An administrator has enabled Service Access on FortiManager.
What is the purpose of Service Access on the FortiManager interface?
- A . Allows FortiManager to download IPS packages
- B . Allows FortiManager to respond to request for FortiGuard services from FortiGate devices
- C . Allows FortiManager to run real-time debugs on the managed devices
- D . Allows FortiManager to automatically configure a default route
Refer to the exhibit.
Given the configuration shown in the exhibit, which two statements are true? (Choose two.)
- A . It allows two or more administrators to make configuration changes at the same time, in the same ADOM.
- B . It disables concurrent read-write access to an ADOM.
- C . It allows the same administrator to lock more than one ADOM at the same time.
- D . It is used to validate administrator login attempts through external servers.
B,C
Explanation:
Reference: https://docs.fortinet.com/document/fortimanager/6.0.4/administration-guide/86456/concurrentadom-access
An administrator has assigned a global policy package to custom ADOM1. Then the administrator creates a new policy package, Fortinet, in the custom ADOM1.
Which statement about the global policy package assignment to the newly-created policy package Fortinet is true?
- A . When a new policy package is created, it automatically assigns the global policies to the new package.
- B . When a new policy package is created, you need to assign the global policy package
from the global ADOM. - C . When a new policy package is created, you need to reapply the global policy package to the ADOM.
- D . When a new policy package is created, you can select the option to assign the global policies to the new package.
Refer to the exhibit.
An administrator has created a firewall address object which is used in multiple policy packages for multiple FortiGate devices in an ADOM.
When the installation operation is performed, which IP/Netmask will be installed on managed devices for this firewall address object?
- A . 192.168.0.1/24 on Remote-FortiGate
- B . 10.200.1.0/24 on Remote-FortiGate
- C . If no dynamic mapping is defined for other FortiGate devices, the object will not be installed
- D . The FortiManager administrator can choose the value for the firewall address object in the Install Wizard for Remote-FortiGate
An administrator is replacing a device on FortiManager by running the following command:
execute device replace sn <devname> <serialnum>.
What device name and serial number must the administrator use?
- A . Device name and serial number of the original device.
- B . Device name and serial number of the replacement device.
- C . Device name of the replacement device and serial number of the original device.
- D . Device name of the original device and serial number of the replacement device.
An administrator would like to review, approve, or reject all the firewall policy changes made by the junior administrators.
How should the Workspace mode be configured on FortiManager?
- A . Set to workflow and use the ADOM locking feature
- B . Set to read/write and use the policy locking feature
- C . Set to normal and use the policy locking feature
- D . Set to disable and use the policy locking feature
What will be the result of reverting to a previous revision version in the revision history?
- A . It will install configuration changes to managed device automatically
- B . It will tag the device settings status as Auto-Update
- C . It will generate a new version ID and remove all other revision history versions
- D . It will modify the device-level database
Which two items are included in the FortiManager backup? (Choose two.)
- A . FortiGuard database
- B . Global database
- C . Logs
- D . All devices
B,D
Explanation:
Reference: https://kb.fortinet.com/kb/viewContent.do?externalId=FD34549
What does a policy package status of Conflict indicate?
- A . The policy package reports inconsistencies and conflicts during a Policy Consistency Check.
- B . The policy package does not have a FortiGate as the installation target.
- C . The policy package configuration has been changed on both FortiManager and the managed device independently.
- D . The policy configuration has never been imported after a device was registered on FortiManager.
Refer to the exhibits.
Exhibit one.
Exhibit two.
An administrator created a new system template named Training with two new DNS addresses on FortiManager. During the installation preview stage, the administrator notices that many unset commands need to be pushed.
What can be the main reason for these unset commands?
- A . The DNS addresses in the default system settings are the same as the Training system template
- B . The Training system template has other default settings
- C . The ADOM is locked by another administrator
- D . The Training system template does not have assigned devices
Refer to the exhibit.
Which statement about the object named ALL is true?
- A . FortiManager updated the object ALL using the FortiGate value in its database.
- B . FortiManager installed the object ALL with the updated value.
- C . FortiManager created the object ALL as a unique entity in its database, which can be only used by this managed FortiGate.
- D . FortiManager updated the object ALL using the FortiManager value in its database.
Refer to the exhibit.
An administrator has configured the command shown in the exhibit on FortiManager. A configuration change has been installed from FortiManager to the managed FortiGate that causes the FGFM tunnel to go down for more than 15 minutes.
What is the purpose of this command?
- A . It allows FortiGate to unset central management settings.
- B . It allows FortiGate to reboot and recover the previous configuration from its configuration file.
- C . It allows the FortiManager to revert and install a previous configuration revision on the managed FortiGate.
- D . It allows FortiGate to reboot and restore a previously working firmware image.
B
Explanation:
Reference: https://docs.fortinet.com/document/fortimanager/6.2.0/fortigate-fortimanager-communicationsprotocol-guide/141304/fgfm-recovery-logic
Refer to the exhibit.
An administrator logs into the FortiManager GUI and sees the panes shown in the exhibit.
Which two reasons can explain why the FortiAnalyzer feature panes do not appear? (Choose two.)
- A . The administrator logged in using the unsecure protocol HTTP, so the view is restricted.
- B . The administrator profile does not have full access privileges like the Super_User profile.
- C . The administrator IP address is not a part of the trusted hosts configured on FortiManager interfaces.
- D . FortiAnalyzer features are not enabled on FortiManager.
You are moving managed FortiGate devices from one ADOM to a new ADOM.
Which statement correctly describes the expected result?
- A . Any pending device settings will be installed automatically
- B . Any unused objects from a previous ADOM are moved to the new ADOM automatically
- C . The shared policy package will not be moved to the new ADOM
- D . Policy packages will be imported into the new ADOM automaticallyD
Refer to the exhibit.
Which two statements are true if the script is executed using the Device Database option? (Choose two.)
- A . You must install these changes using the Install Wizard to a managed device
- B . The successful execution of a script on the Device Database will create a new revision history
- C . The script history will show successful installation of the script on the remote FortiGate
- D . The Device Settings Status will be tagged as Modified