Certification Provider: Fortinet Exam: FCP: Forti Manager 7.2 Administrator Exam Code: NSE5 FMG v7.2 Total Question: 72 Question per Quiz: 35 Updated On: 06 April 2024 Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam. 1. Which two conditions trigger FortiManager to create a new revision history? (Choose two.) When FortiManager is auto-updated with configuration changes made directly on a managed device When FortiManager installs device-level changes to a managed device When configuration revision is reverted to previous revision in the revision history When changes to device-level database is made on FortiManager 2. Refer to the exhibit. What is the purpose of setting ADOM Mode to Advanced? This setting enables the ADOMs feature on FortiManager. This setting disables concurrent ADOM access and adds ADOM locking. This setting allows you to manage FortiGate chassis models. This setting allows you to assign a VDOM from a single device to a different ADOM. 3. Given the configuration shown in the exhibit, which two statements are true? An administrator can also lock the Local-FortiGate-1 policy package. The Forti Manager ADOM workspace mode is set to Normal. Forti Manager is in workflow mode. The FortiManager ADOM is locked by the administrator. 4. Refer to the exhibit. An administrator wants to create a policy on the Staging ADOM in backup mode, and install it on the FortiGate device in the same ADOM. How can the administrator perform this task? The administrator must use the Policy & Objects section to create a policy first. The administrator must disable the FortiManager offline mode first. The administrator must use the FortiManager script. The administrator must change the ADOM mode to Advanced to bring the FortiManager online. 5. Refer to the exhibit. A service provider administrator has assigned a global policy package to a managed customer ADOM named My_ADOM, which has four policy packages. The customer administrator has access only to My_ADOM. How can customer or service provider administrators remove both global header and footer policies from the policy package named Shared_Package? The service provider administrator can unassign both global policies from My_ADOM The customer administrator can unassign both polices by locking My_ADOM The customer administrator can unassign both global polices from My_ADOM The service provider administrator can unassign both policies from the global ADOM 6. An administrator has configured the command shown in the exhibit on FortiManager. A configuration change has been installed from FortiManager to the managed FortiGate that causes the FGFM tunnel to go down for more than 15 minutes. What is the purpose of this command? It allows FortiManager to revert and install a previous configuration revision on the managed FortiGate. It allows FortiGate to reboot and recover the previous configuration from its configuration file. It allows FortiManager to unset the new configuration through CLI and reboot FortiGate. It allows FortiGate to reboot and restore a previously working firmware image. 7. Refer to the exhibit. How will FortiManager try to get updates for antivirus and IPS? From the default server fds1.fortinet.com From public FDNI server IP address with the fourth highest octet only From the list of configured override servers or public FDN servers From the configured override server IP address 10.0.1.50 only 8. Which two items does an FGFM keepalive message include? (Choose two.) FortiGate uptime FortiGate configuration checksum FortiGate IPS version FortiGate license information 9. Refer to the exhibit. An administrator has created a firewall address object, Local, which is used in the Remote-FortiGate policy package. When the installation operation is performed, which IP/Netmask will be installed on Remote-FortiGate, for the Local firewall address object? It will create the Local and Remote-Local firewall address objects on Remote-FortiGate with 192.168.5.0/24 and 10.0.2.0/24 values. Remote-FortiGate will automatically choose an IP/netmask based on its network interface settings. 192.168.5.0/24 10.0.2.0/24 10. Which three settings are the factory default settings on FortiManager? (Choose three.) FortiAnalyzer features are disabled port1 interface IP address is 192.168.1.99/24 The Forti Manager setup wizard is disabled. Reports and Event Monitor panes are enabled The administrative domain is disabled. 11. What is the purpose of the Policy Check feature on FortiManager? To find and provide recommendation to combine multiple separate policy packages into one common To find and merge duplicate policies in the policy package To find and provide recommendation for optimizing policies in a policy package To find and delete disabled firewall policies in the policy package 12. An administrator with the Super_User profile is unable to log in to FortiManager because of an authentication failure message. Which troubleshooting step should you take to resolve the issue? Make sure FortiManager Access is enabled in the administrator profile Make sure Offline Mode is disabled Make sure the administrator IP address is part of the trusted hosts. Make sure ADOMs are enabled and the administrator has access to the Global ADOM 13. In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices. The administrator sent a device registration to FortiManager from a remote FortiGate. Which one of the following statements is true? The FortiGate will be added automatically to the default ADOM named FortiGate. By default, the unregistered FortiGate will appear in the root ADOM. The FortiGate will be automatically added to the Training ADOM. The FortiManager administrator must add the unregistered device manually to the unregistered device manually to the Training ADOM using the Add Device wizard 14. Refer to the exhibit. A junior administrator is troubleshooting a FortiManager connectivity issue that is occurring with managed FortiGate devices. Given the FortiManager device manager settings shown in the exhibit, what can you conclude from the exhibit? The administrator must refresh both devices to restore connectivity. The administrator can reclaim the FGFM tunnel to get both devices online. Forti Manager lost internet connectivity, therefore, both devices appear to be down. The administrator had restored the Forti Manager configuration file. 15. An administrator is replacing a failed device on FortiManager by running the following command: execute device replace sn . Which device name and serial number must the administrator use? The device name of the new device and serial number of the failed device. The device name of the failed device and serial number of the new device. The device name and serial number of the failed device. The device name and serial number of the new device. 16. An administrator configures a new OSPF route on FortiManager and has not yet pushed the changes to the managed FortiGate device. In which database will the configuration be saved? Configuration-level database ADOM-level database Device-level database Revision history database 17. An administrator would like to create an SD-WAN using central management in the Training ADOM. To create an SD-WAN using central management, which two steps must be completed? (Choose two) Remove all the interface references such as routes or policies that will be a part of SD-WAN member interfaces Configure and install the SD-WAN firewall policy and SD-WAN static route before installing the SDWAN template settings Specify a gateway address when you create a default SD-WAN static route Enable SD-WAN central management in the Training ADOM 18. What is the purpose of ADOM revisions? To save the FortiManager configuration in the System Checkpoints To save the current state of all policy packages and objects for an ADOM To revert individual policy packages and device-level settings for a managed FortiGate To save the current state of the whole ADOM 19. Refer to the exhibit showing a Download Import Report. Why is it failing to import firewall policy ID 1? The address object used in policy ID 1 already exists in the ADOM database with any as the interface association, and conflicts with the address object interface association locally on FortiGate. Policy ID 1 for this managed FortiGate already exists on FortiManager in the policy package named Remote-FortiGate. Policy ID 1 does not have the ADOM Interface mapping configured on FortiManager. Policy ID 1 is configured from the interface any to port6. FortiManager rejects the request to import this policy because the any interface does not exist on FortiManager. 20. Given the configuration shown in the exhibit, what can you conclude from the installation targets in the Install On column? (Choose two.) Policy seq.# 2 will not be installed on the Local-FortiGate root VDOM because there is no root VDOM in the Installation Target. Policy seq.# 3 will be skipped because no installation targets are specified. Policy 3 will be installed on all FortiGate devices and vdom belongs to the ADOM. Policy seq # 1 will be installed on the Remote-FortiGate root[NAT] and Student[NAT] VDOMs only. Policy seq.# 3 will be installed on all managed devices and VDOMs that are listed under Installation Targets. 21. Refer to the exhibit. According to the error message, why is FortiManager failing to add the FortiAnalyzer device? The administrator must turn off the Use Legacy Device login and add the FortiAnalyzer device to the same network as Forti Manager. The administrator must use the correct user name and password of the FortiAnalyzer device. The administrator must select the Forti Manager administrative access checkbox on the Forti Analyzer management interface. The administrator must use the Add Model Device section and discover the Forti Analyzer device. 22. Refer to the exhibit. An administrator is importing a new device to FortiManager and has selected the options shown in the exhibit. What will happen if the administrator makes the changes and installs the modified policy package on this managed FortiGate? The unused objects that are not tied to the firewall policies in the policy package will be deleted from the FortiManager database. The unused objects that are not tied to the firewall policies will remain as read-only locally on FortiGate. The unused objects that are not tied to the firewall policies will be installed on FortiGate. The unused objects that are not tied to the firewall policies locally on FortiGate will be deleted. 23. In the event that the primary FortiManager fails, which of the following actions must be performed to return the FortiManager HA to a working state? Manually promote one of the secondary devices to the primary role, and reconfigure all other secondary devices to point to the new primary device. FortiManager HA state transition is transparent to administrators and does not require any reconfiguration. Reboot one of the secondary devices to promote it automatically to the primary role, and reconfigure all other secondary devices to point to the new primary device. Secondary device with highest priority will automatically be promoted to the primary role, and manually reconfigure all other secondary devices to point to the new primary device. 24. Refer to the exhibit. An administrator is about to add the FortiGate device to FortiManager using the discovery process. FortiManager is operating behind a NAT device, and the administrator configured the FortiManager NATed IP address under the FortiManager system administration settings. What is the expected result? During discovery, FortiManager sets both the FortiManager NATed IP address and NAT device IP address on FortiGate. During discovery, FortiManager uses only the FortiGate serial number to establish the connection. During discovery, FortiManager sets the NATed device IP address on FortiGate. During discovery, FortiManager sets the FortiManager NATed IP address on FortiGate. 25. An administrator runs the Policy Check feature on Forti Manager ADOM. What will be the result? It will find and delete disabled firewall policies in the policy package. It will find and provide recommendations for optimizing policies in a policy package. It will find and provide recommendations to combine multiple separate policy packages into one common policy package. It will find and merge duplicate policies in the policy package. 26. An administrator enabled workspace mode and now wants to delete an address object that is currently referenced in a firewall policy. Which two results can the administrator expect to happen? (Choose two.) FortiManager will not allow the administrator to delete a referenced address object until the ADOM is locked. FortiManager will temporarily change the status of the referenced firewall policy. FortiManager will disable the status of the address object. FortiManager will replace the deleted address object with the none address object in the referenced firewall policy. 27. Refer to the exhibit. You are using the Quick Install option to install configuration changes on the managed FortiGate. Which two statements correctly describe the result? (Choose two.) It installs provisioning template changes on the FortiGate device. It installs device-level changes on the FortiGate device without launching the Install Wizard. It provides the option to preview only the policy package changes before installing them. It installs all the changes in the device database first and the administrator must reinstall the changes on the FortiGate device. 28. An administrator, Trainer, who is assigned the Super_User profile, is trying to approve a workflow session that was submitted by another administrator, Student. However, Trainer is unable to approve the workflow session. What can prevent an admin account that has Super_User rights over the device from approving a workflow session? Trainer does not have full rights over this ADOM. Trainer must close Student’s workflow session before approving the request. Trainer is not a part of workflow approval group. Trainer must first create their own workflow session to approve student session. 29. What are two outcomes of ADOM revisions? (Choose two.) ADOM revisions can create System Checkpoints for the FortiManager configuration ADOM revisions can save the current size of the whole ADOM ADOM revisions can save the current state of all policy packages and objects for an ADOM ADOM revisions can significantly increase the size of the configuration backups. 30. Push updates are failing on a FortiGate device that is located behind a NAT device. Which two settings should the administrator check? (Choose two.) That the virtual IP address and correct ports are set on the NAT device That the NAT device IP address and correct ports are configured on FortiManager That the override server IP address is set on FortiManager and the NAT device That the external IP address on the NAT device is set to DHCP and configured with the virtual IP Time's up