Fortinet FCP_FMG_AD-7.4 Exam Practice Test Instant Access

Question 1

Which two statements about scheduled backups on FortiManager are true? (Choose two.)

AThey back up all devices and the FortiGuard database.

BThey can be configured using the CLI and the GUI.

CThey put FortiManager in offline mode.

DThey support FTP, SCP, and SFTP.

Answer : B, D

They can be configured using the CLI and the GUI.

Scheduled backups can indeed be set up through both the FortiManager command-line interface (CLI) and the graphical user interface (GUI), providing flexibility for administrators.

They support FTP, SCP, and SFTP.

FortiManager supports multiple protocols for backup transfers, including FTP, SCP, and SFTP, allowing administrators to choose the method that best suits their environment.

Question 2

An administrator wants to create a policy on an ADOM that is in backup mode and install it on a FortiGate device in the same ADOM. How can the administrator perform this task?

AThe administrator must use the Policy & Objects section to create a policy first.

BThe administrator must use a FortiManager script.

CThe administrator must disable the FortiManager offline mode first.

DThe administrator must change the ADOM mode to Advanced to bring the FortiManager online.

Answer : B

To create and install a policy on a FortiGate device in an ADOM (Administrative Domain) that is in backup mode, the administrator must use a FortiManager script. This is because backup mode restricts direct configuration changes, and scripts can be used to push specific configuration changes without altering the ADOM mode.

Options A, C, and D are incorrect because:

A requires the ADOM to be in normal or advanced mode to create policies directly in the Policy & Objects section.

C suggests disabling offline mode, which is irrelevant to the backup mode configuration.

D implies changing the ADOM mode, which is unnecessary if using a script to perform the task.

FortiManager Reference:

Refer to FortiManager 7.4 Administrator Guide: Working with ADOMs and Using Scripts for managing policies in backup mode.

Question 3

What is the purpose of ADOM revisions?

ATo save the current state of the whole ADOM

BTo save the current state of all policy packages and objects for an ADOM

CTo revert individual policy packages and device-level settings for a managed FortiGate

DTo save the FortiManager configuration in the System Checkpoints

Answer : B

Option B: To save the current state of all policy packages and objects for an ADOM is the correct answer. ADOM (Administrative Domain) revisions in FortiManager are used to create a snapshot of the current state of all policy packages and objects associated with an ADOM. This allows administrators to save a specific configuration state and revert to it if necessary. It helps in managing changes and recovering from configuration errors or unintended changes.

Explanation of Incorrect Options:

Option A: To save the current state of the whole ADOM is incorrect because ADOM revisions specifically save only the policy packages and object configurations, not the entire state of the ADOM, which may include logs, reports, and other non-policy data.

Option C: To revert individual policy packages and device-level settings for a managed FortiGate is incorrect as ADOM revisions are not meant for reverting individual policy packages or device settings; they are designed to handle the entire set of policy packages and objects within an ADOM.

Option D: To save the FortiManager configuration in the System Checkpoints is incorrect because ADOM revisions do not function as system checkpoints for FortiManager itself; they are specific to ADOM policy packages and objects.

FortiManager Reference:

Refer to the FortiManager 7.4 Administration Guide, 'ADOM Management' section, which describes the purpose and usage of ADOM revisions for configuration management and restoration.

Question 4

An administrator created a new ADOM named Training for FortiGate devices only, and added the root FortiGate device of a Security Fabric group to the Training ADOM.

Given the administrator's actions, which statement correctly describes the expected result for the downstream devices in the Security Fabric?

AThe downstream devices show as unauthorized in the Training ADOM

BThe downstream devices are automatically authorized.

CThe downstream devices will appear in the root ADOM.

DThe downstream devices must be added using the Add Device wizard.

Answer : A

When a root FortiGate device is added to a specific ADOM (like Training), the downstream devices (those that are part of the Security Fabric) will not automatically be authorized in that ADOM. They will typically appear as unauthorized until explicitly authorized by an administrator.

Question 5

Refer to the exhibit.

An administrator created two new meta fields in FortiManager.

Which operation can be performed with these parameters?

AYou can invoke them using the $ character.

BYou can add them to objects as custom attributes.

CYou can export them to be used in other ADOMs.

DYou can use them as variables in scripts.

Answer : B

Meta fields in FortiManager can be used to add additional metadata or custom attributes to various objects, such as firewall addresses or other configuration objects. These meta fields help in organizing and identifying objects with custom information that is not part of the standard configuration. They are particularly useful for categorizing or tagging objects in large environments.

Question 6

An administrator enabled workspace mode and now wants to delete an address object that is currently referenced in a firewall policy. Which two results can the administrator expect? (Choose two.)

AFortiManager will temporarily change the status of the referenced firewall policy to disabled.

BFortiManager will disable the status of the address object until the changes are installed.

CFortiManager will not allow the administrator to delete a referenced address object until they lock the ADOM.

DFortiManager will replace the deleted address object with the none address object in the referenced firewall policy.

Answer : C, D

When operating in workspace mode on FortiManager 7.4, the administrator must understand how object references and deletions work:

Option C - 'FortiManager will not allow the administrator to delete a referenced address object until they lock the ADOM': In workspace mode, all changes are managed within an Administrative Domain (ADOM) scope. When an object (like an address object) is referenced in a policy, FortiManager prevents its deletion to maintain configuration integrity. The ADOM must be locked by the administrator to make changes to any referenced objects. This locking mechanism ensures that no unintended deletions or changes occur that could disrupt the policies or configuration.

FortiManager Reference: 'In workspace mode, changes to objects or policies require the ADOM to be locked. If an object is referenced, you must lock the ADOM before deleting or modifying the object.' (FortiManager 7.4 Administration Guide, Section on Workspace Mode and ADOM Management)

Option D - 'FortiManager will replace the deleted address object with the none address object in the referenced firewall policy': If the administrator attempts to delete an address object that is currently referenced by a firewall policy, FortiManager will replace the deleted object with the 'none' address object. This is done to maintain the policy structure and avoid policy corruption due to a missing reference. This behavior ensures that the firewall policy remains syntactically correct, even though the specific address object is no longer in use.

FortiManager Reference: 'When a referenced object is deleted, FortiManager will replace it with a 'none' object in the policy. This behavior is to ensure the integrity and continuity of the policy configurations.' (FortiManager 7.4 Administration Guide, Object Management and Policy Handling in Workspace Mode)

Question 7

What will be the result of reverting to a previous revision version in the revision history?

AIt win install configuration changes to managed device automatically.

BIt will tag the device settings status as Auto-Update.

CIt will modify the device-level database.

DIt will generate a new version ID and remove all other revision history versions.

Answer : C

Option C: It will modify the device-level database. This is correct. Reverting to a previous revision version in the revision history affects the device-level database by restoring it to the state saved in the selected revision. This ensures that any changes made after the selected revision are discarded, and the device configuration is returned to the earlier state.

Explanation of Incorrect Options:

Option A: It will install configuration changes to managed devices automatically is incorrect because reverting a revision does not automatically push changes to the devices; it merely reverts the configuration on the FortiManager.

Option B: It will tag the device settings status as Auto-Update is incorrect because 'Auto-Update' is not a status related to the revision history mechanism.

Option D: It will generate a new version ID and remove all other revision history versions is incorrect as reverting to a previous revision does not delete all other versions; it creates a new revision point for tracking.

FortiManager Reference:

Refer to the 'Revision Management' section in the FortiManager Administration Guide, which provides an overview of how revisions are managed and utilized for restoring configurations.

Fortinet FCP_FMG_AD-7.4 FCP - FortiManager 7.4 Administrator Exam Practice Test