How will FortiManager try to get updates for antivirus and IPS?
AFrom the list of configured override servers or public FDN servers
BFrom the default server fds1.fortinet.com
CFrom the configured override server IP address 10.0.1.50 only
DFrom public FDNI server IP address with the fourth highest octet only
An administrator has assigned a global policy package to a new ADOM called ADOM1.
What will happen if the administrator tries to create a new policy package in ADOM1?
AWhen a new policy package is created, the administrator must import the global policy package to ADOM1.
BWhen the new policy package is created, FortiManager automatically assigns the global policy package to the new policy package.
CWhen a new policy package is created, the administrator must assign the global policy package from the global ADOM.
DWhen creating a new policy package, the administrator can select the option to assign the global policy package to the new policy package.
An administrator would like to review, approve or reject all the firewall policy changes made by the junior administrators.
How should the workspace mode settings be configured on FortiManager?
ASet to normal and using the approval group feature
BSet to read/write and using the policy locking feature
CSet to workflow and using the ADOM locking feature
DSet to workspace and using the policy locking feature
Refer to the exhibit.
Which statement is true about the FortiManager ADOM policy tab based on the API request?
AThe API command has enabled both central NAT and interface policy on the policy tab.
BThe API command has requested the policy tab permissions information only.
CThe API command has failed when requesting policy tab permissions information.
DThe API command has applied to customer with ID: 200.
Question 6
Deployment and System Configuration
0
Question 7
Policy Objects
Question 8
Device Management
Question 9
Troubleshooting and Administration
Question 10
Policy Objects
Question 11
Troubleshooting and Administration
Question 12
Deployment and System Configuration
Question 13
Troubleshooting and Administration
Question 14
Troubleshooting and Administration
Question 15
Troubleshooting and Administration
Question 16
Policy and Objects in Installation
Question 17
Troubleshooting and Administration
Question 18
Deployment and System Configuration
Question 19
Policy and Objects in Installation
Question 20
Policy and Objects in Installation
Question 21
Policy and Objects in Installation
Question 22
Device Management
Question 23
Deployment and System Configuration
Question 24
Troubleshooting and Administration
Question 25
Device Management
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Refer to the exhibit.
What will happen if the script is run using the Remote FortiGate Directly (via CLI) option? (Choose two.)
AFortiManager provides a preview of CLI commands before executing this script on a managed FortiGate.
BFortiManager will create a new revision history.
CFortiGate will auto-update the FortiManager device-level database.
DYou must install these changes using the Install Wizard.
An administrator created a header and footer global policy package and assigned it to an ADOM.
What are two outcomes from this action? (Choose two.)
AYou must manually move the header and footer policies after the policy assignment.
BAfter you assign the global policy package to an ADOM, the policy package is hidden from the ADOM and cannot be viewed.
CIf you assign an additional global policy package to the same ADOM, FortiManager removes previously assigned policies.
DYou can edit or delete all the global objects in the global ADOM.
You are moving managed FortiGate devices from one ADOM to a new ADOM.
Which statement correctly describes the expected result?
AThe shared device settings will be installed automatically.
BAny unused objects from a previous ADOM are moved to the new ADOM automatically.
CThe shared policy package will not be moved to the new ADOM.
DPolicy packages will be imported into the new ADOM automatically.
Refer to the exhibit -
Which two statements about the output are true? (Choose two.)
AConfiguration changes have been installed on FortiGate, which means the FortiGate configuration has been changed.
BThe latest revision history for the managed FortiGate does match the FortiGate running configuration.
CConfiguration changes directly made on FortiGate have been automatically updated to the device-level database.
DThe latest revision history for the managed FortiGate does not match the device-level database.
An administrator enabled workspace mode and now wants to delete an address object that is currently referenced in a firewall policy.
Which two results can the administrator expect to happen? (Choose two.)
AFortiManager will temporarily change the status of the referenced firewall policy.
BFortiManager will disable the status of the address object.
CFortiManager will replace the deleted address object with the none address object in the referenced firewall policy.
DFortiManager will not allow the administrator to delete a referenced address object until the ADOM is locked.
An administrator, Trainer, who is assigned the Super_User profile, is trying to approve a workflow session that was submitted by another administrator, Student. However, Trainer is unable to approve the workflow session.
What can prevent an admin account that has Super_User rights over the device from approving a workflow session?
ATrainer must first create their own workflow session to approve student session.
BTrainer is not a part of workflow approval group.
CTrainer must close Student’s workflow session before approving the request.
DTrainer does not have full rights over this ADOM.
Which configuration setting for FortiGate is part of an ADOM-level database on FortiManager?
ARouting
BNSX-T Service Template
CSNMP
DSecurity profiles
In the event that one of the secondary FortiManager devices fails, which action must be performed to return the FortiManager HA manual mode to a working state?
AThe FortiManager HA state transition is transparent to administrators and does not require any reconfiguration.
BManually promote one of the working secondary devices to the primary role, and reboot the old primary device to remove the peer IP of the failed device.
CReconfigure the primary device to remove the peer IP of the failed device.
DReboot the failed device to remove its IP from the primary device.
Which two statements about the scheduled backup of FortiManager are true? (Choose two.)
AIt can be configured using the CLI and GUI.
BIt does not back up firmware images saved on FortiManager.
CIt backs up all devices and the FortiGuard database.
DIt supports FTP, SCP, and SFTP.
Refer to the exhibit.
A junior administrator is troubleshooting a FortiManager connectivity issue that is occurring with managed FortiGate devices.
Given the FortiManager device manager settings shown in the exhibit, what can you conclude from the exhibit?
AFortiManager lost internet connectivity, therefore, both devices appear to be down.
BThe administrator must refresh both devices to restore connectivity.
CThe administrator had restored the FortiManager configuration file.
DThe administrator can reclaim the FGFM tunnel to get both devices online.
Refer to the exhibit.
An administrator is importing a new device to FortiManager and has selected the options shown in the exhibit.
What will happen if the administrator makes the changes and installs the modified policy package on this managed FortiGate?
AThe unused objects that are not tied to the firewall policies locally on FortiGate will be deleted.
BThe unused objects that are not tied to the firewall policies in the policy package will be deleted from the FortiManager database.
CThe unused objects that are not tied to the firewall policies will remain as read-only locally on FortiGate.
DThe unused objects that are not tied to the firewall policies will be installed on FortiGate.
An administrator runs the reload failure command diagnose test deploymanager reloadconf <deviceid> on FortiManager.
What does this command do?
AIt reloads the policy package from the FortiManager to FortiGate.
BIt installs the latest configuration on the specified FortiGate and updates the revision history database.
CIt downloads the latest configuration from the specified FortiGate and performs a reload operation on the device database.
DIt compares and provides differences in configuration on FortiManager with the current running configuration of the specified FortiGate.
Refer to the exhibit.
If both FortiManager and FortiGate are behind the NAT devices, what are the two expected results? (Choose two.)
ADuring discovery, the FortiManager NATed IP address is not set by default on FortiGate.
BIf the FGFM tunnel is torn down, FortiManager will try to re-establish the FGFM tunnel.
CFortiGate is discovered by FortiManager through the FortiGate NATed IP address.
DFortiGate can announce itself to FortiManager only if the FortiManager non-NATed IP address is configured on FortiGate under central management.
What are two outcomes of ADOM revisions? (Choose two.)
AADOM revisions can save the current state of the whole ADOM.
BADOM revisions can save the current state of all policy packages and objects for an ADOM.
CADOM revisions can significantly increase the size of the configuration backups.
DADOM revisions can create System Checkpoints for the FortiManager configuration.
An administrator runs the Policy Check feature on FortiManager ADOM.
What will be the result?
AIt will find and provide recommendations to combine multiple separate policy packages into one common policy package.
BIt will find and merge duplicate policies in the policy package.
CIt will find and provide recommendations for optimizing policies in a policy package.
DIt will find and delete disabled firewall policies in the policy package.
Refer to the exhibit.
An administrator has created a firewall address object, Local, which is used in the Remote-FortiGate policy package.
When the installation operation is performed, which IP/Netmask will be installed on Remote-FortiGate, for the Local firewall address object?
A192.168.5.0/24
BRemote-FortiGate will automatically choose an IP/netmask based on its network interface settings.
C10.0.2.0/24
DIt will create the Local and Remote-Local firewall address objects on Remote-FortiGate with 192.168.5.0/24 and 10.0.2.0/24 values.
An administrator is replacing a failed device on FortiManager by running the following command: execute device replace sn <devname> <serialnum>.
Which device name and serial number must the administrator use?
AThe device name of the new device and serial number of the failed device
BThe device name and serial number of the failed device
CThe device name of the failed device and serial number of the new device
DThe device name and serial number of the new device
Refer to the exhibit.
Given the configuration shown in the exhibit, what are two results from this configuration? (Choose two.)
AUnlocking an ADOM will submit configuration changes automatically to the approval administrator.
BUngraceful closed sessions will keep the ADOM in a locked state until the administrator session times out.
CThe same administrator can lock more than one ADOM at the same time.
DUnlocking an ADOM will install configuration changes automatically on managed devices.
Which two conditions trigger FortiManager to create a new revision history? (Choose two.)
AWhen FortiManager is auto-updated with configuration changes made directly on a managed device
BWhen changes to the device-level database are made on FortiManager
CWhen FortiManager installs device-level changes on a managed device
DWhen a configuration revision is reverted to a previous revision in the revision history
Refer to the exhibit.
An administrator would like to create three ADOMs on FortiManager with different access levels based on departments.
What two conclusions can you draw from the design shown in the exhibit? (Choose two.)
AAdmin A can access VDOM2 and VDOM3 with the super user profile.
BThe FortiManager policies and objects database can be shared between the Financial and HR ADOMs.
CThe administrator must set the FortiManager ADOM mode to Advanced.
DThe administrator must configure FortiManager in workspace mode.
