Exam NSE5_FMG-7.2 topic 1 question 29 discussion

A. "Administrator accounts with the Super_user profile, such as the admin account, can manage all ADOMs and the devices within them.", Study Guide 7.4 pag 9 B. You need the ADOM mode to Advanced in order to manage same device VDOM in multiple ADOMs.

The question doesn’t mention the Word “super_user”which A referís

B and C is correct

A and C Tested in a LAB environment, A - Admin A can access VDOM2 and VDOM3 with the super user profile. -- I'm unable to restrict Super_User to a specific ADOM, they have access to all ADOMs regardless. The documentation also states it. C - Advanced mode is required for VDOMs Reference - FMG Study Guide 7.2 - P53 and P55

Isn't this a trick question? A is stating that a super_user account has access to VDOMs, not ADOMs. Whether or not a super user account exists on the VDOMs wouldn't matter here. That would lead me to believe that A is wrong. B is *also* wrong because, again, whether or not the Admin has access to two ADOMs doesn't matter if your trying to share policy packages - you must create these on the Global database. I guess the better answer here is A, unless someone corrects me.

AC are the correct answers

ebin.pub_fortinet-fortimanager-study-guide-for-fortimanager-72 p.64: "Administrators who have the Super_User profile have full access to all ADOMs, whereas administrators with any other profile have access only to those ADOMs to which they are assigned—this can be one or more." p.53: "In Advanced mode, you can assign different VDOMs from the same FortiGate device to different ADOMs." Answer B is wrong because: (p.17) In the global ADOM layer, you create header and footer policy rules. You can assign these policy rules to multiple ADOMs. If multiple ADOM policy packages require the same policies and objects, you can create them in this layer, so that you don’t have to maintain copies in each ADOM. In the ADOM layer, objects and policy packages *in each* (not between) ADOM share a common object database.

A. Wrong. The admin profile assigned to a administrator won't override the ADOMs that the administrator is allowed to access. Admin A has a Super_User profile but doesn't have access on the IT ADOM. B. Correct. C. Correct. On Advanced mode different VDOMs on same FGT can be assigned to different ADOMs. D. Workspace mode prevents multiple administrators to make changes on the same ADOM and doesn't necessarily be enabled for the proposed scenario.