What must you consider before deciding to use FortiManager to manage a FortiAnalyzer device?
Correct Answer:
B
When deciding to use FortiManager to manage a FortiAnalyzer device, you must ensure certain conditions are met so that the integration works seamlessly. One key aspect to consider is whether the necessary FortiAnalyzer features are enabled on FortiManager.
Explanation of Options:
✑ A. Confirm that FortiManager has enough storage capacity for the expected logs.
✑ B. Ensure that FortiAnalyzer features are installed in advance.
✑ C. Check whether FortiManager is part of a high availability (HA) cluster.
✑ D. Determine whether the VDOMs of the same FortiGate will be assigned to different ADOMs.
An administrator has assigned a global policy package to custom ADOM1. Then the administrator creates a new policy package. Fortinet. in the custom ADOM1. What happens to the Fortinet policy package when it is created?
Correct Answer:
B
When a new policy package is created in a custom ADOM that already has a global policy package assigned, the global policy package is automatically assigned to the
new policy package. This behavior ensures consistent policy enforcement across different ADOMs.
Options A, C, and D are incorrect because:
✑ A and C incorrectly suggest that manual reassignment or reapplication is needed.
✑ D implies optional assignment, whereas it is automatically done.
FortiManager References:
✑ Refer to FortiManager 7.4 Administrator Guide: Working with Global and Custom ADOM Policy Packages
An administrator created a new global policy package that includes header and footer policies and then assigned it to an ADOM. What are two outcomes of this action? (Choose two.)
Correct Answer:
AC
✑ Option A: To assign another global policy package later to the same ADOM, you must unassign this policy first.This is correct. FortiManager does not allow multiple global policy packages to be assigned to a single ADOM simultaneously. If you want to assign a different global policy package, the existing one must be unassigned first.
✑ Option C: You can edit or delete all the global objects in the global ADOM.This is correct. Once a global policy package is assigned, you have the flexibility to edit or delete global objects in the global ADOM, affecting all ADOMs to which this package is assigned.
Explanation of Incorrect Options:
✑ Option B: After you assign the global policy package to an ADOM, the impacted policy packages become hidden in that ADOMis incorrect because the policy packages do not become hidden; they are modified according to the global
policies.
✑ Option D: You must manually move the header and footer policies after the policy assignmentis incorrect because header and footer policies are automatically applied when assigned.
FortiManager References:
✑ See the "Global Policy and ADOM Management" section in the FortiManager Administration Guide.
Which two statements about Security Fabric integration with FortiManager are true? (Choose two.)
Correct Answer:
AC
Two statements about Security Fabric integration with FortiManager that are true are:
✑ A. The Fabric View module enables you to generate the Security Fabric ratings for
Security Fabric devices.
✑ C. The Fabric View module enables you to view the Security Fabric ratings for Security Fabric devices.
Options B and D are incorrect because:
✑ Bis misleading as the Security Fabric settings are generally configured and managed separately from other device-level settings.
✑ Dis incorrect as there is no specific requirement for a Security Fabric license, group name, and password solely for FortiManager integration.
FortiManager References:
✑ Refer to FortiManager 7.4 Security Fabric Integration Guide: Managing Security Fabric and Generating Security Fabric Ratings.
Refer to the exhibit.
A junior administrator is troubleshooting a FortiManager connectivity issue that is occurring with a managed FortiGate device.
Given the FortiManager device manager settings shown in the exhibit, what can you conclude from this scenario?
Correct Answer:
C
✑ Option C: The administrator can reclaim the FortiGate to FortiManager protocol (FGFM) tunnel to get the device online.This is the correct answer. The exhibit shows a device in "Unknown" status, which indicates that the FortiManager cannot currently communicate with the device. Reclaiming the FGFM tunnel will help to restore connectivity by re-establishing the management tunnel between the FortiManager and the FortiGate.
Explanation of Incorrect Options:
✑ Option A: The administrator must refresh the device to restore connectivityis incorrect because refreshing the device is unlikely to solve the connection issue when the status is "Unknown."
✑ Option B: FortiManager lost internet connectivity, therefore, the device appears to be downis incorrect because FortiManager does not require internet connectivity to manage a FortiGate; it needs a direct connection to the device.
✑ Option D: The administrator recently restored a FortiManager configuration fileis incorrect because the exhibit does not indicate a recent restoration of configuration.
FortiManager References:
✑ Refer to "FortiManager Administration Guide" and the section on "Device Management and Connectivity" for more information about reclaiming FGFM tunnels.
