Fortinet FCP_FMG_AD-7.6 - Fortinet NSE 5 - FortiManager 7.6 Administrator

The correct answer is B . The error occurs because the script is being run on the policy package database , but the failing command is config sys interface, which is a device-level configuration command, not a policy-layer command. The lab guide gives the exact relationship: “Because the scripts target the device database, first, you will run the scripts against the device database, and then install the scripts on the managed devices” and “The scripts contain configuration changes related to device-level settings.”

By contrast, the lab guide shows Policy Package or ADOM Database scripts being used for firewall objects and policies in a policy package.

So this NetFlow script must be run on the device database , then installed. The issue is not VDOM permissions, metadata variables, or normalized interfaces.

The correct answer is D . The FortiManager 7.6 Administrator Study Guide gives the exact extract under Web Filter and Email Filter : “fgdlinkd — Responsible for downloading web filter and email filter databases” . The same study guide section explains that the execute top command displays real-time CPU and RAM usage, and the %MEM column shows the memory percentage used by each process.

In the exhibit, the line for fgdlinkd shows %MEM 2.9 . Therefore, the process responsible for downloading the web and email filter databases is using 2.9% of RAM. That matches option D exactly. The other values belong to different processes, such as fgdsvr and other FortiGuard-related daemons, but not the downloader process identified in the study guide.

=========

FortiManager global policies and objects are shared across ADOMs, but they are not applied automatically to every package . The study guide states that when you create a global policy package, you can choose the ADOMs you want to apply it to, and you can even pick specific policy packages in individual ADOMs . That directly validates B .

A is also correct because the lab guide explicitly says you can promote ADOM objects to global objects by right-clicking an ADOM object and selecting Promote to Global .

C is incorrect because when Automatically Install Policies to ADOM Devices is enabled, FortiManager installs without giving you a preview/accept step first; the lab warns to use it only when you are sure of the changes.

D is incorrect because FortiManager imports device policies into an ADOM policy package, not into the global package for synchronization.

The FortiManager 7.6 Administrator Study Guide states that global policies must be explicitly assigned : “ You must explicitly assign global policy packages to specific ADOMs ,” and FortiManager can also target specific policy packages in individual ADOMs . The lab guide confirms that assignment is performed from the Global Database ADOM : the administrator selects Global Database ADOM , clicks Assignment , adds the ADOM, chooses Specify Policy Packages To Assign , selects the target package, and then clicks Assign .

So creating a new policy package inside ADOM1 does not automatically inherit the existing global package assignment. It also does not automatically install policies. The administrator must go back to the global ADOM and assign the global policy package to that new local policy package.

FortiManager must have the NAT device ' s IP address and correct ports configured to communicate properly with the FortiGate behind NAT.

The NAT device must have the correct virtual IP address and ports configured to allow push updates to reach the FortiGate device.

The global policy package is managed only from the global ADOM by the service provider administrator. Customer administrators with access solely to their ADOM (My_ADOM) cannot edit the global header policy; such changes must be made by the service provider administrator in the global ADOM.

The correct answers are A and C . The FortiManager 7.6 Administrator Study Guide gives the exact extract: “FortiManager creates a configuration revision when: FortiGate is added to FortiManager, Device changes are installed from FortiManager, FortiGate configuration is retrieved from FortiManager, A local change on FortiGate causes an automatic update” .

This exactly proves A , because device changes are installed from FortiManager , and C , because a local change on FortiGate causes an automatic update . The guide also states: “By default, all changes made on a managed FortiGate device are automatically updated on FortiManager and reflected in revision history” .

B and D only modify the FortiManager device-level database status to Modified . They do not, by themselves, create a new revision history until an install, retrieve, or auto-update occurs.

Right after moving the ISFW device to a new ADOM, the status typically shows the policy package as never-installed, indicating that the device has been assigned to the new ADOM but no policy package has yet been installed in that ADOM.