Certification Provider: FortinetExam: FCP: Forti Manager 7.2 AdministratorExam Code: NSE5 FMG v7.2Total Question: 72Question per Quiz: 35Updated On: 06 April 2024Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam. 1. Refer to the exhibit.On Forti Manager, an administrator created a new system template named Training with two new DNS addresses. During the installation preview stage, the administrator notices that central-management settings need to be purged.What can be the main reason for the central-management purge command? The Training system template has a default FortiGuard widget. The Remote-FortiGate device does not have any DNS server-list configured in the central-management settings. The ADOM is locked by another administrator. The DNS addresses in the default system settings are the same as the Training system template. None 2. Refer to the exhibit. A service provider administrator has assigned a global policy package to a managed customer ADOM named My_ADOM, which has four policy packages. The customer administrator has access only to My_ADOM. How can customer or service provider administrators remove both global header and footer policies from the policy package named Shared_Package? The service provider administrator can unassign both global policies from My_ADOM The customer administrator can unassign both polices by locking My_ADOM The customer administrator can unassign both global polices from My_ADOM The service provider administrator can unassign both policies from the global ADOM None 3. What does a policy package status of Never Installed indicate? The policy package was never imported after a device was registered on Forti Manager. FortiManager is unable to determine the policy package status. The policy configuration has been changed on a managed device and changes have not yet been imported into FortiManager. The policy configuration has been changed on FortiManager and changes have not yet been installed on the managed device. None 4. Push updates are failing on a FortiGate device that is located behind a NAT device. Which two settings should the administrator check? (Choose two.) That the override server IP address is set on FortiManager and the NAT device That the NAT device IP address and correct ports are configured on FortiManager That the external IP address on the NAT device is set to DHCP and configured with the virtual IP That the virtual IP address and correct ports are set on the NAT device 5. Which two settings are required for FortiManager Management Extension Applications (MEA)? (Choose two.) You must open the ports to the Fortinet registry. You must create an MEA special policy on Forti Manager using the super user profile. The administrator must have the super user profile. When you configure MEA, you must open TCP or UDP port 540. 6. An administrator enabled workspace mode and now wants to delete an address object that is currently referenced in a firewall policy. Which two results can the administrator expect to happen? (Choose two.) FortiManager will disable the status of the address object. FortiManager will replace the deleted address object with the none address object in the referenced firewall policy. FortiManager will temporarily change the status of the referenced firewall policy. FortiManager will not allow the administrator to delete a referenced address object until the ADOM is locked. 7. Refer to the exhibit. Which two statements about the output are true? (Choose two.) Configuration changes have been installed on FortiGate, which means the FortiGate configuration has been changed. Configuration changes directly made on FortiGate have been automatically updated to the device-level database. The latest revision history for the managed FortiGate does match the FortiGate running configuration. The latest revision history for the managed FortiGate does not match the device-level database. 8. In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices only. The administrator authorized the FortiGate device on FortiManager using the Fortinet Security Fabric. Given the administrator’s actions, which statement correctly describes the expected result? The authorized FortiGate will appear in the root ADOM. The FortiManager administrator must add the authorized device to the Training ADOM using the Add Device wizard only. The authorized FortiGate will be automatically added to the Training ADOM. The authorized FortiGate can be added to the Training ADOM using FortiGate Fabric Connectors. None 9. Refer to the exhibit showing a Download Import Report. Why is it failing to import firewall policy ID 1? The address object used in policy ID 1 already exists in the ADOM database with any as the interface association, and conflicts with the address object interface association locally on FortiGate. Policy ID 1 for this managed FortiGate already exists on FortiManager in the policy package named Remote-FortiGate. Policy ID 1 does not have the ADOM Interface mapping configured on FortiManager. Policy ID 1 is configured from the interface any to port6. FortiManager rejects the request to import this policy because the any interface does not exist on FortiManager. None 10. What is the purpose of ADOM revisions? To revert individual policy packages and device-level settings for a managed FortiGate To save the current state of all policy packages and objects for an ADOM To save the current state of the whole ADOM To save the FortiManager configuration in the System Checkpoints None 11. An administrator, Trainer, who is assigned the Super_User profile, is trying to approve a workflow session that was submitted by another administrator, Student. However, Trainer is unable to approve the workflow session. What can prevent an admin account that has Super_User rights over the device from approving a workflow session? Trainer is not a part of workflow approval group. Trainer does not have full rights over this ADOM. Trainer must close Student’s workflow session before approving the request. Trainer must first create their own workflow session to approve student session. None 12. An administrator wants to delete an address object that is currently referenced in a firewall policy. What can the administrator expect to happen? FortiManager will replace the deleted address object with the none address object in the referenced firewall policy FortiManager will disable the status of the referenced firewall policy FortiManager will not allow the administrator to delete a referenced address object FortiManager will replace the deleted address object with all address object in the referenced firewall policy None 13. Which two conditions trigger FortiManager to create a new revision history? (Choose two.) When configuration revision is reverted to previous revision in the revision history When FortiManager is auto-updated with configuration changes made directly on a managed device When changes to device-level database is made on FortiManager When FortiManager installs device-level changes to a managed device 14. What will happen if the script is run using the Device Database option? (Choose two.) The Device Settings Status will be tagged as Modified. You must install these changes using the Install Wizard to a managed device. The successful execution of a script on the Device Database will create a new revision history. The script history will show successful installation of the script on the remote FortiGate. 15. Refer to the exhibit. Given the configuration shown in the exhibit, what are two results from this configuration? (Choose two.) Unlocking an ADOM will submit configuration changes automatically to the approval administrator. Ungraceful closed sessions will keep the ADOM in a locked state until the administrator session times out. The same administrator can lock more than one ADOM at the same time. Unlocking an ADOM will install configuration changes automatically on managed devices. 16. In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices. The administrator sent a device registration to FortiManager from a remote FortiGate. Which one of the following statements is true? By default, the unregistered FortiGate will appear in the root ADOM. The FortiGate will be automatically added to the Training ADOM. The FortiGate will be added automatically to the default ADOM named FortiGate. The FortiManager administrator must add the unregistered device manually to the unregistered device manually to the Training ADOM using the Add Device wizard None 17. Refer to the exhibit. An administrator is about to add the FortiGate device to FortiManager using the discovery process. FortiManager is operating behind a NAT device, and the administrator configured the FortiManager NATed IP address under the FortiManager system administration settings. What is the expected result? During discovery, FortiManager uses only the FortiGate serial number to establish the connection. During discovery, FortiManager sets both the FortiManager NATed IP address and NAT device IP address on FortiGate. During discovery, FortiManager sets the FortiManager NATed IP address on FortiGate. During discovery, FortiManager sets the NATed device IP address on FortiGate. None 18. Refer to the exhibit. According to the error message, why is FortiManager failing to add the FortiAnalyzer device? The administrator must use the Add Model Device section and discover the Forti Analyzer device. The administrator must turn off the Use Legacy Device login and add the FortiAnalyzer device to the same network as Forti Manager. The administrator must select the Forti Manager administrative access checkbox on the Forti Analyzer management interface. The administrator must use the correct user name and password of the FortiAnalyzer device. None 19. What is the purpose of the Policy Check feature on FortiManager? To find and merge duplicate policies in the policy package To find and provide recommendation for optimizing policies in a policy package To find and provide recommendation to combine multiple separate policy packages into one common To find and delete disabled firewall policies in the policy package None 20. Which two statements about the scheduled backup of FortiManager are true? It backs up all devices and the FortiGuard database. t can be configured using the CLI and GUI. It supports FTP, SCP, and SFTP. It does not back up firmware images saved on FortiManager. 21. Which two items does an FGFM keepalive message include? (Choose two.) FortiGate uptime FortiGate configuration checksum FortiGate license information FortiGate IPS version 22. Refer to the exhibit. An administrator would like to create three ADOMs on FortiManager with different access levels based on departments. What two conclusions can you draw from the design shown in the exhibit? (Choose two.) The administrator must configure FortiManager in workspace mode. The administrator must set the FortiManager ADOM mode to Advanced. Admin A can access VDOM2 and VDOM3 with the super user profile. The FortiManager policies and objects database can be shared between the Financial and HR ADOMs. 23. What does a policy package status of Conflict indicate? The policy package reports inconsistencies and conflicts during a Policy Consistency Check. The policy package configuration has been changed on both FortiManager and the managed device independently. The policy configuration has never been imported after a device was registered on FortiManager. None 24. An administrator runs the Policy Check feature on Forti Manager ADOM. What will be the result? It will find and delete disabled firewall policies in the policy package. It will find and provide recommendations for optimizing policies in a policy package. It will find and merge duplicate policies in the policy package. It will find and provide recommendations to combine multiple separate policy packages into one common policy package. None 25. What are two outcomes of ADOM revisions? (Choose two.) ADOM revisions can save the current state of all policy packages and objects for an ADOM ADOM revisions can significantly increase the size of the configuration backups. ADOM revisions can save the current size of the whole ADOM ADOM revisions can create System Checkpoints for the FortiManager configuration 26. You are moving managed FortiGate devices from one ADOM to a new ADOM. Which statement correctly describes the expected result? Any unused objects from a previous ADOM are moved to the new ADOM automatically. The shared device settings will be installed automatically. Policy packages will be imported into the new ADOM automatically. The shared policy package will not be moved to the new ADOM. None 27. Refer to the exhibit. What is the purpose of setting ADOM Mode to Advanced? This setting disables concurrent ADOM access and adds ADOM locking. This setting enables the ADOMs feature on FortiManager. This setting allows you to assign a VDOM from a single device to a different ADOM. This setting allows you to manage FortiGate chassis models. None 28. View the following exhibit. Which statement is true regarding this failed installation log? Policy ID 2 is installed in disabled state Policy ID 2 is installed without a source address Policy ID 2 is installed without a source device Policy ID 2 will not be installed None 29. Refer to the exhibit. You are using the Quick Install option to install configuration changes on the managed FortiGate. Which two statements correctly describe the result? (Choose two.) It installs device-level changes on the FortiGate device without launching the Install Wizard. It installs provisioning template changes on the FortiGate device. It provides the option to preview only the policy package changes before installing them. It installs all the changes in the device database first and the administrator must reinstall the changes on the FortiGate device. 30. In the event that the primary FortiManager fails, which of the following actions must be performed to return the FortiManager HA to a working state? Secondary device with highest priority will automatically be promoted to the primary role, and manually reconfigure all other secondary devices to point to the new primary device. Reboot one of the secondary devices to promote it automatically to the primary role, and reconfigure all other secondary devices to point to the new primary device. Manually promote one of the secondary devices to the primary role, and reconfigure all other secondary devices to point to the new primary device. FortiManager HA state transition is transparent to administrators and does not require any reconfiguration. None Time's up
