Practice Free FCP_FMG_AD-7.6 Exam Online Questions
An administrator must create a policy and install it on a FortiGate device within an ADOM in backup mode.
How can the administrator perform this task?
- A . Use the Install Wizard located on the device manager.
- B . Enable workflow mode to allow policy creation and approval.
- C . Make sure the ADOM and FortiGate firmware versions match and use the ADOM policy package.
- D . Use a FortiManager script to apply the configuration changes.
What is the best explanation of how FortiManager helps with mass provisioning?
- A . It upgrades the OS of each FortiGate device.
- B . It provides local FortiGuard Distribution Server (FDS) services to the network.
- C . It uses templates to configure the same settings on many devices simultaneously.
- D . It sends email alerts when new devices connect.
Company policy dictates that any time a change is made to a policy package on FortiManager an ADOM revision is created before the change installed, and that revision is held for a minimum of 90 days.
Over the past three months, each installed change has resulted in several unused policies and duplicate objects.
The FortiManager administrator plans to upgrade the FortiGate devices and then upgrade the FortiManager ADOM from version 7.4 to 7.6.
Which action can the administrator take to avoid slow ADOM upgrades?
- A . Check and repair the global configuration database before upgrading.
- B . Export firewall policies to Excel, delete them on the ADOM. then reimport them after upgrading the ADOM.
- C . Find unused firmware templates, then delete them before upgrading.
- D . Limit ADOM revisions before upgrading.
If one of the secondary FortiManager devices fails, which action must be performed to return the FortiManager HA manual mode to a working state?
- A . The FortiManager high availability HA state transition is transparent to administrators and does not require any reconfiguration.
- B . Run a sanity check on the failed device to make sure HA heartbeat packets are using TCP port 5199.
- C . Manually promote one of the working secondary devices to the primary role.
- D . Remove the peer IP of the failed device on the primary device.
What are two outcomes of ADOM revisions? Choose two answers.
- A . ADOM revisions can save the current state of the entire ADOM.
- B . ADOM revisions do not increase the size of configuration backups.
- C . ADOM revisions can save the current state of all policy packages and objects for an ADOM.
- D . ADOM revisions appear in the Install Policy and Package Settings section of the install wizard.
Refer to the exhibits.
What can you conclude, based on the configuration shown in the exhibit? Choose one answer
- A . The administrator needs to retrieve the Local-FortiGate configuration to sync with the Security Fabric group, Training.
- B . Policy sequence #1 will be installed on the internal segmentation firewall ISFW device root NAT and Trainer NAT VDOMs.
- C . Policy sequence #3 must have devices or VDOMs listed in the Install On column; otherwise, it will cause errors.
- D . The global policy package will be added to the top of the ISFW policy package.
What is the purpose of ADOM revisions?
- A . ADOM revisions find unused, duplicate, and unnecessary firewall policies and objects.
- B . ADOM revisions show specific changes in a policy package when it is installed.
- C . ADOM revisions compare previous snapshots of the Policy Package and ADOM-level objects with the device-level database.
- D . ADOM revisions save the current state of all policy packages and objects for an ADOM.
An administrator wants to configure and manage multiple objects in the FortiManager database and give access to other users who work in the same database.
To stay in control of the changes made to firewall policies by other team members, the administrator needs a setup where all modifications go through a central check before they can be installed.
How can the administrator create this setup?
- A . Enable the prompt asking the administrator to accept firewall policies changes before saving.
- B . Enable the workspace (for all ADOMs) to control all changes made by any administrator.
- C . Enable device lock and the advanced mode feature in the ADOM.
- D . Enable workflow mode and the ADOM lock feature.
A service provider administrator has assigned a global policy package to a managed customer ADOM named My_ADOM. The customer administrator has access only to My_ADOM.
How can the customer administrator edit the global header policy of the global policy package?
- A . The customer administrator can edit the header policy by using workspace mode on the global ADOM.
- B . The customer administrator can edit the header policy by using workflow mode on the global ADOM and My_ADOM.
- C . The service provider administrator can unlock the global policy from the global ADOM to authorize changes to the customer administrator.
- D . The customer administrator cannot edit the global header policy; only the service provider administrator can make changes from the global ADOM.
Refer to the exhibit.
Which two statements about the output are true? (Choose two.)
- A . The latest revision history for the managed FortiGate does not match the device-level database.
- B . Configuration changes have been installed on FortiGate, updating policy and device-level database.
- C . The latest revision history for the managed FortiGate does match the FortiManager policy database.
- D . The system template default will override device-level database configurations.