Certification Provider: FortinetExam: FCP: Forti Manager 7.2 AdministratorExam Code: NSE5 FMG v7.2Total Question: 72Question per Quiz: 35Updated On: 06 April 2024Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam. 1. An administrator created a header and footer global policy package and assigned it to an ADOM. What are two outcomes from this action? (Choose two.) You can edit or delete all the global objects in the global ADOM. You must manually move the header and footer policies after the policy assignment. f you assign an additional global policy package to the same ADOM, FortiManager removes previously assigned policies. After you assign the global policy package to an ADOM, the policy package is hidden from the ADOM and cannot be viewed. 2. Refer to the exhibit. What will happen if the script is run using the Remote FortiGate Directly (via CLI) option? (Choose two.) You must install these changes using the Install Wizard. FortiGate will auto-update the FortiManager device-level database. FortiManager will create a new revision history. FortiManager provides a preview of CLI commands before executing this script on a managed FortiGate. 3. An administrator enabled workspace mode and now wants to delete an address object that is currently referenced in a firewall policy. Which two results can the administrator expect to happen? (Choose two.) FortiManager will not allow the administrator to delete a referenced address object until the ADOM is locked. FortiManager will temporarily change the status of the referenced firewall policy. FortiManager will replace the deleted address object with the none address object in the referenced firewall policy. FortiManager will disable the status of the address object. 4. Refer to the exhibit. An administrator has created a firewall address object, Local, which is used in the Remote-FortiGate policy package. When the installation operation is performed, which IP/Netmask will be installed on Remote-FortiGate, for the Local firewall address object? Remote-FortiGate will automatically choose an IP/netmask based on its network interface settings. It will create the Local and Remote-Local firewall address objects on Remote-FortiGate with 192.168.5.0/24 and 10.0.2.0/24 values. 10.0.2.0/24 192.168.5.0/24 None 5. How are bulk configuration changes made using FortiManager CLI scripts? (Choose two.) When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history. When run on the Device Database, changes are applied directly to the managed FortiGate device. When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation. 6. What are two outcomes of ADOM revisions? (Choose two.) ADOM revisions can create System Checkpoints for the FortiManager configuration ADOM revisions can significantly increase the size of the configuration backups. ADOM revisions can save the current size of the whole ADOM ADOM revisions can save the current state of all policy packages and objects for an ADOM 7. Refer to the exhibit. What is the purpose of setting ADOM Mode to Advanced? This setting allows you to assign a VDOM from a single device to a different ADOM. This setting enables the ADOMs feature on FortiManager. This setting allows you to manage FortiGate chassis models. This setting disables concurrent ADOM access and adds ADOM locking. None 8. Refer to the exhibit. Given the configuration shown in the exhibit, what are two results from this configuration? (Choose two.) Unlocking an ADOM will install configuration changes automatically on managed devices. The same administrator can lock more than one ADOM at the same time. Unlocking an ADOM will submit configuration changes automatically to the approval administrator. Ungraceful closed sessions will keep the ADOM in a locked state until the administrator session times out. 9. Which configuration setting for FortiGate is part of a device-level database on FortiManager? Routing VIP and IP Pools Security profiles Firewall policies None 10. An administrator has enabled Service Access on FortiManager. What is the purpose of Service Access on the FortiManager interface? It allows administrative access to FortiManager. It allows third-party applications to gain read/write access to FortiManager. It allows FortiManager to respond to requests for FortiGuard services from FortiGate devices. It allows FortiManager to determine the connection status of managed devices. None 11. What does a policy package status of Never Installed indicate? The policy package was never imported after a device was registered on Forti Manager. The policy configuration has been changed on a managed device and changes have not yet been imported into FortiManager. The policy configuration has been changed on FortiManager and changes have not yet been installed on the managed device. FortiManager is unable to determine the policy package status. None 12. What does a policy package status of Conflict indicate? The policy configuration has never been imported after a device was registered on FortiManager. The policy package configuration has been changed on both FortiManager and the managed device independently. The policy package reports inconsistencies and conflicts during a Policy Consistency Check. None 13. In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices only. The administrator authorized the FortiGate device on FortiManager using the Fortinet Security Fabric. Given the administrator’s actions, which statement correctly describes the expected result? The authorized FortiGate will be automatically added to the Training ADOM. The authorized FortiGate will appear in the root ADOM. The FortiManager administrator must add the authorized device to the Training ADOM using the Add Device wizard only. The authorized FortiGate can be added to the Training ADOM using FortiGate Fabric Connectors. None 14. An administrator would like to create an SD-WAN using central management in the Training ADOM. To create an SD-WAN using central management, which two steps must be completed? (Choose two) Remove all the interface references such as routes or policies that will be a part of SD-WAN member interfaces Enable SD-WAN central management in the Training ADOM Specify a gateway address when you create a default SD-WAN static route Configure and install the SD-WAN firewall policy and SD-WAN static route before installing the SDWAN template settings 15. Push updates are failing on a FortiGate device that is located behind a NAT device. Which two settings should the administrator check? (Choose two.) That the NAT device IP address and correct ports are configured on FortiManager That the external IP address on the NAT device is set to DHCP and configured with the virtual IP That the virtual IP address and correct ports are set on the NAT device That the override server IP address is set on FortiManager and the NAT device 16. An administrator runs the Policy Check feature on Forti Manager ADOM. What will be the result? It will find and provide recommendations for optimizing policies in a policy package. It will find and merge duplicate policies in the policy package. It will find and delete disabled firewall policies in the policy package. It will find and provide recommendations to combine multiple separate policy packages into one common policy package. None 17. An administrator is in the process of moving the system template profile between ADOMs by running the following command: execute fmprofile import-profile ADOM2 3547 /tmp/myfile Where does the administrator import the file from? ADOM2 ADOM1 ADOM2 object database File system None 18. Which two statements about the scheduled backup of FortiManager are true? t can be configured using the CLI and GUI. It supports FTP, SCP, and SFTP. It does not back up firmware images saved on FortiManager. It backs up all devices and the FortiGuard database. 19. Given the configuration shown in the exhibit, what can you conclude from the installation targets in the Install On column? (Choose two.) Policy seq # 1 will be installed on the Remote-FortiGate root[NAT] and Student[NAT] VDOMs only. Policy seq.# 3 will be skipped because no installation targets are specified. Policy seq.# 3 will be installed on all managed devices and VDOMs that are listed under Installation Targets. Policy 3 will be installed on all FortiGate devices and vdom belongs to the ADOM. Policy seq.# 2 will not be installed on the Local-FortiGate root VDOM because there is no root VDOM in the Installation Target. 20. What is the advantage of using FortiManager to manage FortiAnalyzer? It allows FortiManager to run reports based on FortiAnalyzer. It allows FortiManager to manage all FortiGate devices. It allows FortiManager to store all managed FortiGate device logs. It allows FortiManager to act as a collector and FortiAnalyzer device. None 21. Refer to the exhibit. Which two statements about the output are true? (Choose two.) Configuration changes have been installed on FortiGate, which means the FortiGate configuration has been changed. The latest revision history for the managed FortiGate does not match the device-level database. The latest revision history for the managed FortiGate does match the FortiGate running configuration. Configuration changes directly made on FortiGate have been automatically updated to the device-level database. 22. In the event that the monitored interface for the primary FortiManager device fails, which statement is true about Forti Manager HA? Reboot the failed device to remove its IP from the primary device. The FortiManager HA failover is transparent to administrators and does not require any reconfiguration. Manually promote one of the working secondary devices to the primary role, and reboot the old primary device to remove the peer IP of the failed device Reconfigure the primary device to remove the peer IP of the failed device. None 23. An administrator has assigned a global policy package to a new ADOM called ADOM1. What will happen if the administrator tries to create a new policy package in ADOM1? When a new policy package is created, the administrator must import the global policy package to ADOM1. When creating a new policy package, the administrator can select the option to assign the global policy package to the new policy package. When the new policy package is created, FortiManager automatically assigns the global policy package to the new policy package. When a new policy package is created, the administrator must assign the global policy package from the global ADOM. None 24. Refer to the exhibit. According to the error message, why is FortiManager failing to add the FortiAnalyzer device? The administrator must turn off the Use Legacy Device login and add the FortiAnalyzer device to the same network as Forti Manager. The administrator must select the Forti Manager administrative access checkbox on the Forti Analyzer management interface. The administrator must use the correct user name and password of the FortiAnalyzer device. The administrator must use the Add Model Device section and discover the Forti Analyzer device. None 25. Which configuration setting for FortiGate is part of an ADOM-level database on FortiManager? Routing Security profiles NSX-T Service Template SNMP None 26. In the event that the primary FortiManager fails, which of the following actions must be performed to return the FortiManager HA to a working state? FortiManager HA state transition is transparent to administrators and does not require any reconfiguration. Reboot one of the secondary devices to promote it automatically to the primary role, and reconfigure all other secondary devices to point to the new primary device. Manually promote one of the secondary devices to the primary role, and reconfigure all other secondary devices to point to the new primary device. Secondary device with highest priority will automatically be promoted to the primary role, and manually reconfigure all other secondary devices to point to the new primary device. None 27. Refer to the exhibit.On Forti Manager, an administrator created a new system template named Training with two new DNS addresses. During the installation preview stage, the administrator notices that central-management settings need to be purged.What can be the main reason for the central-management purge command? The Training system template has a default FortiGuard widget. The Remote-FortiGate device does not have any DNS server-list configured in the central-management settings. The DNS addresses in the default system settings are the same as the Training system template. The ADOM is locked by another administrator. None 28. Refer to the exhibit. An administrator wants to create a policy on the Staging ADOM in backup mode, and install it on the FortiGate device in the same ADOM. How can the administrator perform this task? The administrator must use the FortiManager script. The administrator must change the ADOM mode to Advanced to bring the FortiManager online. The administrator must use the Policy & Objects section to create a policy first. The administrator must disable the FortiManager offline mode first. None 29. Which two settings must be configured for SD-WAN Central Management? (Choose two.) The first step in creating an SD-WAN using FortiManager is to create two SD-WAN firewall policies. SD-WAN must be enabled on per-ADOM basis When you configure an SD-WAN, you must specify at least two member interfaces. You can create multiple SD-WAN interfaces per VDOM 30. What will be the result of reverting to a previous revision version in the revision history? It will install configuration changes to managed device automatically. It will tag the device settings status as Auto-Update. It will generate a new version ID and remove all other revision history versions. It will modify the device-level database. None Time's up