Which of the following conditions trigger FortiManager to create a new revision history? (Choose two.)
When configuration revision is reverted to previous revision in the revision history When FortiManager installs device-level changes to a managed device When FortiManager is auto-updated with configuration changes made directly on a managed device When changes to device-level database is made on FortiManager.
What does the diagnose dvm check-integrity command do? (Choose two.)
Internally upgrades existing ADOMs to the same ADON version in order to clean up and correct the
ADOMsyntax Verifies and corrects unregistered, registered, and deleted device states Verifies and corrects database schemas in all object tables Verifies and corrects duplicate VDOM entries.
An administrator has assigned a global policy package to a new ADOM called ADOM1. What will happen if the
administrator tries to create a new policy package in ADOM1? When creating a new policy package, the administrator can select the option to assign the global Policy
package to the new policy package When a new policy package is created, the administrator needs to reapply the global policy package to
ADOM1. When a new policy package is created, the administrator must assign the global policy package from the
global ADOM. When the new policy package is created, FortiManager automatically assigns the global policy package to
the new policy package.
View the following exhibit.
Which one of the following statements is true regarding the object named ALL?
FortiManager updated the object ALL using FortiGate’s value in its database FortiManager updated the object ALL using FortiManager’s value in its database FortiManager created the object ALL as a unique entity in its database, which can be only used by this managed FortiGate. FortiManager installed the object ALL with the updated value.
View the following exhibit:
How will FortiManager try to get updates for antivirus and IPS?
From the list of configured override servers with ability to fall back to public FDN servers From the configured override server list only From the default server fdsl.fortinet.com From public FDNI server with highest index number only.
View the following exhibit.
What of the following statements are true regarding the output? (Choose two.) The latest revision history for the managed FortiGate does match with the FortiGate running configuration Configuration changes have been installed to FortiGate and represents FortiGate configuration has been
changed The latest history for the managed FortiGate does not match with the device-level database Configuration changes directly made on the FortiGate have been automatically updated to device- level
database.
An administrator would like to create an SD-WAN default static route for a newly created SD-WAN using the FortiManager GUI. Both port1 and port2 are part of the SD-WAN member interfaces. Which interface must the administrator select in the static route device drop-down list? port2 virtual-wan-link port1 auto-discovery.
View the following exhibit, which shows the Download Import Report:
Why it is failing to import firewall policy ID 2? The address object used in policy ID 2 already exist in ADON database with any as interface association
and conflicts with address object interface association locally on the FortiGate Policy ID 2 is configured from interface any to port6 FortiManager rejects to import this policy because any
interface does not exist on FortiManager Policy ID 2 does not have ADOM Interface mapping configured on FortiManager Policy ID 2 for this managed FortiGate already exists on FortiManager in policy package named Remote-FortiGate.
.
In the event that the primary FortiManager fails, which of the following actions must be performed to return the FortiManager HA to a working state? Secondary device with highest priority will automatically be promoted to the primary role, and manually
reconfigure all other secondary devices to point to the new primary device Reboot one of the secondary devices to promote it automatically to the primary role, and reconfigure all
other secondary devices to point to the new primary device. Manually promote one of the secondary devices to the primary role, and reconfigure all other secondary
devices to point to the new primary device. FortiManager HA state transition is transparent to administrators and does not require any reconfiguration.
An administrator run the reload failure command: diagnose test deploy manager reload config <deviceid> on
FortiManager What does this command do? It downloads the latest configuration from the specified FortiGate and performs a reload operation on the
device database. It installs the latest configuration on the specified FortiGate and update the revision history database. It compares and provides differences in configuration on FortiManager with the current running
configuration of the specified FortiGate. It installs the provisioning template configuration on the specified FortiGate.
In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate
devices. The administrator sent a device registration to FortiManager from a remote FortiGate. Which one of
the following statements is true? The FortiGate will be added automatically to the default ADOM named FortiGate. The FortiGate will be automatically added to the Training ADOM. By default, the unregistered FortiGate will appear in the root ADOM. The FortiManager administrator must add the unregistered device manually to the unregistered device
manually to the Training ADOM using the Add Device wizard.
View the following:
Based on the configuration setting, which one of the following statements is true? The setting allows automatic updates to the policy package configuration for a managed device The setting enables the ADOMs feature on FortiManager This setting allows you to assign different VDOMs from the same FortiGate to different ADOMs. The setting disables concurrent ADOM access and adds ADOM locking.
What configuration setting for FortiGate is part of a device-level database on FortiManager? VIP and IP Pools Firewall policies Security profiles Routing.
Which of the following items does an FGFM keepalive message include? (Choose two.) FortiGate uptime FortiGate license information FortiGate IPS version FortiGate configuration checksum.
As a result of enabling FortiAnalyzer features on FortiManager, which of the following statements is true? FortiManager will reboot FortiManager will send the logging configuration to the managed devices so the managed devices will start
sending logs to FortiManager FortiManager will enable ADOMs automatically to collect logs from non-FortiGate devices FortiManager can be used only as a logging device.
An administrator would like to create an SD-WAN using central management. What steps does the
administrator need to perform to create an SD-WAN using central management? First create an SD-WAN firewall policy, add member interfaces to the SD-WAN template and create a static
route You must specify a gateway address when you create a default static route Remove all the interface references such as routes or policies Enable SD-WAN central management in the ADOM, add member interfaces, create a static route and
SDWAN firewall policies.
Which of the following statements are true regarding SD-WAN Central Management? (Choose three.) SD-WAN must be enabled on per-ADOM basis SD-WAN settings can be installed on multiple FortiGate devices at the same time You can create multiple SD-WAN interfaces per VDOM When you configure an SD-WAN, you must specify at least two member interfaces. The first step in creating an SD-WAN using FortiManager is to create two SD-WAN firewall policies.
Which of the following statements are true regarding ADOM revisions? (Choose two.) ADOM revisions can significantly increase the size of the configuration backups. ADOM revisions can save the current size of the whole ADOM ADOM revisions can create System Checkpoints for the FortiManager configuration ADOM revisions can save the current state of all policy packages and objects for an ADOM.
Refer to the following exhibit:
Which of the following statements are true based on this configuration? (Choose two.) The same administrator can lock more than one ADOM at the same time Ungraceful closed sessions will keep the ADOM in a locked state until the administrator session times out Unlocking an ADOM will submit configuration changes automatically to the approval administrator Unlocking an ADOM will install configuration automatically on managed devices.
View the following exhibit:
Which of the following statements are true if the scripts is executed using Remote FortiGate Directly (via CLI)
option? (Choose two.) You must install these changes using Install Wizard FortiGate will auto-update the FortiManager’s device-level database. FortiManager will create a new revision history. FortiManager provides a preview of CLI commands before executing this script on a managed FortiGate.
Which of the following statements are true regarding schedule backup of FortiManager? (Choose two.) Backs up all devices and the FortiGuard database. Does not back up firmware images saved on FortiManager Supports FTP, SCP, and SFTP Can be configured from the CLI and GUI.
An administrator has added all the devices in a Security Fabric group to FortiManager.
How does the administrator identify the root FortiGate? By a dollar symbol ($) at the end of the device name By an at symbol (@) at the end of the device name By a Qmark(?) at the end of the device name By an Asterisk (*) at the end of the device name.
View the following exhibit.
Which one of the following statements is true regarding installation targets in use Install On column? The Install On column value represents successful installation on the managed devices Policy seq=3 will be installed on all managed devices and VDOMs that are listed under Installation Targets Policy seq=3 will be installed on the Trainer[NAT] VDOM only Policy seq=3 will be not installed on any managed device.
When installation is performed from the FortiManager, what is the recovery logic used between FortiManager
and FortiGate for an FGFM tunnel? After 15 minutes, FortiGate will unset all CLI commands that were part of the installation that caused the
tunnel to go down. FortiManager will revert and install a previous configuration revision on the managed FortiGate. FortiGate will reject the CLI commands that will cause the tunnel to go down FortiManager will not push the CLI commands as a part of the installation that will cause the tunnel to go
down.
What are the factory default settings on FortiManager? (Choose three.) Username is admin Password is fortinet FortiAnalyzer features are disabled Reports and Event Monitor panes are enabled port1 interface IP address is 192.168.1.99/24.
What does a policy package status of Modified indicate? FortiManager is unable to determine the policy package status The policy package was never imported after a device was registered on FortiManager Policy configuration has been changed on a managed device and changes have not yet been imported into
FortiManager Policy package configuration has been changed on FortiManager and changes have not yet been installed
on the managed device.
View the following exhibit.
Which of the following statements are true if FortiManager and FortiGate are behind the NAT devices? (Choose two.) FortiGate is discovered by FortiManager through the FortiGate NATed IP address. FortiGate can announce itself to FortiManager only if the FortiManager IP address is configured on
FortiGate under central management. During discovery, the FortiManager NATed IP address is not set by default on FortiGate. If the FCFM tunnel is torn down, FortiManager will try to re-establish the FGFM tunnel.
What is the purpose of the Policy Check feature on FortiManager? To find and provide recommendation to combine multiple separate policy packages int one common policy
package To find and merge duplicate policies in the policy package To find and provide recommendation for optimizing policies in a policy package To find and delete disabled firewall policies in the policy package.
View the following exhibit
Which statement is true regarding this failed installation log? Policy ID 2 is installed without a source address Policy ID 2 will not be installed Policy ID 2 is installed in disabled state Policy ID 2 is installed without a source device.
View the following exhibit
When using Install Config option to install configuration changes to managed FortiGate, which of the following
statements are true? (Choose two.) Once initiated, the install process cannot be canceled and changes will be installed on the managed device Will not create new revision in the revision history Installs device-level changes to FortiGate without launching the Install Wizard Provides the option to preview configuration changes prior to installing them.
An administrator is unable to log in to FortiManager. Which one of the following troubleshooting step should you take to resolve the issue? Make sure FortiManager Access is enabled in the administrator profile Make sure Offline Mode is disabled Make sure the administrator IP address is part of the trusted hosts Make sure ADOMs are enabled and the administrator has access to the Global ADOM.
An administrator, Trainer, who is assigned the Super_User profile, is trying to approve a workflow session that was submitted by another administrator, Student. However, Trainer is unable to approve the approving a workflow session? Trainer is not a part of workflow approval group Trainer does not have full rights over this ADOM Trainer must close Student’s workflow session before approving the request Student, who submitted the workflow session, must first self-approve the request.
View the following exhibit.
An administrator is importing a new device to FortiManager and has selected the shown options.
What will happen if the administrator makes the changes and installs the modified policy package on this
managed FortiGate? The unused objects that are not tied to the firewall policies will be installed on FortiGate The unused objects that are not tied to the firewall policies will remain as read-only locally on FortiGate The unused objects that are not tied to the firewall policies locally on FortiGate will be deleted The unused objects that are not tied to the firewall policies in policy package will be deleted from the
FortiManager database.
An administrator wants to delete an address object that is currently referenced in a firewall policy.
Which one of the following statements is true? FortiManager will not allow the administrator to delete a referenced address object FortiManager will disable the status of the referenced firewall policy FortiManager will replace the deleted address object with the none address object in the referenced firewall policy FortiManager will replace the deleted address object with all address object in the referenced firewall policy.
View the following exhibit.
An administrator has created a firewall address object, Training, which is used in the Local-FortiGate policy
package. When the install operation is performed, which IP Netmask will be installed on the Local-FortiGate,
for the Training firewall address object? 10.0.1.0/24 It will create firewall address group on Local-FortiGate with 192.168.0.1/24 and 10.0.1.0/24 object values 192.168.0.1/24 Local-FortiGate will automatically choose an IP Network based on its network interface settings.
Which of the following statements are true regarding VPN Manager? (Choose three.) VPN Manager must be enabled on a per ADOM basis. VPN Manager automatically adds newly-registered devices to a VPN community. VPN Manager can install common IPsec VPN settings on multiple FortiGate devices at the same time. Common IPsec settings need to be configured only once in a VPN Community for all managed gateways. VPN Manager automatically creates all the necessary firewall policies for traffic to be tunneled by IPsec.
An administrator would like to authorize a newly-installed AP using AP Manager. What steps does the administrator need to perform to authorize an AP? Authorize the new AP using AP Manager and wait until the change is updated on the FortiAP. Changes to the AP's state do not require installation. Changes to the AP's state must be performed directly on the managed FortiGate Authorize the new AP using AP Manager and install the policy package changes on the managed FortiGate Authorize the new AP using AP Manager and install the device level settings on the managed FortiGate.
How are the points calculated when using FortiMeter to deploy FortiOS-VM? (Choose two.) Based on the number of sessions on the mgmt interface of FortiOS-VM. Based on the FortiGuard service option enabled for FortiOS-VM Based on the traffic usage on port1 and port2 on FortiOS-VM. Based on the amount of traffic (per GB) passing through the FortiOS-VM.
View the following exhibit.
Which of the following statements are true based on this configuration setting? (Choose two) This setting will enable the ADOMs feature on FortiManager. This setting is applied globally to all ADOMs. This setting will allow assigning different VDOMs from the same FortiGate to different ADOMs. This setting will allow automatic updates to the policy package configuration for a managed device.
What type of access is automatically enabled on an interface after it is added to FortiClient Manager? Device Detection FortiTelemetry CAPWAP FMG-Access.
What does the diagnose cdb check policy-assignment command do? Fixes incorrect ADOM-level object references based on the firewall policies. Internally upgrades existing ADOMs to the same ADOM version in order to clean up and correct the ADOM syntax. Verifies and checks dynamic mappings, and removes invalid dynamic mappings. Verifies and corrects global ADOM policy package assignments that have been disassociated from an ADOM.
Which statement correctly names the Administrative Domains modes supported on FortiManager? Normal and Analyzer Normal and Analyzer Normal, Backup, and Collector Normal and Backup.
The service access settings for a FortiManager network interface relate to which product feature? Device Manger Policy & Objects FortiGuard FortiView.
Which two statements are correct concerning the revision history functionality? (Choose two) When a modified configuration is installed, FortiManager creates a new revision. The diff feature can be used to compare two revisions. The retrieve button downloads the managed device's revision history. The auto update feature automatically installs changes made from FortiManager.
Which two statements are correct regarding the import al Objects?setting h the import policy wizard? (Choose two) All used and unused objects will be imported into the ADOM object database. Only used objects will be imported into the ADOM object database. FortiManager allows only policy dependent objects to be imported into an ADOM object database. Any unused object on the FortiGate device will be deleted with the first policy install from FortiManager.
When configuring FortiGuard on FortiManger. Which two statements are correct regarding Allow Push Update settings configured in the FortiGuard. Antivirus and IPS Settings? (Choose two) If an urgent or critical FortiGuard Antivirus and/or IPS update becomes available, the FortiManger bult-in FDS will send push update notifications to each managed device. If an urgent or critical FortiGuard Antivirus and/or IPS update becomes available, the FortiManger bult-in FDS will send push update notifications. FortiManager's built-in FDS service may not correctly receive push updates if the external facing IP address of any intermediary NAT device is dynamic. FortiManager's built-in FDS service does not allow an administrator to override the default FortiManger IP address and port used by the FDN to send update messages.
Which statements are true about Offline mode on the FortiManager? (Choose two) Enabled by default. Devices cannot be managed when Offline mode is enabled. Enabling Offline mode enables fgfm protocol (TCP 541). Offline mode is enabled by default when backup is restored on FortiManager.
Which ports are commonly used by FortiManager? (Choose two.) TCP 541 for remote management of a FortiGate unit. TCP 5199 HA heartbeat or synchronization (FortiManager HA cluster). TCP 703 HA heartbeat or synchronization (FortiManager HA cluster). TCP 514 for remote management of a FortiGate unit.
When statement correct compares FortiManager physical and virtual appliances? Physical and virtual FortiManager appliances may manage unlimited devices and have unrestricted storage. Physical and virtual FortiManager appliances use licenses to increase managed device and storage capacity limits. Physical and virtual FortiManager appliances have an unrestricted daily logging rate. Physical and virtual FortiManager appliances use model types and licenses respectively, to differentiate managed device and storage capacity limits.
Which two statements are correct regarding FortiGate-FortiManager (FGFM) management protocol? (Choose two) A secure communication is established between FortiManager and the managed device on port TCP 541. A secure communication is established between FortiManager and the managed device on port TCP 514. The FGFM daemons run on both FortiGate (fgfmd) and FortiManager (fgfmsd). Once the FortiGate is managed, the FGFM tunnel is authenticated and established using the IP address of FortiGate device.
Which two statements are correct regarding FortiGuard features on FortiManager?(Choose two) FortiManager can function as a local FortiGuard Distribution Server (FDS). In FortiManger HA only master FortiManager can act as an FDS server. When FortiManager is configured for closed network operation, it can connect to public FDS servers to obtain managed device information and sync packages FortiGuard information is not synchronized across a FortiManager cluster.
Which two statements are correct regarding synchronization between primary and secondary devices in a FortiManager HA duster? (Choose two)
All device configurations including global databases are synchrorized in the HA cluster FortiGuard databases are downloaded separately by each cluster device. FortiGuard databases are downloaded by the primary FortManager device and then synchronized with all secondary devices. Local logs and log configuration settings are synchronized in the HA cluster.
Refer to the exhibit. Which statement is correct? FortiManager will delete service category General from its ADOM object database. FortiManager will keep its existing object value for service category General in the ADOM object database and will consider it a duplicate entry.
FortiManager will update its object database for service category General with the object value from FortiGate.
A FortiManager administrator must select view details to modify and match the value between FortiGate and FortiManager.
A FortiGate device is imported to FortiManager using the settings given in the exhibit.
An administrator subsequently modifies and installs the policy package. Which two statements are correct regarding the scenario? (Choose two) The orphan (unused) objects that are not tied to policies locally on the FortiGate will be deleted on install. The orphan (unused) objects that are not tied to policies locally on the FortiGate will not be deleted on install. The FortiManager imported all unused objects to the ADOM object database. These objects can be used by referencing in the policies on FortiManager and installing to the managed devices. The FortiManager did not import unused objects to the ADOM object database. These objects cannot be used by referencing in the policies on FortiManager and installing to the managed devices.
When a FortiManager HA primary device fails, which two statements are correct for promoting a secondary device to the primary role? (Choose two) Must manually reconfigure one of the secondary devices to become the master device. Reboot is required when promoting from secondary to primary. All other secondary devices must be reconfigured to point to new primary device. The FortiManager HA suports IP takeover where an HA state transition does not require manual intervention.
Which statement correctly identified the APIs supported by FortiManager? JSON and XML JSON and YAML YAML and REST XML and YAML.
Setting workspace-mode to normal, as shown in the exhibit, allows what on FortiManager? (Choose two)
config system global
set workspace-mode normal
end
ADOM locking VDOM locking Unrestricted concurrent access Restricted concurrent access.
Which two statements are correct regarding recovery logic used by FortiGate-FortiManager (FGFM) protocol when a configuration install is performed from the FortiManager to the managed FortiGate? (Choose two)
FortiGate devices receive set and unset commands for each configuration change FortiManager sends. FortiGate writes configuration changes to the configuration file, it then tests communication to the FortiManager via the FGFM protocol. FortiGate applies configuration changes to the running configuration, it then tests communication to the FortiManager via the FGFM protocol. FortiGate will shutdown if configuration changes render FortiManager unreachable via the FGFM protocol.
Which two statements are correct for configuration changes made by FortiManager scripts? (Choose two) When run on the device database, you can install changes to the managed FortiGate devices using the installation wizard.
When run on the device database, changes are automatically installed to the managed FortiGate devices. When run on managed devices directly, changes are automatically installed to the managed FortiGate devices.
When run on managed devices directly, you can install changes to the managed FortiGate devices using the installation wizard.
Which of the following are FortiManager features? (Choose two) Administrative Domains Virtual Domains Centralized Management Cloud-based Management.
|
