1 However, FortiGate does not recognize the new IPS signature from FortiManager.
What is the most likely reason why FortiGate HQ-NGFW-1 does not recognize the new IPS signature?
AFortiGate must enable rating for the FortiManager IP address, 192.168.1.120, in server list 1.
BFortiManager and FortiGate have different IPS database versions.
CThe administrator must enable IPv6 connections for FortiGuard services on FortiManager.
DThe administrator must enable the fortiguard-anycast option to correctly download all signatures from the local FDS.
While attempting to push a NetFlow configuration script through the FortiManager policy package: an administrator encounters an error stating that an object is unrecognized in line 4.
What must the administrator do to successfully apply the NetFlow configuration script and avoid the object unrecognized error?
AMake sure the user running the script has full access to the VDOM—AGEUSR.
BRun the script on the device database.
CUse metadata variables if they use VDOMs in the script.
DCreate a normalized interface on the policy layer before running the script.
What is the best explanation of how FortiManager helps with mass provisioning?
AIt upgrades the OS of each FortiGate device.
BIt provides local FortiGuard Distribution Server (FDS) services to the network.
CIt uses templates to configure the same settings on many devices simultaneously.
DIt sends email alerts when new devices connect.
Refer to the exhibit.
If the monitored interface for the primary FortiManager device fails, what must you do to maintain high availability (HA)?
AThe FortiManager HA failover is transparent to administrators and does not require any additional action.
BManually promote one of the working secondary devices to the primary role: and reboot the original primary device to remove the peer IP address of the failed device.
CReconfigure the primary device to remove the peer IP address of the failed device from its configuration.
DCheck the integrity database of the primary device to force a secondary device to become the new primary with all active interfaces.
An administrator has assigned a global policy package to a new ADOM named ADOM1.
What will happen if the administrator tries to create a new policy package in ADOM1?
AThe administrator will be able to select the option to assign the global policy package to the new policy package.
BFortiManager will automatically assign the global policy package to the new policy package.
CFortiManager will automatically install policies on the policy package in ADOM1.
DThe administrator will have to assign the global policy package from the global ADOM.
Refer to the exhibit.
What are two results from the configuration shown in the exhibit? (Choose two.)
AUngraceful closed sessions will keep the ADOM in a locked state until the administrator session times out.
BThe administrator can lock policy blocks and FortiManager global ADOM.
CThe same administrator can lock more than one ADOM at the same time.
DThe administrator must have access to the ADOM to approve changes.
Which output is displayed right after moving the ISFW device from one ADOM to another?
A
B
C
D
Refer to the exhibits.
An administrator needs to push a FortiToken Mobile to assign it to HR_user in the HQ-NGFW-1.
However, when installing the policy package, they receive the following error message:
Why is the administrator not able to install the FortiToken on the HQ-NGFW-1 firewall?
AThe administrator must use a user local meta field to assign FortiToken.
BThe administrator must use a valid FortiToken that exists on HQ-NGFW-1.
CThe administrator must use a metadata variable to assign the same FortiToken to multiple users in FortiManager.
DThe administrator must use per-device mapping to assign the FortiToken to HQ-NGFW-1.
Refer to the exhibit.
An administrator created two new meta fields in FortiManager.
Which operation can you perform with these parameters?
AYou can add them to objects as custom attributes.
BYou can export them to be used in other ADOMs.
CYou can use them as variables in scripts.
DYou can invoke them using the $ character.
Refer to the exhibit.
Which two statements about the output are true? (Choose two.)
AThe latest revision history for the managed FortiGate does not match the device-level database.
BConfiguration changes have been installed on FortiGate, updating policy and device-level database.
CThe latest revision history for the managed FortiGate does match the FortiManager policy database.
DThe system template default will override device-level database configurations.
Refer to the exhibit.
Which two results occur if you run the script using the Device Database option? (Choose two.)
AThe device Config Status is tagged as Modified.
BThe script history shows the successful installation of the script on the remote FortiGate.
CThe successful execution of a script on the Device Database creates a new revision history.
DThe administrator must install these changes on a managed device using the Install Wizard.
Refer to the exhibit.
FortiManager is operating behind a network address translation (NAT) device, and the administrator configured the FortiManager NATed IP address under the FortiManager system administration settings.
What is the expected result during discovery?
AFortiManager sets both the 100.65.0.120 IP address and 10.0.13.120 IP address on FortiGate.
BFortiManager sets both the 100.65.0.120 IP address and 100.65.0.101 IP address on FortiGate.
CFortiManager sets the 100.65.0.101 IP address on FortiGate.
DFortiManager sets the 100.65.0.120 IP address on FortiGate.
What is the purpose of ADOM revisions?
AADOM revisions find unused, duplicate, and unnecessary firewall policies and objects.
BADOM revisions show specific changes in a policy package when it is installed.
CADOM revisions compare previous snapshots of the Policy Package and ADOM-level objects with the device-level database.
DADOM revisions save the current state of all policy packages and objects for an ADOM.
Refer to the exhibit.
An administrator assigned a new policy package to FortiGate HQ-NGFW-1. In the installation preview, they noticed some settings they did not modify and are unsure about the changes.
Based on the exhibit, which two things will happen if they continue with the installation? (Choose two.)
AFortiGate HQ-NGFW-1 can use FortiManager firmware templates to upgrade firmware and ratings.
BFortiGate HQ-NGFW-1 can contact the FortiManager acting as FortiGuard Distribution Server (FDS) to download FortiGuard updates.
CFortiGate HQ-NGFW-1 will use the root_CA3 certificate in firewall address objects or policies.
DFortiManager will install the CA certificate named root_CA3 to authenticate FortiGate-to-FortiManager communication protocol (FGFM) tunnel connections with FortiGate HQ- NGFW-1.
Refer to the exhibits.
An administrator has been asked to install the same policies from a central policy package onto the BR1-FGT-1 firewall.
The administrator added BR1-FGT-1 as a target in the central policy package installation.
What should the administrator do when reinstalling the central policy package on the BR1-FGT-1 firewall?
AAssign only one policy package to the firewall because FortiManager does not allow more than one policy package assigned per device at the same time.
BImport the policy package to change the unknown status and synchronize the policy package.
CUse the install wizard to install the central policy package on the BR1-FGT-1 firewall.
DFirst resolve the modified status in the configuration and provisioning templates to allow a smooth installation.
Push updates are failing on a FortiGate device located behind a network address translation (NAT) device?
Which two settings should the administrator check to correct this problem? (Choose two.)
AMake sure the NAT device IP address and the correct ports are configured on FortiManager.
BMake sure FortiGuard updates and web service are enabled on the FortiGuard service interface.
CMake sure the virtual IP address and the correct ports are configured on the NAT device.
DMake sure the Bind to IP address option on the FortiGuard service interface is set to the virtual IP address from the NAT device.
