nse7_efw-72 Exam - Question 5

Question

Refer to the exhibits, which show the configurations of two address objects from the same FortiGate.

Engineering address object -

Finance address object -

Why can you modify the Engineering address object, but not the Finance address object?

Examice · Accepted Answer

The reason why you can modify the Engineering address object, but not the Finance address object, is that FortiGate joined the Security Fabric, and the Finance address object was configured on the root FortiGate. When an address object is created on the root FortiGate in Security Fabric mode, it is synchronized to downstream devices, and these downstream devices cannot modify it. The 'OK' button will not be available, and only the 'Return' button will be present for such objects on downstream devices.

truserud · Answer

I made a mistake earlier and voted B as that made most sense at the time. After checking in my lab, C is the correct answer. You are indeed presented with only the "return" option on the object on a downstream device when trying to edit a Global fabric object created on the root device.

r3n0 · Answer

In workspace mode the "OK" button is present, you get an error message as soon as you click on it.
When you create a fabric object on a root device, it will synchronize to the downstream devices (if enable) and you will not be able to modify the object on any downstream devices. The "OK" button will NOT be available on downstream devices.

charruco · Answer

C is Correct

B is not correct because "Workspace mode is available only through CLI mode:
Pg. 25 in Enterprise_Firewall_7.2_Study_Guide-Online.pdf

tenebrox · Answer

Answer is D, i test in my lab with two user, and you always can modify the address but the other user see the warning

MikeSco001 · Answer

Answer is C. Tested in Lab

truserud · Answer

A bit tricky from the screenshots, as if B was indeed the correct answer, a warning should be shown that the object is being edited by a different user.

A doesn't make much sense, as you wouldn't be able to make changes to either of the objects if you were in read-mode.

You can edit and configure downstream Fortigates in a Security Fabric at will. There is nothing in the screenshots signifying that this is a downstream device, or the root device.

We you can still configure objects on local devices even if they are managed by FortiManager, and as with question A; if you had logged into a Centrally managed device as read-only, you wouldn't be able to edit any of the objects.

I believe the answer is B, as that makes most sense, even though it is difficult to tell from the screenshots themselves.

GabrielVillamizar · Answer

When an administrator edits an object in workspace mode, it is locked, preventing other administrators from  editing that object. A warning message is shown to let the administrator know that the object is currently being  configured in another workspace transaction. Pg. 25 in Enterprise_Firewall_7.2_Study_Guide-Online.pdf

havokdu · Answer

I created a firewall object on a root fortigate. Then, on a downstream FG the object appeared, but when I tried to edit it the OK button was missing. Only the return button is present. 
It doesn't happen like that in Workspace mode. So C is the correct option.

rananaj · Answer

The answer is B

5deee77 · Answer

The answer is B page 25

ac89l · Answer

tested in lab

Totoahren · Answer

Answer B:
Answer: D
when check-protocol-header is enabled in strict or loose mode all NPs and CPs are disabled.

Totoahren · Answer

Page 25
Enabling strict header checking disables all hardware acceleration. This includes NP, SP, and CP processing.

evdw · Answer

Correct answer is C

rac_sp · Answer

Fgt is joined in the security fabric

nse7_efw-72 Exam - Question 5

Discussion