Fortinet FCP_FMG_AD-7.4 FCP - FortiManager 7.4 Administrator Exam Practice Test

Based on the exhibit, the FortiManager administrator is setting up three ADOMs (Administrative Domains) that correspond to different departments (Financial, HR, and IT). Each ADOM has specificFortiGate devices or VDOMs (Virtual Domains) assigned to it, with different administrators managing the ADOMs.

Explanation of Options:

A. The FortiManager administrator must set the ADOM device mode to Advanced.

This istrue. In FortiManager, when there areVDOMs(Virtual Domains) involved, you must set the ADOM toAdvanced modeto manage VDOMs properly. The IT department ADOM includes different VDOMs from FortiGate 4 (VDOM 2 and VDOM 3), which means the ADOM mode must be inAdvancedto support managing VDOMs separately from other ADOMs.

B. Policies and objects databases can be shared between the Financial and HR ADOMs.

This isfalse. By default, ADOMs are separate, and policies and objects cannot be shared between them unless they are specifically designed to do so. The exhibit shows distinct ADOMs for each department, implying no direct sharing of policies and objects between Financial and HR ADOMs.

C. An administrator with the super user profile can access all the VDOMs.

This istrue. A FortiManager administrator with thesuper userprofile hasfull accessto all ADOMs and VDOMs, regardless of how access is restricted for individual administrators. In this case, an admin with the super user profile could access Financial, HR, and IT ADOMs, including all the VDOMs from FortiGate 4.

D. The administrator must configure FortiManager in workspace normal mode.

This isfalse. There is no requirement mentioned in the exhibit or scenario that mandates usingworkspace normal mode. Workspace mode is more related to how configuration changes are managed (locking, editing, etc.), but it doesn’t affect the creation or access control of ADOMs.

Conclusion:

Ais correct becauseAdvanced modeis necessary for managing VDOMs within ADOMs.

Cis correct because asuper usercan access all VDOMs and ADOMs without restrictions.

In the exhibit, the FortiManager CLI output displays the results of thetopcommand, which shows system processes, CPU usage, and memory (RAM) usage. We are specifically looking for the process responsible for downloading theweb and email filter databasesfrom the public FortiGuard servers. This process is typically handled by thefgdlinkdprocess.

Key information from the output:

Thefgdlinkdprocess is listed with aPID of 1463.

The%MEMcolumn shows that this process is using2.9%of the available RAM.

Evaluation of Options:

A. 2.9: This iscorrect. Thefgdlinkdprocess, which handles the web and email filter database downloads, is using2.9%of the available memory, as indicated in the%MEMcolumn.

B. 3.1: This is incorrect. The3.1%memory usage belongs to thefwmsvrdprocess, not the fgdlinkd process.

C. 1.5: This is incorrect. The1.5%memory usage belongs to thefclinkdprocess, not the fgdlinkd process.

D. 4.1: This is incorrect. The4.1%memory usage belongs to thefgdsvrprocess, not the fgdlinkd process.

Option B: 192.168.1.0/24is the correct answer. In FortiManager, when a firewall address object is defined and used across multiple policy packages without any Per-Device Mapping, the default value configured in the object definition (192.168.1.0/255.255.255.0) is applied to all devices. The exhibit shows that the address objectLOCAL_SUBNEThas a default IP/netmask of192.168.1.0/24. Therefore, FortiManager will use this default value for any FortiGate device that does not have a specific Per-Device Mapping configured.

Explanation of Incorrect Options:

Option A: FortiManager generates an error for each FortiGate without a per-device mapping defined for that objectis incorrect because FortiManager does not generate an error when a Per-Device Mapping is not set. Instead, it uses the default value provided in the object definition.

Option C: 192.168.1.0/28is incorrect because the default value is192.168.1.0/24, as seen in the exhibit, not/28.

Option D: FortiManager replaces the address object to noneis incorrect because FortiManager does not replace address objects to "none" when a Per-Device Mapping is missing; it uses the default value instead.

FortiManager References:

Refer to the FortiManager 7.4 Administration Guide, specifically in sections related to "Address Object Management" and "Per-Device Mapping," which detail the behavior of address objects without specific device mappings.

When operating in workspace mode on FortiManager 7.4, the administrator must understand how object references and deletions work:

Option C- "FortiManager will not allow the administrator to delete a referenced address object until they lock the ADOM":In workspace mode, all changes are managed within an Administrative Domain (ADOM) scope. When an object (like an address object) is referenced in a policy, FortiManager prevents its deletion to maintain configuration integrity. The ADOM must be locked by the administrator to make changes to any referenced objects. This locking mechanism ensures that no unintended deletions or changes occur that could disrupt the policies or configuration.

FortiManager Reference: "In workspace mode, changes to objects or policies require the ADOM to be locked. If an object is referenced, you must lock the ADOM before deleting or modifying the object." (FortiManager 7.4 Administration Guide, Section on Workspace Mode and ADOM Management)

Option D- "FortiManager will replace the deleted address object with the none address object in the referenced firewall policy":If the administrator attempts to delete an address object that is currently referenced by a firewall policy, FortiManager will replace the deleted object with the 'none' address object. This is done to maintain the policy structure and avoid policy corruption due to a missing reference. This behavior ensures that the firewall policy remains syntactically correct, even though the specific address object is no longer in use.

FortiManager Reference: "When a referenced object is deleted, FortiManager will replace it with a 'none' object in the policy. This behavior is to ensure the integrity and continuity of the policy configurations." (FortiManager 7.4 Administration Guide, Object Management and Policy Handling in Workspace Mode)

Option C: The administrator can reclaim the FortiGate to FortiManager protocol (FGFM) tunnel to get the device online.This is the correct answer. The exhibit shows a device in "Unknown" status, which indicates that the FortiManager cannot currently communicate with the device. Reclaiming the FGFM tunnel will help to restore connectivity by re-establishing the management tunnel between the FortiManager and the FortiGate.

Explanation of Incorrect Options:

Option A: The administrator must refresh the device to restore connectivityis incorrect because refreshing the device is unlikely to solve the connection issue when the status is "Unknown."

Option B: FortiManager lost internet connectivity, therefore, the device appears to be downis incorrect because FortiManager does not require internet connectivity to manage a FortiGate; it needs a direct connection to the device.

Option D: The administrator recently restored a FortiManager configuration fileis incorrect because the exhibit does not indicate a recent restoration of configuration.

FortiManager References:

Refer to "FortiManager Administration Guide" and the section on "Device Management and Connectivity" for more information about reclaiming FGFM tunnels.

The statement that is true about the policy lock feature on FortiManager is:

A. Policy locking is available in workspace normal mode.

In FortiManager, when working in "workspace-mode normal," policies can be locked by administrators to prevent other administrators from editing them simultaneously. This ensures that only one administrator makes changes at any given time, reducing conflicts or mistakes due to concurrent modifications.

Statements B, C, and D are incorrect because:

B is incorrect since locking a policy does not override a locked ADOM. The ADOM lock takes precedence.

C is incorrect because when a policy is locked, it does not necessarily mean the ADOM is locked.

D is incorrect because administrators in the approval group cannot work concurrently on a locked policy; the policy lock prevents concurrent modifications.

FortiManager References:

Refer to FortiManager 7.4 Administrator Guide: Policy and Objects > Policy Locking to understand how the policy lock feature functions in different workspace modes.

When push updates are failing on a FortiGate device behind a NAT device, the administrator should check:

A.That the override server IP address is set on FortiManager and the NAT device.

The override server IP should be configured to ensure that FortiManager uses the correct IP address that can traverse the NAT to reach the FortiGate device.

D.That the virtual IP address and correct ports are set on the NAT device.

The NAT device must have the correct virtual IP (VIP) configured to map the FortiGate's internal IP to an external address, along with the correct ports needed for communication.

Options B and C are incorrect because:

Bsuggests setting the external IP on the NAT device to DHCP, which is not relevant to solving the push update issue.

Cimplies configuring NAT device IP and ports on FortiManager, which is less likely needed compared to configuring the correct VIP and ports.

FortiManager References:

Refer to FortiManager 7.4 Administrator Guide: Device Management and NAT Configuration.

In the context of the FortiManager JSON API, thesetmethod is used tocreate new objectsoroverwrite existing ones. The API allows administrators to manage FortiManager and its associated devices by automating tasks like configuration changes, policy updates, and object creation.

Explanation of Options:

A. Set:

This istrue. Thesetmethod is used to create a new object if it does not exist or overwrite an existing object if it already exists. This method is frequently used in API requests to configure settings and apply changes on FortiManager.

B. Add:

This isfalse. Theaddmethod is used to add new objects without overwriting any existing ones. It is used when you want to create a new entry and ensure it doesn't conflict with or replace an existing object.

C. Exec:

This isfalse. Theexecmethod is used to execute specific actions or commands, rather than creating or modifying objects. This is typically used for actions like running scripts or executing operational commands on FortiManager or FortiGate.

D. Update:

This isfalse. While "update" might seem relevant, FortiManager's API does not specifically use an "update" method for modifying or creating objects. Thesetmethod serves that function by both creating new objects and overwriting existing ones.

The output indicates that:

The device's status is shown as "dev-db: modified" and "conf: in sync," which means that there is a difference between the device-level database on FortiManager and the actual running configuration of the managed FortiGate. Therefore, the latest revision history for the managed FortiGate does not match the device-level database, which confirms statement A as true.

"dm: retrieved" status indicates that configuration changes have been installed on the FortiGate, confirming statement B as true. It also means that the configuration has been modified, and those changes have been pulled from the FortiGate to the FortiManager.

Statements C and D are incorrect because:

C is incorrect as it implies an automatic update, whereas "dev-db: modified" indicates changes have been made on the FortiGate device that are not yet reflected in the FortiManager's database.

D is incorrect because "dev-db: modified" shows that the device-level database and running configuration are not in sync.

FortiManager References:

Refer to the FortiManager 7.4 Administrator Guide: Device Manager > Device Status to understand the "dev-db" and "conf" status meanings.

Two statements about Security Fabric integration with FortiManager that are true are:

A. The Fabric View module enables you to generate the Security Fabric ratings for Security Fabric devices.

The Fabric View module in FortiManager allows administrators to generate Security Fabric ratings, which assess the security posture of the entire Security Fabric environment.

C. The Fabric View module enables you to view the Security Fabric ratings for Security Fabric devices.

In addition to generating ratings, the Fabric View module provides visibility into the Security Fabric ratings for all connected devices, offering a consolidated view of security across the fabric.

Options B and D are incorrect because:

Bis misleading as the Security Fabric settings are generally configured and managed separately from other device-level settings.

Dis incorrect as there is no specific requirement for a Security Fabric license, group name, and password solely for FortiManager integration.

FortiManager References:

Refer to FortiManager 7.4 Security Fabric Integration Guide: Managing Security Fabric and Generating Security Fabric Ratings.