LABJOAO-NSE5

A FortiManager administrator has moved a FortiGate device to a new ADOM, but they cannot see the policy or object configurations for that FortiGate. What should the administrator do to see the policy or object configurations?. Reset the device and add it to the new ADOM again. Use ADOM shared objects to restore all missing data. Import the policy package manually using the Import Configuration wizard. Use ADOM sync to restore the missing configurations.

Refer to the exhibit. Which IP/netmask will be present in the LAN firewall address object on the Remote-Firewall?. 192.168.1.0/255.255.255.0. 10.0.0.0/255.255.255.0. 172.16.0.0/255.255.255.0. 172.16.10.0/255.255.255.0.

Refer to the exhibit. What can you conclude, based on the configuration shown in the exhibit?. Policy sequence #1 will be installed on the internal segmentation firewall (ISFW) device root [NAT] and Trainer [NAT] VDOMs. Policy sequence #3 must have devices or VDOMs listed in the Install On column; otherwise, it will cause errors. The administrator needs to retrieve the Local-FortiGate configuration to sync with the Security Fabric group, Training. The global policy package will be added to the top of the ISFW policy package.

Refe to the exhibit. An administrator added BR1-FGT-1 to FortiManager and started importing the policy package. During the process, they saw that they need to choose values from FortiGate or FortiManager. Which conclusion is most clearly supported by the exhibits?. FortiManager has a different FortiGuard database compared to FortiGate BR1-FGT-1 for the QUIC protocol. The administrator must match the FortiOS firmware version with the FortiManager ADOM firmware version to resolve the conflict status. The default Firewall Profile-Protocol-Options object is the only profile that does not significantly affect any configuration changes on either FortiManager or FortiGate. BR1-FGT-1 does not support the SSL/SSH profile with HTTPS on port 443.

An administrator receives the import report after importing policies into the policy package layer. Based on the import report, how did FortiManager handle the profile-protocol-options object named default?. FortiManager deleted the duplicate value from its database. FortiManager created a new service category in its database. FortiManager did not update its database with the value. FortiManager updated the duplicate value in the FortiGate database.

After correcting a policy package configuration issue, you want to prevent administrators from repeating the mistake that caused the issue. Which FortiManager approach best meets this need?. Enable a workflow requiring approval before installing policy packages on any FortiGate. Enable the change note to require administrators to add a note whenever they change object configurations. Configure an TCL script to run locally on FortiManager for each FortiGate. Restrict administrators with an administration profile from viewing the revision history to limit who can make changes.

Which two conditions trigger FortiManager to create a new revision history? (Choose two.). When a provisioning template is assigned to a managed device on the device-level database. When FortiManager is auto-updated with configuration changes made directly on a managed device. When FortiManager installs device-level changes on a managed device. When changes to the device-level database are made on FortiManager.

Refer to the exhibit. What percentage of the available RAM is being used by the process in charge of downloading the web and email filter databases from the public FortiGuard servers?. 3.1. 4.1. 1.5. 2.9.

What are two outcomes of ADOM revisions? (Choose two.). ADOM revisions can save the current state of all policy packages and objects for an ADOM. ADOM revisions appear in the Install Policy & Package Settings section of the install wizard. ADOM revisions can save the current state of the entire ADOM. ADOM revisions do not increase the size of configuration backups.

Refer to the exhibit. An administrator admin used the Configuration Revision History window to revert the FortiGate device configuration to revision ID 6. After running the reinstall policy package, the administrator noticed problems with the firewall policy- they could not see the unset comment on policy ID 1. Why did FortiManager not remove the comment from policy ID 1 when the administrator ran reinstall policy package?. Because the administrator must import the firewall policies to update the firewall policy package. Because the administrator used the Revision Diff view, which shows what changed, not what will be installed. Because the administrator student must install the configuration changes to correctly see the expected results. Because every time the administrator uses the revert config file, they must use the Install Wizard instead of running the reinstall policy package.

Refer to the exhibit. An administrator must add a FortiGate device to FortiManager using the discovery process . FortiManager is operating behind a network address translation (NAT) device, and the administrator configured the FortiManager NATed IP address under the FortiManager system administration settings. What is the expected result during discovery?. FortiManager sets both the 100.65.0.120 IP address and 10.0.13.120 IP address on FortiGate. FortiManager sets the 100.65.0.120 IP address on FortiGate. FortiManager sets both the 100.65.0.120 IP address and 100.65.0.101 IP address on FortiGate. FortiManager sets the 100.65.0.101 IP address on FortiGate.

Refer to the exhibit. An administrator has been asked to install the same policies from a central policy package onto the BR1-FGT-1 firewall. The administrator added BR1-FGT-1 as a target in the central policy package installation. What should the administrator do when reinstalling the central policy package on the BR1-FGT-1 firewall?. Assign only one policy package to the firewall because FortiManager does not allow more than one policy package assigned per device at the same time. First resolve the modified status in the configuration and provisioning templates to allow a smooth installation. Import the policy package to change the unknown status and synchronize the policy package. Use the install wizard to install the central policy package on the BR1-FGT-1 firewall.

A FortiManager administrator opens the revision history and choose to revert to a previous version.What will this action do to the current device configuration?. It will revert both configurations: device-level database and policy layer database. It will modify the device-level database. It will trigger an unknown device-level database status, and the administrator will have to import a policy package to sync. It will trigger a conflict status if it is using any provisioning template, and the administrator will have to install changes.

Refer to the exhibit. An administrator added a FortiGate device to FortiManager with the default object settings at the ADOM layer. What can you conclude from the import policy package process of the HQ-NGFW- 1 device?. A FortiManager will create LAN, port4, and port6 as normalized interfaces at the ADOM layer. B The administrator must select Per Platform for all interfaces to correctly detect all interfaces from HQ-NGFW-1. C FortiGate may not work as expected when the administrator does not import all objects. D The administrator must manually create the port4 interface on the ADOM layer to avoid import policy errors.

Refer to the exhibit. D The administrator must manually create the port4 interface on the ADOM layer to avoid import policy errors. Policy ID 2 is installed without the remote user student. Policy ID 2 is installed without a source address. Policy ID 2 will not be installed. Policy ID 2 is installed in the disabled state.

Refer to the exhibit. Which two results occur if you run the script using the Device Database option? (Choose two.). The script history shows the successful installation of the script on the remote FortiGate. The administrator must install these changes on a managed device using the Install Wizard. The successful execution of a script on the Device Database creates a new revision history. The device Config Status is tagged as Modified.

What is the purpose of ADOM revisions?. ADOM revisions compare previous snapshots of the Policy Package and ADOM-level objects with the device-level database. ADOM revisions find unused, duplicate, and unnecessary firewall policies and objects. ADOM revisions save the current state of all policy packages and objects for an ADOM. ADOM revisions show specific changes in a policy package when it is installed.

An administrator assigned the Training global policy package to the Branches policy package in ADOM1. Later, the administrator created a new policy package named Remotes on ADOM1. What should the administrator do to sync the Training global policy package with the Remotes policy package in ADOM1?. Use the automatically install policies to ADOM devices method to sync from the Training global policy package to the Remotes policy package. Manually add and assign the Remotes policy package to the Training global policy package. Unassign the Training policy package and reassign it to all policy packages within ADOM1. Assign the Training global policy package to the Remotes policy package.

19. A service provider administrator has assigned a global policy package to a managed customer ADOM named My_ADOM. The customer administrator has access only to My_ADOM. How can the customer administrator edit the global header policy of the global policy package?. The customer administrator can edit the header policy by using workspace mode on the global ADOM. The customer administrator cannot edit the global header policy; only the service provider administrator can make changes from the global ADOM. The customer administrator can edit the header policy by using workflow mode on the global ADOM and My_ADOM. The service provider administrator can unlock the global policy from the global ADOM to authorize changes to the customer administrator.

An administrator must create a policy and install it on a FortiGate device within an ADOM in backup mode. How can the administrator perform this task?. Make sure the ADOM and FortiGate firmware versions match and use the ADOM policy package. Use a FortiManager script to apply the configuration changes. Enable workflow mode to allow policy creation and approval. Use the Install Wizard located on the device manager.

Refer to the exhibit. Which two statements about the output are true? (Choose two.). Configuration changes have been installed on FortiGate, updating policy and device-level database. The latest revision history for the managed FortiGate does match the FortiManager policy database. The system template default will override device-level database configurations. The latest revision history for the managed FortiGate does not match the device-level database.

Refer to the exhibit. How does FortiManager get antivirus and IPS updates?. It connects to the public FortiGuard servers listed in the configuration. It connects to all servers marked as FortiGuard Distribution Network through Internet (FDNI) sources. It uses all URLs in the list that contain the fds host name. It gets updates from the server with IP address 10.0.1.50.

23. An administrator created a new global policy package that includes both header policies and footer policies. What two things must the administrator know before deploying the global policy package to ADOM2? (Choose two.). They can promote ADOM2 objects to global objects. They can assign the global policy package to all or selected policy packaged within ADOM2. They can synchronize policy packages by importing from the ADOM2 policy package into the global ADOM policy package. They must install from the ADOM2 layer to FortiGate when using the Automatically install policies to ADOM devices option.

An administrator is copying a system template profile between ADOMs by running the following command: execute fmprofile export-profile ADOM 3547 /tmp/Backup_File output dump to file: [/tmp/Backup_File] Where does this command export the system template profile from?. ADOM device database. FortiManager ADOM policy database. FortiManager /tmp/Backup_File folder. FortiManager configuration backup file.

Refer to the exhibit. An administrator runs the reload failure command diagnose test deploymanager reloadconf 262 on FortiManager. Why does the administrator receive an error message?. FortiManager requires the FortiGate serial number instead of the ID number. FortiManager does not support FortiOS version 7.0. The administrator just recently added FortiGate HQ-NGFW as a model device. The administrator must use the FortiGate name instead of the ID number.

Push updates are failing on a FortiGate device located behind a network address translation (NAT) device? Which two settings should the administrator check to correct this problem? (Choose two.). Make sure FortiGuard updates and web service are enabled on the FortiGuard service interface. Make sure the virtual IP address and the correct ports are configured on the NAT device. Make sure the Bind to IP address option on the FortiGuard service interface is set to the virtual IP address from the NAT device. Make sure the NAT device IP address and the correct ports are configured on FortiManager.

Refer to the exhibit. What can you conclude from the downloaded import report?. FortiManager will change the configuration of REMOTE_SUBNET to match the interface mapping coming in from Remote-FortiGate. FortiManager does not support per-device mapping for firewall addresses. The administrator will see a new policy package named Remote-FortiGate_root in the FortiManager ADOM database. As a result of this policy import process, FortiManager will create a new firewall address called REMOTE_SUBNET in the ADOM database.

What are two expected results when both FortiManager and FortiGate are behind network address translation (NAT) devices? (Choose two.). FortiGate can announce itself to FortiManager only if the FortiManager non-NATed IP address is configured on FortiGate under central management. FortiGate is discovered by FortiManager through the FortiGate NATed IP address. During discovery, the FortiManager NATed IP address is not set by default on FortiGate. If the FortiGate-FortiManager communication protocol (FGFM) tunnel is torn down, FortiManager will try to reestablish the FGFM tunnel.

Which FortiGate configuration settings is part of an ADOM-level database on FortiManager?. NSX-T service template. Routing. SNMP. Security template.

Refer to the exhibit. FortiGate HQ-NGFW-1 downloads and validates FortiGuard databases from FortiManager which acts as a local FortiGuard Distribution Server (FDS) in a closed network. An administrator pushes a new firewall policy with an intrusion prevention system (IPS) profile from FortiManager to FortiGate HQ-NGFW-1 However, FortiGate does not recognize the new IPS signature from FortiManager. What is the most likely reason why FortiGate HQ-NGFW-1 does not recognize the new IPS signature?. The administrator must enable the fortiguard-anycast option to correctly download all signatures from the local FDS. FortiGate must enable rating for the FortiManager IP address, 192.168.1.120, in server list 1. FortiManager and FortiGate have different IPS database versions. The administrator must enable IPv6 connections for FortiGuard services on FortiManager.

An administrator notices that CLI scripts are failing on some FortiGate devices because they use different FortiOS versions. Which two actions should the administrator take to fix the failing CLI scripts? (Choose two.). Modify the CLI scripts to include conditional commands based on FortiOS version. Disable CLI scripts for devices using older firmware. Create version-specific CLI script groups and assign them to the appropriate devices. Create separate ADOMs for each FortiOS version.

Refer to the exhibit. What are two results from the configuration shown in the exhibit? (Choose two.). Multiple administrators can lock and work on separate AOMs at the same time. The same administrator can lock more than one ADOM at the same time. All changes must be approved before they can be installed on a device. Concurrent read-write access to an ADOM is disabled.

If one of the secondary FortiManager devices fails, which action must be performed to return the FortiManager HA manual mode to a working state?. Run a sanity check on the failed device to make sure HA heartbeat packets are using TCP port 5199. Remove the peer IP of the failed device on the primary device. The FortiManager high availability (HA) state transition is transparent to administrators and does not require any reconfiguration. Manually promote one of the working secondary devices to the primary role.

Company policy dictates that any time a change is made to a policy package on FortiManager an ADOM revision is created before the change installed, and that revision is held for a minimum of 90 days. Over the past three months, each installed change has resulted in several unused policies and duplicate objects. The FortiManager administrator plans to upgrade the FortiGate devices and then upgrade the FortiManager ADOM from version 7.4 to 7.6. Which action can the administrator take to avoid slow ADOM upgrades?. Check and repair the global configuration database before upgrading. Limit ADOM revisions before upgrading. Export firewall policies to Excel, delete them on the ADOM, then reimport them after upgrading the ADOM. Find unused firmware templates, then delete them before upgrading.

An administrator created a new ADOM named Training for FortiGate devices only. Then, the administrator added the root FortiGate device of a Security Fabric group to the Training ADOM. Which statement correctly describes the expected result for the downstream devices in the Security Fabric, given the actions taken by the administrator?. The downstream devices will appear in the Managed FortiGate section of the root ADOM. The downstream devices show as unauthorized in the root ADOM. The downstream devices are automatically authorized. The downstream devices must be added using the Add Device wizard.

While attempting to push a NetFlow configuration script through the FortiManager policy package: an administrator encounters an error stating that an object is unrecognized in line 4.What must the administrator do to successfully apply the NetFlow configuration script and avoid the object unrecognized error?. Create a normalized interface on the policy layer before running the script. Run the script on the device database. Make sure the user running the script has full access to the VDOM-AGEUSR. Use metadata variables if they use VDOMs in the script.

What allows FortiManager to run CLI scripts on FortiGate devices without prompting for SSH authentication each time?. The secure management tunnel between FortiManager and FortiGate devices. The script using the Remote FortiGate Directly (via CLI) option. The script on the FortiManager device database. FortiGate devices using the legacy login method.

Refer to the exhibit. An administrator assigned a new policy package to FortiGate HQ-NGFW-1. In the installation preview, they noticed some settings they did not modify and are unsure about the changes.Based on the exhibit, which two things will happen if they continue with the installation? (Choose two.). FortiGate HQ-NGFW-1 can use FortiManager firmware templates to upgrade firmware and ratings. FortiGate HQ-NGFW-1 will use the root_CA3 certificate in firewall address objects or policies. FortiManager will install the CA certificate named root_CA3 to authenticate FortiGate-to-FortiManager communication protocol (FGFM) tunnel connections with FortiGate HQ-NGFW-1. FortiGate HQ-NGFW-1 can contact the FortiManager acting as FortiGuard Distribution Server (FDS) to download FortiGuard updates.

An administrator upgrades FortiManager with workspace mode (per ADOM) enabled to the latest version but notices that the ADOM versions did not change. Why were the ADOMs not upgraded?. A user had all ADOMs locked before the upgrade, which stopped them from being upgraded. The administrator did not run the database integrity check before performing the upgrade. FortiManager does not automatically upgrade ADOMs after a firmware upgrade. A FortiManager process task is stuck and blocking the ADOM upgrade, so the administrator must fix it.

Refer to the exhibit. Which two statements about the configuration shown in the exhibit are true? (Choose two.). The FortiManager is in workflow mode. The FortiManager ADOM workspace mode is set to normal. An administrator can lock the Local-FortiGate_root policy package. The administrator created a snapshot of the Remote-FortiGate policy package.

41. The administrator uses FortiManager to push a CLI script using the Remote FortiGate Directly (via CLI) option to configure an IPsec VPN. However, when running the script, the administrator receives the following error: config vpn ipsec phase2-interface [parameter(s) invalid. detail: object mismatch] What must the administrator do to resolve the script error and successfully apply the IPsec configuration?. Run the script using the policy package or ADOM database method. Add a second config vpn ipsec phase2-interface block without linking it to phase1. Add the end command after finishing the IPsec phase 1-interface configuration block. Use IPsec templates to deploy provisioning templates.

Which is recommended when you are managing a high volume of logs in your network?. Enable advanced ADOM mode on FortiManager. Store logs on FortiManager and use FortiView. Forward logs from FortiAnalyzer to FortiManager daily. Add and manage FortiAnalyzer from FortiManager.

Refer to the exhibit. Which two actions will occur if you run the script using the Remote FortiGate Directly (via CLI) option? (Choose two.). You will have to install these changes using the Install Wizard. FortiManager will provide a preview of CLI commands before executing this script on a managed FortiGate. FortiManager will create a new revision history. FortiGate will auto-updated the FortiManager device-level database.

Refer to the exhibit. An administrator ran the Install Wizard and selected to install both the policy package and device settings. Why can the administrator not install the policy package on HQ-NGFW-1?. The administrator must use the admin user to install the policy package. The administrator must remove the policy block assigned to HQ-NFFW-1. The administrator must change the Install on column from Installation Targets to HQ-NGFW-1. The administrator must replace the interface Port6 with port6.

Which output is displayed right after Moving the ISFW device from one ADOM to another?. 1. 2. 3. 4.

An administrator needs to push a FortiToken Mobile to assign it to HR_user in the HQ-NGFW-1. However, when installing the policy package, they receive the following error message: Copy device global objects Vdom copy failed: error -999 - Copy objects for vdom root "firewall policy", "1", id=5532, COMMIT FAIL - invalid value - prop[user fortitoken]: Mobile FortiToken FTKMOB4A9AC5C56D used by user local HR_user could not be found at device "user local", "FTKMOB4A9AC5C56D", id=5586, COMMIT FAIL - invalid value - prop[user fortitoken]: Mobile FortiToken FTKMOB4A9AC5C56D used by user local HR_user could not be found at device Why is the administrator not able to install the FortiToken on the HQ-NGFW-1 firewall?. The administrator must use a valid FortiToken that exists on HQ-NGFW-1. The administrator must use per-device mapping to assign the FortiToken to HQ-NGFW-1. The administrator must use a metadata variable to assign the same FortiToken to multiple users in FortiManager. The administrator must use a user local meta field to assign FortiToken.

Refer to the exhibit. Which statement about the environment shown in the exhibit is true?. No FortiGuard packages have been synchronized between the cluster member. You must restart the secondary device if you promote it to primary. FortiAnalyzer features are not enabled on this FortiManager device. A failover will take place after five minutes without receiving heartbeat packets.

An administrator has a FortiGate-HQ device with VDOMs-root, HR and Facilities, currently managed under the FortiManager ADOM-Site1. They try to move VDOM HR to the FortiManager ADOM-Site2, but it does not work Why is the administrator not able to move FortiGate-HQ VDOM HR to FortiManager ADOM-Site2?. The FortiGate-HQ must be managed under the FortiManager ADOM-root to allow moving its VDOMs to different ADOMs. The administrator must delete the FortiGate-HQ device from FortiManager and add it again using the Add Device wizard before moving the VDOM. The administrator must have full access in the device layer of FortiGate-HQ VDOM-root before they can VDOMs to different ADOMs. FortiManager must be in ADOM normal mode, which does not allow VDOMs to be managed separately.

Refer to the exhibit. An administrator must replace the source LAN interface in policy ID 2 on their FortiGateRugged-70F. However, when they try to install the policy package, they receive the error shown in the exhibit. What should the administrator do to resolve the error?. Create a perOdevice mapping for the LAN interface. Use a metadata variable to dynamically assign an interface when this error occurs. Replace LAN with lan1, which is supported by FortiGateRugged-70F models. Use the API to assign a system template interface forFortiGateRugged-70F model.

Refer to the exhibit. An administrator has assigned the default system template to install all devices with the FortiAnalyzer IP address 10.0.13.12. However, not all FortiGate devices can reach FortiAnalyzer using the default interface. Some devices may use the LAN interface, while others may use the WAN interface. How can the administrator change the source interface for FortiGate devices using the default system template?. Configure a metadata variable at the ADOM level and use it in the template. Create a meta field on FortiManager system settings of type Device and use it in the template. Create a different system template for each FortiGate, if the configuration is different. Use per-device dynamic object configurations at the ADOM level and apply them in the template.

Refer to the exhibit. An administrator has created a firewall address object that is used in multiple policy packages for multiple FortiGate devices in an ADOM. After the installation operation is performed, which IP/netmask will be installed on Remote-Firewall [VDOM1] for the LAN firewall address object?. 172.16.5.20/255.255.255.255. 10.10.10.5/255.255.255.255. 172.16.5.0/255.255.255.0. 21.21.2.5/255.255.255.255.

An administrator wants to configure and manage multiple objects in the FortiManager database and give access to other users who work in the same database. To stay in control of the changes made to firewall policies by other team members, the administrator needs a setup where all modifications go through a central check before they can be installed. How can the administrator create this setup?. Enable the prompt asking the administrator to accept firewall policies changes before saving. Enable the workspace (for all ADOMs) to control all changes made by any administrator. Enable workflow mode and the ADOM lock feature. Enable device lock and the advanced mode feature in the ADOM.

Refer to the exhibit. If the monitored interface for the primary FortiManager device fails, what must you do to maintain high availability (HA)?. Manually promote one of the working secondary devices to the primary role: and reboot the original primary device to remove the peer IP address of the failed device. Check the integrity database of the primary device to force a secondary device to become the new primary with all active interfaces. The FortiManager HA failover is transparent to administrators and does not require any additional action. Reconfigure the primary device to remove the peer IP address of the failed device from its configuration.

An administrator has assigned a globa policy package to a new ADOM named ADOM1. What will happen if the administrator tries to creat a new policy package in ADOM1?. FortiManager will automatically assign the global policy package to the new policy package. The administrator will have to assign the global policy package from the global ADOM. FortiManager will automatically install policies on the policy package in ADOM1. The administrator will be able to select the option to assign the global policy package to the new policy package.

An administrator sess thar the policy package status of HQ-NGFW-1 is Never Installed. What can you conclude from this status?. The policies have not yet been retrieved from the HQ-NGFW-1 device-level database of FortiManager. The policy package was never imported to the revision history after HQ-NGFW-1 was registered on FortiManager. The firewall policies exist only in the HQ-NGFW-1 device-level database, and no policy package has been assigned to the firewall. The firewall policies were created or changed in the ADOM, and they need to be installed on the managed HQ-NGFW-1 for the first time.

Refer to the exhibit. An administrator created two new meta Fields in FortiManager. Which operation can you perform with these parameters?. You can add them to objects as custom attributes. You can use them as variables in scripts. You can invoke them using the $ character. You can export them to be used in other ADOMs.

Refer to the exhibit. What are two results from the configuration shown in the exhibit? (Choose two.). Ungraceful closed sessions will keep the ADOM in a locked state until the administrator session times out. The administrator can lock policy blocks and FortiManager global ADOM. The same administrator can lock more than one ADOM at the same time. The administrator must have access to the ADOM to approve changes.

An administrator configures a new BGP peer in the FortiManager device-level database of FortiGate. They reinstall the policy package to the managed FortiGate device without any errors. However, when the administrator logs in to FortiGate, they do not see the BGP configuration changes. What is the most likely reason why FortiManager did not push the BGP peer changes to FortiGate?. The administrator must run a sanity check on FortiManager to make sure the database is not corrupted. The FortiGate firmware version is different from the FortiManager ADOM version. The administrator must use the Install Wizard and select Install device settings only to push BGP settings. Fortigate has a BGP template assigned on the FortiManager database.

Which two statements about the integrity of databases on FortiManager are correct? (Choose two.). You should fix all database integrity issues before performing a script. The diagnose dvm check-integrity command attempts to fix a corrupted file system. The diagnose cdb check adom-integrity command can correct issues related to locked devices. Not following the correct upgrade path may cause inconsistencies in the databases. Scheduled backups run database integrity commands automatically.

Refer to the exhibit. An administrator needed to recover all the configurations related to the user, Support. The configurations were saved in configuration revision ID 9. The administrator reverted the configuration using the Configuration Revision History window and received the CLI output shown in the exhibit. What can you conclude from the CLI output?. The administrator installed only the device-level configuration. The administrator set the flag to 0 to prevent configuration overrides. The administrator reinstalled the policy package. The administrator needs to retrieve the device to correctly detect the FortiGate firmware version.

You want to let multiple administrators work in the same ADOM without creating configuration conflicts. What is the best and the most effective solution to apply?. Activate workspace mode in the ADOM settings. Configure RADIUS authentication to assign ADOM roles to each user. Enable workflow mode, which is the only way to prevent concurrent configuration conflicts. Assign administrators with JSON API access to the FortiManager.

What is the best explanation of how FortiManager helps with mass provisioning?. It uses templates to configure the same settings on many devices simultaneously. It provides local FortiGuard Distribution Server (FDS) services to the network. It upgrades the OS of each FortiGate device. It sends email alerts when new devices connect.