01. Intro And Initial Config Flashcards
Purpose of ADOMs
- to divide administration of devices by ADOM
- to control (restrict) administrator access.
- If VDOMs are used, ADOMs can further restrict access to only data from a specific device VDOM.
What is the main benefit of using FMG as local FDN
A. The reduction of network delays and internet bandwidth use
B. the maintenance local ad servers and users
A. The reduction of network delays and internet bandwidth use
Difference between FMG and FAZ in regards to logging
FortiManager and FortiAnalyzer run on the same hardware and software platform.
Like FortiAnalyzer, FortiManager can also act as a logging and reporting device, but there are logging rate restrictions. Logging volumes are limited to fix amount each day
Also, FortiManager requires additional resources (CPU, memory, disk) to process logs and reports.
When would you use FMG for logging and when prefer FAZ?
FortiManager can be used as a fully functional logging and reporting device for low volumes of logs
If you have high log volumes, you should use a dedicated FortiAnalyzer
Management layers
Global ADOM level
ADOM level
Device management layer
Global ADOM layer contain
Global objects shared across ADOMs
Header policies
Footer policies
ADOM layer contains
Common object db. The databases contains information such as addresses, services, and security profiles.
Devices
Device groups
Policy packages
Device manager layer contain
Centrally managed Device info:
name and type of device
model
IP address
current firmware installed
revision history
real-time status.
What happens if device config changes
whether the change is made locally or on the FortiManager—then, FortiManager compares the current configuration revision to the changed configuration, and creates a new configuration revision on FortiManager.
Whether the configuration change is big or small, FortiManager records it and saves the new configuration.
Which statement about global ADOM layers is true
A. Same policy can be assigned to multiple ADOMS
B. global ADOM rules are auto installed on managed FGT
A. Same policy can be assigned to multiple ADOMS
What info is recorded in device manager layer for managed device
A. Common ADOM layer db
B. Real-time status of managed device
B. Real-time status of managed device
FMG deployment best practice
- Deploy behind fw
- Open only required ports
- For remote access outside of the network define Virtual IP
What statement about managed FAZ on FMG is true
A. FMG supports FAZ reports
B. FMG has logging rate restriction on managed FAZ
A. FMG supports FAZ reports
Which port used between FMG and FGT for remote config management (IPv4)
A. TCP/541
B. TCP/514
A. TCP/541
Which statement about large mssp using FMG is true
A. Each customer must have dedicated FMG
B. ADOMS can be used by separate customers
B. ADOMS can be used by separate customers