Certification Provider: FortinetExam: FCP: Forti Manager 7.2 AdministratorExam Code: NSE5 FMG v7.2Total Question: 72Question per Quiz: 35Updated On: 10 April 2025Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam. 1. Which two items does an FGFM keepalive message include? (Choose two.) FortiGate IPS version FortiGate uptime FortiGate license information FortiGate configuration checksum 2. An administrator configures a new OSPF route on FortiManager and has not yet pushed the changes to the managed FortiGate device. In which database will the configuration be saved? ADOM-level database Revision history database Device-level database Configuration-level database None 3. Refer to the exhibit. What will happen if the script is run using the Remote FortiGate Directly (via CLI) option? (Choose two.) You must install these changes using the Install Wizard. FortiManager will create a new revision history. FortiGate will auto-update the FortiManager device-level database. FortiManager provides a preview of CLI commands before executing this script on a managed FortiGate. 4. View the following exhibit. What is the purpose of setting ADOM Mode to Advanced? The setting allows automatic updates to the policy package configuration for a managed device The setting enables the ADOMs feature on FortiManager The setting disables concurrent ADOM access and adds ADOM locking This setting allows you to assign different VDOMs from the same FortiGate to different ADOMs. None 5. Refer to the exhibit.On Forti Manager, an administrator created a new system template named Training with two new DNS addresses. During the installation preview stage, the administrator notices that central-management settings need to be purged.What can be the main reason for the central-management purge command? The DNS addresses in the default system settings are the same as the Training system template. The Training system template has a default FortiGuard widget. The Remote-FortiGate device does not have any DNS server-list configured in the central-management settings. The ADOM is locked by another administrator. None 6. Which two items are included in the FortiManager backup? (Choose two.) FortiGuard database Flash configuration All devices Firmware images 7. Which configuration setting for FortiGate is part of a device-level database on FortiManager? VIP and IP Pools Routing Firewall policies Security profiles None 8. When an installation is performed from FortiManager, what is the recovery logic used between FortiManager and FortiGate for an FGFM tunnel? FortiGate will reject the CLI commands that will cause the tunnel to go down. FortiManager will not push the CLI commands as a part of the installation that will cause the tunnel to go down. FortiManager will revert and install a previous configuration revision on the managed FortiGate. After 15 minutes, FortiGate will unset all CLI commands that were part of the installation that caused the tunnel to go down. None 9. An administrator, Trainer, who is assigned the Super_User profile, is trying to approve a workflow session that was submitted by another administrator, Student. However, Trainer is unable to approve the workflow session. What can prevent an admin account that has Super_User rights over the device from approving a workflow session? Trainer does not have full rights over this ADOM. Trainer is not a part of workflow approval group. Trainer must close Student’s workflow session before approving the request. Trainer must first create their own workflow session to approve student session. None 10. An administrator has configured the command shown in the exhibit on FortiManager. A configuration change has been installed from FortiManager to the managed FortiGate that causes the FGFM tunnel to go down for more than 15 minutes. What is the purpose of this command? It allows FortiGate to reboot and restore a previously working firmware image. It allows FortiGate to reboot and recover the previous configuration from its configuration file. It allows FortiManager to revert and install a previous configuration revision on the managed FortiGate. It allows FortiManager to unset the new configuration through CLI and reboot FortiGate. None 11. What is the advantage of using FortiManager to manage FortiAnalyzer? It allows FortiManager to store all managed FortiGate device logs. It allows FortiManager to manage all FortiGate devices. It allows FortiManager to run reports based on FortiAnalyzer. It allows FortiManager to act as a collector and FortiAnalyzer device. None 12. How are bulk configuration changes made using FortiManager CLI scripts? (Choose two.) When run on the Device Database, changes are applied directly to the managed FortiGate device. When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation. When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history. 13. Refer to the exhibit. Which statement is true about the Forti Manager ADOM policy tab based on the API request? The API command has enabled both central NAT and interface policy on the policy tab. The API command has failed when requesting policy tab permissions information. The API command has applied to customer with ID: 200. The API command has requested the policy tab permissions information only. None 14. Which three settings are the factory default settings on FortiManager? (Choose three.) The administrative domain is disabled. port1 interface IP address is 192.168.1.99/24 FortiAnalyzer features are disabled The Forti Manager setup wizard is disabled. Reports and Event Monitor panes are enabled 15. Refer to the exhibit. An administrator logs in to the FortiManager GUI and sees the panes shown in the exhibit. Which two reasons can explain why the FortiAnalyzer feature panes do not appear? (Choose two.) The administrator workflow is enabled on the ADOM. FortiAnalyzer features are not enabled on FortiManager. The administrator profile does not have full access privileges like the Super_User profile. The admin session requires approval before administrator can see the FortiAnalyzer feature panes. 16. An administrator runs the Policy Check feature on Forti Manager ADOM. What will be the result? It will find and merge duplicate policies in the policy package. It will find and provide recommendations to combine multiple separate policy packages into one common policy package. It will find and delete disabled firewall policies in the policy package. It will find and provide recommendations for optimizing policies in a policy package. None 17. An administrator would like to review, approve or reject all the firewall policy changes made by the junior administrators. How should the workspace mode settings be configured on FortiManager? Set to read/write and using the policy locking feature Set to workflow and using the ADOM locking feature Set to normal and using the approval group feature Set to workspace and using the policy locking feature None 18. What will be the result of reverting to a previous revision version in the revision history? It will tag the device settings status as Auto-Update. It will modify the device-level database. It will generate a new version ID and remove all other revision history versions. It will install configuration changes to managed device automatically. None 19. Refer to the exhibit showing a Download Import Report. Why is it failing to import firewall policy ID 1? Policy ID 1 for this managed FortiGate already exists on FortiManager in the policy package named Remote-FortiGate. The address object used in policy ID 1 already exists in the ADOM database with any as the interface association, and conflicts with the address object interface association locally on FortiGate. Policy ID 1 is configured from the interface any to port6. FortiManager rejects the request to import this policy because the any interface does not exist on FortiManager. Policy ID 1 does not have the ADOM Interface mapping configured on FortiManager. None 20. An administrator wants to delete an address object that is currently referenced in a firewall policy. What can the administrator expect to happen? FortiManager will replace the deleted address object with the none address object in the referenced firewall policy FortiManager will not allow the administrator to delete a referenced address object FortiManager will replace the deleted address object with all address object in the referenced firewall policy FortiManager will disable the status of the referenced firewall policy None 21. In the event that the primary FortiManager fails, which of the following actions must be performed to return the FortiManager HA to a working state? Reboot one of the secondary devices to promote it automatically to the primary role, and reconfigure all other secondary devices to point to the new primary device. Secondary device with highest priority will automatically be promoted to the primary role, and manually reconfigure all other secondary devices to point to the new primary device. Manually promote one of the secondary devices to the primary role, and reconfigure all other secondary devices to point to the new primary device. FortiManager HA state transition is transparent to administrators and does not require any reconfiguration. None 22. What does a policy package status of Never Installed indicate? The policy configuration has been changed on FortiManager and changes have not yet been installed on the managed device. The policy package was never imported after a device was registered on Forti Manager. The policy configuration has been changed on a managed device and changes have not yet been imported into FortiManager. FortiManager is unable to determine the policy package status. None 23. An administrator created a header and footer global policy package and assigned it to an ADOM. What are two outcomes from this action? (Choose two.) You can edit or delete all the global objects in the global ADOM. f you assign an additional global policy package to the same ADOM, FortiManager removes previously assigned policies. You must manually move the header and footer policies after the policy assignment. After you assign the global policy package to an ADOM, the policy package is hidden from the ADOM and cannot be viewed. 24. Refer to the exhibit. An administrator is about to add the FortiGate device to FortiManager using the discovery process. FortiManager is operating behind a NAT device, and the administrator configured the FortiManager NATed IP address under the FortiManager system administration settings. What is the expected result? During discovery, FortiManager sets the NATed device IP address on FortiGate. During discovery, FortiManager sets both the FortiManager NATed IP address and NAT device IP address on FortiGate. During discovery, FortiManager uses only the FortiGate serial number to establish the connection. During discovery, FortiManager sets the FortiManager NATed IP address on FortiGate. None 25. Refer to the exhibit. What is the purpose of setting ADOM Mode to Advanced? This setting allows you to assign a VDOM from a single device to a different ADOM. This setting enables the ADOMs feature on FortiManager. This setting disables concurrent ADOM access and adds ADOM locking. This setting allows you to manage FortiGate chassis models. None 26. Which two conditions trigger FortiManager to create a new revision history? (Choose two.) When FortiManager installs device-level changes to a managed device When configuration revision is reverted to previous revision in the revision history When changes to device-level database is made on FortiManager When FortiManager is auto-updated with configuration changes made directly on a managed device 27. Refer to the exhibit. An administrator wants to create a policy on the Staging ADOM in backup mode, and install it on the FortiGate device in the same ADOM. How can the administrator perform this task? The administrator must disable the FortiManager offline mode first. The administrator must change the ADOM mode to Advanced to bring the FortiManager online. The administrator must use the Policy & Objects section to create a policy first. The administrator must use the FortiManager script. None 28. View the following exhibit. Which statement is true regarding this failed installation log? Policy ID 2 is installed without a source device Policy ID 2 is installed in disabled state Policy ID 2 will not be installed Policy ID 2 is installed without a source address None 29. If both FortiManager and FortiGate are behind the NAT devices, what are the two expected results? (Choose two.) If the FCFM tunnel is torn down, FortiManager will try to re-establish the FGFM tunnel. FortiGate is discovered by FortiManager through the FortiGate NATed IP address. During discovery, the FortiManager NATed IP address is not set by default on FortiGate. FortiGate can announce itself to FortiManager only if the FortiManager IP address is configured on FortiGate under central management. 30. What will happen if the script is run using the Device Database option? (Choose two.) The successful execution of a script on the Device Database will create a new revision history. The script history will show successful installation of the script on the remote FortiGate. You must install these changes using the Install Wizard to a managed device. The Device Settings Status will be tagged as Modified. Time's up
