Exam NSE7_EFW-7.2 topic 1 question 5 discussion

C is Correct B is not correct because "Workspace mode is available only through CLI mode: Pg. 25 in Enterprise_Firewall_7.2_Study_Guide-Online.pdf

I made a mistake earlier and voted B as that made most sense at the time. After checking in my lab, C is the correct answer. You are indeed presented with only the "return" option on the object on a downstream device when trying to edit a Global fabric object created on the root device.

Security Fabric Configuration: When a FortiGate is part of a Security Fabric, address objects and other configurations can be synchronized across devices. If an address object (e.g., the Finance object) was created on the root FortiGate, it is synchronized downstream, and you cannot modify it on the downstream FortiGate. You can only modify such objects on the root FortiGate. Engineering Address Object: The Engineering address object is editable because it was created locally on the current FortiGate and is not synchronized from the root FortiGate. Why the Other Options Are Incorrect: A. You have read-only access: If this were the case, you wouldn’t be able to modify the Engineering object either. B. Another user is editing the Finance address object in workspace mode: In such a scenario, the interface would indicate that the object is locked due to workspace editing. D. FortiGate is registered on FortiManager: While FortiManager can push configurations, the question and behavior are specific to Security Fabric synchronization, not FortiManager.

Leer pagina 25 del libro FW 7.2

Fgt is joined in the security fabric

Correct answer is C

I created a firewall object on a root fortigate. Then, on a downstream FG the object appeared, but when I tried to edit it the OK button was missing. Only the return button is present. It doesn't happen like that in Workspace mode. So C is the correct option.

When an administrator edits an object in workspace mode, it is locked, preventing other administrators from editing that object. A warning message is shown to let the administrator know that the object is currently being configured in another workspace transaction. Pg. 25 in Enterprise_Firewall_7.2_Study_Guide-Online.pdf

In workspace mode the "OK" button is present, you get an error message as soon as you click on it. When you create a fabric object on a root device, it will synchronize to the downstream devices (if enable) and you will not be able to modify the object on any downstream devices. The "OK" button will NOT be available on downstream devices.

Page 25 Enabling strict header checking disables all hardware acceleration. This includes NP, SP, and CP processing.

Answer B: Answer: D when check-protocol-header is enabled in strict or loose mode all NPs and CPs are disabled.

tested in lab

A bit tricky from the screenshots, as if B was indeed the correct answer, a warning should be shown that the object is being edited by a different user. A doesn't make much sense, as you wouldn't be able to make changes to either of the objects if you were in read-mode. You can edit and configure downstream Fortigates in a Security Fabric at will. There is nothing in the screenshots signifying that this is a downstream device, or the root device. We you can still configure objects on local devices even if they are managed by FortiManager, and as with question A; if you had logged into a Centrally managed device as read-only, you wouldn't be able to edit any of the objects. I believe the answer is B, as that makes most sense, even though it is difficult to tell from the screenshots themselves.

Answer is C. Tested in Lab

Answer is D, i test in my lab with two user, and you always can modify the address but the other user see the warning

The answer is B page 25

The answer is B