Examice

Exam nse7_efw-72 All QuestionsBrowse all questions from this exam

Go to Exam

Question 5

Refer to the exhibits, which show the configurations of two address objects from the same FortiGate.

Engineering address object -

Finance address object -

Why can you modify the Engineering address object, but not the Finance address object?

You have read-only access.

Another user is editing the Finance address object in workspace mode.

FortiGate joined the Security Fabric and the Finance address object was configured on the root FortiGate.

FortiGate is registered on FortiManager.

Correct Answer: C

The reason why you can modify the Engineering address object, but not the Finance address object, is that FortiGate joined the Security Fabric, and the Finance address object was configured on the root FortiGate. When an address object is created on the root FortiGate in Security Fabric mode, it is synchronized to downstream devices, and these downstream devices cannot modify it. The 'OK' button will not be available, and only the 'Return' button will be present for such objects on downstream devices.

Discussion

truserudOption: C

I made a mistake earlier and voted B as that made most sense at the time. After checking in my lab, C is the correct answer. You are indeed presented with only the "return" option on the object on a downstream device when trying to edit a Global fabric object created on the root device.

charrucoOption: C

C is Correct B is not correct because "Workspace mode is available only through CLI mode: Pg. 25 in Enterprise_Firewall_7.2_Study_Guide-Online.pdf

rac_sp

very true !! furthermore a warning message is shown to let the administrator know that the object is currently being configured in another workstpace transaction

r3n0Option: C

In workspace mode the "OK" button is present, you get an error message as soon as you click on it. When you create a fabric object on a root device, it will synchronize to the downstream devices (if enable) and you will not be able to modify the object on any downstream devices. The "OK" button will NOT be available on downstream devices.

havokduOption: C

I created a firewall object on a root fortigate. Then, on a downstream FG the object appeared, but when I tried to edit it the OK button was missing. Only the return button is present. It doesn't happen like that in Workspace mode. So C is the correct option.

GabrielVillamizarOption: B

When an administrator edits an object in workspace mode, it is locked, preventing other administrators from editing that object. A warning message is shown to let the administrator know that the object is currently being configured in another workspace transaction. Pg. 25 in Enterprise_Firewall_7.2_Study_Guide-Online.pdf

truserudOption: B

A bit tricky from the screenshots, as if B was indeed the correct answer, a warning should be shown that the object is being edited by a different user. A doesn't make much sense, as you wouldn't be able to make changes to either of the objects if you were in read-mode. You can edit and configure downstream Fortigates in a Security Fabric at will. There is nothing in the screenshots signifying that this is a downstream device, or the root device. We you can still configure objects on local devices even if they are managed by FortiManager, and as with question A; if you had logged into a Centrally managed device as read-only, you wouldn't be able to edit any of the objects. I believe the answer is B, as that makes most sense, even though it is difficult to tell from the screenshots themselves.

truserud

Scratch that. The Answer is C. Just tested in my lab, and when creating as a global fabric object, I am not able to edit the adress object on the downstream Fortigate. If it was an object in workspace mode, you would get a warning that the object is locked in a different transistion by a different user.

MikeSco001Option: C

Answer is C. Tested in Lab

tenebroxOption: D

Answer is D, i test in my lab with two user, and you always can modify the address but the other user see the warning

rac_spOption: C

Fgt is joined in the security fabric

evdwOption: C

Correct answer is C

TotoahrenOption: B

Page 25 Enabling strict header checking disables all hardware acceleration. This includes NP, SP, and CP processing.

Totoahren

Answer B: Answer: D when check-protocol-header is enabled in strict or loose mode all NPs and CPs are disabled.

Totoahren

Answer: B when check-protocol-header is enabled in strict or loose mode all NPs and CPs are disabled.

ac89lOption: C

tested in lab

5deee77Option: B

The answer is B page 25

rananajOption: B

The answer is B