Fortinet FCP_FMG_AD-7.6 Exam Questions Instant Access

Question 1

Refer to the exhibits.

An administrator has been asked to install the same policies from a central policy package onto the BR1-FGT-1 firewall.

The administrator added BR1-FGT-1 as a target in the central policy package installation.

What should the administrator do when reinstalling the central policy package on the BR1-FGT-1 firewall?

AAssign only one policy package to the firewall because FortiManager does not allow more than one policy package assigned per device at the same time.

BImport the policy package to change the unknown status and synchronize the policy package.

CUse the install wizard to install the central policy package on the BR1-FGT-1 firewall.

DFirst resolve the modified status in the configuration and provisioning templates to allow a smooth installation.

Answer : C

Using the Install Wizard is the recommended method to reinstall the central policy package on the BR1-FGT-1 firewall, ensuring all settings, installation targets, and dependencies are correctly processed during installation.

Question 2

An administrator has a FortiGate-HQ device with VDOMs---root, HR and Facilities, currently managed under the FortiManager ADOM---Site1. They try to move VDOM HR to the FortiManager ADOM---Site2, but it does not work.

Why is the administrator not able to move FortiGate-HQ VDOM HR to FortiManager ADOM---Site2?

AThe FortiGate-HQ must be managed under the FortiManager ADOM---root to allow moving its VDOMs to different ADOMs.

BThe administrator must have full access in the device layer of FortiGate-HQ VDOM-root before they can VDOMs to different ADOMs.

CFortiManager must be in ADOM normal mode, which does not allow VDOMs to be managed separately.

DThe administrator must delete the FortiGate-HQ device from FortiManager and add it again using the Add Device wizard before moving the VDOM.

Answer : A

FortiGate devices must be managed under the FortiManager ADOM corresponding to the root VDOM to allow their individual VDOMs to be moved and managed in different ADOMs. Managing the root VDOM in a different ADOM prevents moving subordinate VDOMs across ADOMs.

Question 3

While attempting to push a NetFlow configuration script through the FortiManager policy package: an administrator encounters an error stating that an object is unrecognized in line 4.

What must the administrator do to successfully apply the NetFlow configuration script and avoid the object unrecognized error?

AMake sure the user running the script has full access to the VDOM---AGEUSR.

BRun the script on the device database.

CUse metadata variables if they use VDOMs in the script.

DCreate a normalized interface on the policy layer before running the script.

Answer : C

When using scripts that reference VDOM-specific objects, such as interfaces, in FortiManager, metadata variables must be used to correctly map those objects per VDOM. This prevents 'object unrecognized' errors during script execution.

Question 4

Which is recommended when you are managing a high volume of logs in your network?

AStore logs on FortiManager and use FortiView.

BAdd and manage FortiAnalyzer from FortiManager.

CEnable advanced ADOM mode on FortiManager.

DForward logs from FortiAnalyzer to FortiManager daily.

Answer : B

Adding and managing FortiAnalyzer from FortiManager is recommended for handling a high volume of logs, as FortiAnalyzer is designed specifically for centralized log management, analysis, and reporting, which offloads this workload from FortiManager.

Question 5

After correcting a policy package configuration issue, you want to prevent administrators from repeating the mistake that caused the issue.

Which FortiManager approach best meets this need?

AConfigure an TCL script to run locally on FortiManager for each FortiGate.

BRestrict administrators with an administration profile from viewing the revision history to limit who can make changes.

CEnable the change note to require administrators to add a note whenever they change object configurations.

DEnable a workflow requiring approval before installing policy packages on any FortiGate.

Answer : D

Enabling a workflow with approval ensures that any policy package changes must be reviewed and approved before installation, preventing administrators from repeating configuration mistakes and enforcing change control.

Question 6

Refer to the exhibits.

An administrator needed to recover all the configurations related to the user, Support. The configurations were saved in configuration revision ID 9.

The administrator reverted the configuration using the Configuration Revision History window and received the CLI output shown in the exhibit.

What can you conclude from the CLI output?

AThe administrator set the flag to 0 to prevent configuration overrides.

BThe administrator reinstalled the policy package.

CThe administrator needs to retrieve the device to correctly detect the FortiGate firmware version.

DThe administrator installed only the device-level configuration.

Answer : C

The CLI output shows the status 'dev-db: not modified; conf: in sync; cond: OK; dm: installed,' but the firmware version for the device is listed as '[unknown].' This indicates that FortiManager has not properly detected the FortiGate firmware version, likely because the device needs to be retrieved to update its information.

Question 7

Company policy dictates that any time a change is made to a policy package on FortiManager an ADOM revision is created before the change installed, and that revision is held for a minimum of 90days.

Over the past three months, each installed change has resulted in several unused policies and duplicate objects.

The FortiManager administrator plans to upgrade the FortiGate devices and then upgrade the FortiManager ADOM from version 7.4 to 7.6.

Which action can the administrator take to avoid slow ADOM upgrades?

ACheck and repair the global configuration database before upgrading.

BExport firewall policies to Excel, delete them on the ADOM. then reimport them after upgrading the ADOM.

CFind unused firmware templates, then delete them before upgrading.

DLimit ADOM revisions before upgrading.

Answer : D

Limiting ADOM revisions reduces the number of stored historical configurations, which helps avoid performance degradation and slow ADOM upgrades caused by a large volume of revisions.

Fortinet FCP - FortiManager 7.6 Administrator FCP_FMG_AD-7.6 Exam Questions