Fortinet NSE5 Forti Manager v7.2

Certification Provider: Fortinet

Exam: FCP: Forti Manager 7.2 Administrator

Exam Code: NSE5 FMG v7.2

Total Question: 72

Question per Quiz: 35

Updated On: 06 April 2024

Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam.

An administrator would like to create an SD-WAN using central management in the Training ADOM. To create an SD-WAN using central management, which two steps must be completed? (Choose two)

Specify a gateway address when you create a default SD-WAN static route

Remove all the interface references such as routes or policies that will be a part of SD-WAN member interfaces

Configure and install the SD-WAN firewall policy and SD-WAN static route before installing the SDWAN template settings

Enable SD-WAN central management in the Training ADOM

Refer to the exhibit. You are using the Quick Install option to install configuration changes on the managed FortiGate. Which two statements correctly describe the result? (Choose two.)

It installs all the changes in the device database first and the administrator must reinstall the changes on the FortiGate device.

It installs provisioning template changes on the FortiGate device.

It installs device-level changes on the FortiGate device without launching the Install Wizard.

It provides the option to preview only the policy package changes before installing them.

Refer to the exhibit. An administrator has created a firewall address object, Local, which is used in the Remote-FortiGate policy package. When the installation operation is performed, which IP/Netmask will be installed on Remote-FortiGate, for the Local firewall address object?

192.168.5.0/24

Remote-FortiGate will automatically choose an IP/netmask based on its network interface settings.

It will create the Local and Remote-Local firewall address objects on Remote-FortiGate with 192.168.5.0/24 and 10.0.2.0/24 values.

10.0.2.0/24

None

Which two settings are required for FortiManager Management Extension Applications (MEA)? (Choose two.)

The administrator must have the super user profile.

You must open the ports to the Fortinet registry.

You must create an MEA special policy on Forti Manager using the super user profile.

When you configure MEA, you must open TCP or UDP port 540.

Refer to the exhibit. Which two statements about the output are true? (Choose two.)

The latest revision history for the managed FortiGate does not match the device-level database.

Configuration changes directly made on FortiGate have been automatically updated to the device-level database.

The latest revision history for the managed FortiGate does match the FortiGate running configuration.

Configuration changes have been installed on FortiGate, which means the FortiGate configuration has been changed.

What is the advantage of using FortiManager to manage FortiAnalyzer?

It allows FortiManager to act as a collector and FortiAnalyzer device.

It allows FortiManager to run reports based on FortiAnalyzer.

It allows FortiManager to manage all FortiGate devices.

It allows FortiManager to store all managed FortiGate device logs.

None

An administrator enabled workspace mode and now wants to delete an address object that is currently referenced in a firewall policy. Which two results can the administrator expect to happen? (Choose two.)

FortiManager will disable the status of the address object.

FortiManager will temporarily change the status of the referenced firewall policy.

FortiManager will replace the deleted address object with the none address object in the referenced firewall policy.

FortiManager will not allow the administrator to delete a referenced address object until the ADOM is locked.

When an installation is performed from FortiManager, what is the recovery logic used between FortiManager and FortiGate for an FGFM tunnel?

FortiManager will revert and install a previous configuration revision on the managed FortiGate.

After 15 minutes, FortiGate will unset all CLI commands that were part of the installation that caused the tunnel to go down.

FortiManager will not push the CLI commands as a part of the installation that will cause the tunnel to go down.

FortiGate will reject the CLI commands that will cause the tunnel to go down.

None

Which configuration setting for FortiGate is part of a device-level database on FortiManager?

VIP and IP Pools

Security profiles

Routing

Firewall policies

None

10.

Which two statements about the scheduled backup of FortiManager are true?

It supports FTP, SCP, and SFTP.

It backs up all devices and the FortiGuard database.

t can be configured using the CLI and GUI.

It does not back up firmware images saved on FortiManager.

11.

Refer to the exhibit. Given the configuration shown in the exhibit, how did Forti Manager handle the service category named General?

Forti Manager ignored the firewall service category General and updated the FortiGate duplicate value in the FortiGate database.

FortiManager ignored the firewall service category General and deleted the duplicate value in its database.

Forti Manager ignored the firewall service category General and did not update its database with the value.

FortiManager ignored the firewall service category General but created a new service category in its database.

None

12.

Which two settings must be configured for SD-WAN Central Management? (Choose two.)

You can create multiple SD-WAN interfaces per VDOM

When you configure an SD-WAN, you must specify at least two member interfaces.

The first step in creating an SD-WAN using FortiManager is to create two SD-WAN firewall policies.

SD-WAN must be enabled on per-ADOM basis

13.

Refer to the exhibit. How will FortiManager try to get updates for antivirus and IPS?

From the configured override server IP address 10.0.1.50 only

From the list of configured override servers or public FDN servers

From public FDNI server IP address with the fourth highest octet only

From the default server fds1.fortinet.com

None

14.

View the following exhibit. What is the purpose of setting ADOM Mode to Advanced?

The setting allows automatic updates to the policy package configuration for a managed device

This setting allows you to assign different VDOMs from the same FortiGate to different ADOMs.

The setting enables the ADOMs feature on FortiManager

The setting disables concurrent ADOM access and adds ADOM locking

None

15.

What are two outcomes of ADOM revisions? (Choose two.)

ADOM revisions can save the current size of the whole ADOM

ADOM revisions can create System Checkpoints for the FortiManager configuration

ADOM revisions can significantly increase the size of the configuration backups.

ADOM revisions can save the current state of all policy packages and objects for an ADOM

16.

Refer to the exhibit. What is the purpose of setting ADOM Mode to Advanced?

This setting enables the ADOMs feature on FortiManager.

This setting disables concurrent ADOM access and adds ADOM locking.

This setting allows you to assign a VDOM from a single device to a different ADOM.

This setting allows you to manage FortiGate chassis models.

None

17.

FortiManager will replace the deleted address object with the none address object in the referenced firewall policy.

FortiManager will temporarily change the status of the referenced firewall policy.

FortiManager will disable the status of the address object.

FortiManager will not allow the administrator to delete a referenced address object until the ADOM is locked.

18.

What is the purpose of ADOM revisions?

To save the current state of the whole ADOM

To save the current state of all policy packages and objects for an ADOM

To save the FortiManager configuration in the System Checkpoints

To revert individual policy packages and device-level settings for a managed FortiGate

None

19.

Push updates are failing on a FortiGate device that is located behind a NAT device. Which two settings should the administrator check? (Choose two.)

That the external IP address on the NAT device is set to DHCP and configured with the virtual IP

That the virtual IP address and correct ports are set on the NAT device

That the NAT device IP address and correct ports are configured on FortiManager

That the override server IP address is set on FortiManager and the NAT device

20.

Refer to the exhibit. Given the configuration shown in the exhibit, what are two results from this configuration? (Choose two.)

The same administrator can lock more than one ADOM at the same time.

Ungraceful closed sessions will keep the ADOM in a locked state until the administrator session times out.

Unlocking an ADOM will submit configuration changes automatically to the approval administrator.

Unlocking an ADOM will install configuration changes automatically on managed devices.

21.

Refer to the exhibit. An administrator would like to create three ADOMs on FortiManager with different access levels based on departments. What two conclusions can you draw from the design shown in the exhibit? (Choose two.)

Admin A can access VDOM2 and VDOM3 with the super user profile.

The FortiManager policies and objects database can be shared between the Financial and HR ADOMs.

The administrator must configure FortiManager in workspace mode.

The administrator must set the FortiManager ADOM mode to Advanced.

22.

What will happen if the script is run using the Device Database option? (Choose two.)

You must install these changes using the Install Wizard to a managed device.

The Device Settings Status will be tagged as Modified.

The successful execution of a script on the Device Database will create a new revision history.

The script history will show successful installation of the script on the remote FortiGate.

23.

An administrator, Trainer, who is assigned the Super_User profile, is trying to approve a workflow session that was submitted by another administrator, Student. However, Trainer is unable to approve the workflow session. What can prevent an admin account that has Super_User rights over the device from approving a workflow session?

Trainer must first create their own workflow session to approve student session.

Trainer must close Student’s workflow session before approving the request.

Trainer is not a part of workflow approval group.

Trainer does not have full rights over this ADOM.

None

24.

How are bulk configuration changes made using FortiManager CLI scripts? (Choose two.)

When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.

When run on the Device Database, changes are applied directly to the managed FortiGate device.

When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history.

25.

In the event that the primary FortiManager fails, which of the following actions must be performed to return the FortiManager HA to a working state?

Manually promote one of the secondary devices to the primary role, and reconfigure all other secondary devices to point to the new primary device.

Secondary device with highest priority will automatically be promoted to the primary role, and manually reconfigure all other secondary devices to point to the new primary device.

FortiManager HA state transition is transparent to administrators and does not require any reconfiguration.

Reboot one of the secondary devices to promote it automatically to the primary role, and reconfigure all other secondary devices to point to the new primary device.

None

26.

Refer to the exhibit. Which statement about the object named ALL is true?

FortiManager created the object ALL as a unique entity in its database, which can be only used by this managed FortiGate.

FortiManager installed the object ALL with the updated value.

FortiManager updated the object ALL using the FortiManager value in its database.

FortiManager updated the object ALL using the FortiGate value in its database.

None

27.

An administrator’s PC crashes before the administrator can submit a workflow session for approval. After the PC is restarted, the administrator notices that the ADOM was locked from the session before the crash. How can the administrator unlock the ADOM?

Restore the configuration from a previous backup.

Delete the previous admin session manually through the Forti Manager GUI or CLI.

None

28.

Refer to the exhibit showing a Download Import Report. Why is it failing to import firewall policy ID 1?

The address object used in policy ID 1 already exists in the ADOM database with any as the interface association, and conflicts with the address object interface association locally on FortiGate.

Policy ID 1 does not have the ADOM Interface mapping configured on FortiManager.

Policy ID 1 is configured from the interface any to port6. FortiManager rejects the request to import this policy because the any interface does not exist on FortiManager.

Policy ID 1 for this managed FortiGate already exists on FortiManager in the policy package named Remote-FortiGate.

None

29.

Refer to the exhibit. An administrator wants to create a policy on the Staging ADOM in backup mode, and install it on the FortiGate device in the same ADOM. How can the administrator perform this task?

The administrator must use the Policy & Objects section to create a policy first.

The administrator must change the ADOM mode to Advanced to bring the FortiManager online.

The administrator must disable the FortiManager offline mode first.

The administrator must use the FortiManager script.

None

30.

Refer to the exhibit.

On Forti Manager, an administrator created a new system template named Training with two new DNS addresses. During the installation preview stage, the administrator notices that central-management settings need to be purged.
What can be the main reason for the central-management purge command?

The Remote-FortiGate device does not have any DNS server-list configured in the central-management settings.

The ADOM is locked by another administrator.

The DNS addresses in the default system settings are the same as the Training system template.

The Training system template has a default FortiGuard widget.

None

Time's up

Follow Us

Fortinet NSE5 Forti Manager v7.2

PCNSE – Palo Alto Certified Network Security Engineer

No Comment! Be the first one.

Leave a Reply Cancel reply

Popular

Speed Up Your Windows PC

IP Subnet Cheat sheet

Social

Newsletter

Follow Us

Type and hit Enter to search

Fortinet NSE5 Forti Manager v7.2

Share Article

PCNSE – Palo Alto Certified Network Security Engineer

No Comment! Be the first one.

Leave a Reply Cancel reply

Popular

Speed Up Your Windows PC

IP Subnet Cheat sheet

Social

Newsletter