The Secret Of Fortinet NSE5_FMG-6.4 Testing Engine

NEW QUESTION 1

Which two statements regarding device management on FortiManager are true? (Choose two.)

• A. FortiGate devices in HA cluster devices are counted as a single device.
• B. FortiGate in transparent mode configurations are not counted toward the device count on FortiManager.
• C. FortiGate devices in an HA cluster that has five VDOMs are counted as five separate devices.
• D. The maximum number of managed devices for each ADOM is 500.

Answer: AC

NEW QUESTION 2

What are two outcomes of ADOM revisions? (Choose two.)

• A. ADOM revisions can significantly increase the size of the configuration backups.
• B. ADOM revisions can save the current size of the whole ADOM
• C. ADOM revisions can create System Checkpoints for the FortiManager configuration
• D. ADOM revisions can save the current state of all policy packages and objects for an ADOM

Answer: AD

Explanation:
Reference: https://docs2.fortinet.com/document/fortimanager/6.0.0/best-practices/101837/adom-revisions

NEW QUESTION 3

An administrator would like to create an SD-WAN default static route for a newly created SD-WAN using the FortiManager GUI. Both port1 and port2 are part of the SD-WAN member interfaces.
Which interface must the administrator select in the static route device drop-down list?

• A. port2
• B. virtual-wan-link
• C. port1
• D. auto-discovery

Answer: B

NEW QUESTION 4

What is the purpose of the Policy Check feature on FortiManager?

• A. To find and provide recommendation to combine multiple separate policy packages into one common policy package
• B. To find and merge duplicate policies in the policy package
• C. To find and provide recommendation for optimizing policies in a policy package
• D. To find and delete disabled firewall policies in the policy package

Answer: C

Explanation:
Reference:
https://help.fortinet.com/fmgr/50hlp/56/5-6-2/FortiManager_Admin_Guide/1200_Policy%20and%20Objects/08

NEW QUESTION 5

View the following exhibit.

If both FortiManager and FortiGate are behind the NAT devices, what are the two expected results? (Choose two.)

• A. FortiGate is discovered by FortiManager through the FortiGate NATed IP address.
• B. FortiGate can announce itself to FortiManager only if the FortiManager IP address is configured on FortiGate under central management.
• C. During discovery, the FortiManager NATed IP address is not set by default on FortiGate.
• D. If the FCFM tunnel is torn down, FortiManager will try to re-establish the FGFM tunnel.

Answer: AC

Explanation:
Fortimanager can discover FortiGate through a NATed FortiGate IP address. If a FortiManager NATed IP address is configured on FortiGate, then FortiGate can announce itself to FortiManager. FortiManager will not attempt to re-establish the FGFM tunnel to the FortiGate NATed IP address, if the FGFM tunnel is interrupted. Just like it was in the NATed FortiManager scenario, the FortiManager NATed IP address in this scenario is not configured under FortiGate central management configuration.

NEW QUESTION 6

What does the diagnose dvm check-integrity command do? (Choose two.)

• A. Internally upgrades existing ADOMs to the same ADON version in order to clean up and correct the ADOM syntax
• B. Verifies and corrects unregistered, registered, and deleted device states
• C. Verifies and corrects database schemas in all object tables
• D. Verifies and corrects duplicate VDOM entries

Answer: BD

Explanation:
* 6.2 Study Guide page 305verify and correct parts of the device manager databases, including:– inconsistent device-to-group and group-to-ADOM memberships– unregistered, registered, and deleted
device states– device lock statuses– duplicate VDOM entries

NEW QUESTION 7

What does a policy package status of Modified indicate?

• A. FortiManager is unable to determine the policy package status
• B. The policy package was never imported after a device was registered on FortiManager
• C. The Policy configuration has been changed on a managed device and changes have not yet been imported into FortiManager
• D. The Policy package configuration has been changed on FortiManager and changes have not yet been installed on the managed device.

Answer: D

Explanation:
Reference:
http://help.fortinet.com/fmgr/50hlp/56/5-6-1/FortiManager_Admin_Guide/1200_Policy%20and%20Objects/080

NEW QUESTION 8

Refer to the following exhibit:

Which of the following statements are true based on this configuration? (Choose two.)

• A. The same administrator can lock more than one ADOM at the same time
• B. Ungraceful closed sessions will keep the ADOM in a locked state until the administrator session times out
• C. Unlocking an ADOM will submit configuration changes automatically to the approval administrator
• D. Unlocking an ADOM will install configuration automatically on managed devices

Answer: AB

Explanation:
Reference: http://help.fortinet.com/fmgr/cli/5-6-2/Document/0800_AD0Ms/200_Configuring+.htm

NEW QUESTION 9

Which two items are included in the FortiManager backup? (Choose two.)

• A. FortiGuard database
• B. Global database
• C. Logs
• D. All devices

Answer: BD

Explanation:
Reference: https://kb.fortinet.com/kb/viewContent.do?externalId=FD34549

NEW QUESTION 10

What will happen if FortiAnalyzer features are enabled on FortiManager?

• A. FortiManager will reboot
• B. FortiManager will send the logging configuration to the managed devices so the managed devices will start sending logs to FortiManager
• C. FortiManager will enable ADOMs automatically to collect logs from non-FortiGate devices
• D. FortiManager can be used only as a logging device.

Answer: A

Explanation:
Reference:
https://help.fortinet.com/fmgr/50hlp/56/5-6-1/FortiManager_Admin_Guide/1800_FAZ%20Features/0200_Enab

NEW QUESTION 11

Refer to the exhibit.

An administrator has created a firewall address object, Training which is used in the Local-FortiGate policy package.
When the installation operation is performed, which IP/Netmask will be installed on the Local-FortiGate, for the Training firewall address object?

• A. 192.168.0.1/24
• B. 10.200.1.0/24
• C. It will create a firewall address group on Local-FortiGate with 192.168.0.1/24 and 10.0.1.0/24 object values.
• D. Local-FortiGate will automatically choose an IP/Netmask based on its network interface settings.

Answer: B

Explanation:
FortiManager_6.4_Study_Guide-Online – page 209
In the example, the dynamic address object LocalLan refers to the internal network address of the managed firewalls. The object has a default value of 192.168.1.0/24. The mapping rules are defined per device. For Remote-FortiGate, the address object LocalLan referes to 10.10.11.0/24. The devices in the ADOM that do not have dynamic mapping for LocalLan have a default value of 192.168.1.0/2.

NEW QUESTION 12

View the following exhibit.

When using Install Config option to install configuration changes to managed FortiGate, which of the following statements are true? (Choose two.)

• A. Once initiated, the install process cannot be canceled and changes will be installed on the managed device
• B. Will not create new revision in the revision history
• C. Installs device-level changes to FortiGate without launching the Install Wizard
• D. Provides the option to preview configuration changes prior to installing them

Answer: AC

NEW QUESTION 13

Which configuration setting for FortiGate is part of a device-level database on FortiManager?

• A. VIP and IP Pools
• B. Firewall policies
• C. Security profiles
• D. Routing

Answer: D

Explanation:
The FortiManager stores the FortiGate configuration details in two distinct databases. The device-level database includes configuration details related to device-level settings, such as interfaces, DNS, routing, and more. The ADOM-level database includes configuration details related to firewall policies, objects, and security profiles.

NEW QUESTION 14

Refer to the exhibit.

Which two statements ab? (Choose two.)

• A. The latest revision history for the managed FortiGate does match with the FortiGate running configuration
• B. Configuration changes have been installed to FortiGate and represents FortiGate configuration has been changed
• C. The latest history for the managed FortiGate does not match with the device-level database
• D. Configuration changes directly made on the FortiGate have been automatically updated to device-level database

Answer: AC

Explanation:
STATUS: dev-db: modified; conf: in sync; cond: pending; dm: retrieved; conn: up– dev-db: modified – This is the device setting status which indicates that configuration changes were made on FortiManager.
– conf: in sync – This is the sync status which shows that the latest revision history is in sync with Fortigate’s configuration.– cond: pending – This is the configuration status which says that configuration changes need to be installed.
Most probably a retrieve was done in the past (dm: retrieved) updating the revision history DB (conf: in sync) and FortiManager device level DB, now there is a new modification on FortiManager device level DB (dev-db: modified) which wasn’t installed to FortiGate (cond: pending), hence; revision history DB is not aware of that modification and doesn’t match device DB.
Conclusion:– Revision DB does match FortiGate.– No changes were installed to FortiGate yet.– Device DB doesn’t match Revision DB.– No changes were done on FortiGate (auto-update) but configuration was retrieved instead
After an Auto-Update or Retrieve:device database = latest revision = FGT
Then after a manual change on FMG end (but no install yet):latest revision = FGT (still) but now device database has been modified (is different).
After reverting to a previous revision in revision history:device database = reverted revision != FGT

NEW QUESTION 15

View the following exhibit:

How will FortiManager try to get updates for antivirus and IPS?

• A. From the list of configured override servers with ability to fall back to public FDN servers
• B. From the configured override server list only
• C. From the default server fdsl.fortinet.com
• D. From public FDNI server with highest index number only

Answer: A

Explanation:
Reference:
https://community.fortinet.com/t5/Fortinet-Forum/Clarification-of-FortiManager-s-quot-Server-Override-Mode

NEW QUESTION 16

View the following exhibit, which shows the Download Import Report:

Why it is failing to import firewall policy ID 2?

• A. The address object used in policy ID 2 already exist in ADON database with any as interface association and conflicts with address object interface association locally on the FortiGate
• B. Policy ID 2 is configured from interface any to port6 FortiManager rejects to import this policy because any interface does not exist on FortiManager
• C. Policy ID 2 does not have ADOM Interface mapping configured on FortiManager
• D. Policy ID 2 for this managed FortiGate already exists on FortiManager in policy package named Remote-FortiGate.

Answer: A

Explanation:
FortiManager_6.4_Study_Guide-Online – page 331 & 332

NEW QUESTION 17

Refer to the exhibit.

Which two statements about an ADOM set in Normal mode on FortiManager are true? (Choose two.)

• A. It supports the FortiManager script feature
• B. It allows making configuration changes for managed devices on FortiManager panes
• C. FortiManager automatically installs the configuration difference in revisions on the managed FortiGate
• D. You cannot assign the same ADOM to multiple administrators

Answer: AB

Explanation:
"FortiGate units in the ADOM will query their own configuration every 5 seconds. If there has been a configuration change, the FortiGate unit will send a diff revision on the change to the FortiManager using the FGFM protocol."

NEW QUESTION 18
......