Which two items are included in the FortiManager backup? (Choose two.)
Correct Answer:
AD
FortiManager backups include:
✑ A. All devices— This includes all device configurations managed by FortiManager, such as firewall policies, objects, and other settings.
✑ D. Flash configuration— This consists of local FortiManager configurations stored
in flash memory, such as system settings, scripts, and other locally-stored configurations.
Options B and C are incorrect because:
✑ B (Firmware images)are not typically included in a FortiManager backup. Firmware images are usually stored separately and managed through a different process.
✑ C (FortiGuard database)is incorrect as the FortiGuard database, which contains threat intelligence and security signatures, is not part of the standard FortiManager backup.
FortiManager References:
✑ Refer to FortiManager 7.4 Administrator Guide: Backup and Restore Processes.
Exhibit.
Given the configuration shown in the exhibit, which two statements are true? (Choose two.)
Correct Answer:
BC
The provided screenshot from FortiManager shows several key elements that help answer the question:
✑ Thepadlock iconnext to the "Remote-FortiGate" policy package indicates that this
policy package islocked, which means it is currently being edited or has been checked out by an administrator. This is typical behavior when the ADOM (Administrative Domain) workspace is inuse, and a session is active where an administrator is working on a policy package.
✑ Theabsence of a lock iconnext to "Local-FortiGate_root" and "default" indicates
that these policy packages are not locked and are available for editing.
✑ Statement B(FortiManager is in workflow mode): This istrue. The fact that one of the policy packages is locked suggests that FortiManager is operating inADOM workflow modeor at least in a state where it enforces locking for editing, typically seen in Normal ADOM modes. Inworkflow mode, an administrator needs to lock a workspace before making changes.
✑ Statement C(The FortiManager ADOM is locked by the administrator): This istrue.
The presence of the padlock on "Remote-FortiGate" signifies that the ADOM, or more specifically, this policy package within the ADOM, has been locked by the administrator.
✑ Statement A(An administrator can also lock the Local-FortiGate_root policy
package): This isnotnecessarily true. The administrator can lock the "Local- FortiGate_root" policy package, but as shown in the exhibit, it iscurrently not locked, so this option is not a certainty in this state.
✑ Statement D(The FortiManager ADOM workspace mode is set to Normal): This
istrue, but not the best option compared to B and C, as it can be inferred that the mode is set to Normal due to the locking behavior, but the more direct information is about the ADOM being locked by an administrator.
Refer to the exhibit.
Correct Answer:
B
From the log provided in the exhibit, several conclusions can be drawn regarding the installation of Policy ID 2:
✑ The installation process fails when attempting to set theLDAP user "student". The log shows:
Because of these errors, while other configuration elements (such as source and destination interfaces, actions, and services) are properly set, the user configuration for "student"isnot applied.
Evaluation of the answer options:
✑ A. Policy ID 2 is installed in the disabled state.
✑ B. Policy ID 2 is installed without the remote user student.
✑ C. Policy ID 2 will not be installed.
✑ D. Policy ID 2 is installed without a source address.
From the log exhibit, we see errors related to the "ldap-server" attribute not being set and an error with the entry "student" not being found in the datasource. This indicates that Policy ID 2 will not be installed due to missing or incorrect data required for successful installation. The "Command fail. Return code -3" confirms the installation failure, so the correct answer is C.
Options A, B, and D are incorrect because:
✑ A suggests the policy is installed in a disabled state, which isn't supported by the log.
✑ B and D suggest partial installation, but the error messages indicate a complete failure to install Policy ID 2.
FortiManager References:
✑ Refer to FortiManager 7.4 Troubleshooting Guide: Common Errors and Log Interpretation.
Exhibit.
Given the configuration shown in the exhibit, what are two results from this configuration?
{Choose two.)
Correct Answer:
BD
The configuration shown in the exhibit sets theworkspace-mode to normal. The workspace mode in FortiManager defines how configuration changes and administrative tasks are handled, specifically regarding locking and collaboration in ADOMs (Administrative Domains).
Understanding the workspace modes:
✑ Normal Mode:In this mode, only one administrator at a time can lock and edit an ADOM. The changes made by one administrator must be completed and saved before another administrator can make changes. It prevents concurrent read-write access within the same ADOM.
✑ Workflow Mode:This mode allows multiple administrators to work on different tasks within the same ADOM, but changes still need to be approved before being committed.
Explanation of Options:
✑ A. You can validate administrator login attempts through external servers.
✑ B. The same administrator can lock more than one ADOM at the same time.
✑ C. Two or more administrators can make configuration changes at the same time, in the same ADOM.
✑ D. Concurrent read-write access to an ADOM is disabled.
Which statement about the policy lock feature on FortiManager is true?
Correct Answer:
A
The statement that is true about the policy lock feature on FortiManager is:
✑ A. Policy locking is available in workspace normal mode.
In FortiManager, when working in "workspace-mode normal," policies can be locked by administrators to prevent other administrators from editing them simultaneously. This ensures that only one administrator makes changes at any given time, reducing conflicts or mistakes due to concurrent modifications.
Statements B, C, and D are incorrect because:
✑ B is incorrect since locking a policy does not override a locked ADOM. The ADOM lock takes precedence.
✑ C is incorrect because when a policy is locked, it does not necessarily mean the ADOM is locked.
✑ D is incorrect because administrators in the approval group cannot work concurrently on a locked policy; the policy lock prevents concurrent modifications.
FortiManager References:
✑ Refer to FortiManager 7.4 Administrator Guide: Policy and Objects > Policy Locking to understand how the policy lock feature functions in different workspace modes.
