Pass FCP_FMG_AD-7.4 Exam - Real Test Engine PDF with 37 Questions
Get New FCP_FMG_AD-7.4 Certification Practice Test Questions Exam Dumps
NEW QUESTION # 12
Which output is displayed right after moving the ISFW device from one ADOM to another?
- A.
- B.
- C.
- D.
Answer: D
NEW QUESTION # 13
An administrator wants to create a policy on an ADOM that is in backup mode and install it on a FortiGate device in the same ADOM. How can the administrator perform this task?
- A. The administrator must disable the FortiManager offline mode first.
- B. The administrator must use a FortiManager script.
- C. The administrator must use the Policy & Objects section to create a policy first.
- D. The administrator must change the ADOM mode to Advanced to bring the FortiManager online.
Answer: B
NEW QUESTION # 14
An administrator enabled workspace mode and now wants to delete an address object that is currently referenced in a firewall policy. Which two results can the administrator expect? (Choose two.)
- A. FortiManager will replace the deleted address object with the none address object in the referenced firewall policy.
- B. FortiManager will not allow the administrator to delete a referenced address object until they lock the ADOM.
- C. FortiManager will disable the status of the address object until the changes are installed.
- D. FortiManager will temporarily change the status of the referenced firewall policy to disabled.
Answer: A,B
Explanation:
When operating in workspace mode on FortiManager 7.4, the administrator must understand how object references and deletions work:
* Option C- "FortiManager will not allow the administrator to delete a referenced address object until they lock the ADOM":In workspace mode, all changes are managed within an Administrative Domain (ADOM) scope. When an object (like an address object) is referenced in a policy, FortiManager prevents its deletion to maintain configuration integrity. The ADOM must be locked by the administrator to make changes to any referenced objects. This locking mechanism ensures that no unintended deletions or changes occur that could disrupt the policies or configuration.
* FortiManager Reference: "In workspace mode, changes to objects or policies require the ADOM to be locked. If an object is referenced, you must lock the ADOM before deleting or modifying the object." (FortiManager 7.4 Administration Guide, Section on Workspace Mode and ADOM Management)
* Option D- "FortiManager will replace the deleted address object with the none address object in the referenced firewall policy":If the administrator attempts to delete an address object that is currently referenced by a firewall policy, FortiManager will replace the deleted object with the 'none' address object. This is done to maintain the policy structure and avoid policy corruption due to a missing reference. This behavior ensures that the firewall policy remains syntactically correct, even though the specific address object is no longer in use.
* FortiManager Reference: "When a referenced object is deleted, FortiManager will replace it with a 'none' object in the policy. This behavior is to ensure the integrity and continuity of the policy configurations." (FortiManager 7.4 Administration Guide, Object Management and Policy Handling in Workspace Mode)
NEW QUESTION # 15
What is the purpose of ADOM revisions?
- A. To revert individual policy packages and device-level settings for a managed FortiGate
- B. To save the FortiManager configuration in the System Checkpoints
- C. To save the current state of the whole ADOM
- D. To save the current state of all policy packages and objects for an ADOM
Answer: D
Explanation:
* Option B: To save the current state of all policy packages and objects for an ADOMis the correct answer. ADOM (Administrative Domain) revisions in FortiManager are used to create a snapshot of the current state of all policy packages and objects associated with an ADOM. This allows administrators to save a specific configuration state and revert to it if necessary. It helps in managing changes and recovering from configuration errors or unintended changes.
* Explanation of Incorrect Options:
* Option A: To save the current state of the whole ADOMis incorrect because ADOM revisions specifically save only the policy packages and object configurations, not the entire state of the ADOM, which may include logs, reports, and other non-policy data.
* Option C: To revert individual policy packages and device-level settings for a managed FortiGateis incorrect as ADOM revisions are not meant for reverting individual policy packages or device settings; they are designed to handle the entire set of policy packages and objects within an ADOM.
* Option D: To save the FortiManager configuration in the System Checkpointsis incorrect because ADOM revisions do not function as system checkpoints for FortiManager itself; they are specific to ADOM policy packages and objects.
FortiManager References:
* Refer to the FortiManager 7.4 Administration Guide, "ADOM Management" section, which describes the purpose and usage of ADOM revisions for configuration management and restoration.
NEW QUESTION # 16
Refer to the exhibit which shows the Download Import Report.
Why is FortiManager failing to import firewall policy ID 1?
- A. Policy ID 1 does not have the ADOM Interface mapping configured on FortiManager.
- B. Policy ID 1 for this managed FortiGate already exists on FortiManager in the policy package named Remote-FortlGate.
- C. Policy ID 1 is configured from the interface any to port6. FortiManager rejects the request to import this policy because the any interface does not exist on FortiManager
- D. Policy ID 1 has an address object that already exists in the ADOM database with any as the interface association, and conflicts with the address object interface association locally on FortiGate.
Answer: B
NEW QUESTION # 17
What is a characteristic of the FortiManager high availability (HA) feature?
- A. The primary unit synchronizes all configuration revision with the seconday units.
- B. When a secondary unit is removed, FortiManager updates the managed devices using TCP port 5199.
- C. All secondary units must be in the same network as the primary unit.
- D. Each cluster member must be upgraded manually, starting with the primary unit.
Answer: A
Explanation:
The characteristic of the FortiManager high availability (HA) feature is that the primary unit synchronizes all configuration revisions with the secondary units. This ensures that all devices in the HA cluster are up-to-date with the same configurations, providing redundancy and failover capabilities.
Options A, C, and D are incorrect because:
* Arefers to a specific port number (5199), but FortiManager does not specifically use TCP port 5199 to update managed devices when a secondary unit is removed.
* Cis incorrect as secondary units do not necessarily have to be in the same network as the primary unit; they just need to be able to communicate with each other.
* Dis incorrect because HA upgrades can be automated and do not require manual upgrading, starting with the primary unit.
FortiManager References:
* Refer to FortiManager 7.4 High Availability (HA) Guide: HA Synchronization and Configuration.
NEW QUESTION # 18
Which two items are included in the FortiManager backup? (Choose two.)
- A. Firmware images
- B. All devices
- C. Flash configuration
- D. FortiGuard database
Answer: B,C
Explanation:
FortiManager backups include:
* A. All devices- This includes all device configurations managed by FortiManager, such as firewall policies, objects, and other settings.
* D. Flash configuration- This consists of local FortiManager configurations stored in flash memory, such as system settings, scripts, and other locally-stored configurations.
Options B and C are incorrect because:
* B (Firmware images)are not typically included in a FortiManager backup. Firmware images are usually stored separately and managed through a different process.
* C (FortiGuard database)is incorrect as the FortiGuard database, which contains threat intelligence and security signatures, is not part of the standard FortiManager backup.
FortiManager References:
* Refer to FortiManager 7.4 Administrator Guide: Backup and Restore Processes.
NEW QUESTION # 19
Which two items does an FGFM keepalive message include? (Choose two.)
- A. FortiGate configuration checksum
- B. FortiGate license information
- C. FortiGate uptime
- D. FortiGate IPS version
Answer: A,D
NEW QUESTION # 20
Refer to the exhibit.
You are using the Quick Install option to install configuration changes on the managed FortiGate.
Which two statements correctly describe the result? (Choose two.)
- A. It installs device-level changes on the FortiGate device without launching the Install Wizard
- B. It provides the option to preview only the policy package changes before installing them.
- C. It installs provisioning template changes on the FortiGate device.
- D. It installs all the changes in the device database first and the administrator must reinstall the changes on the FortiGate device.
Answer: A,C
NEW QUESTION # 21
Which two items does an FGFM keepalive message include? (Choose two.)
- A. FortiGate configuration checksum
- B. FortiGate license information
- C. FortiGate IPS version
- D. FortiGate uptime
Answer: A,D
Explanation:
The FortiGate-FortiManager (FGFM) protocol is used for communication between a FortiGate device and FortiManager. Thekeepalive messagesare essential for maintaining communication and monitoring the health of the FortiGate devices connected to FortiManager. These messages provide important status information about the device.
Here are the items included in an FGFM keepalive message:
* A. FortiGate IPS version
* This isfalse. The IPS (Intrusion Prevention System) version is not included in the keepalive message. While IPS information can be part of other system syncs or monitoring processes, it is not part of the FGFM keepalive message.
* B. FortiGate license information
* This isfalse. The license information is not typically sent in the keepalive message. Licensing is checked and managed separately through other system operations and licensing checks.
* C. FortiGate configuration checksum
* This istrue. The configuration checksum is a critical part of the keepalive message, as it ensures that the configuration on the FortiGate matches the one managed by FortiManager. Any discrepancy would alert FortiManager to potential out-of-sync configurations.
* D. FortiGate uptime
* This istrue. The keepalive message includes the FortiGate's uptime, which allows FortiManager to track the health and stability of the connected FortiGate device.
NEW QUESTION # 22
What will be the result of reverting to a previous revision version in the revision history?
- A. It win install configuration changes to managed device automatically.
- B. It will tag the device settings status as Auto-Update.
- C. It will modify the device-level database.
- D. It will generate a new version ID and remove all other revision history versions.
Answer: C
NEW QUESTION # 23
Which statement about the upgrade of ADOMs on FortiManager is true?
- A. You cannot import policies from a device until its FortiOS version matches the ADOM version.
- B. To ensure database consistency, you must upgrade an ADOM before you upgrade the devices in it.
- C. Upgrading the FortiManager version upgrades all existing ADOMs automatically.
- D. ADOMs using global objects can be upgraded before or after upgrading the global database ADOM.
Answer: B
NEW QUESTION # 24
Refer to the exhibit.
An administrator has created a firewall address object that is used in multiple policy packages for multiple FortiGate devices in an ADOM.
After the installation operation is performed, which IP/netmask is shown on FortiManager for this firewall address object for devices without a Per-Device Mapping set?
- A. FortiManager generates an error for each FortiGate without a per-device mapping defined for that object.
- B. 192.168.1.0/28
- C. FortiManager replaces the address object to none.
- D. 192.168.1.0/24
Answer: B
NEW QUESTION # 25
An administrator hasenabled Service Access on FortiManager. What is the purpose of Service Access on the FortiManager interface?
- A. It allows administrative access to FortiManager.
- B. It allows third-party applications to gain read/write access to FortiManager.
- C. It allows FortiManager to respond to requests for FortiGuard services from FortiGate devices.
- D. It allows FortiManager to determine the connection status of managed devices.
Answer: C
NEW QUESTION # 26
Refer to the exhibit.
What percent of the available RAM is being used by the process in charge of downloading the web and email filter databases from the public FortiGuard servers?
- A. 4.1
- B. 3.1
- C. 2.9
- D. 1.5
Answer: C
Explanation:
In the exhibit, the FortiManager CLI output displays the results of thetopcommand, which shows system processes, CPU usage, and memory (RAM) usage. We are specifically looking for the process responsible for downloading theweb and email filter databasesfrom the public FortiGuard servers. This process is typically handled by thefgdlinkdprocess.
Key information from the output:
* Thefgdlinkdprocess is listed with aPID of 1463.
* The%MEMcolumn shows that this process is using2.9%of the available RAM.
Evaluation of Options:
* A. 2.9: This iscorrect. Thefgdlinkdprocess, which handles the web and email filter database downloads, is using2.9%of the available memory, as indicated in the%MEMcolumn.
* B. 3.1: This is incorrect. The3.1%memory usage belongs to thefwmsvrdprocess, not the fgdlinkd process.
* C. 1.5: This is incorrect. The1.5%memory usage belongs to thefclinkdprocess, not the fgdlinkd process.
* D. 4.1: This is incorrect. The4.1%memory usage belongs to thefgdsvrprocess, not the fgdlinkd process.
NEW QUESTION # 27
Refer to the exhibit.
Which two results occur if the script is run using the Device Database option? (Choose two.)
- A. The successful execution of a script on the Device Database creates a new revision history.
- B. You must install these changes on a managed device using the Install Wizard.
- C. The device Config Status is tagged as Modified.
- D. The script history shows successful installation of the script on the remote FortiGate device.
Answer: B,C
Explanation:
If the script is run using the "Device Database" option on FortiManager, the following occurs:
* A.You must install these changes on a managed device using the Install Wizard.
* Running the script on the Device Database updates only the configuration in the FortiManager's database, not on the actual FortiGate device. To apply the changes, you need to use the Install Wizard to push these configurations to the managed device.
* D.The device Config Status is tagged as Modified.
* After running the script on the Device Database, FortiManager tags the device's configuration status as "Modified," indicating that there are pending changes that have not yet been installed on the device.
Options B and C are incorrect because:
* Bsuggests a new revision history is created, but this only happens when changes are actually installed on the managed device.
* Cimplies the script is directly executed on the FortiGate, which is not the case when using the Device Database option.
FortiManager References:
* Refer to FortiManager 7.4 Administrator Guide: Scripting and Configuration Management.
NEW QUESTION # 28
What is the purpose of ADOM revisions?
- A. To revert individual policy packages and device-level settings for a managed FortiGate
- B. To save the FortiManager configuration in the System Checkpoints
- C. To save the current state of the whole ADOM
- D. To save the current state of all policy packages and objects for an ADOM
Answer: D
NEW QUESTION # 29
An administrator wants to create a policy on an ADOM that is in backup mode and install it on a FortiGate device in the same ADOM. How can the administrator perform this task?
- A. The administrator must disable the FortiManager offline mode first.
- B. The administrator must use a FortiManager script.
- C. The administrator must use the Policy & Objects section to create a policy first.
- D. The administrator must change the ADOM mode to Advanced to bring the FortiManager online.
Answer: B
Explanation:
To create and install a policy on a FortiGate device in an ADOM (Administrative Domain) that is in backup mode, the administrator must use a FortiManager script. This is because backup mode restricts direct configuration changes, and scripts can be used to push specific configuration changes without altering the ADOM mode.
Options A, C, and D are incorrect because:
* A requires the ADOM to be in normal or advanced mode to create policies directly in the Policy & Objects section.
* C suggests disabling offline mode, which is irrelevant to the backup mode configuration.
* D implies changing the ADOM mode, which is unnecessary if using a script to perform the task.
FortiManager References:
* Refer to FortiManager 7.4 Administrator Guide: Working with ADOMs and Using Scripts for managing policies in backup mode.
NEW QUESTION # 30
Exhibit.
Which two statements about the output are true? (Choose two.)
- A. Configuration changes have been installed on FortiGate, which means the FortiGate configuration has been changed.
- B. The latest revision history for the managed FortiGate does not match the device-level database.
- C. Configuration changes directly made on FortiGate have been automatically updated to the device-level database.
- D. The latest revision history for the managed FortiGate does match the FortiGate running configuration.
Answer: A,B
Explanation:
The output indicates that:
* The device's status is shown as "dev-db: modified" and "conf: in sync," which means that there is a difference between the device-level database on FortiManager and the actual running configuration of the managed FortiGate. Therefore, the latest revision history for the managed FortiGate does not match the device-level database, which confirms statement A as true.
* "dm: retrieved" status indicates that configuration changes have been installed on the FortiGate, confirming statement B as true. It also means that the configuration has been modified, and those changes have been pulled from the FortiGate to the FortiManager.
Statements C and D are incorrect because:
* C is incorrect as it implies an automatic update, whereas "dev-db: modified" indicates changes have been made on the FortiGate device that are not yet reflected in the FortiManager's database.
* D is incorrect because "dev-db: modified" shows that the device-level database and running configuration are not in sync.
FortiManager References:
* Refer to the FortiManager 7.4 Administrator Guide: Device Manager > Device Status to understand the
"dev-db" and "conf" status meanings.
NEW QUESTION # 31
An administrator has enabled Service Access on FortiManager. What is the purpose of Service Access on the FortiManager interface?
- A. It allows administrative access to FortiManager.
- B. It allows third-party applications to gain read/write access to FortiManager.
- C. It allows FortiManager to respond to requests for FortiGuard services from FortiGate devices.
- D. It allows FortiManager to determine the connection status of managed devices.
Answer: C
Explanation:
* Option B: It allows FortiManager to respond to requests for FortiGuard services from FortiGate devices.This is the correct answer. When Service Access is enabled on FortiManager, it allows FortiManager to act as a local FortiGuard server for the managed FortiGate devices. This enables the FortiManager to respond to requests for FortiGuard services, such as updates for antivirus, web filtering, and other security services.
Explanation of Incorrect Options:
* Option A: It allows administrative access to FortiManageris incorrect because Service Access is specifically for FortiGuard service communication, not for administrative access.
* Option C: It allows third-party applications to gain read/write access to FortiManageris incorrect because Service Access does not provide API or third-party access capabilities.
* Option D: It allows FortiManager to determine the connection status of managed devicesis incorrect because Service Access does not directly manage or check connectivity status of devices; it is used for FortiGuard service requests.
FortiManager References:
* Refer to the "FortiManager Administration Guide," particularly the sections on "Service Access Settings" and "FortiGuard Services."
NEW QUESTION # 32
Refer to the exhibit.
What percent of the available RAM is being used by the process in charge of downloading the web and email filter databases from the public FortiGuard servers?
- A. 4.1
- B. 3.1
- C. 2.9
- D. 1.5
Answer: C
NEW QUESTION # 33
Which two items are included in the FortiManager backup? (Choose two.)
- A. Firmware images
- B. All devices
- C. Flash configuration
- D. FortiGuard database
Answer: B,C
NEW QUESTION # 34
What will be the result of reverting to a previous revision version in the revision history?
- A. It win install configuration changes to managed device automatically.
- B. It will tag the device settings status as Auto-Update.
- C. It will modify the device-level database.
- D. It will generate a new version ID and remove all other revision history versions.
Answer: C
Explanation:
* Option C: It will modify the device-level database.This is correct. Reverting to a previous revision version in the revision history affects the device-level database by restoring it to the state saved in the selected revision. This ensures that any changes made after the selected revision are discarded, and the device configuration is returned to the earlier state.
Explanation of Incorrect Options:
* Option A: It will install configuration changes to managed devices automaticallyis incorrect because reverting a revision does not automatically push changes to the devices; it merely reverts the configuration on the FortiManager.
* Option B: It will tag the device settings status as Auto-Updateis incorrect because "Auto-Update" is not a status related to the revision history mechanism.
* Option D: It will generate a new version ID and remove all other revision history versionsis incorrect as reverting to a previous revision does not delete all other versions; it creates a new revision point for tracking.
FortiManager References:
* Refer to the "Revision Management" section in the FortiManager Administration Guide, which provides an overview of how revisions are managed and utilized for restoring configurations.
NEW QUESTION # 35
......
Fortinet FCP_FMG_AD-7.4 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
FCP_FMG_AD-7.4 Exam Dumps - PDF Questions and Testing Engine: https://testking.practicedump.com/FCP_FMG_AD-7.4-exam-questions.html