Certification Provider: FortinetExam: FCP: Forti Manager 7.2 AdministratorExam Code: NSE5 FMG v7.2Total Question: 72Question per Quiz: 35Updated On: 10 April 2025Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam. 1. An administrator’s PC crashes before the administrator can submit a workflow session for approval. After the PC is restarted, the administrator notices that the ADOM was locked from the session before the crash. How can the administrator unlock the ADOM? Log in as Super_User in order to unlock the ADOM. Delete the previous admin session manually through the Forti Manager GUI or CLI. Log in using the same administrator account to unlock the ADOM. Restore the configuration from a previous backup. None 2. An administrator run the reload failure command: diagnose test deploymanager reload config on FortiManager. What does this command do? It compares and provides differences in configuration on FortiManager with the current running configuration of the specified FortiGate. It downloads the latest configuration from the specified FortiGate and performs a reload operation on the device database. It installs the provisioning template configuration on the specified FortiGate. It installs the latest configuration on the specified FortiGate and update the revision history database. None 3. Refer to the exhibit. What can you conclude from the failed installation log shown in the exhibit? Policy ID 2 is installed in the disabled state. Policy ID 2 is installed without a source address. Policy ID 2 will not be installed. Policy ID 2 is installed without the remote user student. None 4. Refer to the exhibit. Given the configuration shown in the exhibit, what are two results from this configuration? (Choose two.) The same administrator can lock more than one ADOM at the same time. Unlocking an ADOM will install configuration changes automatically on managed devices. Unlocking an ADOM will submit configuration changes automatically to the approval administrator. Ungraceful closed sessions will keep the ADOM in a locked state until the administrator session times out. 5. How are bulk configuration changes made using FortiManager CLI scripts? (Choose two.) When run on the Device Database, changes are applied directly to the managed FortiGate device. When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history. When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation. 6. What is the purpose of the Policy Check feature on FortiManager? To find and merge duplicate policies in the policy package To find and provide recommendation for optimizing policies in a policy package To find and delete disabled firewall policies in the policy package To find and provide recommendation to combine multiple separate policy packages into one common None 7. Refer to the exhibit. A junior administrator is troubleshooting a FortiManager connectivity issue that is occurring with managed FortiGate devices. Given the FortiManager device manager settings shown in the exhibit, what can you conclude from the exhibit? Forti Manager lost internet connectivity, therefore, both devices appear to be down. The administrator can reclaim the FGFM tunnel to get both devices online. The administrator had restored the Forti Manager configuration file. The administrator must refresh both devices to restore connectivity. None 8. Which three settings are the factory default settings on FortiManager? (Choose three.) The administrative domain is disabled. FortiAnalyzer features are disabled Reports and Event Monitor panes are enabled The Forti Manager setup wizard is disabled. port1 interface IP address is 192.168.1.99/24 9. Which two settings must be configured for SD-WAN Central Management? (Choose two.) The first step in creating an SD-WAN using FortiManager is to create two SD-WAN firewall policies. You can create multiple SD-WAN interfaces per VDOM When you configure an SD-WAN, you must specify at least two member interfaces. SD-WAN must be enabled on per-ADOM basis 10. Refer to the exhibit.On Forti Manager, an administrator created a new system template named Training with two new DNS addresses. During the installation preview stage, the administrator notices that central-management settings need to be purged.What can be the main reason for the central-management purge command? The Training system template has a default FortiGuard widget. The ADOM is locked by another administrator. The DNS addresses in the default system settings are the same as the Training system template. The Remote-FortiGate device does not have any DNS server-list configured in the central-management settings. None 11. Refer to the exhibit. An administrator wants to create a policy on the Staging ADOM in backup mode, and install it on the FortiGate device in the same ADOM. How can the administrator perform this task? The administrator must use the FortiManager script. The administrator must use the Policy & Objects section to create a policy first. The administrator must change the ADOM mode to Advanced to bring the FortiManager online. The administrator must disable the FortiManager offline mode first. None 12. Refer to the exhibit. How will FortiManager try to get updates for antivirus and IPS? From the default server fds1.fortinet.com From the list of configured override servers or public FDN servers From the configured override server IP address 10.0.1.50 only From public FDNI server IP address with the fourth highest octet only None 13. In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices. The administrator sent a device registration to FortiManager from a remote FortiGate. Which one of the following statements is true? The FortiManager administrator must add the unregistered device manually to the unregistered device manually to the Training ADOM using the Add Device wizard The FortiGate will be added automatically to the default ADOM named FortiGate. By default, the unregistered FortiGate will appear in the root ADOM. The FortiGate will be automatically added to the Training ADOM. None 14. Refer to the exhibit showing a Download Import Report. Why is it failing to import firewall policy ID 1? Policy ID 1 does not have the ADOM Interface mapping configured on FortiManager. Policy ID 1 is configured from the interface any to port6. FortiManager rejects the request to import this policy because the any interface does not exist on FortiManager. Policy ID 1 for this managed FortiGate already exists on FortiManager in the policy package named Remote-FortiGate. The address object used in policy ID 1 already exists in the ADOM database with any as the interface association, and conflicts with the address object interface association locally on FortiGate. None 15. Which two items does an FGFM keepalive message include? (Choose two.) FortiGate uptime FortiGate license information FortiGate IPS version FortiGate configuration checksum 16. In the event that the monitored interface for the primary FortiManager device fails, which statement is true about Forti Manager HA? Reboot the failed device to remove its IP from the primary device. The FortiManager HA failover is transparent to administrators and does not require any reconfiguration. Manually promote one of the working secondary devices to the primary role, and reboot the old primary device to remove the peer IP of the failed device Reconfigure the primary device to remove the peer IP of the failed device. None 17. Refer to the exhibit. Given the configuration shown in the exhibit, how did Forti Manager handle the service category named General? FortiManager ignored the firewall service category General but created a new service category in its database. Forti Manager ignored the firewall service category General and did not update its database with the value. FortiManager ignored the firewall service category General and deleted the duplicate value in its database. Forti Manager ignored the firewall service category General and updated the FortiGate duplicate value in the FortiGate database. None 18. An administrator enabled workspace mode and now wants to delete an address object that is currently referenced in a firewall policy. Which two results can the administrator expect to happen? (Choose two.) FortiManager will not allow the administrator to delete a referenced address object until the ADOM is locked. FortiManager will temporarily change the status of the referenced firewall policy. FortiManager will replace the deleted address object with the none address object in the referenced firewall policy. FortiManager will disable the status of the address object. 19. An administrator has assigned a global policy package to a new ADOM called ADOM1. What will happen if the administrator tries to create a new policy package in ADOM1? When a new policy package is created, the administrator must import the global policy package to ADOM1. When the new policy package is created, FortiManager automatically assigns the global policy package to the new policy package. When creating a new policy package, the administrator can select the option to assign the global policy package to the new policy package. When a new policy package is created, the administrator must assign the global policy package from the global ADOM. None 20. Which two conditions trigger FortiManager to create a new revision history? (Choose two.) When configuration revision is reverted to previous revision in the revision history When FortiManager installs device-level changes to a managed device When FortiManager is auto-updated with configuration changes made directly on a managed device When changes to device-level database is made on FortiManager 21. Refer to the exhibit. What will happen if the script is run using the Remote FortiGate Directly (via CLI) option? (Choose two.) You must install these changes using the Install Wizard. FortiGate will auto-update the FortiManager device-level database. FortiManager will create a new revision history. FortiManager provides a preview of CLI commands before executing this script on a managed FortiGate. 22. In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices only. The administrator authorized the FortiGate device on FortiManager using the Fortinet Security Fabric. Given the administrator’s actions, which statement correctly describes the expected result? The authorized FortiGate will be automatically added to the Training ADOM. The FortiManager administrator must add the authorized device to the Training ADOM using the Add Device wizard only. The authorized FortiGate will appear in the root ADOM. The authorized FortiGate can be added to the Training ADOM using FortiGate Fabric Connectors. None 23. Refer to the exhibit. Which two statements about the output are true? (Choose two.) Configuration changes have been installed on FortiGate, which means the FortiGate configuration has been changed. The latest revision history for the managed FortiGate does match the FortiGate running configuration. The latest revision history for the managed FortiGate does not match the device-level database. Configuration changes directly made on FortiGate have been automatically updated to the device-level database. 24. An administrator is in the process of moving the system template profile between ADOMs by running the following command: execute fmprofile import-profile ADOM2 3547 /tmp/myfile Where does the administrator import the file from? ADOM2 ADOM2 object database File system ADOM1 None 25. An administrator configures a new OSPF route on FortiManager and has not yet pushed the changes to the managed FortiGate device. In which database will the configuration be saved? Revision history database Configuration-level database ADOM-level database Device-level database None 26. An administrator has configured the command shown in the exhibit on FortiManager. A configuration change has been installed from FortiManager to the managed FortiGate that causes the FGFM tunnel to go down for more than 15 minutes. What is the purpose of this command? It allows FortiGate to reboot and recover the previous configuration from its configuration file. It allows FortiManager to unset the new configuration through CLI and reboot FortiGate. It allows FortiManager to revert and install a previous configuration revision on the managed FortiGate. It allows FortiGate to reboot and restore a previously working firmware image. None 27. You are moving managed FortiGate devices from one ADOM to a new ADOM. Which statement correctly describes the expected result? Any unused objects from a previous ADOM are moved to the new ADOM automatically. Policy packages will be imported into the new ADOM automatically. The shared device settings will be installed automatically. The shared policy package will not be moved to the new ADOM. None 28. Refer to the exhibit. According to the error message, why is FortiManager failing to add the FortiAnalyzer device? The administrator must use the Add Model Device section and discover the Forti Analyzer device. The administrator must turn off the Use Legacy Device login and add the FortiAnalyzer device to the same network as Forti Manager. The administrator must select the Forti Manager administrative access checkbox on the Forti Analyzer management interface. The administrator must use the correct user name and password of the FortiAnalyzer device. None 29. An administrator enabled workspace mode and now wants to delete an address object that is currently referenced in a firewall policy. Which two results can the administrator expect to happen? (Choose two.) FortiManager will replace the deleted address object with the none address object in the referenced firewall policy. FortiManager will not allow the administrator to delete a referenced address object until the ADOM is locked. FortiManager will temporarily change the status of the referenced firewall policy. FortiManager will disable the status of the address object. 30. View the following exhibit. Which statement is true regarding this failed installation log? Policy ID 2 is installed without a source address Policy ID 2 is installed in disabled state Policy ID 2 will not be installed Policy ID 2 is installed without a source device None Time's up