The exhibit displays a firewall address object named LAN configured in FortiManager with "Per-Device Mapping" enabled. This feature allows a single object to have different values on different managed devices. The default value is 10.10.10.5/32, but the mapping table specifies unique values for individual devices. For the device Remote-Firewall [VDOM1], the IP/netmask is explicitly mapped to 21.21.2.5/255.255.255.255. When FortiManager installs the policy package to Remote-Firewall [VDOM1], it will substitute the default object value with this specific mapped value.

B. 172.16.5.20/255.255.255.255 is the mapped value for the Local-FortiGate [root] device, not the Remote-Firewall [VDOM1].

C. 172.16.5.0/255.255.255.0 is an incorrect value that does not appear in the object's configuration or its per-device mappings.

D. 10.10.10.5/255.255.255.255 is the default value for the object, which is overridden by the specific mapping for Remote-Firewall [VDOM1].

1. FortiManager Administration Guide 7.2.3

Chapter: "Policy and Objects"

Section: "Dynamic objects". The guide states

"You can map a dynamic object to a different value for each device... When you install the policy package to a device

the per-device mapping is used for the device." This confirms that the specific mapping for Remote-Firewall will be used.

2. Fortinet Certified Professional - Network Security 7.2 Study Guide - FortiManager

Chapter: "Policy and Objects"

Section: "Dynamic Objects". This section explains that per-device mapping allows an administrator to define a single object that resolves to a unique value on each managed device

which is the exact functionality shown in the exhibit.