Fortinet NSE5 Forti Manager v7.2

Certification Provider: Fortinet

Exam: FCP: Forti Manager 7.2 Administrator

Exam Code: NSE5 FMG v7.2

Total Question: 72

Question per Quiz: 35

Updated On: 10 April 2025

Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam.

In the event that the primary FortiManager fails, which of the following actions must be performed to return the FortiManager HA to a working state?

Reboot one of the secondary devices to promote it automatically to the primary role, and reconfigure all other secondary devices to point to the new primary device.

FortiManager HA state transition is transparent to administrators and does not require any reconfiguration.

Manually promote one of the secondary devices to the primary role, and reconfigure all other secondary devices to point to the new primary device.

Secondary device with highest priority will automatically be promoted to the primary role, and manually reconfigure all other secondary devices to point to the new primary device.

None

An administrator would like to review, approve or reject all the firewall policy changes made by the junior administrators. How should the workspace mode settings be configured on FortiManager?

Set to normal and using the approval group feature

Set to workflow and using the ADOM locking feature

Set to read/write and using the policy locking feature

Set to workspace and using the policy locking feature

None

In the event that the monitored interface for the primary FortiManager device fails, which statement is true about Forti Manager HA?

The FortiManager HA failover is transparent to administrators and does not require any reconfiguration.

Manually promote one of the working secondary devices to the primary role, and reboot the old primary device to remove the peer IP of the failed device

Reboot the failed device to remove its IP from the primary device.

Reconfigure the primary device to remove the peer IP of the failed device.

None

An administrator has enabled Service Access on FortiManager. What is the purpose of Service Access on the FortiManager interface?

It allows administrative access to FortiManager.

It allows third-party applications to gain read/write access to FortiManager.

It allows FortiManager to respond to requests for FortiGuard services from FortiGate devices.

It allows FortiManager to determine the connection status of managed devices.

None

An administrator enabled workspace mode and now wants to delete an address object that is currently referenced in a firewall policy. Which two results can the administrator expect to happen? (Choose two.)

FortiManager will not allow the administrator to delete a referenced address object until the ADOM is locked.

FortiManager will replace the deleted address object with the none address object in the referenced firewall policy.

FortiManager will disable the status of the address object.

FortiManager will temporarily change the status of the referenced firewall policy.

Refer to the exhibit. Which statement about the object named ALL is true?

FortiManager created the object ALL as a unique entity in its database, which can be only used by this managed FortiGate.

FortiManager updated the object ALL using the FortiManager value in its database.

FortiManager updated the object ALL using the FortiGate value in its database.

FortiManager installed the object ALL with the updated value.

None

What is the advantage of using FortiManager to manage FortiAnalyzer?

It allows FortiManager to run reports based on FortiAnalyzer.

It allows FortiManager to act as a collector and FortiAnalyzer device.

It allows FortiManager to store all managed FortiGate device logs.

It allows FortiManager to manage all FortiGate devices.

None

Refer to the exhibit.

On Forti Manager, an administrator created a new system template named Training with two new DNS addresses. During the installation preview stage, the administrator notices that central-management settings need to be purged.
What can be the main reason for the central-management purge command?

The DNS addresses in the default system settings are the same as the Training system template.

The Training system template has a default FortiGuard widget.

The ADOM is locked by another administrator.

The Remote-FortiGate device does not have any DNS server-list configured in the central-management settings.

None

Refer to the exhibit. An administrator wants to create a policy on the Staging ADOM in backup mode, and install it on the FortiGate device in the same ADOM. How can the administrator perform this task?

The administrator must disable the FortiManager offline mode first.

The administrator must use the FortiManager script.

The administrator must use the Policy & Objects section to create a policy first.

The administrator must change the ADOM mode to Advanced to bring the FortiManager online.

None

10.

In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices. The administrator sent a device registration to FortiManager from a remote FortiGate. Which one of the following statements is true?

The FortiGate will be added automatically to the default ADOM named FortiGate.

The FortiGate will be automatically added to the Training ADOM.

By default, the unregistered FortiGate will appear in the root ADOM.

The FortiManager administrator must add the unregistered device manually to the unregistered device manually to the Training ADOM using the Add Device wizard

None

11.

What will happen if the script is run using the Device Database option? (Choose two.)

You must install these changes using the Install Wizard to a managed device.

The successful execution of a script on the Device Database will create a new revision history.

The script history will show successful installation of the script on the remote FortiGate.

The Device Settings Status will be tagged as Modified.

12.

Refer to the exhibit. Which statement is true about the Forti Manager ADOM policy tab based on the API request?

The API command has requested the policy tab permissions information only.

The API command has applied to customer with ID: 200.

The API command has failed when requesting policy tab permissions information.

The API command has enabled both central NAT and interface policy on the policy tab.

None

13.

Refer to the exhibit. You are using the Quick Install option to install configuration changes on the managed FortiGate. Which two statements correctly describe the result? (Choose two.)

It installs device-level changes on the FortiGate device without launching the Install Wizard.

It installs all the changes in the device database first and the administrator must reinstall the changes on the FortiGate device.

It provides the option to preview only the policy package changes before installing them.

It installs provisioning template changes on the FortiGate device.

14.

Refer to the exhibit. How will FortiManager try to get updates for antivirus and IPS?

From the list of configured override servers or public FDN servers

From the configured override server IP address 10.0.1.50 only

From the default server fds1.fortinet.com

From public FDNI server IP address with the fourth highest octet only

None

15.

View the following exhibit. What is the purpose of setting ADOM Mode to Advanced?

The setting disables concurrent ADOM access and adds ADOM locking

This setting allows you to assign different VDOMs from the same FortiGate to different ADOMs.

The setting enables the ADOMs feature on FortiManager

The setting allows automatic updates to the policy package configuration for a managed device

None

16.

Refer to the exhibit. Given the configuration shown in the exhibit, what are two results from this configuration? (Choose two.)

Unlocking an ADOM will install configuration changes automatically on managed devices.

The same administrator can lock more than one ADOM at the same time.

Ungraceful closed sessions will keep the ADOM in a locked state until the administrator session times out.

Unlocking an ADOM will submit configuration changes automatically to the approval administrator.

17.

Refer to the exhibit. An administrator has created a firewall address object, Local, which is used in the Remote-FortiGate policy package. When the installation operation is performed, which IP/Netmask will be installed on Remote-FortiGate, for the Local firewall address object?

10.0.2.0/24

Remote-FortiGate will automatically choose an IP/netmask based on its network interface settings.

It will create the Local and Remote-Local firewall address objects on Remote-FortiGate with 192.168.5.0/24 and 10.0.2.0/24 values.

192.168.5.0/24

None

18.

FortiManager will replace the deleted address object with the none address object in the referenced firewall policy.

FortiManager will not allow the administrator to delete a referenced address object until the ADOM is locked.

FortiManager will temporarily change the status of the referenced firewall policy.

FortiManager will disable the status of the address object.

19.

An administrator has configured the command shown in the exhibit on FortiManager. A configuration change has been installed from FortiManager to the managed FortiGate that causes the FGFM tunnel to go down for more than 15 minutes. What is the purpose of this command?

It allows FortiManager to revert and install a previous configuration revision on the managed FortiGate.

It allows FortiGate to reboot and restore a previously working firmware image.

It allows FortiManager to unset the new configuration through CLI and reboot FortiGate.

It allows FortiGate to reboot and recover the previous configuration from its configuration file.

None

20.

Refer to the exhibit. What is the purpose of setting ADOM Mode to Advanced?

This setting enables the ADOMs feature on FortiManager.

This setting allows you to assign a VDOM from a single device to a different ADOM.

This setting allows you to manage FortiGate chassis models.

This setting disables concurrent ADOM access and adds ADOM locking.

None

21.

Refer to the exhibit. An administrator logs in to the FortiManager GUI and sees the panes shown in the exhibit. Which two reasons can explain why the FortiAnalyzer feature panes do not appear? (Choose two.)

The admin session requires approval before administrator can see the FortiAnalyzer feature panes.

The administrator profile does not have full access privileges like the Super_User profile.

FortiAnalyzer features are not enabled on FortiManager.

The administrator workflow is enabled on the ADOM.

22.

What does a policy package status of Conflict indicate?

The policy package configuration has been changed on both FortiManager and the managed device independently.

The policy package reports inconsistencies and conflicts during a Policy Consistency Check.

The policy configuration has never been imported after a device was registered on FortiManager.

None

23.

What will happen if FortiAnalyzer features are enabled on FortiManager?

FortiManager will install the logging configuration to the managed devices.

FortiManager can be used only as a logging device.

FortiManager will keep all the logs and reports on the FortiManager.

FortiManager will enable ADOMs to collect logs automatically from non-FortiGate devices.

None

24.

How are bulk configuration changes made using FortiManager CLI scripts? (Choose two.)

When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history.

When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.

When run on the Device Database, changes are applied directly to the managed FortiGate device.

25.

What are two outcomes of ADOM revisions? (Choose two.)

ADOM revisions can save the current size of the whole ADOM

ADOM revisions can create System Checkpoints for the FortiManager configuration

ADOM revisions can significantly increase the size of the configuration backups.

ADOM revisions can save the current state of all policy packages and objects for an ADOM

26.

In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices only. The administrator authorized the FortiGate device on FortiManager using the Fortinet Security Fabric. Given the administrator’s actions, which statement correctly describes the expected result?

The authorized FortiGate will appear in the root ADOM.

The FortiManager administrator must add the authorized device to the Training ADOM using the Add Device wizard only.

The authorized FortiGate can be added to the Training ADOM using FortiGate Fabric Connectors.

The authorized FortiGate will be automatically added to the Training ADOM.

None

27.

Refer to the exhibit. Which two statements about the output are true? (Choose two.)

The latest revision history for the managed FortiGate does match the FortiGate running configuration.

The latest revision history for the managed FortiGate does not match the device-level database.

Configuration changes have been installed on FortiGate, which means the FortiGate configuration has been changed.

Configuration changes directly made on FortiGate have been automatically updated to the device-level database.

28.

Which two statements about the scheduled backup of FortiManager are true?

It does not back up firmware images saved on FortiManager.

It backs up all devices and the FortiGuard database.

t can be configured using the CLI and GUI.

It supports FTP, SCP, and SFTP.

29.

Which three settings are the factory default settings on FortiManager? (Choose three.)

The administrative domain is disabled.

port1 interface IP address is 192.168.1.99/24

FortiAnalyzer features are disabled

The Forti Manager setup wizard is disabled.

Reports and Event Monitor panes are enabled

30.

Refer to the exhibit. Given the configuration shown in the exhibit, how did Forti Manager handle the service category named General?

FortiManager ignored the firewall service category General and deleted the duplicate value in its database.

Forti Manager ignored the firewall service category General and did not update its database with the value.

Forti Manager ignored the firewall service category General and updated the FortiGate duplicate value in the FortiGate database.

FortiManager ignored the firewall service category General but created a new service category in its database.

None

Time's up

Follow Us

Fortinet NSE5 Forti Manager v7.2

PCNSE – Palo Alto Certified Network Security Engineer

PCNSC – Paloalto Certified Network Security Consultant

No Comment! Be the first one.

Leave a Reply Cancel reply

Popular

Interswitch Connectivity | VLAN Tagging | Trunk Port

Social

Newsletter

Follow Us

Type and hit Enter to search

Fortinet NSE5 Forti Manager v7.2

Share Article

PCNSE – Palo Alto Certified Network Security Engineer

PCNSC – Paloalto Certified Network Security Consultant

No Comment! Be the first one.

Leave a Reply Cancel reply

Popular

Interswitch Connectivity | VLAN Tagging | Trunk Port

Setup Windows Hello Fingerprint Login

Social

Newsletter