Fortinet NSE5_FMG-7.0試験情報と無料練習テスト問題で合格せよ [Q26-Q42]

Fortinet NSE5_FMG-7.0試験情報と無料練習テスト問題で合格せよ

2023年最新のの問題NSE5_FMG-7.0問題集で更新されたFortinet試験問題集を試そう

NSE5_FMG-7.0の認定試験は、FortiManager 7.0に関連する幅広いトピックをカバーする包括的なテストです。この試験は、展開、管理、設定、およびトラブルシューティングなどのいくつかのセクションに分かれています。受験者は、FortiManager 7.0を管理、設定、およびトラブルシューティングするための知識とスキル、および他のFortinetセキュリティソリューションとの統合能力を証明する必要があります。

 

質問 # 26
Refer to the following exhibit:

Which of the following statements are true based on this configuration? (Choose two.)

• A. Ungraceful closed sessions will keep the ADOM in a locked state until the administrator session times out
• B. Unlocking an ADOM will submit configuration changes automatically to the approval administrator
• C. The same administrator can lock more than one ADOM at the same time
• D. Unlocking an ADOM will install configuration automatically on managed devices

正解：A、C

質問 # 27
An administrator would like to review, approve, or reject all the firewall policy changes made by the junior
administrators.
How should the Workspace mode be configured on FortiManager?

• A. Set to disable and use the policy locking feature
• B. Set to read/write and use the policy locking feature
• C. Set to normal and use the policy locking feature
• D. Set to workflow and use the ADOM locking feature

正解：D

質問 # 28
An administrator's PC crashes before the administrator can submit a workflow session for approval. After the PC is restarted, the administrator notices that the ADOM was locked from the session before the crash.
How can the administrator unlock the ADOM?

• A. Log in using the same administrator account to unlock the ADOM.
• B. Restore the configuration from a previous backup.
• C. Delete the previous admin session manually through the FortiManager GUI or CLI.
• D. Log in as Super_User in order to unlock the ADOM.

正解：C

質問 # 29
An administrator has assigned a global policy package to a new ADOM called ADOM1. What will happen if the administrator tries to create a new policy package in ADOM1?

• A. When a new policy package is created, the administrator must assign the global policy package from the global ADOM.
• B. When creating a new policy package, the administrator can select the option to assign the global policy
  package to the new policy package
• C. When a new policy package is created, the administrator needs to reapply the global policy package to
  ADOM1.
• D. When the new policy package is created, FortiManager automatically assigns the global policy package to the new policy package.

正解：D

質問 # 30
What will be the result of reverting to a previous revision version in the revision history?

• A. It will tag the device settings status as Auto-Update
• B. It will modify the device-level database
• C. It will generate a new version ID and remove all other revision history versions
• D. It will install configuration changes to managed device automatically

正解：B

質問 # 31
What does a policy package status of Modified indicate?

• A. FortiManager is unable to determine the policy package status
• B. The Policy package configuration has been changed on FortiManager and changes have not yet been installed on the managed device.
• C. The policy package was never imported after a device was registered on FortiManager
• D. The Policy configuration has been changed on a managed device and changes have not yet been imported into FortiManager

正解：B

質問 # 32
Refer to the exhibit.

According to the error message why is FortiManager failing to add the FortiAnalyzer device?

• A. The administrator must use the correct user name and password of the FortiAnalyzer device
• B. The administrator must select the Forti-Manager administrative access checkbox on the FortiAnalyzer management interface
• C. The administrator must turn off the Use Legacy Device login and add the FortiAnaJyzer device to the same network as Forti-Manager
• D. The administrator must use the Add Model Device section and discover the FortiAnaJyzer device

正解：B

質問 # 33
View the following exhibit.

An administrator is importing a new device to FortiManager and has selected the shown options. What will happen if the administrator makes the changes and installs the modified policy package on this managed FortiGate?

• A. The unused objects that are not tied to the firewall policies will remain as read-only locally on FortiGate
• B. The unused objects that are not tied to the firewall policies locally on FortiGate will be deleted
• C. The unused objects that are not tied to the firewall policies in policy package will be deleted from the
• D. The unused objects that are not tied to the firewall policies will be installed on FortiGate

正解：B

解説：
FortiManager database

質問 # 34
Refer to the exhibit.

An administrator has configured the command shown in the exhibit on FortiManager. A configuration change has been installed from FortiManager to the managed FortiGate that causes the FGFM tunnel to go down for more than 15 minutes.
What is the purpose of this command?

• A. It allows FortiGate to unset central management settings.
• B. It allows FortiGate to reboot and recover the previous configuration from its configuration file.
• C. It allows the FortiManager to revert and install a previous configuration revision on the managed FortiGate.
• D. It allows FortiGate to reboot and restore a previously working firmware image.

正解：B

質問 # 35
View the following exhibit.

If both FortiManager and FortiGate are behind the NAT devices, what are the two expected results? (Choose two.)

• A. FortiGate is discovered by FortiManager through the FortiGate NATed IP address.
• B. During discovery, the FortiManager NATed IP address is not set by default on FortiGate.
• C. If the FCFM tunnel is torn down, FortiManager will try to re-establish the FGFM tunnel.
• D. FortiGate can announce itself to FortiManager only if the FortiManager IP address is configured on
  FortiGate under central management.

正解：A、B

解説：
Fortimanager can discover FortiGate through a NATed FortiGate IP address. If a FortiManager NATed IP address is configured on FortiGate, then FortiGate can announce itself to FortiManager. FortiManager will not attempt to re-establish the FGFM tunnel to the FortiGate NATed IP address, if the FGFM tunnel is interrupted. Just like it was in the NATed FortiManager scenario, the FortiManager NATed IP address in this scenario is not configured under FortiGate central management configuration.

質問 # 36
When an installation is performed from FortiManager, what is the recovery logic used between FortiManager and FortiGate for an FGFM tunnel?

• A. FortiManager will revert and install a previous configuration revision on the managed FortiGate.
• B. FortiManager will not push the CLI commands as a part of the installation that will cause the tunnel to go down.
• C. After 15 minutes, FortiGate will unset all CLI commands that were part of the installation that caused the tunnel to go down.
• D. FortiGate will reject the CLI commands that will cause the tunnel to go down.

正解：C

質問 # 37
Refer to the exhibit.

Which two statements about the output are true? (Choose two.)

• A. Configuration changes directly made on the FortiGate have been automatically updated to device-level
• B. Configuration changes have been installed to FortiGate and represents FortiGate configuration has been changed
• C. The latest revision history for the managed FortiGate does match with the FortiGate running configuration
• D. The latest history for the managed FortiGate does not match with the device-level database

正解：C、D

解説：
database
Explanation:
STATUS: dev-db: modified; conf: in sync; cond: pending; dm: retrieved; conn: up - dev-db: modified - This is the device setting status which indicates that configuration changes were made on FortiManager. - conf: in sync - This is the sync status which shows that the latest revision history is in sync with Fortigate's configuration. - cond: pending - This is the configuration status which says that configuration changes need to be installed.
Most probably a retrieve was done in the past (dm: retrieved) updating the revision history DB (conf: in sync) and FortiManager device level DB, now there is a new modification on FortiManager device level DB (dev-db: modified) which wasn't installed to FortiGate (cond: pending), hence; revision history DB is not aware of that modification and doesn't match device DB.
Conclusion: - Revision DB does match FortiGate. - No changes were installed to FortiGate yet. - Device DB doesn't match Revision DB. - No changes were done on FortiGate (auto-update) but configuration was retrieved instead
After an Auto-Update or Retrieve: device database = latest revision = FGT
Then after a manual change on FMG end (but no install yet): latest revision = FGT (still) but now device database has been modified (is different).
After reverting to a previous revision in revision history: device database = reverted revision != FGT

質問 # 38
An administrator, Trainer, who is assigned the Super_User profile, is trying to approve a workflow session that was submitted by another administrator, Student. However, Trainer is unable to approve the workflow session.
What can prevent an admin account that has Super_User rights over the device from approving a workflow session?

• A. Trainer is not a part of workflow approval group
• B. Student, who submitted the workflow session, must first self-approve the request
• C. Trainer does not have full rights over this ADOM
• D. Trainer must close Student's workflow session before approving the request

正解：A

質問 # 39
Which two settings must be configured for SD-WAN Central Management? (Choose two.)

• A. The first step in creating an SD-WAN using FortiManager is to create two SD-WAN firewall policies.
• B. SD-WAN must be enabled on per-ADOM basis
• C. You can create multiple SD-WAN interfaces per VDOM
• D. When you configure an SD-WAN, you must specify at least two member interfaces.

正解：B、D

質問 # 40
What are two outcomes of ADOM revisions? (Choose two.)

• A. ADOM revisions can significantly increase the size of the configuration backups.
• B. ADOM revisions can save the current size of the whole ADOM
• C. ADOM revisions can create System Checkpoints for the FortiManager configuration
• D. ADOM revisions can save the current state of all policy packages and objects for an ADOM

正解：A、D

質問 # 41
What does the diagnose dvm check-integrity command do? (Choose two.)

• A. Verifies and corrects database schemas in all object tables
• B. Verifies and corrects duplicate VDOM entries
• C. Verifies and corrects unregistered, registered, and deleted device states
• D. Internally upgrades existing ADOMs to the same ADON version in order to clean up and correct the ADOM
  syntax

正解：B、C

解説：
6.2 Study Guide page 305 verify and correct parts of the device manager databases, including: - inconsistent device-to-group and group-to-ADOM memberships - unregistered, registered, and deleted device states - device lock statuses - duplicate VDOM entries

質問 # 42
......

Fortinet NSE5_FMG-7.0 認定試験は、FortiManager プラットフォームを扱う IT プロフェッショナルのスキルと知識をテストするように設計されています。FortiManager は、組織がネットワークインフラストラクチャ全体にわたってセキュリティポリシーを中央集中的に管理および自動化するための包括的なネットワーク管理ソリューションです。試験は、FortiManager を構成、管理、トラブルシューティングするために必要なスキルと知識を検証するように設計されています。

 

最新のNSE5_FMG-7.0試験問題集でFortinet試験が合格できます：https://www.jpntest.com/shiken/NSE5_FMG-7.0-mondaishu