Certification Provider: FortinetExam: FCP: Forti Manager 7.2 AdministratorExam Code: NSE5 FMG v7.2Total Question: 72Question per Quiz: 35Updated On: 02 April 2025Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam. 1. An administrator with the Super_User profile is unable to log in to FortiManager because of an authentication failure message. Which troubleshooting step should you take to resolve the issue? Make sure Offline Mode is disabled Make sure ADOMs are enabled and the administrator has access to the Global ADOM Make sure FortiManager Access is enabled in the administrator profile Make sure the administrator IP address is part of the trusted hosts. None 2. An administrator’s PC crashes before the administrator can submit a workflow session for approval. After the PC is restarted, the administrator notices that the ADOM was locked from the session before the crash. How can the administrator unlock the ADOM? Log in using the same administrator account to unlock the ADOM. Delete the previous admin session manually through the Forti Manager GUI or CLI. Log in as Super_User in order to unlock the ADOM. Restore the configuration from a previous backup. None 3. An administrator run the reload failure command: diagnose test deploymanager reload config on FortiManager. What does this command do? It installs the provisioning template configuration on the specified FortiGate. It compares and provides differences in configuration on FortiManager with the current running configuration of the specified FortiGate. It downloads the latest configuration from the specified FortiGate and performs a reload operation on the device database. It installs the latest configuration on the specified FortiGate and update the revision history database. None 4. An administrator has enabled Service Access on FortiManager. What is the purpose of Service Access on the FortiManager interface? It allows FortiManager to respond to requests for FortiGuard services from FortiGate devices. It allows administrative access to FortiManager. It allows third-party applications to gain read/write access to FortiManager. It allows FortiManager to determine the connection status of managed devices. None 5. You are moving managed FortiGate devices from one ADOM to a new ADOM. Which statement correctly describes the expected result? The shared device settings will be installed automatically. Any unused objects from a previous ADOM are moved to the new ADOM automatically. Policy packages will be imported into the new ADOM automatically. The shared policy package will not be moved to the new ADOM. None 6. Refer to the exhibit. According to the error message, why is FortiManager failing to add the FortiAnalyzer device? The administrator must use the correct user name and password of the FortiAnalyzer device. The administrator must select the Forti Manager administrative access checkbox on the Forti Analyzer management interface. The administrator must use the Add Model Device section and discover the Forti Analyzer device. The administrator must turn off the Use Legacy Device login and add the FortiAnalyzer device to the same network as Forti Manager. None 7. View the following exhibit. Which statement is true regarding this failed installation log? Policy ID 2 is installed without a source address Policy ID 2 will not be installed Policy ID 2 is installed without a source device Policy ID 2 is installed in disabled state None 8. Refer to the exhibit. An administrator is about to add the FortiGate device to FortiManager using the discovery process. FortiManager is operating behind a NAT device, and the administrator configured the FortiManager NATed IP address under the FortiManager system administration settings. What is the expected result? During discovery, FortiManager sets both the FortiManager NATed IP address and NAT device IP address on FortiGate. During discovery, FortiManager uses only the FortiGate serial number to establish the connection. During discovery, FortiManager sets the NATed device IP address on FortiGate. During discovery, FortiManager sets the FortiManager NATed IP address on FortiGate. None 9. Push updates are failing on a FortiGate device that is located behind a NAT device. Which two settings should the administrator check? (Choose two.) That the NAT device IP address and correct ports are configured on FortiManager That the override server IP address is set on FortiManager and the NAT device That the external IP address on the NAT device is set to DHCP and configured with the virtual IP That the virtual IP address and correct ports are set on the NAT device 10. Refer to the exhibit. A junior administrator is troubleshooting a FortiManager connectivity issue that is occurring with managed FortiGate devices. Given the FortiManager device manager settings shown in the exhibit, what can you conclude from the exhibit? Forti Manager lost internet connectivity, therefore, both devices appear to be down. The administrator can reclaim the FGFM tunnel to get both devices online. The administrator must refresh both devices to restore connectivity. The administrator had restored the Forti Manager configuration file. None 11. View the following exhibit. What is the purpose of setting ADOM Mode to Advanced? This setting allows you to assign different VDOMs from the same FortiGate to different ADOMs. The setting allows automatic updates to the policy package configuration for a managed device The setting disables concurrent ADOM access and adds ADOM locking The setting enables the ADOMs feature on FortiManager None 12. An administrator has assigned a global policy package to custom ADOM1. Then the administrator creates a new policy package, Fortinet, in the custom ADOM1. What will happen to the Fortinet policy package when it is created? It automatically assigns the global policies. You need to reapply the global policy package to the ADOM. You can select the option to assign the global policies. You need to assign the global policy package from the global ADOM. None 13. Refer to the exhibit. What will happen if the script is run using the Remote FortiGate Directly (via CLI) option? (Choose two.) FortiGate will auto-update the FortiManager device-level database. You must install these changes using the Install Wizard. FortiManager provides a preview of CLI commands before executing this script on a managed FortiGate. FortiManager will create a new revision history. 14. Refer to the exhibit. Which statement about the object named ALL is true? FortiManager updated the object ALL using the FortiManager value in its database. FortiManager created the object ALL as a unique entity in its database, which can be only used by this managed FortiGate. FortiManager updated the object ALL using the FortiGate value in its database. FortiManager installed the object ALL with the updated value. None 15. In the event that the primary FortiManager fails, which of the following actions must be performed to return the FortiManager HA to a working state? FortiManager HA state transition is transparent to administrators and does not require any reconfiguration. Reboot one of the secondary devices to promote it automatically to the primary role, and reconfigure all other secondary devices to point to the new primary device. Manually promote one of the secondary devices to the primary role, and reconfigure all other secondary devices to point to the new primary device. Secondary device with highest priority will automatically be promoted to the primary role, and manually reconfigure all other secondary devices to point to the new primary device. None 16. An administrator would like to review, approve or reject all the firewall policy changes made by the junior administrators. How should the workspace mode settings be configured on FortiManager? Set to workspace and using the policy locking feature Set to normal and using the approval group feature Set to read/write and using the policy locking feature Set to workflow and using the ADOM locking feature None 17. Which three settings are the factory default settings on FortiManager? (Choose three.) The administrative domain is disabled. Reports and Event Monitor panes are enabled port1 interface IP address is 192.168.1.99/24 The Forti Manager setup wizard is disabled. FortiAnalyzer features are disabled 18. Given the configuration shown in the exhibit, which two statements are true? The Forti Manager ADOM workspace mode is set to Normal. Forti Manager is in workflow mode. The FortiManager ADOM is locked by the administrator. An administrator can also lock the Local-FortiGate-1 policy package. 19. Which two settings are required for FortiManager Management Extension Applications (MEA)? (Choose two.) When you configure MEA, you must open TCP or UDP port 540. You must create an MEA special policy on Forti Manager using the super user profile. The administrator must have the super user profile. You must open the ports to the Fortinet registry. 20. What will be the result of reverting to a previous revision version in the revision history? It will generate a new version ID and remove all other revision history versions. It will modify the device-level database. It will install configuration changes to managed device automatically. It will tag the device settings status as Auto-Update. None 21. In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices only. The administrator authorized the FortiGate device on FortiManager using the Fortinet Security Fabric. Given the administrator’s actions, which statement correctly describes the expected result? The authorized FortiGate will appear in the root ADOM. The authorized FortiGate will be automatically added to the Training ADOM. The FortiManager administrator must add the authorized device to the Training ADOM using the Add Device wizard only. The authorized FortiGate can be added to the Training ADOM using FortiGate Fabric Connectors. None 22. Refer to the exhibit. An administrator wants to create a policy on the Staging ADOM in backup mode, and install it on the FortiGate device in the same ADOM. How can the administrator perform this task? The administrator must disable the FortiManager offline mode first. The administrator must use the FortiManager script. The administrator must change the ADOM mode to Advanced to bring the FortiManager online. The administrator must use the Policy & Objects section to create a policy first. None 23. Given the configuration shown in the exhibit, what can you conclude from the installation targets in the Install On column? (Choose two.) Policy seq.# 3 will be installed on all managed devices and VDOMs that are listed under Installation Targets. Policy seq # 1 will be installed on the Remote-FortiGate root[NAT] and Student[NAT] VDOMs only. Policy 3 will be installed on all FortiGate devices and vdom belongs to the ADOM. Policy seq.# 2 will not be installed on the Local-FortiGate root VDOM because there is no root VDOM in the Installation Target. Policy seq.# 3 will be skipped because no installation targets are specified. 24. Refer to the exhibit. What can you conclude from the failed installation log shown in the exhibit? Policy ID 2 is installed in the disabled state. Policy ID 2 will not be installed. Policy ID 2 is installed without the remote user student. Policy ID 2 is installed without a source address. None 25. Which two conditions trigger FortiManager to create a new revision history? (Choose two.) When FortiManager is auto-updated with configuration changes made directly on a managed device When FortiManager installs device-level changes to a managed device When configuration revision is reverted to previous revision in the revision history When changes to device-level database is made on FortiManager 26. An administrator enabled workspace mode and now wants to delete an address object that is currently referenced in a firewall policy. Which two results can the administrator expect to happen? (Choose two.) FortiManager will temporarily change the status of the referenced firewall policy. FortiManager will disable the status of the address object. FortiManager will replace the deleted address object with the none address object in the referenced firewall policy. FortiManager will not allow the administrator to delete a referenced address object until the ADOM is locked. 27. Refer to the exhibit. Which two statements about the output are true? (Choose two.) The latest revision history for the managed FortiGate does match the FortiGate running configuration. Configuration changes have been installed on FortiGate, which means the FortiGate configuration has been changed. The latest revision history for the managed FortiGate does not match the device-level database. Configuration changes directly made on FortiGate have been automatically updated to the device-level database. 28. Which configuration setting for FortiGate is part of an ADOM-level database on FortiManager? NSX-T Service Template SNMP Routing Security profiles None 29. Which two settings must be configured for SD-WAN Central Management? (Choose two.) You can create multiple SD-WAN interfaces per VDOM SD-WAN must be enabled on per-ADOM basis The first step in creating an SD-WAN using FortiManager is to create two SD-WAN firewall policies. When you configure an SD-WAN, you must specify at least two member interfaces. 30. What is the advantage of using FortiManager to manage FortiAnalyzer? It allows FortiManager to run reports based on FortiAnalyzer. It allows FortiManager to manage all FortiGate devices. It allows FortiManager to act as a collector and FortiAnalyzer device. It allows FortiManager to store all managed FortiGate device logs. None Time's up
