Certification Provider: FortinetExam: FCP: Forti Manager 7.2 AdministratorExam Code: NSE5 FMG v7.2Total Question: 72Question per Quiz: 35Updated On: 06 April 2024Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam. 1. An administrator has assigned a global policy package to custom ADOM1. Then the administrator creates a new policy package, Fortinet, in the custom ADOM1. What will happen to the Fortinet policy package when it is created? You need to assign the global policy package from the global ADOM. It automatically assigns the global policies. You can select the option to assign the global policies. You need to reapply the global policy package to the ADOM. None 2. What is the purpose of the Policy Check feature on FortiManager? To find and provide recommendation for optimizing policies in a policy package To find and delete disabled firewall policies in the policy package To find and provide recommendation to combine multiple separate policy packages into one common To find and merge duplicate policies in the policy package None 3. An administrator created a header and footer global policy package and assigned it to an ADOM. What are two outcomes from this action? (Choose two.) You can edit or delete all the global objects in the global ADOM. After you assign the global policy package to an ADOM, the policy package is hidden from the ADOM and cannot be viewed. f you assign an additional global policy package to the same ADOM, FortiManager removes previously assigned policies. You must manually move the header and footer policies after the policy assignment. 4. What does a policy package status of Never Installed indicate? FortiManager is unable to determine the policy package status. The policy package was never imported after a device was registered on Forti Manager. The policy configuration has been changed on FortiManager and changes have not yet been installed on the managed device. The policy configuration has been changed on a managed device and changes have not yet been imported into FortiManager. None 5. View the following exhibit. What is the purpose of setting ADOM Mode to Advanced? The setting allows automatic updates to the policy package configuration for a managed device This setting allows you to assign different VDOMs from the same FortiGate to different ADOMs. The setting disables concurrent ADOM access and adds ADOM locking The setting enables the ADOMs feature on FortiManager None 6. Refer to the exhibit. An administrator would like to create three ADOMs on FortiManager with different access levels based on departments. What two conclusions can you draw from the design shown in the exhibit? (Choose two.) Admin A can access VDOM2 and VDOM3 with the super user profile. The FortiManager policies and objects database can be shared between the Financial and HR ADOMs. The administrator must set the FortiManager ADOM mode to Advanced. The administrator must configure FortiManager in workspace mode. 7. An administrator is replacing a failed device on FortiManager by running the following command: execute device replace sn . Which device name and serial number must the administrator use? The device name and serial number of the new device. The device name of the failed device and serial number of the new device. The device name and serial number of the failed device. The device name of the new device and serial number of the failed device. None 8. What is the advantage of using FortiManager to manage FortiAnalyzer? It allows FortiManager to manage all FortiGate devices. It allows FortiManager to store all managed FortiGate device logs. It allows FortiManager to act as a collector and FortiAnalyzer device. It allows FortiManager to run reports based on FortiAnalyzer. None 9. Refer to the exhibit. What will happen if the script is run using the Remote FortiGate Directly (via CLI) option? (Choose two.) FortiManager provides a preview of CLI commands before executing this script on a managed FortiGate. FortiManager will create a new revision history. You must install these changes using the Install Wizard. FortiGate will auto-update the FortiManager device-level database. 10. An administrator run the reload failure command: diagnose test deploymanager reload config on FortiManager. What does this command do? It downloads the latest configuration from the specified FortiGate and performs a reload operation on the device database. It installs the latest configuration on the specified FortiGate and update the revision history database. It installs the provisioning template configuration on the specified FortiGate. It compares and provides differences in configuration on FortiManager with the current running configuration of the specified FortiGate. None 11. Which three settings are the factory default settings on FortiManager? (Choose three.) Reports and Event Monitor panes are enabled FortiAnalyzer features are disabled The administrative domain is disabled. port1 interface IP address is 192.168.1.99/24 The Forti Manager setup wizard is disabled. 12. Refer to the exhibit. According to the error message, why is FortiManager failing to add the FortiAnalyzer device? The administrator must use the Add Model Device section and discover the Forti Analyzer device. The administrator must turn off the Use Legacy Device login and add the FortiAnalyzer device to the same network as Forti Manager. The administrator must use the correct user name and password of the FortiAnalyzer device. The administrator must select the Forti Manager administrative access checkbox on the Forti Analyzer management interface. None 13. Refer to the exhibit. How will FortiManager try to get updates for antivirus and IPS? From the default server fds1.fortinet.com From the list of configured override servers or public FDN servers From the configured override server IP address 10.0.1.50 only From public FDNI server IP address with the fourth highest octet only None 14. Given the configuration shown in the exhibit, what can you conclude from the installation targets in the Install On column? (Choose two.) Policy seq.# 2 will not be installed on the Local-FortiGate root VDOM because there is no root VDOM in the Installation Target. Policy 3 will be installed on all FortiGate devices and vdom belongs to the ADOM. Policy seq.# 3 will be installed on all managed devices and VDOMs that are listed under Installation Targets. Policy seq.# 3 will be skipped because no installation targets are specified. Policy seq # 1 will be installed on the Remote-FortiGate root[NAT] and Student[NAT] VDOMs only. 15. An administrator, Trainer, who is assigned the Super_User profile, is trying to approve a workflow session that was submitted by another administrator, Student. However, Trainer is unable to approve the workflow session. What can prevent an admin account that has Super_User rights over the device from approving a workflow session? Trainer must first create their own workflow session to approve student session. Trainer must close Student’s workflow session before approving the request. Trainer does not have full rights over this ADOM. Trainer is not a part of workflow approval group. None 16. Refer to the exhibit. You are using the Quick Install option to install configuration changes on the managed FortiGate. Which two statements correctly describe the result? (Choose two.) It installs provisioning template changes on the FortiGate device. It installs device-level changes on the FortiGate device without launching the Install Wizard. It installs all the changes in the device database first and the administrator must reinstall the changes on the FortiGate device. It provides the option to preview only the policy package changes before installing them. 17. What will happen if the script is run using the Device Database option? (Choose two.) The Device Settings Status will be tagged as Modified. You must install these changes using the Install Wizard to a managed device. The script history will show successful installation of the script on the remote FortiGate. The successful execution of a script on the Device Database will create a new revision history. 18. Refer to the exhibit. A junior administrator is troubleshooting a FortiManager connectivity issue that is occurring with managed FortiGate devices. Given the FortiManager device manager settings shown in the exhibit, what can you conclude from the exhibit? Forti Manager lost internet connectivity, therefore, both devices appear to be down. The administrator had restored the Forti Manager configuration file. The administrator can reclaim the FGFM tunnel to get both devices online. The administrator must refresh both devices to restore connectivity. None 19. An administrator has configured the command shown in the exhibit on FortiManager. A configuration change has been installed from FortiManager to the managed FortiGate that causes the FGFM tunnel to go down for more than 15 minutes. What is the purpose of this command? It allows FortiGate to reboot and recover the previous configuration from its configuration file. It allows FortiGate to reboot and restore a previously working firmware image. It allows FortiManager to unset the new configuration through CLI and reboot FortiGate. It allows FortiManager to revert and install a previous configuration revision on the managed FortiGate. None 20. When an installation is performed from FortiManager, what is the recovery logic used between FortiManager and FortiGate for an FGFM tunnel? After 15 minutes, FortiGate will unset all CLI commands that were part of the installation that caused the tunnel to go down. FortiManager will not push the CLI commands as a part of the installation that will cause the tunnel to go down. FortiGate will reject the CLI commands that will cause the tunnel to go down. FortiManager will revert and install a previous configuration revision on the managed FortiGate. None 21. Refer to the exhibit. An administrator logs in to the FortiManager GUI and sees the panes shown in the exhibit. Which two reasons can explain why the FortiAnalyzer feature panes do not appear? (Choose two.) The administrator workflow is enabled on the ADOM. The administrator profile does not have full access privileges like the Super_User profile. The admin session requires approval before administrator can see the FortiAnalyzer feature panes. FortiAnalyzer features are not enabled on FortiManager. 22. Refer to the exhibit. What is the purpose of setting ADOM Mode to Advanced? This setting allows you to assign a VDOM from a single device to a different ADOM. This setting disables concurrent ADOM access and adds ADOM locking. This setting enables the ADOMs feature on FortiManager. This setting allows you to manage FortiGate chassis models. None 23. Refer to the exhibit. An administrator is about to add the FortiGate device to FortiManager using the discovery process. FortiManager is operating behind a NAT device, and the administrator configured the FortiManager NATed IP address under the FortiManager system administration settings. What is the expected result? During discovery, FortiManager sets both the FortiManager NATed IP address and NAT device IP address on FortiGate. During discovery, FortiManager sets the NATed device IP address on FortiGate. During discovery, FortiManager sets the FortiManager NATed IP address on FortiGate. During discovery, FortiManager uses only the FortiGate serial number to establish the connection. None 24. Refer to the exhibit. Which statement about the object named ALL is true? FortiManager updated the object ALL using the FortiManager value in its database. FortiManager created the object ALL as a unique entity in its database, which can be only used by this managed FortiGate. FortiManager installed the object ALL with the updated value. FortiManager updated the object ALL using the FortiGate value in its database. None 25. An administrator’s PC crashes before the administrator can submit a workflow session for approval. After the PC is restarted, the administrator notices that the ADOM was locked from the session before the crash. How can the administrator unlock the ADOM? Restore the configuration from a previous backup. Delete the previous admin session manually through the Forti Manager GUI or CLI. Log in using the same administrator account to unlock the ADOM. Log in as Super_User in order to unlock the ADOM. None 26. An administrator configures a new OSPF route on FortiManager and has not yet pushed the changes to the managed FortiGate device. In which database will the configuration be saved? Revision history database ADOM-level database Configuration-level database Device-level database None 27. Refer to the exhibit. An administrator has created a firewall address object, Local, which is used in the Remote-FortiGate policy package. When the installation operation is performed, which IP/Netmask will be installed on Remote-FortiGate, for the Local firewall address object? 10.0.2.0/24 Remote-FortiGate will automatically choose an IP/netmask based on its network interface settings. It will create the Local and Remote-Local firewall address objects on Remote-FortiGate with 192.168.5.0/24 and 10.0.2.0/24 values. 192.168.5.0/24 None 28. An administrator would like to review, approve or reject all the firewall policy changes made by the junior administrators. How should the workspace mode settings be configured on FortiManager? Set to normal and using the approval group feature Set to workflow and using the ADOM locking feature Set to workspace and using the policy locking feature Set to read/write and using the policy locking feature None 29. An administrator has enabled Service Access on FortiManager. What is the purpose of Service Access on the FortiManager interface? It allows FortiManager to determine the connection status of managed devices. It allows FortiManager to respond to requests for FortiGuard services from FortiGate devices. It allows third-party applications to gain read/write access to FortiManager. It allows administrative access to FortiManager. None 30. If both FortiManager and FortiGate are behind the NAT devices, what are the two expected results? (Choose two.) During discovery, the FortiManager NATed IP address is not set by default on FortiGate. If the FCFM tunnel is torn down, FortiManager will try to re-establish the FGFM tunnel. FortiGate is discovered by FortiManager through the FortiGate NATed IP address. FortiGate can announce itself to FortiManager only if the FortiManager IP address is configured on FortiGate under central management. Time's up
