試験合格保証付きのFortinet Network Security Expert FCP_FMG_AD-7.4試験問題集 [Q13-Q37]

Share

試験合格保証付きのFortinet Network Security Expert FCP_FMG_AD-7.4試験問題集

Fortinet FCP_FMG_AD-7.4日常練習試験は2024年最新のに更新された37問あります

質問 # 13
Refer to the exhibit.

Given the configuration shown in the exhibit, which two conclusions can you draw from the installation targets in the Install On column? (Choose two.)

  • A. Policy seq.# 2 will not be installed on the Local-FortiGate root VDOM because there is no root VDOM in the Installation Target
  • B. Policy seq.# 3 will be skipped because no installation targets are specified.
  • C. Policy seq.S will be installed on all managed devices and VDOMs that are listed under Installation Targets
  • D. Policy seq.# 1 will be installed on the ISFW device root[NAT] and Student[NAT] VDOMs only.

正解:C、D


質問 # 14
In the event that one of the secondary FortiManager devices fails, which action must be performed to return the FortiManager HA manual mode to a working state?

  • A. Manually promote one of the working secondary devices to the primary role, and reboot the old primary device to remove the peer IP of the failed device.
  • B. The FortiManager HA state transition is transparent to administrators and does not require any reconfiguration.
  • C. Reconfigure the primary device to remove the peer IP of the failed device.
  • D. Reboot the failed device to remove its IP from the primary device.

正解:C


質問 # 15
Which two items does an FGFM keepalive message include? (Choose two.)

  • A. FortiGate configuration checksum
  • B. FortiGate license information
  • C. FortiGate uptime
  • D. FortiGate IPS version

正解:A、C

解説:
The FortiGate-FortiManager (FGFM) protocol is used for communication between a FortiGate device and FortiManager. Thekeepalive messagesare essential for maintaining communication and monitoring the health of the FortiGate devices connected to FortiManager. These messages provide important status information about the device.
Here are the items included in an FGFM keepalive message:
* A. FortiGate IPS version
* This isfalse. The IPS (Intrusion Prevention System) version is not included in the keepalive message. While IPS information can be part of other system syncs or monitoring processes, it is not part of the FGFM keepalive message.
* B. FortiGate license information
* This isfalse. The license information is not typically sent in the keepalive message. Licensing is checked and managed separately through other system operations and licensing checks.
* C. FortiGate configuration checksum
* This istrue. The configuration checksum is a critical part of the keepalive message, as it ensures that the configuration on the FortiGate matches the one managed by FortiManager. Any discrepancy would alert FortiManager to potential out-of-sync configurations.
* D. FortiGate uptime
* This istrue. The keepalive message includes the FortiGate's uptime, which allows FortiManager to track the health and stability of the connected FortiGate device.


質問 # 16
What is a characteristic of the FortiManager high availability (HA) feature?

  • A. When a secondary unit is removed, FortiManager updates the managed devices using TCP port 5199.
  • B. Each cluster member must be upgraded manually, starting with the primary unit.
  • C. The primary unit synchronizes all configuration revision with the seconday units.
  • D. All secondary units must be in the same network as the primary unit.

正解:C


質問 # 17
Refer to the exhibit.

What percent of the available RAM is being used by the process in charge of downloading the web and email filter databases from the public FortiGuard servers?

  • A. 4.1
  • B. 3.1
  • C. 2.9
  • D. 1.5

正解:C

解説:
In the exhibit, the FortiManager CLI output displays the results of thetopcommand, which shows system processes, CPU usage, and memory (RAM) usage. We are specifically looking for the process responsible for downloading theweb and email filter databasesfrom the public FortiGuard servers. This process is typically handled by thefgdlinkdprocess.
Key information from the output:
* Thefgdlinkdprocess is listed with aPID of 1463.
* The%MEMcolumn shows that this process is using2.9%of the available RAM.
Evaluation of Options:
* A. 2.9: This iscorrect. Thefgdlinkdprocess, which handles the web and email filter database downloads, is using2.9%of the available memory, as indicated in the%MEMcolumn.
* B. 3.1: This is incorrect. The3.1%memory usage belongs to thefwmsvrdprocess, not the fgdlinkd process.
* C. 1.5: This is incorrect. The1.5%memory usage belongs to thefclinkdprocess, not the fgdlinkd process.
* D. 4.1: This is incorrect. The4.1%memory usage belongs to thefgdsvrprocess, not the fgdlinkd process.


質問 # 18
What must you consider before deciding to use FortiManager to manage a FortiAnalyzer device?

  • A. Check whether FortiManager is part of a high availability (HA) cluster.
  • B. Determine whether the VDOMs of the same FortiGate will be assigned to different ADOMs.
  • C. Ensure that FortiAnalyzer features are installed in advance.
  • D. Confirm that FortiManager has enough storage capacity for the expected logs.

正解:C

解説:
When deciding to use FortiManager to manage a FortiAnalyzer device, you must ensure certain conditions are met so that the integration works seamlessly. One key aspect to consider is whether the necessary FortiAnalyzer features are enabled on FortiManager.
Explanation of Options:
* A. Confirm that FortiManager has enough storage capacity for the expected logs.
* This isfalse. FortiManager is not primarily responsible for storing logs. Logs are stored on the FortiAnalyzer device, and FortiManager's role is more focused on managing configuration, policies, and pushing updates, not on handling large volumes of logs.
* B. Ensure that FortiAnalyzer features are installed in advance.
* This istrue. Before using FortiManager to manage a FortiAnalyzer device, you must ensure that the necessaryFortiAnalyzer featuresare properly installed and enabled on FortiManager. FortiAnalyzer's reporting and logging functions must be correctly integrated for FortiManager to manage it effectively.
* C. Check whether FortiManager is part of a high availability (HA) cluster.
* This isfalse. While HA is important for redundancy, it is not a prerequisite for managing FortiAnalyzer with FortiManager. The HA status of FortiManager does not directly affect its ability to manage a FortiAnalyzer device.
* D. Determine whether the VDOMs of the same FortiGate will be assigned to different ADOMs.
* This isfalse. VDOMs (Virtual Domains) and ADOMs (Administrative Domains) relate to the management of FortiGate devices and the segregation of administrative access within FortiManager. This is unrelated to the management of a FortiAnalyzer device.


質問 # 19
Refer to the exhibit which shows the Download Import Report.

Why is FortiManager failing to import firewall policy ID 1?

  • A. Policy ID 1 does not have the ADOM Interface mapping configured on FortiManager.
  • B. Policy ID 1 for this managed FortiGate already exists on FortiManager in the policy package named Remote-FortlGate.
  • C. Policy ID 1 is configured from the interface any to port6. FortiManager rejects the request to import this policy because the any interface does not exist on FortiManager
  • D. Policy ID 1 has an address object that already exists in the ADOM database with any as the interface association, and conflicts with the address object interface association locally on FortiGate.

正解:B


質問 # 20
An administrator configures a new OSPF area on FortiManager and has not yet pushed the changes to the managed FortiGate device. In which database will the configuration be saved?

  • A. ADOM-level database
  • B. Revision history database
  • C. Device-level database
  • D. Configuration-level database

正解:C

解説:
When an administrator configures a new OSPF area on FortiManager but has not yet pushed the changes to the managed FortiGate device, the configuration is saved in theDevice-level database.
Explanation of Options:
* A. Device-level database:
* This istrue. When changes are made to a device's configuration on FortiManager, they are saved in theDevice-level database. This database stores the configuration for individual managed devices. The configuration changes remain here until they are pushed to the actual FortiGate device.
* B. ADOM-level database:
* This isfalse. The ADOM-level database holds configurations related to the entire ADOM (Administrative Domain), such as global settings that apply to all devices within the ADOM, rather than configurations specific to individual devices.
* C. Configuration-level database:
* This isfalse. The term "Configuration-level database" is not typically used in FortiManager terminology. Changes are stored in the device-level database and are applied when pushed to the FortiGate.
* D. Revision history database:
* This isfalse. The revision history database keeps track of previous versions of configurations after they have been pushed to the FortiGate device. It does not store unsaved or pending configurations that have not yet been applied to the device.


質問 # 21
An administrator hasenabled Service Access on FortiManager. What is the purpose of Service Access on the FortiManager interface?

  • A. It allows FortiManager to respond to requests for FortiGuard services from FortiGate devices.
  • B. It allows administrative access to FortiManager.
  • C. It allows third-party applications to gain read/write access to FortiManager.
  • D. It allows FortiManager to determine the connection status of managed devices.

正解:A


質問 # 22
Which configurationsetting for FortiGate is part oan ADOM-level database on FortiManager?

  • A. Security profiles
  • B. Routing
  • C. SNMP
  • D. NSX-T Service Template

正解:B


質問 # 23
Refer to the exhibit.

What can you conclude from the failed installation log shown in the exhibit?

  • A. Policy ID 2 will not be installed.
  • B. Policy ID 2 is installed without a source address.
  • C. Policy ID 2 is installed without the remote user student.
  • D. Policy ID 2 is installed in the disabled state.

正解:C

解説:
From the log provided in the exhibit, several conclusions can be drawn regarding the installation of Policy ID
2:
* The installation process fails when attempting to set theLDAP user "student". The log shows:
* "Attribute 'ldap-server' MUST be set.": This error indicates that when setting up the LDAP user configuration, a mandatory field (ldap-server) is missing. As a result, the configuration could not be completed for the user.
* "entry not found in datasource"and"value parse error before 'student'": These errors confirm that the user "student" could not be properly added due to a configuration issue (such as the missing LDAP server).
Because of these errors, while other configuration elements (such as source and destination interfaces, actions, and services) are properly set, the user configuration for"student"isnot applied.
Evaluation of the answer options:
* A. Policy ID 2 is installed in the disabled state.
* This isfalse. There is no indication in the log that Policy ID 2 is disabled.
* B. Policy ID 2 is installed without the remote user student.
* This istrue. Due to the failure in setting the"student"user (as indicated by the errors), the policy will be installedwithoutthat user being properly configured.
* C. Policy ID 2 will not be installed.
* This isfalse. The policy is installed, but the user configuration failed. The rest of the policy configuration appears to have proceeded without critical errors that would prevent the installation.
* D. Policy ID 2 is installed without a source address.
* This isfalse. The log shows that the source address is properly set to "all" (set srcaddr all), so this is not the cause of the issue.
From the log exhibit, we see errors related to the "ldap-server" attribute not being set and an error with the entry "student" not being found in the datasource. This indicates that Policy ID 2 will not be installed due to missing or incorrect data required for successful installation. The "Command fail. Return code -3" confirms the installation failure, so the correct answer is C.
Options A, B, and D are incorrect because:
* A suggests the policy is installed in a disabled state, which isn't supported by the log.
* B and D suggest partial installation, but the error messages indicate a complete failure to install Policy ID 2.
FortiManager References:
* Refer to FortiManager 7.4 Troubleshooting Guide: Common Errors and Log Interpretation.


質問 # 24
Exhibit.

What is true about the objects highlighted in the image?

  • A. They can be used as variables in scripts.
  • B. They are available across all ADOMs by default.
  • C. They can be set to optional or required.
  • D. They cannot be created in the global database ADOM.

正解:A


質問 # 25
Exhibit.

Which two statements about the output are true? (Choose two.)

  • A. The latest revision history for the managed FortiGate does not match the device-level database.
  • B. Configuration changes directly made on FortiGate have been automatically updated to the device-level database.
  • C. The latest revision history for the managed FortiGate does match the FortiGate running configuration.
  • D. Configuration changes have been installed on FortiGate, which means the FortiGate configuration has been changed.

正解:A、C


質問 # 26
Exhibit.

Given the configuration shown in the exhibit, what are two results from this configuration? {Choose two.)

  • A. The same administrator can lock more than one ADOM at the same time.
  • B. Concurrent read-write access to an ADOM is disabled.
  • C. Two or more administrators can make configuration changes at the same time, in the same ADOM.
  • D. You can validate administrator login attempts through external servers.

正解:A、B


質問 # 27
Which output is displayed right after moving the ISFW device from one ADOM to another?

  • A.
  • B.
  • C.
  • D.

正解:C

解説:
When a FortiGate device, like the ISFW (Internal Segmentation Firewall), is moved from one ADOM to another in FortiManager, the status of the device in the new ADOM will temporarily show some level of inconsistency or unknown state until the ADOM fully syncs and integrates the device.
In the provided options, we are analyzing the FortiManager diagnose dvm device list output for the ISFW device.
Explanation of the Outputs:
* Option A:
* The output shows that the device has the following status:
* dev-db: not modified
* conf: in sync
* cond: OK
* dm: retrieved
* The key part here is the pkg: [unknown]. This suggests that the configuration package for the ADOM in the new environment is still in anunknown state, which happens right after moving the device to a new ADOM. FortiManager needs time to process the device's configuration before syncing it properly.
* Option B:
* This output shows thepkg: [out-of-sync]. This occursaftersome configuration mismatch is identified, but it is not the immediate output after moving a device to a new ADOM.
* Option C:
* This output showspkg: [never-installed], which indicates that no package was ever installed on the device. This status typically appears when a device is newly added to FortiManager but not immediately after moving it between ADOMs.
* Option D:
* This output showspkg: [imported], which indicates that the device configuration has been successfully imported into the new ADOM. This would occur after the device is fully synced, but not immediately after moving the device to a new ADOM.
Conclusion:
The output that is displayedimmediately after movingthe ISFW device from one ADOM to another isOption A, where the package status is still unknown (pkg: [unknown]) because FortiManager has not yet fully synchronized the device's configuration in the new ADOM.


質問 # 28
Refer to the exhibit.

Which two results occur if the script is run using the Device Database option? (Choose two.)

  • A. The device Config Status is tagged as Modified.
  • B. The script history shows successful installation of the script on the remote FortiGate device.
  • C. The successful execution of a script on the Device Database creates a new revision history.
  • D. You must install these changes on a managed device using the Install Wizard.

正解:A、D

解説:
If the script is run using the "Device Database" option on FortiManager, the following occurs:
* A.You must install these changes on a managed device using the Install Wizard.
* Running the script on the Device Database updates only the configuration in the FortiManager's database, not on the actual FortiGate device. To apply the changes, you need to use the Install Wizard to push these configurations to the managed device.
* D.The device Config Status is tagged as Modified.
* After running the script on the Device Database, FortiManager tags the device's configuration status as "Modified," indicating that there are pending changes that have not yet been installed on the device.
Options B and C are incorrect because:
* Bsuggests a new revision history is created, but this only happens when changes are actually installed on the managed device.
* Cimplies the script is directly executed on the FortiGate, which is not the case when using the Device Database option.
FortiManager References:
* Refer to FortiManager 7.4 Administrator Guide: Scripting and Configuration Management.


質問 # 29
An administrator has enabled Service Access on FortiManager. What is the purpose of Service Access on the FortiManager interface?

  • A. It allows FortiManager to respond to requests for FortiGuard services from FortiGate devices.
  • B. It allows administrative access to FortiManager.
  • C. It allows third-party applications to gain read/write access to FortiManager.
  • D. It allows FortiManager to determine the connection status of managed devices.

正解:A

解説:
* Option B: It allows FortiManager to respond to requests for FortiGuard services from FortiGate devices.This is the correct answer. When Service Access is enabled on FortiManager, it allows FortiManager to act as a local FortiGuard server for the managed FortiGate devices. This enables the FortiManager to respond to requests for FortiGuard services, such as updates for antivirus, web filtering, and other security services.
Explanation of Incorrect Options:
* Option A: It allows administrative access to FortiManageris incorrect because Service Access is specifically for FortiGuard service communication, not for administrative access.
* Option C: It allows third-party applications to gain read/write access to FortiManageris incorrect because Service Access does not provide API or third-party access capabilities.
* Option D: It allows FortiManager to determine the connection status of managed devicesis incorrect because Service Access does not directly manage or check connectivity status of devices; it is used for FortiGuard service requests.
FortiManager References:
* Refer to the "FortiManager Administration Guide," particularly the sections on "Service Access Settings" and "FortiGuard Services."


質問 # 30
What is the purpose of ADOM revisions?

  • A. To revert individual policy packages and device-level settings for a managed FortiGate
  • B. To save the current state of the whole ADOM
  • C. To save the FortiManager configuration in the System Checkpoints
  • D. To save the current state of all policy packages and objects for an ADOM

正解:D


質問 # 31
Refer to the exhibit.

Given the configuration shown in the exhibit, which two conclusions can you draw from the installation targets in the Install On column? (Choose two.)

  • A. Policy seq.# 2 will not be installed on the Local-FortiGate root VDOM because there is no root VDOM in the Installation Target
  • B. Policy seq.# 3 will be skipped because no installation targets are specified.
  • C. Policy seq.S will be installed on all managed devices and VDOMs that are listed under Installation Targets
  • D. Policy seq.# 1 will be installed on the ISFW device root[NAT] and Student[NAT] VDOMs only.

正解:C、D

解説:
* Option A: Policy seq.S will be installed on all managed devices and VDOMs that are listed under Installation Targets.This is correct. The "Install On" column indicates that the policy is targeted for installation on all listed managed devices and VDOMs under Installation Targets.
* Option D: Policy seq.# 1 will be installed on the ISFW device root[NAT] and Student[NAT] VDOMs only.This is correct. Policy sequence #1 specifies that it will be installed only on the ISFW device and the VDOMs 'root[NAT]' and 'Student[NAT]' as indicated by the "Install On" column.
Explanation of Incorrect Options:
* Option B: Policy seq.# 3 will be skipped because no installation targets are specifiedis incorrect because it is clearly listed under "Installation Targets," which means it will be installed according to the specified configuration.
* Option C: Policy seq.# 2 will not be installed on the Local-FortiGate root VDOM because there is no root VDOM in the Installation Targetis incorrect as the exhibit does not show any specific exclusion for seq.# 2 on the Local-FortiGate root VDOM.
FortiManager References:
* Refer to the FortiManager Administration Guide sections on "Policy Packages" and "Policy Installation Targets" for more details.


質問 # 32
What is the purpose of ADOM revisions?

  • A. To revert individual policy packages and device-level settings for a managed FortiGate
  • B. To save the current state of the whole ADOM
  • C. To save the FortiManager configuration in the System Checkpoints
  • D. To save the current state of all policy packages and objects for an ADOM

正解:D

解説:
* Option B: To save the current state of all policy packages and objects for an ADOMis the correct answer. ADOM (Administrative Domain) revisions in FortiManager are used to create a snapshot of the current state of all policy packages and objects associated with an ADOM. This allows administrators to save a specific configuration state and revert to it if necessary. It helps in managing changes and recovering from configuration errors or unintended changes.
* Explanation of Incorrect Options:
* Option A: To save the current state of the whole ADOMis incorrect because ADOM revisions specifically save only the policy packages and object configurations, not the entire state of the ADOM, which may include logs, reports, and other non-policy data.
* Option C: To revert individual policy packages and device-level settings for a managed FortiGateis incorrect as ADOM revisions are not meant for reverting individual policy packages or device settings; they are designed to handle the entire set of policy packages and objects within an ADOM.
* Option D: To save the FortiManager configuration in the System Checkpointsis incorrect because ADOM revisions do not function as system checkpoints for FortiManager itself; they are specific to ADOM policy packages and objects.
FortiManager References:
* Refer to the FortiManager 7.4 Administration Guide, "ADOM Management" section, which describes the purpose and usage of ADOM revisions for configuration management and restoration.


質問 # 33
Refer to the exhibit.

An administrator has created a firewall address object that is used in multiple policy packages for multiple FortiGate devices in an ADOM.
After the installation operation is performed, which IP/netmask is shown on FortiManager for this firewall address object for devices without a Per-Device Mapping set?

  • A. FortiManager replaces the address object to none.
  • B. 192.168.1.0/28
  • C. 192.168.1.0/24
  • D. FortiManager generates an error for each FortiGate without a per-device mapping defined for that object.

正解:B


質問 # 34
Which two items does an FGFM keepalive message include? (Choose two.)

  • A. FortiGate configuration checksum
  • B. FortiGate license information
  • C. FortiGate IPS version
  • D. FortiGate uptime

正解:A、C


質問 # 35
Refer to the exhibit.

You are using the Quick Install option to install configuration changes on the managed FortiGate.
Which two statements correctly describe the result? (Choose two.)

  • A. It installs all the changes in the device database first and the administrator must reinstall the changes on the FortiGate device.
  • B. It installs device-level changes on the FortiGate device without launching the Install Wizard
  • C. It provides the option to preview only the policy package changes before installing them.
  • D. It installs provisioning template changes on the FortiGate device.

正解:B、D


質問 # 36
An administrator created a new global policy package that includes header and footer policies and then assigned it to an ADOM. What are two outcomes of this action? (Choose two.)

  • A. After you assign the global policy package to an ADOM. the impacted policy packages become hidden in that ADOM.
  • B. To assign another global policy package later to the same ADOM. you must unassign this policy first.
  • C. You can edit or delete all the global objects in the global ADOM.
  • D. You must manually move the header and footer policies after the policy assignment.

正解:B、C


質問 # 37
......


Fortinet FCP_FMG_AD-7.4 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • 管理と運営: このセクションでは、システム管理者とネットワーク セキュリティ マネージャーの能力を評価します。FortiManager 内のユーザー アカウント、管理設定、および運用面の監視が含まれます。
トピック 2
  • デバイス登録: このセクションでは、ネットワーク セキュリティ プロフェッショナルと Fortinet 管理者のスキルをテストします。デバイスを FortiManager に登録する手順を中心に学習します。
トピック 3
  • ポリシーとオブジェクト: このセクションでは、セキュリティ ポリシー管理者とネットワーク アナリストの能力を測定します。FortiManager 内のポリシーとオブジェクトの作成、管理、実装について説明します。
トピック 4
  • グローバル データベース ADOM と集中管理: このセクションでは、Fortinet 管理者と IT マネージャーのスキルを評価します。グローバル データベース、ADOM、集中管理機能の構成に重点を置いています。
トピック 5
  • 概要と初期構成: このセクションでは、ネットワーク セキュリティ管理者とエンジニアの能力を評価します。FortiManager の基本的なセットアップと基本的な構成タスクについて説明します。

 

テストエンジン練習FCP_FMG_AD-7.4テスト問題:https://jp.fast2test.com/FCP_FMG_AD-7.4-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어