Fortinet FCP_FMG_AD-7.4 Dumps

C.   Manually promote one of the working secondary devices to the primary role, and reboot the old primary device to remove the peer IP of the failed device.

Answer DescriptionWhen a secondary FortiManager device fails in HA manual mode, an administrator must manually promote one of the working secondary devices to the primary role and reboot the old primary device to remove the peer IP of the failed device. This ensures the HA configuration is updated correctly, and the network remains resilient.

Options A, B, and D are incorrect because:

A suggests the transition is transparent, which is true only in automatic mode, not in manual mode.

B and D imply simpler steps that do not fully address the HA reconfiguration process in manual mode.

FortiManager References:

Refer to FortiManager 7.4 High Availability (HA) Configuration Guide: Manual Mode Configuration and Failover Procedures.

C.   It will modify the device-level database.

Answer DescriptionOption C: It will modify the device-level database.This is correct. Reverting to a previous revision version in the revision history affects the device-level database by restoring it to the state saved in the selected revision. This ensures that any changes made after the selected revision are discarded, and the device configuration is returned to the earlier state.

Explanation of Incorrect Options:

Option A: It will install configuration changes to managed devices automaticallyis incorrect because reverting a revision does not automatically push changes to the devices; it merely reverts the configuration on the FortiManager.

Option B: It will tag the device settings status as Auto-Updateis incorrect because "Auto-Update" is not a status related to the revision history mechanism.

Option D: It will generate a new version ID and remove all other revision history versionsis incorrect as reverting to a previous revision does not delete all other versions; it creates a new revision point for tracking.

FortiManager References:

Refer to the "Revision Management" section in the FortiManager Administration Guide, which provides an overview of how revisions are managed and utilized for restoring configurations.

B.   Routing

Answer DescriptionOption B: Routingis the correct answer. The ADOM-level database in FortiManager stores configuration settings such as routing, firewall policies, and objects that are shared across multiple devices in the ADOM.

Explanation of Incorrect Options:

Option A: NSX-T Service Templateis incorrect as it is not a FortiGate-specific setting managed at the ADOM level.

Option C: SNMPis incorrect because SNMP settings are typically managed on a per-device basis.

Option D: Security profilesis incorrect because security profiles are generally device-level configurations, not ADOM-level.

FortiManager References:

Refer to "FortiManager Administration Guide" for further details on ADOM-level and device-level configurations.

B.   To save the current state of all policy packages and objects for an ADOM

Answer DescriptionOption B: To save the current state of all policy packages and objects for an ADOMis the correct answer. ADOM (Administrative Domain) revisions in FortiManager are used to create a snapshot of the current state of all policy packages and objects associated with an ADOM. This allows administrators to save a specific configuration state and revert to it if necessary. It helps in managing changes and recovering from configuration errors or unintended changes.

Explanation of Incorrect Options:

Option A: To save the current state of the whole ADOMis incorrect because ADOM revisions specifically save only the policy packages and object configurations, not the entire state of the ADOM, which may include logs, reports, and other non-policy data.

Option C: To revert individual policy packages and device-level settings for a managed FortiGateis incorrect as ADOM revisions are not meant for reverting individual policy packages or device settings; they are designed to handle the entire set of policy packages and objects within an ADOM.

Option D: To save the FortiManager configuration in the System Checkpointsis incorrect because ADOM revisions do not function as system checkpoints for FortiManager itself; they are specific to ADOM policy packages and objects.

FortiManager References:

Refer to the FortiManager 7.4 Administration Guide, "ADOM Management" section, which describes the purpose and usage of ADOM revisions for configuration management and restoration.

A.   To ensure database consistency, you must upgrade an ADOM before you upgrade the devices in it.

Answer DescriptionOption A: To ensure database consistency, you must upgrade an ADOM before you upgrade the devices in it.This is the correct answer. When upgrading ADOMs on FortiManager, the ADOM must be upgraded first to match the FortiOS version of the devices it manages. This is necessary to ensure compatibility and consistency between the ADOM's database schema and the FortiGate's configuration.

Explanation of Incorrect Options:

Option B: Upgrading the FortiManager version upgrades all existing ADOMs automaticallyis incorrect because the ADOMs must be upgraded manually or individually after upgrading the FortiManager.

Option C: You cannot import policies from a device until its FortiOS version matches the ADOM versionis incorrect because while version matching is important, it is not strictly necessary for policy import.

Option D: ADOMs using global objects can be upgraded before or after upgrading the global database ADOMis incorrect as the order of upgrade matters to maintain compatibility.

FortiManager References:

Refer to "FortiManager Upgrade Guide" for detailed procedures on upgrading ADOMs and devices.

C.   FortiGate configuration checksum


D.   FortiGate uptime

Answer DescriptionThe FortiGate-FortiManager (FGFM) protocol is used for communication between a FortiGate device and FortiManager. Thekeepalive messagesare essential for maintaining communication and monitoring the health of the FortiGate devices connected to FortiManager. These messages provide important status information about the device.

Here are the items included in an FGFM keepalive message:

A. FortiGate IPS version

This isfalse. The IPS (Intrusion Prevention System) version is not included in the keepalive message. While IPS information can be part of other system syncs or monitoring processes, it is not part of the FGFM keepalive message.

B. FortiGate license information

This isfalse. The license information is not typically sent in the keepalive message. Licensing is checked and managed separately through other system operations and licensing checks.

C. FortiGate configuration checksum

This istrue. The configuration checksum is a critical part of the keepalive message, as it ensures that the configuration on the FortiGate matches the one managed by FortiManager. Any discrepancy would alert FortiManager to potential out-of-sync configurations.

D. FortiGate uptime

This istrue. The keepalive message includes the FortiGate's uptime, which allows FortiManager to track the health and stability of the connected FortiGate device.

A.   To assign another global policy package later to the same ADOM. you must unassign this policy first.


C.   You can edit or delete all the global objects in the global ADOM.

Answer DescriptionOption A: To assign another global policy package later to the same ADOM, you must unassign this policy first.This is correct. FortiManager does not allow multiple global policy packages to be assigned to a single ADOM simultaneously. If you want to assign a different global policy package, the existing one must be unassigned first.

Option C: You can edit or delete all the global objects in the global ADOM.This is correct. Once a global policy package is assigned, you have the flexibility to edit or delete global objects in the global ADOM, affecting all ADOMs to which this package is assigned.

Explanation of Incorrect Options:

Option B: After you assign the global policy package to an ADOM, the impacted policy packages become hidden in that ADOMis incorrect because the policy packages do not become hidden; they are modified according to the global policies.

Option D: You must manually move the header and footer policies after the policy assignmentis incorrect because header and footer policies are automatically applied when assigned.

FortiManager References:

See the "Global Policy and ADOM Management" section in the FortiManager Administration Guide.

B.   It allows FortiManager to respond to requests for FortiGuard services from FortiGate devices.

Answer DescriptionOption B: It allows FortiManager to respond to requests for FortiGuard services from FortiGate devices.This is the correct answer. When Service Access is enabled on FortiManager, it allows FortiManager to act as a local FortiGuard server for the managed FortiGate devices. This enables the FortiManager to respond to requests for FortiGuard services, such as updates for antivirus, web filtering, and other security services.

Explanation of Incorrect Options:

Option A: It allows administrative access to FortiManageris incorrect because Service Access is specifically for FortiGuard service communication, not for administrative access.

Option C: It allows third-party applications to gain read/write access to FortiManageris incorrect because Service Access does not provide API or third-party access capabilities.

Option D: It allows FortiManager to determine the connection status of managed devicesis incorrect because Service Access does not directly manage or check connectivity status of devices; it is used for FortiGuard service requests.

FortiManager References:

Refer to the "FortiManager Administration Guide," particularly the sections on "Service Access Settings" and "FortiGuard Services."

A.   All devices


D.   Flash configuration

Answer DescriptionFortiManager backups include:

A. All devices— This includes all device configurations managed by FortiManager, such as firewall policies, objects, and other settings.

D. Flash configuration— This consists of local FortiManager configurations stored in flash memory, such as system settings, scripts, and other locally-stored configurations.

Options B and C are incorrect because:

B (Firmware images)are not typically included in a FortiManager backup. Firmware images are usually stored separately and managed through a different process.

C (FortiGuard database)is incorrect as the FortiGuard database, which contains threat intelligence and security signatures, is not part of the standard FortiManager backup.

FortiManager References:

Refer to FortiManager 7.4 Administrator Guide: Backup and Restore Processes.

B.   The primary unit synchronizes all configuration revision with the seconday units.

Answer DescriptionThe characteristic of the FortiManager high availability (HA) feature is that the primary unit synchronizes all configuration revisions with the secondary units. This ensures that all devices in the HA cluster are up-to-date with the same configurations, providing redundancy and failover capabilities.

Options A, C, and D are incorrect because:

Arefers to a specific port number (5199), but FortiManager does not specifically use TCP port 5199 to update managed devices when a secondary unit is removed.

Cis incorrect as secondary units do not necessarily have to be in the same network as the primary unit; they just need to be able to communicate with each other.

Dis incorrect because HA upgrades can be automated and do not require manual upgrading, starting with the primary unit.

FortiManager References:

Refer to FortiManager 7.4 High Availability (HA) Guide: HA Synchronization and Configuration.