Page: 1
/ 12
Total 56 questions
When installation is performed from the FortiManager, what is the recovery logic used between FortiManager and FortiGate for an FGFM tunnel?
- A. After 15 minutes, FortiGate will unset all CLI commands that were part of the installation that caused the tunnel to go down.
- B. FortiGate will reject the CLI commands that will cause the tunnel to go down.
- C. FortiManager will revert and install a previous configuration revision on the managed FortiGate.
- D. FortiManager will not push the CLI commands as a part of the installation that will cause the tunnel to go down.
Answer : C
Which of the following statements are true regarding VPN Manager? (Choose three.)
- A. VPN Manager must be enabled on a per ADOM basis.
- B. VPN Manager automatically adds newly-registered devices to a VPN community.
- C. VPN Manager can install common IPsec VPN settings on multiple FortiGate devices at the same time.
- D. Common IPsec settings need to be configured only once in a VPN Community for all managed gateways.
- E. VPN Manager automatically creates all the necessary firewall policies for traffic to be tunneled by IPsec.
Answer : ACD
View the following exhibit:
When using Install Config option to install configuration changes to managed FortiGate, which of the following statements are true? (Choose two.)
- A. Will not create new revision in the revision history.
- B. Provides the option to preview configuration changes prior to installing them.
- C. Installs device-level changes to FortiGate without launching the Install Wizard.
- D. Once installed, the install process cannot be canceled and changes will be installed on the managed device.
Answer : BC
View the following exhibit:
Which of the following statements are true if both FortiManager and FortiGate are behind the NAT devices? (Choose two.)
- A. FortiGate can announce itself to FortiManager only if the FortiManager IP address is configured on FortiGate under central management.
- B. If the FGFM tunnel is torn down, FortiManager will try to re-establish the FGFM tunnel.
- C. FortiGate is discovered by FortiManager through the FortiGate NATed IP address.
- D. During discovery, the FortiManager NATed IP address is not set by default on FortiGate.
Answer : BC
What is the purpose of the Policy Check feature on FortiManager?
- A. To find and merge duplicate policies in the policy package.
- B. To find and provide recommendation to combine multiple separate policy packages into one common policy package.
- C. To find and delete disabled firewall policies in the policy package.
- D. To find and provide recommendation for optimizing policies in a policy package.
Answer : A
Explanation: The policy check tool allows you to check all policy packages within an ADOM to ensure consistency and eliminate conflicts that may prevent your devices from passing traffic. This allows you to optimize your policy sets and potentially reduce the size of your databases. The check will verify:
1. Object duplication: two objects that have identical definitions
2. Object shadowing: a higher priority object completely encompasses another object of the same type
3. Object overlap: one object partially overlaps another object of the same type
4. Object orphaning: an object has been defined but has not been used anywhere.
Reference:
https://docs.fortinet.com/uploaded/files/2905/FortiManager-5.4.0-Administration-Guide.pdf
31 days access 