Certification Provider: Fortinet Exam: FCP: Forti Manager 7.2 Administrator Exam Code: NSE5 FMG v7.2 Total Question: 72 Question per Quiz: 35 Updated On: 06 April 2024 Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam. 1. Refer to the exhibit. Which two statements about the output are true? (Choose two.) The latest revision history for the managed FortiGate does not match the device-level database. Configuration changes have been installed on FortiGate, which means the FortiGate configuration has been changed. The latest revision history for the managed FortiGate does match the FortiGate running configuration. Configuration changes directly made on FortiGate have been automatically updated to the device-level database. 2. What does a policy package status of Conflict indicate? The policy package configuration has been changed on both FortiManager and the managed device independently. The policy configuration has never been imported after a device was registered on FortiManager. The policy package reports inconsistencies and conflicts during a Policy Consistency Check. 3. Which configuration setting for FortiGate is part of an ADOM-level database on FortiManager? Routing SNMP Security profiles NSX-T Service Template 4. In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices only. The administrator authorized the FortiGate device on FortiManager using the Fortinet Security Fabric. Given the administrator’s actions, which statement correctly describes the expected result? The FortiManager administrator must add the authorized device to the Training ADOM using the Add Device wizard only. The authorized FortiGate will be automatically added to the Training ADOM. The authorized FortiGate can be added to the Training ADOM using FortiGate Fabric Connectors. The authorized FortiGate will appear in the root ADOM. 5. If both FortiManager and FortiGate are behind the NAT devices, what are the two expected results? (Choose two.) During discovery, the FortiManager NATed IP address is not set by default on FortiGate. FortiGate can announce itself to FortiManager only if the FortiManager IP address is configured on FortiGate under central management. If the FCFM tunnel is torn down, FortiManager will try to re-establish the FGFM tunnel. FortiGate is discovered by FortiManager through the FortiGate NATed IP address. 6. An administrator has assigned a global policy package to a new ADOM called ADOM1. What will happen if the administrator tries to create a new policy package in ADOM1? When the new policy package is created, FortiManager automatically assigns the global policy package to the new policy package. When a new policy package is created, the administrator must import the global policy package to ADOM1. When creating a new policy package, the administrator can select the option to assign the global policy package to the new policy package. When a new policy package is created, the administrator must assign the global policy package from the global ADOM. 7. In the event that the monitored interface for the primary FortiManager device fails, which statement is true about Forti Manager HA? Manually promote one of the working secondary devices to the primary role, and reboot the old primary device to remove the peer IP of the failed device Reconfigure the primary device to remove the peer IP of the failed device. Reboot the failed device to remove its IP from the primary device. The FortiManager HA failover is transparent to administrators and does not require any reconfiguration. 8. View the following exhibit. Which statement is true regarding this failed installation log? Policy ID 2 is installed without a source address Policy ID 2 will not be installed Policy ID 2 is installed without a source device Policy ID 2 is installed in disabled state 9. What is the purpose of ADOM revisions? To revert individual policy packages and device-level settings for a managed FortiGate To save the current state of the whole ADOM To save the current state of all policy packages and objects for an ADOM To save the FortiManager configuration in the System Checkpoints 10. Refer to the exhibit. What can you conclude from the failed installation log shown in the exhibit? Policy ID 2 is installed in the disabled state. Policy ID 2 will not be installed. Policy ID 2 is installed without a source address. Policy ID 2 is installed without the remote user student. 11. Refer to the exhibit. What will happen if the script is run using the Remote FortiGate Directly (via CLI) option? (Choose two.) FortiGate will auto-update the FortiManager device-level database. FortiManager provides a preview of CLI commands before executing this script on a managed FortiGate. FortiManager will create a new revision history. You must install these changes using the Install Wizard. 12. How are bulk configuration changes made using FortiManager CLI scripts? (Choose two.) When run on the Device Database, changes are applied directly to the managed FortiGate device. When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history. When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation. 13. Refer to the exhibit. An administrator would like to create three ADOMs on FortiManager with different access levels based on departments. What two conclusions can you draw from the design shown in the exhibit? (Choose two.) The FortiManager policies and objects database can be shared between the Financial and HR ADOMs. Admin A can access VDOM2 and VDOM3 with the super user profile. The administrator must set the FortiManager ADOM mode to Advanced. The administrator must configure FortiManager in workspace mode. 14. An administrator, Trainer, who is assigned the Super_User profile, is trying to approve a workflow session that was submitted by another administrator, Student. However, Trainer is unable to approve the workflow session. What can prevent an admin account that has Super_User rights over the device from approving a workflow session? Trainer must first create their own workflow session to approve student session. Trainer does not have full rights over this ADOM. Trainer is not a part of workflow approval group. Trainer must close Student’s workflow session before approving the request. 15. An administrator enabled workspace mode and now wants to delete an address object that is currently referenced in a firewall policy. Which two results can the administrator expect to happen? (Choose two.) FortiManager will disable the status of the address object. FortiManager will temporarily change the status of the referenced firewall policy. FortiManager will not allow the administrator to delete a referenced address object until the ADOM is locked. FortiManager will replace the deleted address object with the none address object in the referenced firewall policy. 16. In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices. The administrator sent a device registration to FortiManager from a remote FortiGate. Which one of the following statements is true? The FortiGate will be added automatically to the default ADOM named FortiGate. The FortiManager administrator must add the unregistered device manually to the unregistered device manually to the Training ADOM using the Add Device wizard By default, the unregistered FortiGate will appear in the root ADOM. The FortiGate will be automatically added to the Training ADOM. 17. An administrator has enabled Service Access on FortiManager. What is the purpose of Service Access on the FortiManager interface? It allows FortiManager to determine the connection status of managed devices. It allows third-party applications to gain read/write access to FortiManager. It allows administrative access to FortiManager. It allows FortiManager to respond to requests for FortiGuard services from FortiGate devices. 18. Which three settings are the factory default settings on FortiManager? (Choose three.) Reports and Event Monitor panes are enabled FortiAnalyzer features are disabled The Forti Manager setup wizard is disabled. The administrative domain is disabled. port1 interface IP address is 192.168.1.99/24 19. What does a policy package status of Never Installed indicate? FortiManager is unable to determine the policy package status. The policy package was never imported after a device was registered on Forti Manager. The policy configuration has been changed on FortiManager and changes have not yet been installed on the managed device. The policy configuration has been changed on a managed device and changes have not yet been imported into FortiManager. 20. Which two statements about an ADOM set in Normal mode on Forti Manager are true? FortiManager automatically installs the configuration difference in revisions on the managed FortiGate. It allows making configuration changes for managed devices on FortiManager panes. You cannot assign the same ADOM to multiple administrators. It supports the FortiManager script feature. 21. Refer to the exhibit. An administrator wants to create a policy on the Staging ADOM in backup mode, and install it on the FortiGate device in the same ADOM. How can the administrator perform this task? The administrator must disable the FortiManager offline mode first. The administrator must use the FortiManager script. The administrator must change the ADOM mode to Advanced to bring the FortiManager online. The administrator must use the Policy & Objects section to create a policy first. 22. An administrator configures a new OSPF route on FortiManager and has not yet pushed the changes to the managed FortiGate device. In which database will the configuration be saved? ADOM-level database Configuration-level database Device-level database Revision history database 23. Refer to the exhibit. A service provider administrator has assigned a global policy package to a managed customer ADOM named My_ADOM, which has four policy packages. The customer administrator has access only to My_ADOM. How can customer or service provider administrators remove both global header and footer policies from the policy package named Shared_Package? The service provider administrator can unassign both global policies from My_ADOM The customer administrator can unassign both polices by locking My_ADOM The service provider administrator can unassign both policies from the global ADOM The customer administrator can unassign both global polices from My_ADOM 24. Refer to the exhibit. An administrator is importing a new device to FortiManager and has selected the options shown in the exhibit. What will happen if the administrator makes the changes and installs the modified policy package on this managed FortiGate? The unused objects that are not tied to the firewall policies will be installed on FortiGate. The unused objects that are not tied to the firewall policies in the policy package will be deleted from the FortiManager database. The unused objects that are not tied to the firewall policies locally on FortiGate will be deleted. The unused objects that are not tied to the firewall policies will remain as read-only locally on FortiGate. 25. Given the configuration shown in the exhibit, which two statements are true? Forti Manager is in workflow mode. The Forti Manager ADOM workspace mode is set to Normal. An administrator can also lock the Local-FortiGate-1 policy package. The FortiManager ADOM is locked by the administrator. 26. Given the configuration shown in the exhibit, what can you conclude from the installation targets in the Install On column? (Choose two.) Policy seq.# 3 will be skipped because no installation targets are specified. Policy seq.# 2 will not be installed on the Local-FortiGate root VDOM because there is no root VDOM in the Installation Target. Policy seq # 1 will be installed on the Remote-FortiGate root[NAT] and Student[NAT] VDOMs only. Policy 3 will be installed on all FortiGate devices and vdom belongs to the ADOM. Policy seq.# 3 will be installed on all managed devices and VDOMs that are listed under Installation Targets. 27. When an installation is performed from FortiManager, what is the recovery logic used between FortiManager and FortiGate for an FGFM tunnel? FortiGate will reject the CLI commands that will cause the tunnel to go down. FortiManager will not push the CLI commands as a part of the installation that will cause the tunnel to go down. FortiManager will revert and install a previous configuration revision on the managed FortiGate. After 15 minutes, FortiGate will unset all CLI commands that were part of the installation that caused the tunnel to go down. 28. An administrator has assigned a global policy package to custom ADOM1. Then the administrator creates a new policy package, Fortinet, in the custom ADOM1. What will happen to the Fortinet policy package when it is created? You can select the option to assign the global policies. You need to reapply the global policy package to the ADOM. It automatically assigns the global policies. You need to assign the global policy package from the global ADOM. 29. Refer to the exhibit showing a Download Import Report. Why is it failing to import firewall policy ID 1? Policy ID 1 for this managed FortiGate already exists on FortiManager in the policy package named Remote-FortiGate. The address object used in policy ID 1 already exists in the ADOM database with any as the interface association, and conflicts with the address object interface association locally on FortiGate. Policy ID 1 is configured from the interface any to port6. FortiManager rejects the request to import this policy because the any interface does not exist on FortiManager. Policy ID 1 does not have the ADOM Interface mapping configured on FortiManager. 30. Refer to the exhibit. Given the configuration shown in the exhibit, how did Forti Manager handle the service category named General? Forti Manager ignored the firewall service category General and did not update its database with the value. Forti Manager ignored the firewall service category General and updated the FortiGate duplicate value in the FortiGate database. FortiManager ignored the firewall service category General and deleted the duplicate value in its database. FortiManager ignored the firewall service category General but created a new service category in its database. Time's up