Fortinet FCP_FMG_AD-7.6 Exam Questions Instant Access

Question 1

While attempting to push a NetFlow configuration script through the FortiManager policy package: an administrator encounters an error stating that an object is unrecognized in line 4.

What must the administrator do to successfully apply the NetFlow configuration script and avoid the object unrecognized error?

AMake sure the user running the script has full access to the VDOM---AGEUSR.

BRun the script on the device database.

CUse metadata variables if they use VDOMs in the script.

DCreate a normalized interface on the policy layer before running the script.

Answer : C

When using scripts that reference VDOM-specific objects, such as interfaces, in FortiManager, metadata variables must be used to correctly map those objects per VDOM. This prevents 'object unrecognized' errors during script execution.

Question 2

Refer to the exhibit.

An administrator assigned a new policy package to FortiGate HQ-NGFW-1. In the installation preview, they noticed some settings they did not modify and are unsure about the changes.

Based on the exhibit, which two things will happen if they continue with the installation? (Choose two.)

AFortiGate HQ-NGFW-1 can use FortiManager firmware templates to upgrade firmware and ratings.

BFortiGate HQ-NGFW-1 can contact the FortiManager acting as FortiGuard Distribution Server (FDS) to download FortiGuard updates.

CFortiGate HQ-NGFW-1 will use the root_CA3 certificate in firewall address objects or policies.

DFortiManager will install the CA certificate named root_CA3 to authenticate FortiGate-to-FortiManager communication protocol (FGFM) tunnel connections with FortiGate HQ- NGFW-1.

Answer : B, D

The configuration includes a server-list with server-type set to 'update rating,' which enables FortiGate HQ-NGFW-1 to contact FortiManager as a FortiGuard Distribution Server (FDS) for FortiGuard updates.

The installation includes a root_CA3 certificate, which FortiManager will install on FortiGate HQ-NGFW-1 to authenticate FGFM tunnel connections between the devices.

Question 3

An administrator wants to configure and manage multiple objects in the FortiManager database and give access to other users who work in the same database.

To stay in control of the changes made to firewall policies by other team members, the administrator needs a setup where all modifications go through a central check before they can be installed.

How can the administrator create this setup?

AEnable the prompt asking the administrator to accept firewall policies changes before saving.

BEnable the workspace (for all ADOMs) to control all changes made by any administrator.

CEnable device lock and the advanced mode feature in the ADOM.

DEnable workflow mode and the ADOM lock feature.

Answer : D

Enabling workflow mode along with the ADOM lock feature ensures that all configuration changes go through a centralized review and approval process before installation, allowing controlled and coordinated management of firewall policies by multiple administrators.

Question 4

Which output is displayed right after moving the ISFW device from one ADOM to another?

AOption A

BOption B

COption C

DOption D

Answer : C

Right after moving the ISFW device to a new ADOM, the status typically shows the policy package as never-installed, indicating that the device has been assigned to the new ADOM but no policy package has yet been installed in that ADOM.

Question 5

Refer to the exhibit.

If the monitored interface for the primary FortiManager device fails, what must you do to maintain high availability (HA)?

AThe FortiManager HA failover is transparent to administrators and does not require any additional action.

BManually promote one of the working secondary devices to the primary role: and reboot the original primary device to remove the peer IP address of the failed device.

CReconfigure the primary device to remove the peer IP address of the failed device from its configuration.

DCheck the integrity database of the primary device to force a secondary device to become the new primary with all active interfaces.

Answer : A

In a FortiManager HA cluster configured with VRRP failover, the failover process is automatic and transparent to administrators. If the monitored interface on the primary device fails, the secondary device takes over without requiring manual intervention to maintain HA.

Question 6

Refer to the exhibit.

An administrator has created a firewall address object that is used in multiple policy packages for multiple FortiGate devices in an ADOM.

After the installation operation is performed, which IP/netmask will be installed on Remote-Firewall [VDOM1] for the LAN firewall address object?

A21.21.2.5/255.255.255.255

B172.16.5.20/255.255.255.255

C172.16.5.0/255.255.255.0

D10.10.10.5/255.255.255.255

Answer : A

The per-device mapping overrides the global IP/netmask setting for the firewall address object. For the device 'Remote-Firewall,' the mapped IP/netmask is 21.21.2.5/255.255.255.255, so this value will be installed on Remote-Firewall [VDOM1].

Question 7

What is the purpose of ADOM revisions?

AADOM revisions find unused, duplicate, and unnecessary firewall policies and objects.

BADOM revisions show specific changes in a policy package when it is installed.

CADOM revisions compare previous snapshots of the Policy Package and ADOM-level objects with the device-level database.

DADOM revisions save the current state of all policy packages and objects for an ADOM.

Answer : D

ADOM revisions save the current state of all policy packages and objects within an ADOM, allowing administrators to track changes over time and revert to previous configurations if needed.

Fortinet NSE 5 - FortiManager 7.6 Administrator FCP_FMG_AD-7.6 Exam Questions