Examice

Exam nse7_efw-72 All QuestionsBrowse all questions from this exam

Question 46

You configured an address object on the root FortiGate in a Security Fabric. This object is not synchronized with a downstream device.

Which two reasons could be the cause? (Choose two.)

The downstream FortiGate has fabric-object-unification set to local.

The root FortiGate has configuration-sync set to enable.

The address object on the root FortiGate has fabric-object set to disable.

The downstream FortiGate has configuration-sync set to local.

Correct Answer: C, D

If the address object on the root FortiGate has fabric-object set to disable, it will not be synchronized to the downstream FortiGate. Additionally, if the downstream FortiGate has configuration-sync set to local, it will avoid accepting synchronized configurations from the root FortiGate. These conditions would prevent the address object from being synchronized with the downstream device.

Discussion

morsas23Options: CD

C & D are correct SG page 67

dstichtOptions: CD

A fabric-object-unification is a root configuration. So, C & D

dstichtOptions: AD

We agree on A being correct. I think the reason C is not correct is that they aren't saying ALL downstream FortiGates aren't synchronizing. They are referencing a single downstream device.

dsticht

I change my answer to C & D. A. fabric-object-unification is a root configuration.

millerryOptions: CD

A is incorrect because fabric-object-unification is not a setting applicable to downstream FortiGates. B is incorrect because configuration-sync being enabled on the root FortiGate should facilitate, not prevent, synchronization. C is correct because if the address object on the root FortiGate has fabric-object set to disable, it will not be synchronized. D is correct because if the downstream FortiGate has configuration-sync set to local, it will not accept the synchronized configuration from the root FortiGate.

K4KarOt0Options: AC

Sorry, The CORRECT is AC: If set fabric-object (Fabric synchronization option in the GUI) is disabled for firewall addresses and address groups on the root FortiGate, they will not be synchronized to downstream FortiGates https://docs.fortinet.com/document/fortigate/6.4.0/new-features/520820/improvements-to-synchronizing-objects-across-the-security-fabric-6-4-4

charrucoOptions: CD

C and D are correct

evdwOptions: CD

Correct answer C, D

GCISystemIntegratorOptions: AC

we discuss about an address object and a downstream without specify how many downstream there are .... , and for this reason "C" is correct. A -- OK C -- OK

evdw

fabric-object-unification is configured on the root fotigate, is not for the downstream fortigates therefore C, and D

Disposable_Me_2018Options: AC

A & C are correct. B and D are wrong, as "configuration-sync" is "Synchronize configuration for IPAM, FortiAnalyzer, FortiSandbox, and Central Management with root node.", not object synchronisation. https://docs.fortinet.com/document/fortigate/7.4.4/cli-reference/

K4KarOt0Options: AD

AD is the Correct. *fabric-object-unification* default: Global CMDB objects will be synchronized in Security Fabric. local: Global CMDB objects will not be synchronized to and from this device. *configuration-sync* default: Synchronize configuration for FortiAnalyzer, FortiSandbox, and Central Management to root node. local: Do not synchronize configuration with root node. https://docs.fortinet.com/document/fortigate/6.4.0/new-features/893434/synchronizing-objects-across-the-security-fabric