Fortinet FCP_FMG_AD-7.4試験情報と無料練習テスト問題で合格せよ
2024年最新のの問題FCP_FMG_AD-7.4問題集で更新されたFortinet試験問題集を試そう
質問 # 20
Which output is displayed right after moving the ISFW device from one ADOM to another?
- A.

- B.

- C.

- D.

正解:A
解説:
When a FortiGate device, like the ISFW (Internal Segmentation Firewall), is moved from one ADOM to another in FortiManager, the status of the device in the new ADOM will temporarily show some level of inconsistency or unknown state until the ADOM fully syncs and integrates the device.
In the provided options, we are analyzing the FortiManager diagnose dvm device list output for the ISFW device.
Explanation of the Outputs:
* Option A:
* The output shows that the device has the following status:
* dev-db: not modified
* conf: in sync
* cond: OK
* dm: retrieved
* The key part here is the pkg: [unknown]. This suggests that the configuration package for the ADOM in the new environment is still in anunknown state, which happens right after moving the device to a new ADOM. FortiManager needs time to process the device's configuration before syncing it properly.
* Option B:
* This output shows thepkg: [out-of-sync]. This occursaftersome configuration mismatch is identified, but it is not the immediate output after moving a device to a new ADOM.
* Option C:
* This output showspkg: [never-installed], which indicates that no package was ever installed on the device. This status typically appears when a device is newly added to FortiManager but not immediately after moving it between ADOMs.
* Option D:
* This output showspkg: [imported], which indicates that the device configuration has been successfully imported into the new ADOM. This would occur after the device is fully synced, but not immediately after moving the device to a new ADOM.
Conclusion:
The output that is displayedimmediately after movingthe ISFW device from one ADOM to another isOption A, where the package status is still unknown (pkg: [unknown]) because FortiManager has not yet fully synchronized the device's configuration in the new ADOM.
質問 # 21
Push updates are failing on a FortiGate device that is located behind a NAT device. Which two settings should the administrator check? (Choose two.)
- A. That the virtual IP address and correct ports are set on the NAT device
- B. That the override server IP address is set on FortiManager and the NAT device
- C. That the NAT device IP address and correct ports are configured on FortiManager
- D. That the external IP address on the NAT device is set to DHCP and configured with the virtual IP
正解:A、B
解説:
When push updates are failing on a FortiGate device behind a NAT device, the administrator should check:
* A.That the override server IP address is set on FortiManager and the NAT device.
* The override server IP should be configured to ensure that FortiManager uses the correct IP address that can traverse the NAT to reach the FortiGate device.
* D.That the virtual IP address and correct ports are set on the NAT device.
* The NAT device must have the correct virtual IP (VIP) configured to map the FortiGate's internal IP to an external address, along with the correct ports needed for communication.
Options B and C are incorrect because:
* Bsuggests setting the external IP on the NAT device to DHCP, which is not relevant to solving the push update issue.
* Cimplies configuring NAT device IP and ports on FortiManager, which is less likely needed compared to configuring the correct VIP and ports.
FortiManager References:
* Refer to FortiManager 7.4 Administrator Guide: Device Management and NAT Configuration.
質問 # 22
An administrator created a new global policy package that includes header and footer policies and then assigned it to an ADOM. What are two outcomes of this action? (Choose two.)
- A. You must manually move the header and footer policies after the policy assignment.
- B. You can edit or delete all the global objects in the global ADOM.
- C. After you assign the global policy package to an ADOM. the impacted policy packages become hidden in that ADOM.
- D. To assign another global policy package later to the same ADOM. you must unassign this policy first.
正解:B、D
質問 # 23
Which two statements about Security Fabric integration with FortiManager are true? (Choose two.)
- A. The Security Fabric license, group name, and password are required for the FortiManager Security Fabric integration.
- B. The Fabric View module enables you to generate the Security Fabric ratings for Security Fabric devices.
- C. The Fabric View module enables you to view the Security Fabric ratings for Security Fabric devices.
- D. The Security Fabric settings are part of the device-level settings.
正解:C、D
質問 # 24
Refer to the exhibit.
You are using the Quick Install option to install configuration changes on the managed FortiGate.
Which two statements correctly describe the result? (Choose two.)
- A. It installs all the changes in the device database first and the administrator must reinstall the changes on the FortiGate device.
- B. It provides the option to preview only the policy package changes before installing them.
- C. It installs provisioning template changes on the FortiGate device.
- D. It installs device-level changes on the FortiGate device without launching the Install Wizard
正解:C、D
質問 # 25
What is a characteristic of the FortiManager high availability (HA) feature?
- A. Each cluster member must be upgraded manually, starting with the primary unit.
- B. When a secondary unit is removed, FortiManager updates the managed devices using TCP port 5199.
- C. All secondary units must be in the same network as the primary unit.
- D. The primary unit synchronizes all configuration revision with the seconday units.
正解:D
質問 # 26
Which statement about the upgrade of ADOMs on FortiManager is true?
- A. You cannot import policies from a device until its FortiOS version matches the ADOM version.
- B. Upgrading the FortiManager version upgrades all existing ADOMs automatically.
- C. ADOMs using global objects can be upgraded before or after upgrading the global database ADOM.
- D. To ensure database consistency, you must upgrade an ADOM before you upgrade the devices in it.
正解:D
解説:
* Option A: To ensure database consistency, you must upgrade an ADOM before you upgrade the devices in it.This is the correct answer. When upgrading ADOMs on FortiManager, the ADOM must be upgraded first to match the FortiOS version of the devices it manages. This is necessary to ensure compatibility and consistency between the ADOM's database schema and the FortiGate's configuration.
Explanation of Incorrect Options:
* Option B: Upgrading the FortiManager version upgrades all existing ADOMs automaticallyis incorrect because the ADOMs must be upgraded manually or individually after upgrading the FortiManager.
* Option C: You cannot import policies from a device until its FortiOS version matches the ADOM versionis incorrect because while version matching is important, it is not strictly necessary for policy import.
* Option D: ADOMs using global objects can be upgraded before or after upgrading the global database ADOMis incorrect as the order of upgrade matters to maintain compatibility.
FortiManager References:
* Refer to "FortiManager Upgrade Guide" for detailed procedures on upgrading ADOMs and devices.
質問 # 27
Which two items are included in the FortiManager backup? (Choose two.)
- A. FortiGuard database
- B. Firmware images
- C. All devices
- D. Flash configuration
正解:C、D
解説:
FortiManager backups include:
* A. All devices- This includes all device configurations managed by FortiManager, such as firewall policies, objects, and other settings.
* D. Flash configuration- This consists of local FortiManager configurations stored in flash memory, such as system settings, scripts, and other locally-stored configurations.
Options B and C are incorrect because:
* B (Firmware images)are not typically included in a FortiManager backup. Firmware images are usually stored separately and managed through a different process.
* C (FortiGuard database)is incorrect as the FortiGuard database, which contains threat intelligence and security signatures, is not part of the standard FortiManager backup.
FortiManager References:
* Refer to FortiManager 7.4 Administrator Guide: Backup and Restore Processes.
質問 # 28
What is a characteristic of the FortiManager high availability (HA) feature?
- A. Each cluster member must be upgraded manually, starting with the primary unit.
- B. When a secondary unit is removed, FortiManager updates the managed devices using TCP port 5199.
- C. All secondary units must be in the same network as the primary unit.
- D. The primary unit synchronizes all configuration revision with the seconday units.
正解:D
解説:
The characteristic of the FortiManager high availability (HA) feature is that the primary unit synchronizes all configuration revisions with the secondary units. This ensures that all devices in the HA cluster are up-to-date with the same configurations, providing redundancy and failover capabilities.
Options A, C, and D are incorrect because:
* Arefers to a specific port number (5199), but FortiManager does not specifically use TCP port 5199 to update managed devices when a secondary unit is removed.
* Cis incorrect as secondary units do not necessarily have to be in the same network as the primary unit; they just need to be able to communicate with each other.
* Dis incorrect because HA upgrades can be automated and do not require manual upgrading, starting with the primary unit.
FortiManager References:
* Refer to FortiManager 7.4 High Availability (HA) Guide: HA Synchronization and Configuration.
質問 # 29
Refer to the exhibit.
What can you conclude from the failed installation log shown in the exhibit?
- A. Policy ID 2 is installed without the remote user student.
- B. Policy ID 2 is installed in the disabled state.
- C. Policy ID 2 is installed without a source address.
- D. Policy ID 2 will not be installed.
正解:A
解説:
From the log provided in the exhibit, several conclusions can be drawn regarding the installation of Policy ID
2:
* The installation process fails when attempting to set theLDAP user "student". The log shows:
* "Attribute 'ldap-server' MUST be set.": This error indicates that when setting up the LDAP user configuration, a mandatory field (ldap-server) is missing. As a result, the configuration could not be completed for the user.
* "entry not found in datasource"and"value parse error before 'student'": These errors confirm that the user "student" could not be properly added due to a configuration issue (such as the missing LDAP server).
Because of these errors, while other configuration elements (such as source and destination interfaces, actions, and services) are properly set, the user configuration for"student"isnot applied.
Evaluation of the answer options:
* A. Policy ID 2 is installed in the disabled state.
* This isfalse. There is no indication in the log that Policy ID 2 is disabled.
* B. Policy ID 2 is installed without the remote user student.
* This istrue. Due to the failure in setting the"student"user (as indicated by the errors), the policy will be installedwithoutthat user being properly configured.
* C. Policy ID 2 will not be installed.
* This isfalse. The policy is installed, but the user configuration failed. The rest of the policy configuration appears to have proceeded without critical errors that would prevent the installation.
* D. Policy ID 2 is installed without a source address.
* This isfalse. The log shows that the source address is properly set to "all" (set srcaddr all), so this is not the cause of the issue.
From the log exhibit, we see errors related to the "ldap-server" attribute not being set and an error with the entry "student" not being found in the datasource. This indicates that Policy ID 2 will not be installed due to missing or incorrect data required for successful installation. The "Command fail. Return code -3" confirms the installation failure, so the correct answer is C.
Options A, B, and D are incorrect because:
* A suggests the policy is installed in a disabled state, which isn't supported by the log.
* B and D suggest partial installation, but the error messages indicate a complete failure to install Policy ID 2.
FortiManager References:
* Refer to FortiManager 7.4 Troubleshooting Guide: Common Errors and Log Interpretation.
質問 # 30
Which API method is used to create objects or overwrite existing ones?
- A. Set
- B. Add
- C. Update
- D. Exec
正解:A
解説:
In the context of the FortiManager JSON API, thesetmethod is used tocreate new objectsoroverwrite existing ones. The API allows administrators to manage FortiManager and its associated devices by automating tasks like configuration changes, policy updates, and object creation.
Explanation of Options:
* A. Set:
* This istrue. Thesetmethod is used to create a new object if it does not exist or overwrite an existing object if it already exists. This method is frequently used in API requests to configure settings and apply changes on FortiManager.
* B. Add:
* This isfalse. Theaddmethod is used to add new objects without overwriting any existing ones. It is used when you want to create a new entry and ensure it doesn't conflict with or replace an existing object.
* C. Exec:
* This isfalse. Theexecmethod is used to execute specific actions or commands, rather than creating or modifying objects. This is typically used for actions like running scripts or executing operational commands on FortiManager or FortiGate.
* D. Update:
* This isfalse. While "update" might seem relevant, FortiManager's API does not specifically use an "update" method for modifying or creating objects. Thesetmethod serves that function by both creating new objects and overwriting existing ones.
質問 # 31
An administrator has assigned a global policy package to custom ADOM1. Then the administrator creates a new policy package. Fortinet. in the custom ADOM1. What happens to the Fortinet policy package when it is created?
- A. You must assign the global policy package from the global ADOM.
- B. You must reapply the global policy package to ADOM1.
- C. The global policy package is automatically assigned.
- D. You can select the option to assign the global policies.
正解:C
解説:
When a new policy package is created in a custom ADOM that already has a global policy package assigned, the global policy package is automatically assigned to the new policy package. This behavior ensures consistent policy enforcement across different ADOMs.
Options A, C, and D are incorrect because:
* A and C incorrectly suggest that manual reassignment or reapplication is needed.
* D implies optional assignment, whereas it is automatically done.
FortiManager References:
* Refer to FortiManager 7.4 Administrator Guide: Working with Global and Custom ADOM Policy Packages
質問 # 32
An administrator hasenabled Service Access on FortiManager. What is the purpose of Service Access on the FortiManager interface?
- A. It allows FortiManager to respond to requests for FortiGuard services from FortiGate devices.
- B. It allows administrative access to FortiManager.
- C. It allows third-party applications to gain read/write access to FortiManager.
- D. It allows FortiManager to determine the connection status of managed devices.
正解:A
質問 # 33
Which statement about the policy lock feature on FortiManager is true?
- A. Locking a policy takes precedence over a locked ADOM.
- B. When a policy is locked, the ADOM that contains it is also locked.
- C. Policy locking is available in workspace normal mode.
- D. Administrators in the approval group can work concurrently on a locked policy.
正解:C
解説:
The statement that is true about the policy lock feature on FortiManager is:
* A. Policy locking is available in workspace normal mode.
In FortiManager, when working in "workspace-mode normal," policies can be locked by administrators to prevent other administrators from editing them simultaneously. This ensures that only one administrator makes changes at any given time, reducing conflicts or mistakes due to concurrent modifications.
Statements B, C, and D are incorrect because:
* B is incorrect since locking a policy does not override a locked ADOM. The ADOM lock takes precedence.
* C is incorrect because when a policy is locked, it does not necessarily mean the ADOM is locked.
* D is incorrect because administrators in the approval group cannot work concurrently on a locked policy; the policy lock prevents concurrent modifications.
FortiManager References:
* Refer to FortiManager 7.4 Administrator Guide: Policy and Objects > Policy Locking to understand how the policy lock feature functions in different workspace modes.
質問 # 34
Which two items does an FGFM keepalive message include? (Choose two.)
- A. FortiGate uptime
- B. FortiGate license information
- C. FortiGate IPS version
- D. FortiGate configuration checksum
正解:C、D
質問 # 35
Refer to the exhibit.
What percent of the available RAM is being used by the process in charge of downloading the web and email filter databases from the public FortiGuard servers?
- A. 4.1
- B. 2.9
- C. 3.1
- D. 1.5
正解:B
質問 # 36
Exhibit.
Given the configuration shown in the exhibit, what are two results from this configuration? {Choose two.)
- A. Concurrent read-write access to an ADOM is disabled.
- B. The same administrator can lock more than one ADOM at the same time.
- C. Two or more administrators can make configuration changes at the same time, in the same ADOM.
- D. You can validate administrator login attempts through external servers.
正解:A、B
質問 # 37
An administrator has enabled Service Access on FortiManager. What is the purpose of Service Access on the FortiManager interface?
- A. It allows FortiManager to respond to requests for FortiGuard services from FortiGate devices.
- B. It allows administrative access to FortiManager.
- C. It allows third-party applications to gain read/write access to FortiManager.
- D. It allows FortiManager to determine the connection status of managed devices.
正解:A
解説:
* Option B: It allows FortiManager to respond to requests for FortiGuard services from FortiGate devices.This is the correct answer. When Service Access is enabled on FortiManager, it allows FortiManager to act as a local FortiGuard server for the managed FortiGate devices. This enables the FortiManager to respond to requests for FortiGuard services, such as updates for antivirus, web filtering, and other security services.
Explanation of Incorrect Options:
* Option A: It allows administrative access to FortiManageris incorrect because Service Access is specifically for FortiGuard service communication, not for administrative access.
* Option C: It allows third-party applications to gain read/write access to FortiManageris incorrect because Service Access does not provide API or third-party access capabilities.
* Option D: It allows FortiManager to determine the connection status of managed devicesis incorrect because Service Access does not directly manage or check connectivity status of devices; it is used for FortiGuard service requests.
FortiManager References:
* Refer to the "FortiManager Administration Guide," particularly the sections on "Service Access Settings" and "FortiGuard Services."
質問 # 38
Exhibit.
An administrator would like to create three ADOMs on FortiManager with different access levels based on departments. What two conclusions can you draw from the design shown in the exhibit? (Choose two.)
- A. The administrator must configure FortiManager in workspace normal mode.
- B. Policies and objects databases can be shared between the Financial and HR ADOMs.
- C. The FortiManager administrator must set the ADOM device mode to Advanced
- D. An administrator with the super user profile can access all theVDOMs.
正解:C、D
質問 # 39
Refer to the exhibit.
What percent of the available RAM is being used by the process in charge of downloading the web and email filter databases from the public FortiGuard servers?
- A. 4.1
- B. 2.9
- C. 3.1
- D. 1.5
正解:B
解説:
In the exhibit, the FortiManager CLI output displays the results of thetopcommand, which shows system processes, CPU usage, and memory (RAM) usage. We are specifically looking for the process responsible for downloading theweb and email filter databasesfrom the public FortiGuard servers. This process is typically handled by thefgdlinkdprocess.
Key information from the output:
* Thefgdlinkdprocess is listed with aPID of 1463.
* The%MEMcolumn shows that this process is using2.9%of the available RAM.
Evaluation of Options:
* A. 2.9: This iscorrect. Thefgdlinkdprocess, which handles the web and email filter database downloads, is using2.9%of the available memory, as indicated in the%MEMcolumn.
* B. 3.1: This is incorrect. The3.1%memory usage belongs to thefwmsvrdprocess, not the fgdlinkd process.
* C. 1.5: This is incorrect. The1.5%memory usage belongs to thefclinkdprocess, not the fgdlinkd process.
* D. 4.1: This is incorrect. The4.1%memory usage belongs to thefgdsvrprocess, not the fgdlinkd process.
質問 # 40
What is the purpose of ADOM revisions?
- A. To save the current state of the whole ADOM
- B. To save the FortiManager configuration in the System Checkpoints
- C. To save the current state of all policy packages and objects for an ADOM
- D. To revert individual policy packages and device-level settings for a managed FortiGate
正解:C
質問 # 41
Refer to the exhibit.
What can you conclude from the failed installation log shown in the exhibit?
- A. Policy ID 2 is installed without the remote user student.
- B. Policy ID 2 is installed in the disabled state.
- C. Policy ID 2 is installed without a source address.
- D. Policy ID 2 will not be installed.
正解:A
質問 # 42
......
Fortinet FCP_FMG_AD-7.4 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
最新のFCP_FMG_AD-7.4試験問題集でFortinet試験が合格できます:https://jp.fast2test.com/FCP_FMG_AD-7.4-premium-file.html