NEW QUESTION 1

What is the purpose of ADOM revisions?

• A. To create System Checkpoints for the FortiManager configuration.
• B. To save the current state of the whole ADOM.
• C. To save the current state of all policy packages and objects for an ADOM.
• D. To revert individual policy packages and device-level settings for a managed FortiGate by reverting to a specific ADOM revision

Answer: C

Explanation:
Fortimanager 6.4 Study guide page 198

NEW QUESTION 2

Refer to the exhibit.

Which two statements about an ADOM set in Normal mode on FortiManager are true? (Choose two.)

• A. It supports the FortiManager script feature
• B. It allows making configuration changes for managed devices on FortiManager panes
• C. FortiManager automatically installs the configuration difference in revisions on the managed FortiGate
• D. You cannot assign the same ADOM to multiple administrators

Answer: AB

Explanation:
"FortiGate units in the ADOM will query their own configuration every 5 seconds. If there has been a configuration change, the FortiGate unit will send a diff revision on the change to the FortiManager using the FGFM protocol."

NEW QUESTION 3

What will be the result of reverting to a previous revision version in the revision history?

• A. It will install configuration changes to managed device automatically
• B. It will tag the device settings status as Auto-Update
• C. It will generate a new version ID and remove all other revision history versions
• D. It will modify the device-level database

Answer: D

NEW QUESTION 4

An administrator has assigned a global policy package to a new ADOM called ADOM1. What will happen if the administrator tries to create a new policy package in ADOM1?

• A. When creating a new policy package, the administrator can select the option to assign the global policy package to the new policy package
• B. When a new policy package is created, the administrator needs to reapply the global policy package toADOM1.
• C. When a new policy package is created, the administrator must assign the global policy package from the global ADOM.
• D. When the new policy package is created, FortiManager automatically assigns the global policy package to the new policy package.

Answer: D

Explanation:
Reference:
https://help.fortinet.com/fmgr/50hlp/56/5-6-2/FortiManager_Admin_Guide/1200_Policy%20and%20Objects/08

NEW QUESTION 5

What are two outcomes of ADOM revisions? (Choose two.)

• A. ADOM revisions can significantly increase the size of the configuration backups.
• B. ADOM revisions can save the current size of the whole ADOM
• C. ADOM revisions can create System Checkpoints for the FortiManager configuration
• D. ADOM revisions can save the current state of all policy packages and objects for an ADOM

Answer: AD

Explanation:
Reference: https://docs2.fortinet.com/document/fortimanager/6.0.0/best-practices/101837/adom-revisions

NEW QUESTION 6

In the event that the primary FortiManager fails, which of the following actions must be performed to return the FortiManager HA to a working state?

• A. Secondary device with highest priority will automatically be promoted to the primary role, and manually reconfigure all other secondary devices to point to the new primary device
• B. Reboot one of the secondary devices to promote it automatically to the primary role, and reconfigure all other secondary devices to point to the new primary device.
• C. Manually promote one of the secondary devices to the primary role, and reconfigure all other secondarydevices to point to the new primary device.
• D. FortiManager HA state transition is transparent to administrators and does not require any reconfiguration.

Answer: C

Explanation:
FortiManager_6.4_Study_Guide-Online – page 346
FortiManager HA doesn’t support IP takeover where an HA state transition is transparent to administrators. If a failure of the primary occurs, the administrator must take corrective action to resolve the problem that may include invoking the state transition. If the primary device fails, the administrator must do the following in order to return the FortiManager HA to a working state:
* 1. Manually reconfigure one of the secondary devices to become the primary device
* 2. Reconfigure all other secondary devices to point to the new primary device

NEW QUESTION 7

Refer to the exhibit.

Which statement about the object named ALL is true?

• A. FortiManager updated the object ALL using the FortiGate value in its database.
• B. FortiManager installed the object ALL with the updated value.
• C. FortiManager created the object ALL as a unique entity in its database, which can be only used by this managed FortiGate.
• D. FortiManager updated the object ALL using the FortiManager value in its database.

Answer: A

NEW QUESTION 8

View the following exhibit:

How will FortiManager try to get updates for antivirus and IPS?

• A. From the list of configured override servers with ability to fall back to public FDN servers
• B. From the configured override server list only
• C. From the default server fdsl.fortinet.com
• D. From public FDNI server with highest index number only

Answer: A

Explanation:
Reference:
https://community.fortinet.com/t5/Fortinet-Forum/Clarification-of-FortiManager-s-quot-Server-Override-Mode

NEW QUESTION 9

When an installation is performed from FortiManager, what is the recovery logic used between FortiManager and FortiGate for an FGFM tunnel?

• A. After 15 minutes, FortiGate will unset all CLI commands that were part of the installation that caused the tunnel to go down.
• B. FortiManager will revert and install a previous configuration revision on the managed FortiGate.
• C. FortiGate will reject the CLI commands that will cause the tunnel to go down.
• D. FortiManager will not push the CLI commands as a part of the installation that will cause the tunnel to go down.

Answer: A

Explanation:
Reference:
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/067f5236-ca6d-11e9-8977-005056925 page 17

NEW QUESTION 10

An administrator run the reload failure command: diagnose test deploymanager reload config
<deviceid> on FortiManager. What does this command do?

• A. It downloads the latest configuration from the specified FortiGate and performs a reload operation on the device database.
• B. It installs the latest configuration on the specified FortiGate and update the revision history database.
• C. It compares and provides differences in configuration on FortiManager with the current running configuration of the specified FortiGate.
• D. It installs the provisioning template configuration on the specified FortiGate.

Answer: A

Explanation:
Reference:
https://community.fortinet.com/t5/FortiManager/Technical-Note-Retrieve-configuration-file-using-CLI-from-a/t

NEW QUESTION 11

View the following exhibit.

When using Install Config option to install configuration changes to managed FortiGate, which of the following statements are true? (Choose two.)

• A. Once initiated, the install process cannot be canceled and changes will be installed on the managed device
• B. Will not create new revision in the revision history
• C. Installs device-level changes to FortiGate without launching the Install Wizard
• D. Provides the option to preview configuration changes prior to installing them

Answer: AC

NEW QUESTION 12

An administrator wants to delete an address object that is currently referenced in a firewall policy. What can the administrator expect to happen?

• A. FortiManager will not allow the administrator to delete a referenced address object
• B. FortiManager will disable the status of the referenced firewall policy
• C. FortiManager will replace the deleted address object with the none address object in the referencedfirewall policy
• D. FortiManager will replace the deleted address object with all address object in the referenced firewall policy

Answer: C

Explanation:
Reference:
https://help.fortinet.com/fmgr/50hlp/56/5-6-2/FortiManager_Admin_Guide/1200_Policy%20and%20Objects/12

NEW QUESTION 13

What is the purpose of the Policy Check feature on FortiManager?

• A. To find and provide recommendation to combine multiple separate policy packages into one common policy package
• B. To find and merge duplicate policies in the policy package
• C. To find and provide recommendation for optimizing policies in a policy package
• D. To find and delete disabled firewall policies in the policy package

Answer: C

Explanation:
Reference:
https://help.fortinet.com/fmgr/50hlp/56/5-6-2/FortiManager_Admin_Guide/1200_Policy%20and%20Objects/08

NEW QUESTION 14

Refer to the exhibit.

An administrator has configured the command shown in the exhibit on FortiManager. A configuration change has been installed from FortiManager to the managed FortiGate that causes the FGFM tunnel to go down for more than 15 minutes.
What is the purpose of this command?

• A. It allows FortiGate to unset central management settings.
• B. It allows FortiGate to reboot and recover the previous configuration from its configuration file.
• C. It allows the FortiManager to revert and install a previous configuration revision on the managed FortiGate.
• D. It allows FortiGate to reboot and restore a previously working firmware image.

Answer: B

Explanation:
Reference:
https://docs.fortinet.com/document/fortimanager/6.2.0/fortigate-fortimanager-communicationsprotocol-guide/14

NEW QUESTION 15

An administrator’s PC crashes before the administrator can submit a workflow session for approval. After the PC is restarted, the administrator notices that the ADOM was locked from the session before the crash.
How can the administrator unlock the ADOM?

• A. Restore the configuration from a previous backup.
• B. Log in as Super_User in order to unlock the ADOM.
• C. Log in using the same administrator account to unlock the ADOM.
• D. Delete the previous admin session manually through the FortiManager GUI or CLI.

Answer: D

NEW QUESTION 16

An administrator has enabled Service Access on FortiManager.
What is the purpose of Service Access on the FortiManager interface?

• A. Allows FortiManager to download IPS packages
• B. Allows FortiManager to respond to request for FortiGuard services from FortiGate devices
• C. Allows FortiManager to run real-time debugs on the managed devices
• D. Allows FortiManager to automatically configure a default route

Answer: B

Explanation:
FortiManager 6.2 Study guide page 350

NEW QUESTION 17
......