Fortinet FCP_FMG_AD-7.4 Test Dumps

C.   Manually promote one of the working secondary devices to the primary role, and reboot the old primary device to remove the peer IP of the failed device.

Answer DescriptionWhen a secondary FortiManager device fails in HA manual mode, an administrator must manually promote one of the working secondary devices to the primary role and reboot the old primary device to remove the peer IP of the failed device. This ensures the HA configuration is updated correctly, and the network remains resilient.

Options A, B, and D are incorrect because:

A suggests the transition is transparent, which is true only in automatic mode, not in manual mode.

B and D imply simpler steps that do not fully address the HA reconfiguration process in manual mode.

FortiManager References:

Refer to FortiManager 7.4 High Availability (HA) Configuration Guide: Manual Mode Configuration and Failover Procedures.

C.   It will modify the device-level database.

Answer DescriptionOption C: It will modify the device-level database.This is correct. Reverting to a previous revision version in the revision history affects the device-level database by restoring it to the state saved in the selected revision. This ensures that any changes made after the selected revision are discarded, and the device configuration is returned to the earlier state.

Explanation of Incorrect Options:

Option A: It will install configuration changes to managed devices automaticallyis incorrect because reverting a revision does not automatically push changes to the devices; it merely reverts the configuration on the FortiManager.

Option B: It will tag the device settings status as Auto-Updateis incorrect because "Auto-Update" is not a status related to the revision history mechanism.

Option D: It will generate a new version ID and remove all other revision history versionsis incorrect as reverting to a previous revision does not delete all other versions; it creates a new revision point for tracking.

FortiManager References:

Refer to the "Revision Management" section in the FortiManager Administration Guide, which provides an overview of how revisions are managed and utilized for restoring configurations.

B.   Routing

Answer DescriptionOption B: Routingis the correct answer. The ADOM-level database in FortiManager stores configuration settings such as routing, firewall policies, and objects that are shared across multiple devices in the ADOM.

Explanation of Incorrect Options:

Option A: NSX-T Service Templateis incorrect as it is not a FortiGate-specific setting managed at the ADOM level.

Option C: SNMPis incorrect because SNMP settings are typically managed on a per-device basis.

Option D: Security profilesis incorrect because security profiles are generally device-level configurations, not ADOM-level.

FortiManager References:

Refer to "FortiManager Administration Guide" for further details on ADOM-level and device-level configurations.

B.   To save the current state of all policy packages and objects for an ADOM

Answer DescriptionOption B: To save the current state of all policy packages and objects for an ADOMis the correct answer. ADOM (Administrative Domain) revisions in FortiManager are used to create a snapshot of the current state of all policy packages and objects associated with an ADOM. This allows administrators to save a specific configuration state and revert to it if necessary. It helps in managing changes and recovering from configuration errors or unintended changes.

Explanation of Incorrect Options:

Option A: To save the current state of the whole ADOMis incorrect because ADOM revisions specifically save only the policy packages and object configurations, not the entire state of the ADOM, which may include logs, reports, and other non-policy data.

Option C: To revert individual policy packages and device-level settings for a managed FortiGateis incorrect as ADOM revisions are not meant for reverting individual policy packages or device settings; they are designed to handle the entire set of policy packages and objects within an ADOM.

Option D: To save the FortiManager configuration in the System Checkpointsis incorrect because ADOM revisions do not function as system checkpoints for FortiManager itself; they are specific to ADOM policy packages and objects.

FortiManager References:

Refer to the FortiManager 7.4 Administration Guide, "ADOM Management" section, which describes the purpose and usage of ADOM revisions for configuration management and restoration.

A.   To ensure database consistency, you must upgrade an ADOM before you upgrade the devices in it.

Answer DescriptionOption A: To ensure database consistency, you must upgrade an ADOM before you upgrade the devices in it.This is the correct answer. When upgrading ADOMs on FortiManager, the ADOM must be upgraded first to match the FortiOS version of the devices it manages. This is necessary to ensure compatibility and consistency between the ADOM's database schema and the FortiGate's configuration.

Explanation of Incorrect Options:

Option B: Upgrading the FortiManager version upgrades all existing ADOMs automaticallyis incorrect because the ADOMs must be upgraded manually or individually after upgrading the FortiManager.

Option C: You cannot import policies from a device until its FortiOS version matches the ADOM versionis incorrect because while version matching is important, it is not strictly necessary for policy import.

Option D: ADOMs using global objects can be upgraded before or after upgrading the global database ADOMis incorrect as the order of upgrade matters to maintain compatibility.

FortiManager References:

Refer to "FortiManager Upgrade Guide" for detailed procedures on upgrading ADOMs and devices.