Certification Provider: FortinetExam: FCP: Forti Manager 7.2 AdministratorExam Code: NSE5 FMG v7.2Total Question: 72Question per Quiz: 35Updated On: 06 April 2024Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam. 1. An administrator would like to review, approve or reject all the firewall policy changes made by the junior administrators. How should the workspace mode settings be configured on FortiManager? Set to workspace and using the policy locking feature Set to workflow and using the ADOM locking feature Set to normal and using the approval group feature Set to read/write and using the policy locking feature None 2. When an installation is performed from FortiManager, what is the recovery logic used between FortiManager and FortiGate for an FGFM tunnel? FortiManager will not push the CLI commands as a part of the installation that will cause the tunnel to go down. FortiGate will reject the CLI commands that will cause the tunnel to go down. FortiManager will revert and install a previous configuration revision on the managed FortiGate. After 15 minutes, FortiGate will unset all CLI commands that were part of the installation that caused the tunnel to go down. None 3. Refer to the exhibit. Given the configuration shown in the exhibit, how did Forti Manager handle the service category named General? FortiManager ignored the firewall service category General and deleted the duplicate value in its database. FortiManager ignored the firewall service category General but created a new service category in its database. Forti Manager ignored the firewall service category General and did not update its database with the value. Forti Manager ignored the firewall service category General and updated the FortiGate duplicate value in the FortiGate database. None 4. Which two items are included in the FortiManager backup? (Choose two.) Firmware images FortiGuard database All devices Flash configuration 5. Push updates are failing on a FortiGate device that is located behind a NAT device. Which two settings should the administrator check? (Choose two.) That the virtual IP address and correct ports are set on the NAT device That the NAT device IP address and correct ports are configured on FortiManager That the override server IP address is set on FortiManager and the NAT device That the external IP address on the NAT device is set to DHCP and configured with the virtual IP 6. In the event that the monitored interface for the primary FortiManager device fails, which statement is true about Forti Manager HA? The FortiManager HA failover is transparent to administrators and does not require any reconfiguration. Manually promote one of the working secondary devices to the primary role, and reboot the old primary device to remove the peer IP of the failed device Reboot the failed device to remove its IP from the primary device. Reconfigure the primary device to remove the peer IP of the failed device. None 7. Refer to the exhibit. An administrator would like to create three ADOMs on FortiManager with different access levels based on departments. What two conclusions can you draw from the design shown in the exhibit? (Choose two.) The administrator must set the FortiManager ADOM mode to Advanced. The FortiManager policies and objects database can be shared between the Financial and HR ADOMs. Admin A can access VDOM2 and VDOM3 with the super user profile. The administrator must configure FortiManager in workspace mode. 8. What will happen if the script is run using the Device Database option? (Choose two.) The script history will show successful installation of the script on the remote FortiGate. The Device Settings Status will be tagged as Modified. The successful execution of a script on the Device Database will create a new revision history. You must install these changes using the Install Wizard to a managed device. 9. Which three settings are the factory default settings on FortiManager? (Choose three.) Reports and Event Monitor panes are enabled The administrative domain is disabled. port1 interface IP address is 192.168.1.99/24 The Forti Manager setup wizard is disabled. FortiAnalyzer features are disabled 10. An administrator wants to delete an address object that is currently referenced in a firewall policy. What can the administrator expect to happen? FortiManager will not allow the administrator to delete a referenced address object FortiManager will replace the deleted address object with all address object in the referenced firewall policy FortiManager will replace the deleted address object with the none address object in the referenced firewall policy FortiManager will disable the status of the referenced firewall policy None 11. Refer to the exhibit. An administrator is about to add the FortiGate device to FortiManager using the discovery process. FortiManager is operating behind a NAT device, and the administrator configured the FortiManager NATed IP address under the FortiManager system administration settings. What is the expected result? During discovery, FortiManager uses only the FortiGate serial number to establish the connection. During discovery, FortiManager sets the FortiManager NATed IP address on FortiGate. During discovery, FortiManager sets the NATed device IP address on FortiGate. During discovery, FortiManager sets both the FortiManager NATed IP address and NAT device IP address on FortiGate. None 12. Refer to the exhibit. What will happen if the script is run using the Remote FortiGate Directly (via CLI) option? (Choose two.) FortiGate will auto-update the FortiManager device-level database. You must install these changes using the Install Wizard. FortiManager will create a new revision history. FortiManager provides a preview of CLI commands before executing this script on a managed FortiGate. 13. An administrator has assigned a global policy package to custom ADOM1. Then the administrator creates a new policy package, Fortinet, in the custom ADOM1. What will happen to the Fortinet policy package when it is created? It automatically assigns the global policies. You can select the option to assign the global policies. You need to assign the global policy package from the global ADOM. You need to reapply the global policy package to the ADOM. None 14. What will happen if FortiAnalyzer features are enabled on FortiManager? FortiManager will keep all the logs and reports on the FortiManager. FortiManager can be used only as a logging device. FortiManager will install the logging configuration to the managed devices. FortiManager will enable ADOMs to collect logs automatically from non-FortiGate devices. None 15. Given the configuration shown in the exhibit, what can you conclude from the installation targets in the Install On column? (Choose two.) Policy seq.# 3 will be installed on all managed devices and VDOMs that are listed under Installation Targets. Policy seq.# 3 will be skipped because no installation targets are specified. Policy 3 will be installed on all FortiGate devices and vdom belongs to the ADOM. Policy seq.# 2 will not be installed on the Local-FortiGate root VDOM because there is no root VDOM in the Installation Target. Policy seq # 1 will be installed on the Remote-FortiGate root[NAT] and Student[NAT] VDOMs only. 16. An administrator, Trainer, who is assigned the Super_User profile, is trying to approve a workflow session that was submitted by another administrator, Student. However, Trainer is unable to approve the workflow session. What can prevent an admin account that has Super_User rights over the device from approving a workflow session? Trainer does not have full rights over this ADOM. Trainer must first create their own workflow session to approve student session. Trainer is not a part of workflow approval group. Trainer must close Student’s workflow session before approving the request. None 17. An administrator would like to create an SD-WAN using central management in the Training ADOM. To create an SD-WAN using central management, which two steps must be completed? (Choose two) Specify a gateway address when you create a default SD-WAN static route Configure and install the SD-WAN firewall policy and SD-WAN static route before installing the SDWAN template settings Remove all the interface references such as routes or policies that will be a part of SD-WAN member interfaces Enable SD-WAN central management in the Training ADOM 18. Refer to the exhibit. According to the error message, why is FortiManager failing to add the FortiAnalyzer device? The administrator must use the Add Model Device section and discover the Forti Analyzer device. The administrator must use the correct user name and password of the FortiAnalyzer device. The administrator must turn off the Use Legacy Device login and add the FortiAnalyzer device to the same network as Forti Manager. The administrator must select the Forti Manager administrative access checkbox on the Forti Analyzer management interface. None 19. Refer to the exhibit. Which statement about the object named ALL is true? FortiManager updated the object ALL using the FortiGate value in its database. FortiManager created the object ALL as a unique entity in its database, which can be only used by this managed FortiGate. FortiManager installed the object ALL with the updated value. FortiManager updated the object ALL using the FortiManager value in its database. None 20. Which two statements about the scheduled backup of FortiManager are true? It does not back up firmware images saved on FortiManager. It supports FTP, SCP, and SFTP. It backs up all devices and the FortiGuard database. t can be configured using the CLI and GUI. 21. Refer to the exhibit. How will FortiManager try to get updates for antivirus and IPS? From public FDNI server IP address with the fourth highest octet only From the list of configured override servers or public FDN servers From the default server fds1.fortinet.com From the configured override server IP address 10.0.1.50 only None 22. In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices. The administrator sent a device registration to FortiManager from a remote FortiGate. Which one of the following statements is true? The FortiGate will be added automatically to the default ADOM named FortiGate. The FortiManager administrator must add the unregistered device manually to the unregistered device manually to the Training ADOM using the Add Device wizard The FortiGate will be automatically added to the Training ADOM. By default, the unregistered FortiGate will appear in the root ADOM. None 23. Which two conditions trigger FortiManager to create a new revision history? (Choose two.) When changes to device-level database is made on FortiManager When FortiManager is auto-updated with configuration changes made directly on a managed device When configuration revision is reverted to previous revision in the revision history When FortiManager installs device-level changes to a managed device 24. Refer to the exhibit. An administrator has created a firewall address object, Local, which is used in the Remote-FortiGate policy package. When the installation operation is performed, which IP/Netmask will be installed on Remote-FortiGate, for the Local firewall address object? 10.0.2.0/24 192.168.5.0/24 Remote-FortiGate will automatically choose an IP/netmask based on its network interface settings. It will create the Local and Remote-Local firewall address objects on Remote-FortiGate with 192.168.5.0/24 and 10.0.2.0/24 values. None 25. Which two settings must be configured for SD-WAN Central Management? (Choose two.) When you configure an SD-WAN, you must specify at least two member interfaces. You can create multiple SD-WAN interfaces per VDOM SD-WAN must be enabled on per-ADOM basis The first step in creating an SD-WAN using FortiManager is to create two SD-WAN firewall policies. 26. What does a policy package status of Never Installed indicate? FortiManager is unable to determine the policy package status. The policy configuration has been changed on FortiManager and changes have not yet been installed on the managed device. The policy package was never imported after a device was registered on Forti Manager. The policy configuration has been changed on a managed device and changes have not yet been imported into FortiManager. None 27. An administrator has configured the command shown in the exhibit on FortiManager. A configuration change has been installed from FortiManager to the managed FortiGate that causes the FGFM tunnel to go down for more than 15 minutes. What is the purpose of this command? It allows FortiManager to revert and install a previous configuration revision on the managed FortiGate. It allows FortiGate to reboot and recover the previous configuration from its configuration file. It allows FortiManager to unset the new configuration through CLI and reboot FortiGate. It allows FortiGate to reboot and restore a previously working firmware image. None 28. An administrator’s PC crashes before the administrator can submit a workflow session for approval. After the PC is restarted, the administrator notices that the ADOM was locked from the session before the crash. How can the administrator unlock the ADOM? Restore the configuration from a previous backup. Log in as Super_User in order to unlock the ADOM. Log in using the same administrator account to unlock the ADOM. Delete the previous admin session manually through the Forti Manager GUI or CLI. None 29. In the event that the primary FortiManager fails, which of the following actions must be performed to return the FortiManager HA to a working state? Secondary device with highest priority will automatically be promoted to the primary role, and manually reconfigure all other secondary devices to point to the new primary device. Manually promote one of the secondary devices to the primary role, and reconfigure all other secondary devices to point to the new primary device. FortiManager HA state transition is transparent to administrators and does not require any reconfiguration. Reboot one of the secondary devices to promote it automatically to the primary role, and reconfigure all other secondary devices to point to the new primary device. None 30. An administrator enabled workspace mode and now wants to delete an address object that is currently referenced in a firewall policy. Which two results can the administrator expect to happen? (Choose two.) FortiManager will not allow the administrator to delete a referenced address object until the ADOM is locked. FortiManager will temporarily change the status of the referenced firewall policy. FortiManager will replace the deleted address object with the none address object in the referenced firewall policy. FortiManager will disable the status of the address object. Time's up
