Examice

Exam nse5_fmg-72 All QuestionsBrowse all questions from this exam

Go to Exam

Question 29

Refer to the exhibit.

An administrator would like to create three ADOMs on FortiManager with different access levels based on departments.

What two conclusions can you draw from the design shown in the exhibit? (Choose two.)

Admin A can access VDOM2 and VDOM3 with the super user profile.

The FortiManager policies and objects database can be shared between the Financial and HR ADOMs.

The administrator must set the FortiManager ADOM mode to Advanced.

The administrator must configure FortiManager in workspace mode.

Correct Answer: C, D

The administrator must enable Advanced mode on FortiManager to assign different VDOMs from the same FortiGate device to different ADOMs, as indicated in the design where FortiGate 4 has multiple VDOMs assigned to different ADOMs. Additionally, configuring FortiManager in workspace mode is necessary when multiple administrators need to collaborate without interfering with each other's changes, which is hinted by the presence of different administrators managing different ADOMs in the design.

Discussion

raydel92Options: AC

ebin.pub_fortinet-fortimanager-study-guide-for-fortimanager-72 p.64: "Administrators who have the Super_User profile have full access to all ADOMs, whereas administrators with any other profile have access only to those ADOMs to which they are assigned—this can be one or more." p.53: "In Advanced mode, you can assign different VDOMs from the same FortiGate device to different ADOMs." Answer B is wrong because: (p.17) In the global ADOM layer, you create header and footer policy rules. You can assign these policy rules to multiple ADOMs. If multiple ADOM policy packages require the same policies and objects, you can create them in this layer, so that you don’t have to maintain copies in each ADOM. In the ADOM layer, objects and policy packages *in each* (not between) ADOM share a common object database.

AgentSmithOptions: AC

A and C Tested in a LAB environment, A - Admin A can access VDOM2 and VDOM3 with the super user profile. -- I'm unable to restrict Super_User to a specific ADOM, they have access to all ADOMs regardless. The documentation also states it. C - Advanced mode is required for VDOMs Reference - FMG Study Guide 7.2 - P53 and P55

chomskyHonkOptions: AC

Isn't this a trick question? A is stating that a super_user account has access to VDOMs, not ADOMs. Whether or not a super user account exists on the VDOMs wouldn't matter here. That would lead me to believe that A is wrong. B is *also* wrong because, again, whether or not the Admin has access to two ADOMs doesn't matter if your trying to share policy packages - you must create these on the Global database. I guess the better answer here is A, unless someone corrects me.

GeniusAOptions: AC

AC are the correct answers

DatBroNZOptions: BC

A. Wrong. The admin profile assigned to a administrator won't override the ADOMs that the administrator is allowed to access. Admin A has a Super_User profile but doesn't have access on the IT ADOM. B. Correct. C. Correct. On Advanced mode different VDOMs on same FGT can be assigned to different ADOMs. D. Workspace mode prevents multiple administrators to make changes on the same ADOM and doesn't necessarily be enabled for the proposed scenario.

learner2024Options: BC

B and C is correct