Question # 4
Which two items are included in the FortiManager backup? (Choose two.)
A.
All devices
B.
Firmware images
C.
FortiGuard database
D.
Flash configuration
Full Access
Answer:
A, D
Explanation:
FortiManager backups include:
A. All devices— This includes all device configurations managed by FortiManager, such as firewall policies, objects, and other settings.
D. Flash configuration— This consists of local FortiManager configurations stored in flash memory, such as system settings, scripts, and other locally-stored configurations.
Options B and C are incorrect because:
B (Firmware images)are not typically included in a FortiManager backup. Firmware images are usually stored separately and managed through a different process.
C (FortiGuard database)is incorrect as the FortiGuard database, which contains threat intelligence and security signatures, is not part of the standard FortiManager backup.
FortiManager References:
Refer to FortiManager 7.4 Administrator Guide: Backup and Restore Processes.
Question # 5
What will be the result of reverting to a previous revision version in the revision history?
A.
It win install configuration changes to managed device automatically.
B.
It will tag the device settings status as Auto-Update.
C.
It will modify the device-level database.
D.
It will generate a new version ID and remove all other revision history versions.
Full Access
Answer:
C
Explanation:
Option C: It will modify the device-level database.This is correct. Reverting to a previous revision version in the revision history affects the device-level database by restoring it to the state saved in the selected revision. This ensures that any changes made after the selected revision are discarded, and the device configuration is returned to the earlier state.
Explanation of Incorrect Options:
Option A: It will install configuration changes to managed devices automaticallyis incorrect because reverting a revision does not automatically push changes to the devices; it merely reverts the configuration on the FortiManager.
Option B: It will tag the device settings status as Auto-Updateis incorrect because "Auto-Update" is not a status related to the revision history mechanism.
Option D: It will generate a new version ID and remove all other revision history versionsis incorrect as reverting to a previous revision does not delete all other versions; it creates a new revision point for tracking.
FortiManager References:
Refer to the "Revision Management" section in the FortiManager Administration Guide, which provides an overview of how revisions are managed and utilized for restoring configurations.
Question # 6
What is the purpose of ADOM revisions?
A.
To save the current state of the whole ADOM
B.
To save the current state of all policy packages and objects for an ADOM
C.
To revert individual policy packages and device-level settings for a managed FortiGate
D.
To save the FortiManager configuration in the System Checkpoints
Full Access
Answer:
B
Explanation:
Option B: To save the current state of all policy packages and objects for an ADOMis the correct answer. ADOM (Administrative Domain) revisions in FortiManager are used to create a snapshot of the current state of all policy packages and objects associated with an ADOM. This allows administrators to save a specific configuration state and revert to it if necessary. It helps in managing changes and recovering from configuration errors or unintended changes.
Explanation of Incorrect Options:
Option A: To save the current state of the whole ADOMis incorrect because ADOM revisions specifically save only the policy packages and object configurations, not the entire state of the ADOM, which may include logs, reports, and other non-policy data.
Option C: To revert individual policy packages and device-level settings for a managed FortiGateis incorrect as ADOM revisions are not meant for reverting individual policy packages or device settings; they are designed to handle the entire set of policy packages and objects within an ADOM.
Option D: To save the FortiManager configuration in the System Checkpointsis incorrect because ADOM revisions do not function as system checkpoints for FortiManager itself; they are specific to ADOM policy packages and objects.
FortiManager References:
Refer to the FortiManager 7.4 Administration Guide, "ADOM Management" section, which describes the purpose and usage of ADOM revisions for configuration management and restoration.
Question # 7
An administrator has enabled Service Access on FortiManager. What is the purpose of Service Access on the FortiManager interface?
A.
It allows administrative access to FortiManager.
B.
It allows FortiManager to respond to requests for FortiGuard services from FortiGate devices.
C.
It allows third-party applications to gain read/write access to FortiManager.
D.
It allows FortiManager to determine the connection status of managed devices.
Full Access
Answer:
B
Explanation:
Option B: It allows FortiManager to respond to requests for FortiGuard services from FortiGate devices.This is the correct answer. When Service Access is enabled on FortiManager, it allows FortiManager to act as a local FortiGuard server for the managed FortiGate devices. This enables the FortiManager to respond to requests for FortiGuard services, such as updates for antivirus, web filtering, and other security services.
Explanation of Incorrect Options:
Option A: It allows administrative access to FortiManageris incorrect because Service Access is specifically for FortiGuard service communication, not for administrative access.
Option C: It allows third-party applications to gain read/write access to FortiManageris incorrect because Service Access does not provide API or third-party access capabilities.
Option D: It allows FortiManager to determine the connection status of managed devicesis incorrect because Service Access does not directly manage or check connectivity status of devices; it is used for FortiGuard service requests.
FortiManager References:
Refer to the "FortiManager Administration Guide," particularly the sections on "Service Access Settings" and "FortiGuard Services."
Question # 8
Refer to the exhibit.
An administrator has created a firewall address object that is used in multiple policy packages for multiple FortiGate devices in an ADOM.
After the installation operation is performed, which IP/netmask is shown on FortiManager for this firewall address object for devices without a Per-Device Mapping set?
A.
FortiManager generates an error for each FortiGate without a per-device mapping defined for that object.
B.
192.168.1.0/24
C.
192.168.1.0/28
D.
FortiManager replaces the address object to none.
Full Access
Answer:
B
Explanation:
Option B: 192.168.1.0/24is the correct answer. In FortiManager, when a firewall address object is defined and used across multiple policy packages without any Per-Device Mapping, the default value configured in the object definition (192.168.1.0/255.255.255.0) is applied to all devices. The exhibit shows that the address objectLOCAL_SUBNEThas a default IP/netmask of192.168.1.0/24. Therefore, FortiManager will use this default value for any FortiGate device that does not have a specific Per-Device Mapping configured.
Explanation of Incorrect Options:
Option A: FortiManager generates an error for each FortiGate without a per-device mapping defined for that objectis incorrect because FortiManager does not generate an error when a Per-Device Mapping is not set. Instead, it uses the default value provided in the object definition.
Option C: 192.168.1.0/28is incorrect because the default value is192.168.1.0/24, as seen in the exhibit, not/28.
Option D: FortiManager replaces the address object to noneis incorrect because FortiManager does not replace address objects to "none" when a Per-Device Mapping is missing; it uses the default value instead.
FortiManager References:
Refer to the FortiManager 7.4 Administration Guide, specifically in sections related to "Address Object Management" and "Per-Device Mapping," which detail the behavior of address objects without specific device mappings.
Question # 9
Exhibit.
Given the configuration shown in the exhibit, what are two results from this configuration? {Choose two.)
A.
You can validate administrator login attempts through external servers.
B.
The same administrator can lock more than one ADOM at the same time.
C.
Two or more administrators can make configuration changes at the same time, in the same ADOM.
D.
Concurrent read-write access to an ADOM is disabled.
Full Access
Answer:
B, D
Explanation:
The configuration shown in the exhibit sets theworkspace-mode to normal. The workspace mode in FortiManager defines how configuration changes and administrative tasks are handled, specifically regarding locking and collaboration in ADOMs (Administrative Domains).
Understanding the workspace modes:
Normal Mode:In this mode, only one administrator at a time can lock and edit an ADOM. The changes made by one administrator must be completed and saved before another administrator can make changes. It prevents concurrent read-write access within the same ADOM.
Workflow Mode:This mode allows multiple administrators to work on different tasks within the same ADOM, but changes still need to be approved before being committed.
Explanation of Options:
A. You can validate administrator login attempts through external servers.
This option is unrelated to the workspace mode. External authentication servers can be used for administrator logins, but that is a different configuration setting (not related to workspace-mode).
B. The same administrator can lock more than one ADOM at the same time.
This istrue. InNormal mode, an administrator can lock multiple ADOMs, meaning they can work on more than one ADOM simultaneously, but each ADOM can only be accessed by one administrator at a time for read-write purposes.
C. Two or more administrators can make configuration changes at the same time, in the same ADOM.
This isfalse. InNormal mode, onlyone administratorcan have read-write access to an ADOM at a time. If another administrator attempts to make changes, they must wait until the ADOM is unlocked by the first administrator.
D. Concurrent read-write access to an ADOM is disabled.
This istrue. InNormal mode, concurrent read-write access is disabled. This means only one administrator at a time can make changes to an ADOM. Other administrators can view the ADOM in read-only mode but cannot make changes until the ADOM is unlocked.
Question # 10
Refer to the exhibit.
Which two results occur if the script is run using the Device Database option? (Choose two.)
A.
You must install these changes on a managed device using the Install Wizard.
B.
The successful execution of a script on the Device Database creates a new revision history.
C.
The script history shows successful installation of the script on the remote FortiGate device.
D.
The device Config Status is tagged as Modified.
Full Access
Answer:
A, D
Explanation:
If the script is run using the "Device Database" option on FortiManager, the following occurs:
A.You must install these changes on a managed device using the Install Wizard.
Running the script on the Device Database updates only the configuration in the FortiManager's database, not on the actual FortiGate device. To apply the changes, you need to use the Install Wizard to push these configurations to the managed device.
D.The device Config Status is tagged as Modified.
After running the script on the Device Database, FortiManager tags the device's configuration status as "Modified," indicating that there are pending changes that have not yet been installed on the device.
Options B and C are incorrect because:
Bsuggests a new revision history is created, but this only happens when changes are actually installed on the managed device.
Cimplies the script is directly executed on the FortiGate, which is not the case when using the Device Database option.
FortiManager References:
Refer to FortiManager 7.4 Administrator Guide: Scripting and Configuration Management.
