Fortinet FCP_FMG_AD-7.6 Exam Practice Test Instant Access

Question 1

An administrator wants to configure and manage multiple objects in the FortiManager database and give access to other users who work in the same database.

To stay in control of the changes made to firewall policies by other team members, the administrator needs a setup where all modifications go through a central check before they can be installed.

How can the administrator create this setup?

AEnable the prompt asking the administrator to accept firewall policies changes before saving.

BEnable the workspace (for all ADOMs) to control all changes made by any administrator.

CEnable device lock and the advanced mode feature in the ADOM.

DEnable workflow mode and the ADOM lock feature.

Answer : D

Enabling workflow mode along with the ADOM lock feature ensures that all configuration changes go through a centralized review and approval process before installation, allowing controlled and coordinated management of firewall policies by multiple administrators.

Question 2

Refer to the exhibits.

An administrator needed to recover all the configurations related to the user, Support. The configurations were saved in configuration revision ID 9.

The administrator reverted the configuration using the Configuration Revision History window and received the CLI output shown in the exhibit.

What can you conclude from the CLI output?

AThe administrator set the flag to 0 to prevent configuration overrides.

BThe administrator reinstalled the policy package.

CThe administrator needs to retrieve the device to correctly detect the FortiGate firmware version.

DThe administrator installed only the device-level configuration.

Answer : C

The CLI output shows the status 'dev-db: not modified; conf: in sync; cond: OK; dm: installed,' but the firmware version for the device is listed as '[unknown].' This indicates that FortiManager has not properly detected the FortiGate firmware version, likely because the device needs to be retrieved to update its information.

Question 3

Refer to the exhibits.

An administrator needs to push a FortiToken Mobile to assign it to HR_user in the HQ-NGFW-1.

However, when installing the policy package, they receive the following error message:

Why is the administrator not able to install the FortiToken on the HQ-NGFW-1 firewall?

AThe administrator must use a user local meta field to assign FortiToken.

BThe administrator must use a valid FortiToken that exists on HQ-NGFW-1.

CThe administrator must use a metadata variable to assign the same FortiToken to multiple users in FortiManager.

DThe administrator must use per-device mapping to assign the FortiToken to HQ-NGFW-1.

Answer : B

The error occurs because the FortiToken used (FTKM0B4A9AC5C56D) must already exist and be registered on the FortiGate device HQ-NGFW-1. FortiManager cannot push or create new FortiTokens on the device; the token must be valid and present on the FortiGate before it can be assigned to a user.

Question 4

Refer to the exhibits.

An administrator has been asked to install the same policies from a central policy package onto the BR1-FGT-1 firewall.

The administrator added BR1-FGT-1 as a target in the central policy package installation.

What should the administrator do when reinstalling the central policy package on the BR1-FGT-1 firewall?

AAssign only one policy package to the firewall because FortiManager does not allow more than one policy package assigned per device at the same time.

BImport the policy package to change the unknown status and synchronize the policy package.

CUse the install wizard to install the central policy package on the BR1-FGT-1 firewall.

DFirst resolve the modified status in the configuration and provisioning templates to allow a smooth installation.

Answer : C

Using the Install Wizard is the recommended method to reinstall the central policy package on the BR1-FGT-1 firewall, ensuring all settings, installation targets, and dependencies are correctly processed during installation.

Question 5

Refer to the exhibit.

An administrator has created a firewall address object that is used in multiple policy packages for multiple FortiGate devices in an ADOM.

After the installation operation is performed, which IP/netmask will be installed on Remote-Firewall [VDOM1] for the LAN firewall address object?

A21.21.2.5/255.255.255.255

B172.16.5.20/255.255.255.255

C172.16.5.0/255.255.255.0

D10.10.10.5/255.255.255.255

Answer : A

The per-device mapping overrides the global IP/netmask setting for the firewall address object. For the device 'Remote-Firewall,' the mapped IP/netmask is 21.21.2.5/255.255.255.255, so this value will be installed on Remote-Firewall [VDOM1].

Question 6

What is the best explanation of how FortiManager helps with mass provisioning?

AIt upgrades the OS of each FortiGate device.

BIt provides local FortiGuard Distribution Server (FDS) services to the network.

CIt uses templates to configure the same settings on many devices simultaneously.

DIt sends email alerts when new devices connect.

Answer : C

FortiManager helps with mass provisioning by using templates that allow administrators to configure the same settings on multiple FortiGate devices simultaneously, streamlining deployment and management.

Question 7

Refer to the exhibit.

What can you conclude from the downloaded import report?

AFortiManager does not support per-device mapping for firewall addresses.

BThe administrator will see a new policy package named Remote-FortiGate_root in the FortiManager ADOM database.

CFortiManager will change the configuration of REMOTE_SUBNET to match the interface mapping coming in from Remote-FortiGate.

DAs a result of this policy import process, FortiManager will create a new firewall address called REMOTE_SUBNET in the ADOM database.

Answer : B

The import report shows that a new policy package named Remote-FortiGate_root will be created in the FortiManager ADOM database, but some firewall addresses and policies failed to import due to interface binding conflicts.

Fortinet FCP - FortiManager 7.6 Administrator FCP_FMG_AD-7.6 Exam Practice Test