Fortinet NSE 5 - FortiManager 6.4 NSE5_FMG-6.4 Dumps in PDF

Free Fortinet NSE5_FMG-6.4 Real Questions (page: 12)

Which configuration setting for FortiGate is part of a device-level database on FortiManager?

  1. VIP and IP Pools
  2. Firewall policies
  3. Security profiles
  4. Routing

Answer(s): D

Explanation:

The FortiManager stores the FortiGate configuration details in two distinct databases. The device-level database includes configuration details related to device-level settings, such as interfaces, DNS, routing, and more. The ADOM-level database includes configuration details related to firewall policies, objects, and security profiles.



Refer to the exhibit.



Which two statements about the output are true? (Choose two.)

  1. The latest revision history for the managed FortiGate does match with the FortiGate running configuration
  2. Configuration changes have been installed to FortiGate and represents FortiGate configuration has been changed
  3. The latest history for the managed FortiGate does not match with the device-level database
  4. Configuration changes directly made on the FortiGate have been automatically updated to device-level
    database

Answer(s): A,C

Explanation:

STATUS: dev-db: modified; conf: in sync; cond: pending; dm: retrieved; conn: up­ dev-db: modified ­ This is the device setting status which indicates that configuration changes were made on FortiManager.­ conf: in sync ­ This is the sync status which shows that the latest revision history is in sync with Fortigate's configuration.­ cond: pending ­ This is the configuration status which says that configuration changes need to be installed.
Most probably a retrieve was done in the past (dm: retrieved) updating the revision history DB (conf: in sync) and FortiManager device level DB, now there is a new modification on FortiManager device level DB (dev-db: modified) which wasn't installed to FortiGate (cond: pending), hence; revision history DB is not aware of that modification and doesn't match device DB.
Conclusion:­ Revision DB does match FortiGate.­ No changes were installed to FortiGate yet.­ Device DB doesn't match Revision DB.­ No changes were done on FortiGate (auto-update) but configuration was retrieved instead After an Auto-Update or Retrieve:device database = latest revision = FGT Then after a manual change on FMG end (but no install yet):latest revision = FGT (still) but now device database has been modified (is different). After reverting to a previous revision in revision history:device database = reverted revision != FGT



An administrator would like to review, approve, or reject all the firewall policy changes made by the junior administrators.

How should the Workspace mode be configured on FortiManager?

  1. Set to workflow and use the ADOM locking feature
  2. Set to read/write and use the policy locking feature
  3. Set to normal and use the policy locking feature
  4. Set to disable and use the policy locking feature

Answer(s): A


Reference:

https://help.fortinet.com/fmgr/50hlp/52/5-2- 0/FMG_520_Online_Help/200_What's-New.03.03.html



Which two settings must be configured for SD-WAN Central Management? (Choose two.)

  1. SD-WAN must be enabled on per-ADOM basis
  2. You can create multiple SD-WAN interfaces per VDOM
  3. When you configure an SD-WAN, you must specify at least two member interfaces.
  4. The first step in creating an SD-WAN using FortiManager is to create two SD-WAN firewall policies.

Answer(s): A,C



When an installation is performed from FortiManager, what is the recovery logic used between FortiManager and FortiGate for an FGFM tunnel?

  1. After 15 minutes, FortiGate will unset all CLI commands that were part of the installation that caused the tunnel to go down.
  2. FortiManager will revert and install a previous configuration revision on the managed FortiGate.
  3. FortiGate will reject the CLI commands that will cause the tunnel to go down.
  4. FortiManager will not push the CLI commands as a part of the installation that will cause the tunnel to go down.

Answer(s): A


Reference:

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/067f5236-ca6d- 11e9-8977-00505692583a/FGFM-6.2-Communications_Protocol_Guide.pdf page 17



Share your comments for Fortinet NSE5_FMG-6.4 exam with other users:

A
Ashok Kumar
1/2/2024 6:53:00 AM

the correct answer to q8 is b. explanation since the mule app has a dependency, it is necessary to include project modules and dependencies to make sure the app will run successfully on the runtime on any other machine. source code of the component that the mule app is dependent of does not need to be included in the exported jar file, because the source code is not being used while executing an app. compiled code is being used instead.

M
Merry
7/30/2023 6:57:00 AM

good questions

V
VoiceofMidnight
12/17/2023 4:07:00 PM

Delayed the exam until December 29th.

U
Umar Ali
8/29/2023 2:59:00 PM

A and D are True

V
vel
8/28/2023 9:17:09 AM

good one with explanation

G
Gurdeep
1/18/2024 4:00:15 PM

This is one of the most useful study guides I have ever used.

AI Tutor 👋 I’m here to help!