Fortinet NSE5 Forti Manager v7.2

Certification Provider: Fortinet

Exam: FCP: Forti Manager 7.2 Administrator

Exam Code: NSE5 FMG v7.2

Total Question: 72

Question per Quiz: 35

Updated On: 02 April 2025

Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam.

An administrator is in the process of moving the system template profile between ADOMs by running the following command: execute fmprofile import-profile ADOM2 3547 /tmp/myfile Where does the administrator import the file from?

File system

ADOM2 object database

ADOM1

ADOM2

None

If both FortiManager and FortiGate are behind the NAT devices, what are the two expected results? (Choose two.)

If the FCFM tunnel is torn down, FortiManager will try to re-establish the FGFM tunnel.

During discovery, the FortiManager NATed IP address is not set by default on FortiGate.

FortiGate is discovered by FortiManager through the FortiGate NATed IP address.

FortiGate can announce itself to FortiManager only if the FortiManager IP address is configured on FortiGate under central management.

What is the advantage of using FortiManager to manage FortiAnalyzer?

It allows FortiManager to manage all FortiGate devices.

It allows FortiManager to run reports based on FortiAnalyzer.

It allows FortiManager to store all managed FortiGate device logs.

It allows FortiManager to act as a collector and FortiAnalyzer device.

None

View the following exhibit. What is the purpose of setting ADOM Mode to Advanced?

The setting disables concurrent ADOM access and adds ADOM locking

The setting allows automatic updates to the policy package configuration for a managed device

The setting enables the ADOMs feature on FortiManager

This setting allows you to assign different VDOMs from the same FortiGate to different ADOMs.

None

When an installation is performed from FortiManager, what is the recovery logic used between FortiManager and FortiGate for an FGFM tunnel?

After 15 minutes, FortiGate will unset all CLI commands that were part of the installation that caused the tunnel to go down.

FortiGate will reject the CLI commands that will cause the tunnel to go down.

FortiManager will revert and install a previous configuration revision on the managed FortiGate.

FortiManager will not push the CLI commands as a part of the installation that will cause the tunnel to go down.

None

What will happen if FortiAnalyzer features are enabled on FortiManager?

FortiManager will enable ADOMs to collect logs automatically from non-FortiGate devices.

FortiManager can be used only as a logging device.

FortiManager will install the logging configuration to the managed devices.

FortiManager will keep all the logs and reports on the FortiManager.

None

An administrator has configured the command shown in the exhibit on FortiManager. A configuration change has been installed from FortiManager to the managed FortiGate that causes the FGFM tunnel to go down for more than 15 minutes. What is the purpose of this command?

It allows FortiManager to unset the new configuration through CLI and reboot FortiGate.

It allows FortiGate to reboot and recover the previous configuration from its configuration file.

It allows FortiManager to revert and install a previous configuration revision on the managed FortiGate.

It allows FortiGate to reboot and restore a previously working firmware image.

None

Refer to the exhibit. According to the error message, why is FortiManager failing to add the FortiAnalyzer device?

The administrator must select the Forti Manager administrative access checkbox on the Forti Analyzer management interface.

The administrator must turn off the Use Legacy Device login and add the FortiAnalyzer device to the same network as Forti Manager.

The administrator must use the correct user name and password of the FortiAnalyzer device.

The administrator must use the Add Model Device section and discover the Forti Analyzer device.

None

View the following exhibit. Which statement is true regarding this failed installation log?

Policy ID 2 is installed in disabled state

Policy ID 2 is installed without a source device

Policy ID 2 is installed without a source address

Policy ID 2 will not be installed

None

10.

Which two settings must be configured for SD-WAN Central Management? (Choose two.)

You can create multiple SD-WAN interfaces per VDOM

When you configure an SD-WAN, you must specify at least two member interfaces.

The first step in creating an SD-WAN using FortiManager is to create two SD-WAN firewall policies.

SD-WAN must be enabled on per-ADOM basis

11.

Refer to the exhibit. What is the purpose of setting ADOM Mode to Advanced?

This setting allows you to assign a VDOM from a single device to a different ADOM.

This setting enables the ADOMs feature on FortiManager.

This setting allows you to manage FortiGate chassis models.

This setting disables concurrent ADOM access and adds ADOM locking.

None

12.

An administrator would like to create an SD-WAN using central management in the Training ADOM. To create an SD-WAN using central management, which two steps must be completed? (Choose two)

Enable SD-WAN central management in the Training ADOM

Remove all the interface references such as routes or policies that will be a part of SD-WAN member interfaces

Specify a gateway address when you create a default SD-WAN static route

Configure and install the SD-WAN firewall policy and SD-WAN static route before installing the SDWAN template settings

13.

An administrator’s PC crashes before the administrator can submit a workflow session for approval. After the PC is restarted, the administrator notices that the ADOM was locked from the session before the crash. How can the administrator unlock the ADOM?

Delete the previous admin session manually through the Forti Manager GUI or CLI.

Restore the configuration from a previous backup.

None

14.

What are two outcomes of ADOM revisions? (Choose two.)

ADOM revisions can create System Checkpoints for the FortiManager configuration

ADOM revisions can significantly increase the size of the configuration backups.

ADOM revisions can save the current size of the whole ADOM

ADOM revisions can save the current state of all policy packages and objects for an ADOM

15.

In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices. The administrator sent a device registration to FortiManager from a remote FortiGate. Which one of the following statements is true?

By default, the unregistered FortiGate will appear in the root ADOM.

The FortiGate will be added automatically to the default ADOM named FortiGate.

The FortiGate will be automatically added to the Training ADOM.

The FortiManager administrator must add the unregistered device manually to the unregistered device manually to the Training ADOM using the Add Device wizard

None

16.

Refer to the exhibit. An administrator wants to create a policy on the Staging ADOM in backup mode, and install it on the FortiGate device in the same ADOM. How can the administrator perform this task?

The administrator must use the FortiManager script.

The administrator must change the ADOM mode to Advanced to bring the FortiManager online.

The administrator must use the Policy & Objects section to create a policy first.

The administrator must disable the FortiManager offline mode first.

None

17.

An administrator has assigned a global policy package to a new ADOM called ADOM1. What will happen if the administrator tries to create a new policy package in ADOM1?

When creating a new policy package, the administrator can select the option to assign the global policy package to the new policy package.

When a new policy package is created, the administrator must import the global policy package to ADOM1.

When the new policy package is created, FortiManager automatically assigns the global policy package to the new policy package.

When a new policy package is created, the administrator must assign the global policy package from the global ADOM.

None

18.

In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices only. The administrator authorized the FortiGate device on FortiManager using the Fortinet Security Fabric. Given the administrator’s actions, which statement correctly describes the expected result?

The authorized FortiGate will appear in the root ADOM.

The authorized FortiGate will be automatically added to the Training ADOM.

The FortiManager administrator must add the authorized device to the Training ADOM using the Add Device wizard only.

The authorized FortiGate can be added to the Training ADOM using FortiGate Fabric Connectors.

None

19.

Refer to the exhibit. Given the configuration shown in the exhibit, what are two results from this configuration? (Choose two.)

Ungraceful closed sessions will keep the ADOM in a locked state until the administrator session times out.

The same administrator can lock more than one ADOM at the same time.

Unlocking an ADOM will install configuration changes automatically on managed devices.

Unlocking an ADOM will submit configuration changes automatically to the approval administrator.

20.

An administrator wants to delete an address object that is currently referenced in a firewall policy. What can the administrator expect to happen?

FortiManager will replace the deleted address object with the none address object in the referenced firewall policy

FortiManager will replace the deleted address object with all address object in the referenced firewall policy

FortiManager will disable the status of the referenced firewall policy

FortiManager will not allow the administrator to delete a referenced address object

None

21.

An administrator runs the Policy Check feature on Forti Manager ADOM. What will be the result?

It will find and provide recommendations for optimizing policies in a policy package.

It will find and merge duplicate policies in the policy package.

It will find and delete disabled firewall policies in the policy package.

It will find and provide recommendations to combine multiple separate policy packages into one common policy package.

None

22.

Refer to the exhibit. An administrator is importing a new device to FortiManager and has selected the options shown in the exhibit. What will happen if the administrator makes the changes and installs the modified policy package on this managed FortiGate?

The unused objects that are not tied to the firewall policies will remain as read-only locally on FortiGate.

The unused objects that are not tied to the firewall policies will be installed on FortiGate.

The unused objects that are not tied to the firewall policies locally on FortiGate will be deleted.

The unused objects that are not tied to the firewall policies in the policy package will be deleted from the FortiManager database.

None

23.

Which two conditions trigger FortiManager to create a new revision history? (Choose two.)

When FortiManager is auto-updated with configuration changes made directly on a managed device

When configuration revision is reverted to previous revision in the revision history

When FortiManager installs device-level changes to a managed device

When changes to device-level database is made on FortiManager

24.

Which configuration setting for FortiGate is part of a device-level database on FortiManager?

Security profiles

Routing

Firewall policies

VIP and IP Pools

None

25.

Given the configuration shown in the exhibit, which two statements are true?

Forti Manager is in workflow mode.

The Forti Manager ADOM workspace mode is set to Normal.

The FortiManager ADOM is locked by the administrator.

An administrator can also lock the Local-FortiGate-1 policy package.

26.

In the event that the monitored interface for the primary FortiManager device fails, which statement is true about Forti Manager HA?

Reconfigure the primary device to remove the peer IP of the failed device.

Manually promote one of the working secondary devices to the primary role, and reboot the old primary device to remove the peer IP of the failed device

The FortiManager HA failover is transparent to administrators and does not require any reconfiguration.

Reboot the failed device to remove its IP from the primary device.

None

27.

Refer to the exhibit. Which statement is true about the Forti Manager ADOM policy tab based on the API request?

The API command has applied to customer with ID: 200.

The API command has requested the policy tab permissions information only.

The API command has enabled both central NAT and interface policy on the policy tab.

The API command has failed when requesting policy tab permissions information.

None

28.

Which configuration setting for FortiGate is part of an ADOM-level database on FortiManager?

Routing

Security profiles

NSX-T Service Template

SNMP

None

29.

What does a policy package status of Never Installed indicate?

The policy package was never imported after a device was registered on Forti Manager.

The policy configuration has been changed on a managed device and changes have not yet been imported into FortiManager.

FortiManager is unable to determine the policy package status.

The policy configuration has been changed on FortiManager and changes have not yet been installed on the managed device.

None

30.

Which two items are included in the FortiManager backup? (Choose two.)

Firmware images

FortiGuard database

All devices

Flash configuration

Time's up

Follow Us

Fortinet NSE5 Forti Manager v7.2

PCNSE – Palo Alto Certified Network Security Engineer

PCNSC – Paloalto Certified Network Security Consultant

No Comment! Be the first one.

Leave a Reply Cancel reply

Popular

Blockchain Technology

Social

Newsletter

Follow Us

Type and hit Enter to search

Fortinet NSE5 Forti Manager v7.2

Share Article

PCNSE – Palo Alto Certified Network Security Engineer

PCNSC – Paloalto Certified Network Security Consultant

No Comment! Be the first one.

Leave a Reply Cancel reply

Popular

Setup Windows Hello Fingerprint Login

Blockchain Technology

Social

Newsletter