Certification Provider: FortinetExam: FCP: Forti Manager 7.2 AdministratorExam Code: NSE5 FMG v7.2Total Question: 72Question per Quiz: 35Updated On: 10 April 2025Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam. 1. An administrator has assigned a global policy package to custom ADOM1. Then the administrator creates a new policy package, Fortinet, in the custom ADOM1. What will happen to the Fortinet policy package when it is created? You need to reapply the global policy package to the ADOM. It automatically assigns the global policies. You need to assign the global policy package from the global ADOM. You can select the option to assign the global policies. None 2. How are bulk configuration changes made using FortiManager CLI scripts? (Choose two.) When run on the Device Database, changes are applied directly to the managed FortiGate device. When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history. When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation. 3. View the following exhibit. What is the purpose of setting ADOM Mode to Advanced? The setting disables concurrent ADOM access and adds ADOM locking The setting enables the ADOMs feature on FortiManager The setting allows automatic updates to the policy package configuration for a managed device This setting allows you to assign different VDOMs from the same FortiGate to different ADOMs. None 4. Refer to the exhibit. An administrator wants to create a policy on the Staging ADOM in backup mode, and install it on the FortiGate device in the same ADOM. How can the administrator perform this task? The administrator must use the Policy & Objects section to create a policy first. The administrator must disable the FortiManager offline mode first. The administrator must use the FortiManager script. The administrator must change the ADOM mode to Advanced to bring the FortiManager online. None 5. Refer to the exhibit. Which statement is true about the Forti Manager ADOM policy tab based on the API request? The API command has requested the policy tab permissions information only. The API command has enabled both central NAT and interface policy on the policy tab. The API command has applied to customer with ID: 200. The API command has failed when requesting policy tab permissions information. None 6. If both FortiManager and FortiGate are behind the NAT devices, what are the two expected results? (Choose two.) FortiGate is discovered by FortiManager through the FortiGate NATed IP address. During discovery, the FortiManager NATed IP address is not set by default on FortiGate. FortiGate can announce itself to FortiManager only if the FortiManager IP address is configured on FortiGate under central management. If the FCFM tunnel is torn down, FortiManager will try to re-establish the FGFM tunnel. 7. An administrator has configured the command shown in the exhibit on FortiManager. A configuration change has been installed from FortiManager to the managed FortiGate that causes the FGFM tunnel to go down for more than 15 minutes. What is the purpose of this command? It allows FortiManager to unset the new configuration through CLI and reboot FortiGate. It allows FortiGate to reboot and recover the previous configuration from its configuration file. It allows FortiGate to reboot and restore a previously working firmware image. It allows FortiManager to revert and install a previous configuration revision on the managed FortiGate. None 8. Refer to the exhibit. What is the purpose of setting ADOM Mode to Advanced? This setting allows you to manage FortiGate chassis models. This setting enables the ADOMs feature on FortiManager. This setting allows you to assign a VDOM from a single device to a different ADOM. This setting disables concurrent ADOM access and adds ADOM locking. None 9. What does a policy package status of Never Installed indicate? The policy configuration has been changed on FortiManager and changes have not yet been installed on the managed device. FortiManager is unable to determine the policy package status. The policy package was never imported after a device was registered on Forti Manager. The policy configuration has been changed on a managed device and changes have not yet been imported into FortiManager. None 10. Given the configuration shown in the exhibit, what can you conclude from the installation targets in the Install On column? (Choose two.) Policy seq.# 3 will be installed on all managed devices and VDOMs that are listed under Installation Targets. Policy 3 will be installed on all FortiGate devices and vdom belongs to the ADOM. Policy seq.# 3 will be skipped because no installation targets are specified. Policy seq # 1 will be installed on the Remote-FortiGate root[NAT] and Student[NAT] VDOMs only. Policy seq.# 2 will not be installed on the Local-FortiGate root VDOM because there is no root VDOM in the Installation Target. 11. What will happen if FortiAnalyzer features are enabled on FortiManager? FortiManager will keep all the logs and reports on the FortiManager. FortiManager can be used only as a logging device. FortiManager will install the logging configuration to the managed devices. FortiManager will enable ADOMs to collect logs automatically from non-FortiGate devices. None 12. In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices only. The administrator authorized the FortiGate device on FortiManager using the Fortinet Security Fabric. Given the administrator’s actions, which statement correctly describes the expected result? The authorized FortiGate will be automatically added to the Training ADOM. The FortiManager administrator must add the authorized device to the Training ADOM using the Add Device wizard only. The authorized FortiGate will appear in the root ADOM. The authorized FortiGate can be added to the Training ADOM using FortiGate Fabric Connectors. None 13. In the event that the monitored interface for the primary FortiManager device fails, which statement is true about Forti Manager HA? Manually promote one of the working secondary devices to the primary role, and reboot the old primary device to remove the peer IP of the failed device Reconfigure the primary device to remove the peer IP of the failed device. Reboot the failed device to remove its IP from the primary device. The FortiManager HA failover is transparent to administrators and does not require any reconfiguration. None 14. An administrator enabled workspace mode and now wants to delete an address object that is currently referenced in a firewall policy. Which two results can the administrator expect to happen? (Choose two.) FortiManager will not allow the administrator to delete a referenced address object until the ADOM is locked. FortiManager will replace the deleted address object with the none address object in the referenced firewall policy. FortiManager will temporarily change the status of the referenced firewall policy. FortiManager will disable the status of the address object. 15. What is the advantage of using FortiManager to manage FortiAnalyzer? It allows FortiManager to manage all FortiGate devices. It allows FortiManager to act as a collector and FortiAnalyzer device. It allows FortiManager to run reports based on FortiAnalyzer. It allows FortiManager to store all managed FortiGate device logs. None 16. An administrator’s PC crashes before the administrator can submit a workflow session for approval. After the PC is restarted, the administrator notices that the ADOM was locked from the session before the crash. How can the administrator unlock the ADOM? Log in as Super_User in order to unlock the ADOM. Delete the previous admin session manually through the Forti Manager GUI or CLI. Restore the configuration from a previous backup. Log in using the same administrator account to unlock the ADOM. None 17. An administrator wants to delete an address object that is currently referenced in a firewall policy. What can the administrator expect to happen? FortiManager will replace the deleted address object with the none address object in the referenced firewall policy FortiManager will disable the status of the referenced firewall policy FortiManager will not allow the administrator to delete a referenced address object FortiManager will replace the deleted address object with all address object in the referenced firewall policy None 18. Which three settings are the factory default settings on FortiManager? (Choose three.) The administrative domain is disabled. The Forti Manager setup wizard is disabled. Reports and Event Monitor panes are enabled port1 interface IP address is 192.168.1.99/24 FortiAnalyzer features are disabled 19. Refer to the exhibit. An administrator is about to add the FortiGate device to FortiManager using the discovery process. FortiManager is operating behind a NAT device, and the administrator configured the FortiManager NATed IP address under the FortiManager system administration settings. What is the expected result? During discovery, FortiManager sets the FortiManager NATed IP address on FortiGate. During discovery, FortiManager uses only the FortiGate serial number to establish the connection. During discovery, FortiManager sets both the FortiManager NATed IP address and NAT device IP address on FortiGate. During discovery, FortiManager sets the NATed device IP address on FortiGate. None 20. Refer to the exhibit. An administrator is importing a new device to FortiManager and has selected the options shown in the exhibit. What will happen if the administrator makes the changes and installs the modified policy package on this managed FortiGate? The unused objects that are not tied to the firewall policies will remain as read-only locally on FortiGate. The unused objects that are not tied to the firewall policies will be installed on FortiGate. The unused objects that are not tied to the firewall policies locally on FortiGate will be deleted. The unused objects that are not tied to the firewall policies in the policy package will be deleted from the FortiManager database. None 21. What does a policy package status of Conflict indicate? The policy package configuration has been changed on both FortiManager and the managed device independently. The policy configuration has never been imported after a device was registered on FortiManager. The policy package reports inconsistencies and conflicts during a Policy Consistency Check. None 22. Which two statements about the scheduled backup of FortiManager are true? It does not back up firmware images saved on FortiManager. It supports FTP, SCP, and SFTP. It backs up all devices and the FortiGuard database. t can be configured using the CLI and GUI. 23. Refer to the exhibit. An administrator has created a firewall address object, Local, which is used in the Remote-FortiGate policy package. When the installation operation is performed, which IP/Netmask will be installed on Remote-FortiGate, for the Local firewall address object? It will create the Local and Remote-Local firewall address objects on Remote-FortiGate with 192.168.5.0/24 and 10.0.2.0/24 values. 192.168.5.0/24 Remote-FortiGate will automatically choose an IP/netmask based on its network interface settings. 10.0.2.0/24 None 24. An administrator is in the process of moving the system template profile between ADOMs by running the following command: execute fmprofile import-profile ADOM2 3547 /tmp/myfile Where does the administrator import the file from? ADOM2 ADOM1 ADOM2 object database File system None 25. Refer to the exhibit. What will happen if the script is run using the Remote FortiGate Directly (via CLI) option? (Choose two.) FortiManager will create a new revision history. You must install these changes using the Install Wizard. FortiGate will auto-update the FortiManager device-level database. FortiManager provides a preview of CLI commands before executing this script on a managed FortiGate. 26. Refer to the exhibit. A service provider administrator has assigned a global policy package to a managed customer ADOM named My_ADOM, which has four policy packages. The customer administrator has access only to My_ADOM. How can customer or service provider administrators remove both global header and footer policies from the policy package named Shared_Package? The customer administrator can unassign both global polices from My_ADOM The service provider administrator can unassign both global policies from My_ADOM The customer administrator can unassign both polices by locking My_ADOM The service provider administrator can unassign both policies from the global ADOM None 27. What is the purpose of the Policy Check feature on FortiManager? To find and provide recommendation to combine multiple separate policy packages into one common To find and provide recommendation for optimizing policies in a policy package To find and delete disabled firewall policies in the policy package To find and merge duplicate policies in the policy package None 28. Which two conditions trigger FortiManager to create a new revision history? (Choose two.) When FortiManager installs device-level changes to a managed device When FortiManager is auto-updated with configuration changes made directly on a managed device When configuration revision is reverted to previous revision in the revision history When changes to device-level database is made on FortiManager 29. An administrator created a header and footer global policy package and assigned it to an ADOM. What are two outcomes from this action? (Choose two.) After you assign the global policy package to an ADOM, the policy package is hidden from the ADOM and cannot be viewed. You can edit or delete all the global objects in the global ADOM. You must manually move the header and footer policies after the policy assignment. f you assign an additional global policy package to the same ADOM, FortiManager removes previously assigned policies. 30. Refer to the exhibit. What can you conclude from the failed installation log shown in the exhibit? Policy ID 2 is installed without the remote user student. Policy ID 2 will not be installed. Policy ID 2 is installed without a source address. Policy ID 2 is installed in the disabled state. None Time's up
