NEW QUESTION 1

What does a policy package status of Modified indicate?

• A. FortiManager is unable to determine the policy package status
• B. The policy package was never imported after a device was registered on FortiManager
• C. The Policy configuration has been changed on a managed device and changes have not yet been imported into FortiManager
• D. The Policy package configuration has been changed on FortiManager and changes have not yet been installed on the managed device.

Answer: D

Explanation:
Reference:
http://help.fortinet.com/fmgr/50hlp/56/5-6-1/FortiManager_Admin_Guide/1200_Policy%20and%20Objects/080

NEW QUESTION 2

Refer to the exhibit.

Which two statements about an ADOM set in Normal mode on FortiManager are true? (Choose two.)

• A. It supports the FortiManager script feature
• B. It allows making configuration changes for managed devices on FortiManager panes
• C. FortiManager automatically installs the configuration difference in revisions on the managed FortiGate
• D. You cannot assign the same ADOM to multiple administrators

Answer: AB

Explanation:
"FortiGate units in the ADOM will query their own configuration every 5 seconds. If there has been a configuration change, the FortiGate unit will send a diff revision on the change to the FortiManager using the FGFM protocol."

NEW QUESTION 3

What are two outcomes of ADOM revisions? (Choose two.)

• A. ADOM revisions can significantly increase the size of the configuration backups.
• B. ADOM revisions can save the current size of the whole ADOM
• C. ADOM revisions can create System Checkpoints for the FortiManager configuration
• D. ADOM revisions can save the current state of all policy packages and objects for an ADOM

Answer: AD

Explanation:
Reference: https://docs2.fortinet.com/document/fortimanager/6.0.0/best-practices/101837/adom-revisions

NEW QUESTION 4

An administrator is replacing a device on FortiManager by running the following command: execute device replace sn <devname> <serialnum>.
What device name and serial number must the administrator use?

• A. Device name and serial number of the original device.
• B. Device name and serial number of the replacement device.
• C. Device name of the replacement device and serial number of the original device.
• D. Device name of the original device and serial number of the replacement device.

Answer: D

NEW QUESTION 5

An administrator wants to delete an address object that is currently referenced in a firewall policy. What can the administrator expect to happen?

• A. FortiManager will not allow the administrator to delete a referenced address object
• B. FortiManager will disable the status of the referenced firewall policy
• C. FortiManager will replace the deleted address object with the none address object in the referencedfirewall policy
• D. FortiManager will replace the deleted address object with all address object in the referenced firewall policy

Answer: C

Explanation:
Reference:
https://help.fortinet.com/fmgr/50hlp/56/5-6-2/FortiManager_Admin_Guide/1200_Policy%20and%20Objects/12

NEW QUESTION 6

What will happen if FortiAnalyzer features are enabled on FortiManager?

• A. FortiManager will reboot
• B. FortiManager will send the logging configuration to the managed devices so the managed devices will start sending logs to FortiManager
• C. FortiManager will enable ADOMs automatically to collect logs from non-FortiGate devices
• D. FortiManager can be used only as a logging device.

Answer: A

Explanation:
Reference:
https://help.fortinet.com/fmgr/50hlp/56/5-6-1/FortiManager_Admin_Guide/1800_FAZ%20Features/0200_Enab

NEW QUESTION 7

An administrator has assigned a global policy package to custom ADOM1. Then the administrator creates a new policy package, Fortinet, in the custom ADOM1.
Which statement about the global policy package assignment to the newly-created policy package Fortinet is true?

• A. When a new policy package is created, it automatically assigns the global policies to the new package.
• B. When a new policy package is created, you need to assign the global policy package from the global ADOM.
• C. When a new policy package is created, you need to reapply the global policy package to the ADOM.
• D. When a new policy package is created, you can select the option to assign the global policies to the new package.

Answer: A

Explanation:
Global Policy Package is applied at the ADOM level and you have the option to choose which ADOM policy packages you want to exclude (there is no option to choose Policy Packages to include).

NEW QUESTION 8

Refer to the following exhibit:

Which of the following statements are true based on this configuration? (Choose two.)

• A. The same administrator can lock more than one ADOM at the same time
• B. Ungraceful closed sessions will keep the ADOM in a locked state until the administrator session times out
• C. Unlocking an ADOM will submit configuration changes automatically to the approval administrator
• D. Unlocking an ADOM will install configuration automatically on managed devices

Answer: AB

Explanation:
Reference: http://help.fortinet.com/fmgr/cli/5-6-2/Document/0800_AD0Ms/200_Configuring+.htm

NEW QUESTION 9

Which of the following statements are true regarding schedule backup of FortiManager? (Choose two.)

• A. Backs up all devices and the FortiGuard database.
• B. Does not back up firmware images saved on FortiManager
• C. Supports FTP, SCP, and SFTP
• D. Can be configured from the CLI and GUI

Answer: BC

NEW QUESTION 10

View the following exhibit.

An administrator has created a firewall address object, Training, which is used in the Local-FortiGate policy package. When the install operation is performed, which IP Netmask will be installed on the Local-FortiGate, for the Training firewall address object?

• A. 10.0.1.0/24
• B. It will create firewall address group on Local-FortiGate with 192.168.0.1/24 and 10.0.1.0/24 object values
• C. 192.168.0.1/24
• D. Local-FortiGate will automatically choose an IP Network based on its network interface settings.

Answer: A

NEW QUESTION 11

Refer to the exhibit.

Which two statements ab? (Choose two.)

• A. The latest revision history for the managed FortiGate does match with the FortiGate running configuration
• B. Configuration changes have been installed to FortiGate and represents FortiGate configuration has been changed
• C. The latest history for the managed FortiGate does not match with the device-level database
• D. Configuration changes directly made on the FortiGate have been automatically updated to device-level database

Answer: AC

Explanation:
STATUS: dev-db: modified; conf: in sync; cond: pending; dm: retrieved; conn: up– dev-db: modified – This is the device setting status which indicates that configuration changes were made on FortiManager.
– conf: in sync – This is the sync status which shows that the latest revision history is in sync with Fortigate’s configuration.– cond: pending – This is the configuration status which says that configuration changes need to be installed.
Most probably a retrieve was done in the past (dm: retrieved) updating the revision history DB (conf: in sync) and FortiManager device level DB, now there is a new modification on FortiManager device level DB (dev-db: modified) which wasn’t installed to FortiGate (cond: pending), hence; revision history DB is not aware of that modification and doesn’t match device DB.
Conclusion:– Revision DB does match FortiGate.– No changes were installed to FortiGate yet.– Device DB doesn’t match Revision DB.– No changes were done on FortiGate (auto-update) but configuration was retrieved instead
After an Auto-Update or Retrieve:device database = latest revision = FGT
Then after a manual change on FMG end (but no install yet):latest revision = FGT (still) but now device database has been modified (is different).
After reverting to a previous revision in revision history:device database = reverted revision != FGT

NEW QUESTION 12

Which two statements regarding device management on FortiManager are true? (Choose two.)

• A. FortiGate devices in HA cluster devices are counted as a single device.
• B. FortiGate in transparent mode configurations are not counted toward the device count on FortiManager.
• C. FortiGate devices in an HA cluster that has five VDOMs are counted as five separate devices.
• D. The maximum number of managed devices for each ADOM is 500.

Answer: AC

NEW QUESTION 13

An administrator, Trainer, who is assigned the Super_User profile, is trying to approve a workflow session that was submitted by another administrator, Student. However, Trainer is unable to approve the workflow session.
What can prevent an admin account that has Super_User rights over the device from approving a workflow session?

• A. Trainer is not a part of workflow approval group
• B. Trainer does not have full rights over this ADOM
• C. Trainer must close Student’s workflow session before approving the request
• D. Student, who submitted the workflow session, must first self-approve the request

Answer: A

Explanation:
Reference:
https://help.fortinet.com/fmgr/50hlp/56/5-6-1/FMG-FAZ/0800_ADOMs/1800_Workflow/0600_Workflow%20s

NEW QUESTION 14

View the following exhibit.

What is the purpose of setting ADOM Mode to Advanced?

• A. The setting allows automatic updates to the policy package configuration for a managed device
• B. The setting enables the ADOMs feature on FortiManager
• C. This setting allows you to assign different VDOMs from the same FortiGate to different ADOMs.
• D. The setting disables concurrent ADOM access and adds ADOM locking

Answer: C

Explanation:
Reference:
https://docs.fortinet.com/document/fortianalyzer/7.0.0/administration-guide/66530/adom-device-modes

NEW QUESTION 15

An administrator would like to create an SD-WAN using central management in the Training ADOM. To create an SD-WAN using central management, which two steps must be completed? (Choose two.)

• A. Specify a gateway address when you create a default SD-WAN static route
• B. Enable SD-WAN central management in the Training ADOM
• C. Configure and install the SD-WAN firewall policy and SD-WAN static route before installing the SD-WANtemplate settings
• D. Remove all the interface references such as routes or policies that will be a part of SD-WAN member interfaces

Answer: BD

Explanation:
Reference:
https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/676493/removing-existing-configuration-reference

NEW QUESTION 16

Which two conditions trigger FortiManager to create a new revision history? (Choose two.)

• A. When configuration revision is reverted to previous revision in the revision history
• B. When FortiManager installs device-level changes to a managed device
• C. When FortiManager is auto-updated with configuration changes made directly on a managed device
• D. When changes to device-level database is made on FortiManager

Answer: BC

Explanation:
Reference:
https://help.fortinet.com/fmgr/50hlp/56/5-6-1/FortiManager_Admin_Guide/1000_Device%20Manager/1500_M

NEW QUESTION 17
......