FCP_FMG_AD-7.4 Free Practice Test

Refer to the exhibit.

Which two results occur if the script is run using the Device Database option? (Choose two.)

1. A. You must install these changes on a managed device using the Install Wizard.
2. B. The successful execution of a script on the Device Database creates a new revision history.
3. C. The script history shows successful installation of the script on the remote FortiGate device.
4. D. The device Config Status is tagged as Modified.

Correct Answer: AD
If the script is run using the "Device Database" option on FortiManager, the following occurs:
✑ A.You must install these changes on a managed device using the Install Wizard.
✑ D.The device Config Status is tagged as Modified. Options B and C are incorrect because:
✑ Bsuggests a new revision history is created, but this only happens when changes are actually installed on the managed device.
✑ Cimplies the script is directly executed on the FortiGate, which is not the case
when using the Device Database option.
FortiManager References:
✑ Refer to FortiManager 7.4 Administrator Guide: Scripting and Configuration Management.

Refer to the exhibit.

An administrator is about to add the FortiGate device to FortiManager using the discovery process.
FortiManager is operating behind a NAT device, and the administrator configured the FortiManager NATed IP address under the FortiManager system administration settings.
What is the expected result?

1. A. During discover
2. B. FortiManager uses only the FortiGate serial number to establish the
3. C. During discovery, FortiManager sets both the FortiManager NATed IP address and NAT device IP address on FortiGate.
4. D. During discover
5. E. FortiManager sets the NATed device IP address on FortiGate.
6. F. During discovery, FortiManager sets the FortiManager NATed IP address on FortiGate.

Correct Answer: D
When adding a FortiGate device to FortiManager that is operating behind a NAT device, and the FortiManager NATed IP address is configured under the system administration settings, FortiManager will set the FortiManager NATed IP address on the FortiGate device during the discovery process. This ensures that the FortiGate knows how to reach the FortiManager through the NAT device.
Options A, B, and C are incorrect because:
✑ Ais incorrect because the discovery process also requires knowing the NATed IP to establish a connection, not just the serial number.
✑ Bis incorrect because FortiManager does not set the NAT device's IP address on the FortiGate.
✑ Cis incorrect because it implies that the NAT device IP is set on FortiGate, which is not the expected outcome.
FortiManager References:
✑ Refer to FortiManager 7.4 Administrator Guide: Device Discovery and Management with NAT.

Which output is displayed right after moving the ISFW device from one ADOM to another?
A)

B)

C)

D)

1. A. Option A
2. B. Option B
3. C. Option C
4. D. Option D

Correct Answer: A
When a FortiGate device, like the ISFW (Internal Segmentation Firewall), is moved from one ADOM to another in FortiManager, the status of the device in the new ADOM will temporarily show some level of inconsistency or unknown state until the ADOM fully syncs and integrates the device.
In the provided options, we are analyzing the FortiManager diagnose dvm device list output for the ISFW device.
Explanation of the Outputs:
✑ Option A:
✑ Option B:
✑ Option C:
✑ Option D:
Conclusion:
The output that is displayedimmediately after movingthe ISFW device from one ADOM to another isOption A, where the package status is still unknown (pkg: [unknown]) because FortiManager has not yet fully synchronized the device's configuration in the new ADOM.

Which two statements about Security Fabric integration with FortiManager are true? (Choose two.)

1. A. The Fabric View module enables you to generate the Security Fabric ratings for Security Fabric devices.
2. B. The Security Fabric settings are part of the device-level settings.
3. C. The Fabric View module enables you to view the Security Fabric ratings for Security Fabric devices.
4. D. The Security Fabric license, group name, and password are required for the FortiManager Security Fabric integration.

Correct Answer: AC
Two statements about Security Fabric integration with FortiManager that are true are:
✑ A. The Fabric View module enables you to generate the Security Fabric ratings for
Security Fabric devices.
✑ C. The Fabric View module enables you to view the Security Fabric ratings for Security Fabric devices.
Options B and D are incorrect because:
✑ Bis misleading as the Security Fabric settings are generally configured and managed separately from other device-level settings.
✑ Dis incorrect as there is no specific requirement for a Security Fabric license, group name, and password solely for FortiManager integration.
FortiManager References:
✑ Refer to FortiManager 7.4 Security Fabric Integration Guide: Managing Security Fabric and Generating Security Fabric Ratings.

Refer to the exhibit.

An administrator has created a firewall address object that is used in multiple policy packages for multiple FortiGate devices in an ADOM.
After the installation operation is performed, which IP/netmask is shown on FortiManager for this firewall address object for devices without a Per-Device Mapping set?

1. A. FortiManager generates an error for each FortiGate without a per-device mappingdefined for that object.
2. B. 192.168.1.0/24
3. C. 192.168.1.0/28
4. D. FortiManager replaces the address object to none.

Correct Answer: B
✑ Option B: 192.168.1.0/24is the correct answer. In FortiManager, when a firewall address object is defined and used across multiple policy packages without any Per-Device Mapping, the default value configured in the object definition (192.168.1.0/255.255.255.0) is applied to all devices. The exhibit shows that the address objectLOCAL_SUBNEThas a default IP/netmask of192.168.1.0/24. Therefore, FortiManager will use this default value for any FortiGate device that does not have a specific Per-Device Mapping configured.
✑ Explanation of Incorrect Options:
FortiManager References:
✑ Refer to the FortiManager 7.4 Administration Guide, specifically in sections related to "Address Object Management" and "Per-Device Mapping," which detail the behavior of address objects without specific device mappings.