Examice

Exam nse8_812 All QuestionsBrowse all questions from this exam

Question 42

Refer to the exhibit.

A customer has deployed a FortiGate 200F high-availability (HA) cluster that contains a TPM chip. The exhibit shows output from the FortiGate CLI session where the administrator enabled TPM.

Following these actions, the administrator immediately notices that both FortiGate high availability (HA) status and FortiManager status for the FortiGate are negatively impacted.

What are the two reasons for this behavior? (Choose two.)

The private-data-encryption key entered on the primary did not match the value that the TPM expected.

Configuration for TPM is not synchronized between FortiGate HA cluster members.

The FortiGate has not finished the auto-update process to synchronize the new configuration to FortiManager yet.

TPM functionality is not yet compatible with FortiGate HA.

The administrator needs to manually enter the hex private data encryption key in FortiManager.

Correct Answer: B, E

The configuration for TPM is not synchronized between FortiGate HA cluster members, as each member must use the same master-encryption-key to synchronize properly. Additionally, when the private-data-encryption setting is enabled, FortiManager requires the FortiGate encryption key to be manually entered to manage the device configurations successfully. These factors impact both the HA status of the FortiGate cluster and its management status in FortiManager.

Discussion

node345Options: BE

B and E are correct: B because of: "In HA configurations, each cluster member must use the same master‑encryption‑key so that the HA cluster can form and its members can synchronize their configurations." E because of "When a FortiGate with the private-data-encryption setting enabled is added to FortiManager, FortiManager requires the FortiGate encryption key to be entered in FortiManager to successfully install device configuration settings and manage the added FortiGate. If the private-data-encryption setting is enabled on an already managed FortiGate, you must manually retrieve device configuration settings again on the FortiManager."

Meh057

https://docs.fortinet.com/document/fortimanager/7.4.2/administration-guide/30332/verifying-devices-with-private-data-encryption-enabled

Viewable8041Options: BC

Sorry... here the link and the correct answers It is B and C https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/893277/trusted-platform-module-support

Viewable8041Options: AC

according to https://docs.fortinet.com/document/fortigate-7000/7.0.12/fortigate-7000f-handbook/254816/tpm-support i am with A and C

Pat1361Options: BE

i just tested it in the lab.

ama6

i"m with you on that one #Viewable8041

Viewable8041Options: BC

Sorry... here the link and the correct answers It is B and C https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/893277/trusted-platform-module-support