FCP_FMG_AD-7.6 Exam Dumps - Fortinet Network Security Expert Questions and Answers

The correct conclusion is D . The FortiManager 7.6 Administrator Study Guide defines Never Installed as a state where the policy package was never created and was never imported for a managed device . That means FortiManager may already know the device itself at the device layer, but the firewall policy layer has not yet been built for that device.

The lab guide confirms this behavior directly: when you choose Import Later in the Add Device wizard, the policy package status becomes Never Installed because there is still no policy package created for the added FortiGate devices.

So this is not a revision-history issue, and it does not mean ADOM policy changes are merely waiting for first install. It means the policies still exist only on the managed device side until they are imported into a FortiManager policy package.

=========

The error occurs because the FortiToken used (FTKM0B4A9AC5C56D) must already exist and be registered on the FortiGate device HQ-NGFW-1. FortiManager cannot push or create new FortiTokens on the device; the token must be valid and present on the FortiGate before it can be assigned to a user.

The correct answer is B . The LAN address object shown in the exhibit has a default value of 10.0.0.0/255.255.255.0 , and it has per-device mappings only for BR1-FGT-1 , HQ-NGFW-1 , and Local-Firewall . There is no per-device mapping entry for Remote-Firewall .

The FortiManager 7.6 Administrator Study Guide gives the exact rule for this behavior: “The devices in the ADOM that do not have a dynamic mapping for LAN have a default value” . The same page also explains that dynamic objects let you map one logical object to unique values per device , but devices without a mapping use the object’s default definition.

Since Remote-Firewall is not listed in the Per-Device Mapping table, it inherits the default LAN value: 10.0.0.0/255.255.255.0 .

=========

The configuration includes a server-list with server-type set to " update rating, " which enables FortiGate HQ-NGFW-1 to contact FortiManager as a FortiGuard Distribution Server (FDS) for FortiGuard updates.

The installation includes a root_CA3 certificate, which FortiManager will install on FortiGate HQ-NGFW-1 to authenticate FGFM tunnel connections between the devices.

The command set workspace-mode normal enables Workspace (ALL ADOMs) . In this mode, FortiManager uses ADOM locking to prevent configuration conflicts. The study guide explains that workspace mode is used to prevent concurrent ADOM access , and once an ADOM is locked, only the administrator who locked it has read-write access while all others have read-only access. That makes D correct.

B is also correct because locking is applied per ADOM, so different administrators can work at the same time on different ADOMs without conflicting with each other. This is consistent with the design goal of workspace mode and ADOM locking.

C describes workflow mode , not workspace normal. Approval before installation is required only with set workspace-mode workflow.

=========

The FortiManager 7.6 Administrator Study Guide states that global policies must be explicitly assigned : “ You must explicitly assign global policy packages to specific ADOMs ,” and FortiManager can also target specific policy packages in individual ADOMs . The lab guide confirms that assignment is performed from the Global Database ADOM : the administrator selects Global Database ADOM , clicks Assignment , adds the ADOM, chooses Specify Policy Packages To Assign , selects the target package, and then clicks Assign .

So creating a new policy package inside ADOM1 does not automatically inherit the existing global package assignment. It also does not automatically install policies. The administrator must go back to the global ADOM and assign the global policy package to that new local policy package.

The exhibit shows a FortiManager HA cluster with one primary and one secondary member. The FortiManager 7.6 Administrator Study Guide clearly states that if FortiAnalyzer features are enabled, you cannot configure FortiManager HA , so in an HA environment like the one shown, FortiAnalyzer features are not enabled . That makes D the correct answer.

A is incorrect because the study guide explicitly says you do not need to reboot a device when promoting it from secondary to primary.

C is incorrect because the failover mode shown is Manual , not VRRP automatic failover , so failover does not occur automatically based on heartbeat loss.

B is not the best answer here because FortiGuard packages are downloaded separately rather than synchronized as HA data, but the exhibit’s key provable conclusion is the HA restriction on FortiAnalyzer features.

=========

The correct answers are A and E . The study guide explicitly states under Database Integrity that scheduled backups “Automatically executes database integrity commands” and “Does not automatically make corrections” . That exactly verifies A .

It also states in Best Practices—Database Integrity: “Always follow the proper upgrade path” and “If you don’t, it may cause inconsistencies in the database.” That exactly verifies E .

B is incorrect because diagnose dvm check-integrity verifies and corrects device manager database issues such as device states, memberships, lock statuses, and duplicate VDOM entries, not a corrupted file system. C is incorrect because locked device status issues are listed under diagnose dvm check-integrity, not diagnose cdb check adom-integrity. D is not a stated FortiManager best practice in the uploaded guide.

The correct answers are A and C . The FortiManager 7.6 Administrator Study Guide states: “An ADOM revision creates a snapshot of all policy and object configurations for the ADOM” . The lab guide says the same thing in practical terms: “An ADOM revision creates a snapshot of the policy and object configuration for the ADOM” and that these revisions are useful for comparing differences and reverting to a previous revision .

Because the revision is a snapshot of the ADOM’s policy-and-object state, it saves the current ADOM policy/object state, which supports A and directly proves C . B is false because the study guide warns: “ADOM revisions can significantly increase the size of the configuration backup files.” D is not supported by the uploaded sources.

=========

The error occurs because the FortiGate HQ-NGFW device with ID 262 is a newly added model device and has not yet been fully synchronized or installed with a configuration package, which causes the reload configuration command to fail.