Pass Authentic Fortinet FCP_FMG_AD-7.4 with Free Practice Tests and Exam Dumps [Q13-Q35]

Pass Authentic Fortinet FCP_FMG_AD-7.4 with Free Practice Tests and Exam Dumps

New FCP_FMG_AD-7.4  Exam Questions Real Fortinet Dumps

Fortinet FCP_FMG_AD-7.4 Exam Syllabus Topics:

Topic	Details
Topic 1	Additional Configuration: This section measures the skills of Advanced Network Engineers and Security Consultants. It includes advanced configuration techniques and additional features in FortiManager.
Topic 2	Introduction and Initial Configuration: This section evaluates the capabilities of Network Security Administrators and Engineers. It addresses the foundational setup and basic configuration tasks for FortiManager.
Topic 3	Policies and Objects: This section measures the competencies of Security Policy Administrators and Network Analysts. It covers the creation, management, and implementation of policies and objects within FortiManager.
Topic 4	Administration and Management: This section assesses the abilities of System Administrators and Network Security Managers. It involves overseeing user accounts, administrative settings, and operational aspects within FortiManager.

 

NEW QUESTION # 13
An administrator created a new global policy package that includes header and footer policies and then assigned it to an ADOM. What are two outcomes of this action? (Choose two.)

• A. After you assign the global policy package to an ADOM. the impacted policy packages become hidden in that ADOM.
• B. To assign another global policy package later to the same ADOM. you must unassign this policy first.
• C. You can edit or delete all the global objects in the global ADOM.
• D. You must manually move the header and footer policies after the policy assignment.

Answer: B,C

Explanation:
* Option A: To assign another global policy package later to the same ADOM, you must unassign this policy first.This is correct. FortiManager does not allow multiple global policy packages to be assigned to a single ADOM simultaneously. If you want to assign a different global policy package, the existing one must be unassigned first.
* Option C: You can edit or delete all the global objects in the global ADOM.This is correct. Once a global policy package is assigned, you have the flexibility to edit or delete global objects in the global ADOM, affecting all ADOMs to which this package is assigned.
Explanation of Incorrect Options:
* Option B: After you assign the global policy package to an ADOM, the impacted policy packages become hidden in that ADOMis incorrect because the policy packages do not become hidden; they are modified according to the global policies.
* Option D: You must manually move the header and footer policies after the policy assignmentis incorrect because header and footer policies are automatically applied when assigned.
FortiManager References:
* See the "Global Policy and ADOM Management" section in the FortiManager Administration Guide.

NEW QUESTION # 14
An administrator created a new global policy package that includes header and footer policies and then assigned it to an ADOM. What are two outcomes of this action? (Choose two.)

• A. After you assign the global policy package to an ADOM. the impacted policy packages become hidden in that ADOM.
• B. To assign another global policy package later to the same ADOM. you must unassign this policy first.
• C. You can edit or delete all the global objects in the global ADOM.
• D. You must manually move the header and footer policies after the policy assignment.

Answer: B,C

NEW QUESTION # 15
Refer to the exhibit.

An administrator is about to add the FortiGate device to FortiManager using the discovery process.
FortiManager is operating behind a NAT device, and the administrator configured the FortiManager NATed IP address under the FortiManager system administration settings.
What is the expected result?

• A. During discovery. FortiManager sets the NATed device IP address on FortiGate.
• B. During discovery, FortiManager sets the FortiManager NATed IP address on FortiGate.
• C. During discovery. FortiManager uses only the FortiGate serial number to establish the connection.
• D. During discovery, FortiManager sets both the FortiManager NATed IP address and NAT device IP address on FortiGate.

Answer: B

Explanation:
When adding a FortiGate device to FortiManager that is operating behind a NAT device, and the FortiManager NATed IP address is configured under the system administration settings, FortiManager will set the FortiManager NATed IP address on the FortiGate device during the discovery process. This ensures that the FortiGate knows how to reach the FortiManager through the NAT device.
Options A, B, and C are incorrect because:
* Ais incorrect because the discovery process also requires knowing the NATed IP to establish a connection, not just the serial number.
* Bis incorrect because FortiManager does not set the NAT device's IP address on the FortiGate.
* Cis incorrect because it implies that the NAT device IP is set on FortiGate, which is not the expected outcome.
FortiManager References:
* Refer to FortiManager 7.4 Administrator Guide: Device Discovery and Management with NAT.

NEW QUESTION # 16
Which statement about the upgrade of ADOMs on FortiManager is true?

• A. To ensure database consistency, you must upgrade an ADOM before you upgrade the devices in it.
• B. Upgrading the FortiManager version upgrades all existing ADOMs automatically.
• C. ADOMs using global objects can be upgraded before or after upgrading the global database ADOM.
• D. You cannot import policies from a device until its FortiOS version matches the ADOM version.

Answer: A

NEW QUESTION # 17
Which output is displayed right after moving the ISFW device from one ADOM to another?

• A.
• B.
• C.
• D.

Answer: B

NEW QUESTION # 18
An administrator wants to create a policy on an ADOM that is in backup mode and install it on a FortiGate device in the same ADOM. How can the administrator perform this task?

• A. The administrator must disable the FortiManager offline mode first.
• B. The administrator must use the Policy & Objects section to create a policy first.
• C. The administrator must change the ADOM mode to Advanced to bring the FortiManager online.
• D. The administrator must use a FortiManager script.

Answer: D

Explanation:
To create and install a policy on a FortiGate device in an ADOM (Administrative Domain) that is in backup mode, the administrator must use a FortiManager script. This is because backup mode restricts direct configuration changes, and scripts can be used to push specific configuration changes without altering the ADOM mode.
Options A, C, and D are incorrect because:
* A requires the ADOM to be in normal or advanced mode to create policies directly in the Policy & Objects section.
* C suggests disabling offline mode, which is irrelevant to the backup mode configuration.
* D implies changing the ADOM mode, which is unnecessary if using a script to perform the task.
FortiManager References:
* Refer to FortiManager 7.4 Administrator Guide: Working with ADOMs and Using Scripts for managing policies in backup mode.

NEW QUESTION # 19
Exhibit.

Given the configuration shown in the exhibit, what are two results from this configuration? {Choose two.)

• A. The same administrator can lock more than one ADOM at the same time.
• B. Concurrent read-write access to an ADOM is disabled.
• C. Two or more administrators can make configuration changes at the same time, in the same ADOM.
• D. You can validate administrator login attempts through external servers.

Answer: A,B

NEW QUESTION # 20
Which two statements about Security Fabric integration with FortiManager are true? (Choose two.)

• A. The Fabric View module enables you to view the Security Fabric ratings for Security Fabric devices.
• B. The Fabric View module enables you to generate the Security Fabric ratings for Security Fabric devices.
• C. The Security Fabric license, group name, and password are required for the FortiManager Security Fabric integration.
• D. The Security Fabric settings are part of the device-level settings.

Answer: A,B

Explanation:
Two statements about Security Fabric integration with FortiManager that are true are:
* A. The Fabric View module enables you to generate the Security Fabric ratings for Security Fabric devices.
* The Fabric View module in FortiManager allows administrators to generate Security Fabric ratings, which assess the security posture of the entire Security Fabric environment.
* C. The Fabric View module enables you to view the Security Fabric ratings for Security Fabric devices.
* In addition to generating ratings, the Fabric View module provides visibility into the Security Fabric ratings for all connected devices, offering a consolidated view of security across the fabric.
Options B and D are incorrect because:
* Bis misleading as the Security Fabric settings are generally configured and managed separately from other device-level settings.
* Dis incorrect as there is no specific requirement for a Security Fabric license, group name, and password solely for FortiManager integration.
FortiManager References:
* Refer to FortiManager 7.4 Security Fabric Integration Guide: Managing Security Fabric and Generating Security Fabric Ratings.

NEW QUESTION # 21
What will be the result of reverting to a previous revision version in the revision history?

• A. It will tag the device settings status as Auto-Update.
• B. It will modify the device-level database.
• C. It win install configuration changes to managed device automatically.
• D. It will generate a new version ID and remove all other revision history versions.

Answer: B

Explanation:
* Option C: It will modify the device-level database.This is correct. Reverting to a previous revision version in the revision history affects the device-level database by restoring it to the state saved in the selected revision. This ensures that any changes made after the selected revision are discarded, and the device configuration is returned to the earlier state.
Explanation of Incorrect Options:
* Option A: It will install configuration changes to managed devices automaticallyis incorrect because reverting a revision does not automatically push changes to the devices; it merely reverts the configuration on the FortiManager.
* Option B: It will tag the device settings status as Auto-Updateis incorrect because "Auto-Update" is not a status related to the revision history mechanism.
* Option D: It will generate a new version ID and remove all other revision history versionsis incorrect as reverting to a previous revision does not delete all other versions; it creates a new revision point for tracking.
FortiManager References:
* Refer to the "Revision Management" section in the FortiManager Administration Guide, which provides an overview of how revisions are managed and utilized for restoring configurations.

NEW QUESTION # 22
Which configuration setting for FortiGate is part o an ADOM-level database on FortiManager?

• A. Security profiles
• B. Routing
• C. SNMP
• D. NSX-T Service Template

Answer: B

Explanation:
* Option B: Routingis the correct answer. The ADOM-level database in FortiManager stores configuration settings such as routing, firewall policies, and objects that are shared across multiple devices in the ADOM.
Explanation of Incorrect Options:
* Option A: NSX-T Service Templateis incorrect as it is not a FortiGate-specific setting managed at the ADOM level.
* Option C: SNMPis incorrect because SNMP settings are typically managed on a per-device basis.
* Option D: Security profilesis incorrect because security profiles are generally device-level configurations, not ADOM-level.
FortiManager References:
* Refer to "FortiManager Administration Guide" for further details on ADOM-level and device-level configurations.

NEW QUESTION # 23
An administrator enabled workspace mode and now wants to delete an address object that is currently referenced in a firewall policy. Which two results can the administrator expect? (Choose two.)

• A. FortiManager will replace the deleted address object with the none address object in the referenced firewall policy.
• B. FortiManager will not allow the administrator to delete a referenced address object until they lock the ADOM.
• C. FortiManager will temporarily change the status of the referenced firewall policy to disabled.
• D. FortiManager will disable the status of the address object until the changes are installed.

Answer: A,B

Explanation:
When operating in workspace mode on FortiManager 7.4, the administrator must understand how object references and deletions work:
* Option C- "FortiManager will not allow the administrator to delete a referenced address object until they lock the ADOM":In workspace mode, all changes are managed within an Administrative Domain (ADOM) scope. When an object (like an address object) is referenced in a policy, FortiManager prevents its deletion to maintain configuration integrity. The ADOM must be locked by the administrator to make changes to any referenced objects. This locking mechanism ensures that no unintended deletions or changes occur that could disrupt the policies or configuration.
* FortiManager Reference: "In workspace mode, changes to objects or policies require the ADOM to be locked. If an object is referenced, you must lock the ADOM before deleting or modifying the object." (FortiManager 7.4 Administration Guide, Section on Workspace Mode and ADOM Management)
* Option D- "FortiManager will replace the deleted address object with the none address object in the referenced firewall policy":If the administrator attempts to delete an address object that is currently referenced by a firewall policy, FortiManager will replace the deleted object with the 'none' address object. This is done to maintain the policy structure and avoid policy corruption due to a missing reference. This behavior ensures that the firewall policy remains syntactically correct, even though the specific address object is no longer in use.
* FortiManager Reference: "When a referenced object is deleted, FortiManager will replace it with a 'none' object in the policy. This behavior is to ensure the integrity and continuity of the policy configurations." (FortiManager 7.4 Administration Guide, Object Management and Policy Handling in Workspace Mode)

NEW QUESTION # 24
Exhibit.

Which two statements about the output are true? (Choose two.)

• A. Configuration changes have been installed on FortiGate, which means the FortiGate configuration has been changed.
• B. The latest revision history for the managed FortiGate does not match the device-level database.
• C. Configuration changes directly made on FortiGate have been automatically updated to the device-level database.
• D. The latest revision history for the managed FortiGate does match the FortiGate running configuration.

Answer: A,B

Explanation:
The output indicates that:
* The device's status is shown as "dev-db: modified" and "conf: in sync," which means that there is a difference between the device-level database on FortiManager and the actual running configuration of the managed FortiGate. Therefore, the latest revision history for the managed FortiGate does not match the device-level database, which confirms statement A as true.
* "dm: retrieved" status indicates that configuration changes have been installed on the FortiGate, confirming statement B as true. It also means that the configuration has been modified, and those changes have been pulled from the FortiGate to the FortiManager.
Statements C and D are incorrect because:
* C is incorrect as it implies an automatic update, whereas "dev-db: modified" indicates changes have been made on the FortiGate device that are not yet reflected in the FortiManager's database.
* D is incorrect because "dev-db: modified" shows that the device-level database and running configuration are not in sync.
FortiManager References:
* Refer to the FortiManager 7.4 Administrator Guide: Device Manager > Device Status to understand the
"dev-db" and "conf" status meanings.

NEW QUESTION # 25
Refer to the exhibit.
What percent of the available RAM is being used by the process in charge of downloading the web and email filter databases from the public FortiGuard servers?

• A. 4.1
• B. 3.1
• C. 2.9
• D. 1.5

Answer: C

NEW QUESTION # 26
What is the purpose of ADOM revisions?

• A. To revert individual policy packages and device-level settings for a managed FortiGate
• B. To save the current state of the whole ADOM
• C. To save the FortiManager configuration in the System Checkpoints
• D. To save the current state of all policy packages and objects for an ADOM

Answer: D

NEW QUESTION # 27
Push updates are failing on a FortiGate device that is located behind a NAT device. Which two settings should the administrator check? (Choose two.)

• A. That the NAT device IP address and correct ports are configured on FortiManager
• B. That the external IP address on the NAT device is set to DHCP and configured with the virtual IP
• C. That the override server IP address is set on FortiManager and the NAT device
• D. That the virtual IP address and correct ports are set on the NAT device

Answer: C,D

Explanation:
When push updates are failing on a FortiGate device behind a NAT device, the administrator should check:
* A.That the override server IP address is set on FortiManager and the NAT device.
* The override server IP should be configured to ensure that FortiManager uses the correct IP address that can traverse the NAT to reach the FortiGate device.
* D.That the virtual IP address and correct ports are set on the NAT device.
* The NAT device must have the correct virtual IP (VIP) configured to map the FortiGate's internal IP to an external address, along with the correct ports needed for communication.
Options B and C are incorrect because:
* Bsuggests setting the external IP on the NAT device to DHCP, which is not relevant to solving the push update issue.
* Cimplies configuring NAT device IP and ports on FortiManager, which is less likely needed compared to configuring the correct VIP and ports.
FortiManager References:
* Refer to FortiManager 7.4 Administrator Guide: Device Management and NAT Configuration.

NEW QUESTION # 28
An administrator configures a new OSPF area on FortiManager and has not yet pushed the changes to the managed FortiGate device. In which database will the configuration be saved?

• A. ADOM-level database
• B. Revision history database
• C. Device-level database
• D. Configuration-level database

Answer: C

NEW QUESTION # 29
An administrator has assigned a global policy package to custom ADOM1. Then the administrator creates a new policy package. Fortinet. in the custom ADOM1. What happens to the Fortinet policy package when it is created?

• A. You can select the option to assign the global policies.
• B. You must reapply the global policy package to ADOM1.
• C. The global policy package is automatically assigned.
• D. You must assign the global policy package from the global ADOM.

Answer: C

NEW QUESTION # 30
What is the purpose of ADOM revisions?

• A. To revert individual policy packages and device-level settings for a managed FortiGate
• B. To save the current state of the whole ADOM
• C. To save the FortiManager configuration in the System Checkpoints
• D. To save the current state of all policy packages and objects for an ADOM

Answer: D

Explanation:
* Option B: To save the current state of all policy packages and objects for an ADOMis the correct answer. ADOM (Administrative Domain) revisions in FortiManager are used to create a snapshot of the current state of all policy packages and objects associated with an ADOM. This allows administrators to save a specific configuration state and revert to it if necessary. It helps in managing changes and recovering from configuration errors or unintended changes.
* Explanation of Incorrect Options:
* Option A: To save the current state of the whole ADOMis incorrect because ADOM revisions specifically save only the policy packages and object configurations, not the entire state of the ADOM, which may include logs, reports, and other non-policy data.
* Option C: To revert individual policy packages and device-level settings for a managed FortiGateis incorrect as ADOM revisions are not meant for reverting individual policy packages or device settings; they are designed to handle the entire set of policy packages and objects within an ADOM.
* Option D: To save the FortiManager configuration in the System Checkpointsis incorrect because ADOM revisions do not function as system checkpoints for FortiManager itself; they are specific to ADOM policy packages and objects.
FortiManager References:
* Refer to the FortiManager 7.4 Administration Guide, "ADOM Management" section, which describes the purpose and usage of ADOM revisions for configuration management and restoration.

NEW QUESTION # 31
Refer to the exhibit.

Which two results occur if the script is run using the Device Database option? (Choose two.)

• A. The device Config Status is tagged as Modified.
• B. The script history shows successful installation of the script on the remote FortiGate device.
• C. The successful execution of a script on the Device Database creates a new revision history.
• D. You must install these changes on a managed device using the Install Wizard.

Answer: A,D

Explanation:
If the script is run using the "Device Database" option on FortiManager, the following occurs:
* A.You must install these changes on a managed device using the Install Wizard.
* Running the script on the Device Database updates only the configuration in the FortiManager's database, not on the actual FortiGate device. To apply the changes, you need to use the Install Wizard to push these configurations to the managed device.
* D.The device Config Status is tagged as Modified.
* After running the script on the Device Database, FortiManager tags the device's configuration status as "Modified," indicating that there are pending changes that have not yet been installed on the device.
Options B and C are incorrect because:
* Bsuggests a new revision history is created, but this only happens when changes are actually installed on the managed device.
* Cimplies the script is directly executed on the FortiGate, which is not the case when using the Device Database option.
FortiManager References:
* Refer to FortiManager 7.4 Administrator Guide: Scripting and Configuration Management.

NEW QUESTION # 32
What is a characteristic of the FortiManager high availability (HA) feature?

• A. When a secondary unit is removed, FortiManager updates the managed devices using TCP port 5199.
• B. Each cluster member must be upgraded manually, starting with the primary unit.
• C. The primary unit synchronizes all configuration revision with the seconday units.
• D. All secondary units must be in the same network as the primary unit.

Answer: C

Explanation:
The characteristic of the FortiManager high availability (HA) feature is that the primary unit synchronizes all configuration revisions with the secondary units. This ensures that all devices in the HA cluster are up-to-date with the same configurations, providing redundancy and failover capabilities.
Options A, C, and D are incorrect because:
* Arefers to a specific port number (5199), but FortiManager does not specifically use TCP port 5199 to update managed devices when a secondary unit is removed.
* Cis incorrect as secondary units do not necessarily have to be in the same network as the primary unit; they just need to be able to communicate with each other.
* Dis incorrect because HA upgrades can be automated and do not require manual upgrading, starting with the primary unit.
FortiManager References:
* Refer to FortiManager 7.4 High Availability (HA) Guide: HA Synchronization and Configuration.

NEW QUESTION # 33
Refer to the exhibit which shows the Download Import Report.

Why is FortiManager failing to import firewall policy ID 1?

• A. Policy ID 1 does not have the ADOM Interface mapping configured on FortiManager.
• B. Policy ID 1 for this managed FortiGate already exists on FortiManager in the policy package named Remote-FortlGate.
• C. Policy ID 1 is configured from the interface any to port6. FortiManager rejects the request to import this policy because the any interface does not exist on FortiManager
• D. Policy ID 1 has an address object that already exists in the ADOM database with any as the interface association, and conflicts with the address object interface association locally on FortiGate.

Answer: B

NEW QUESTION # 34
An administrator configures a new OSPF area on FortiManager and has not yet pushed the changes to the managed FortiGate device. In which database will the configuration be saved?

• A. ADOM-level database
• B. Revision history database
• C. Device-level database
• D. Configuration-level database

Answer: C

Explanation:
When an administrator configures a new OSPF area on FortiManager but has not yet pushed the changes to the managed FortiGate device, the configuration is saved in theDevice-level database.
Explanation of Options:
* A. Device-level database:
* This istrue. When changes are made to a device's configuration on FortiManager, they are saved in theDevice-level database. This database stores the configuration for individual managed devices. The configuration changes remain here until they are pushed to the actual FortiGate device.
* B. ADOM-level database:
* This isfalse. The ADOM-level database holds configurations related to the entire ADOM (Administrative Domain), such as global settings that apply to all devices within the ADOM, rather than configurations specific to individual devices.
* C. Configuration-level database:
* This isfalse. The term "Configuration-level database" is not typically used in FortiManager terminology. Changes are stored in the device-level database and are applied when pushed to the FortiGate.
* D. Revision history database:
* This isfalse. The revision history database keeps track of previous versions of configurations after they have been pushed to the FortiGate device. It does not store unsaved or pending configurations that have not yet been applied to the device.

NEW QUESTION # 35
......

FCP_FMG_AD-7.4 Exam Info and Free Practice Test Professional Quiz Study Materials: https://realpdf.pass4suresvce.com/FCP_FMG_AD-7.4-pass4sure-vce-dumps.html