Fortinet NSE5 Forti Manager v7.2

Certification Provider: Fortinet

Exam: FCP: Forti Manager 7.2 Administrator

Exam Code: NSE5 FMG v7.2

Total Question: 72

Question per Quiz: 35

Updated On: 06 April 2024

Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam.

An administrator is in the process of moving the system template profile between ADOMs by running the following command: execute fmprofile import-profile ADOM2 3547 /tmp/myfile Where does the administrator import the file from?

ADOM2

ADOM2 object database

File system

ADOM1

None

How are bulk configuration changes made using FortiManager CLI scripts? (Choose two.)

When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.

When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history.

When run on the Device Database, changes are applied directly to the managed FortiGate device.

View the following exhibit. Which statement is true regarding this failed installation log?

Policy ID 2 is installed without a source address

Policy ID 2 is installed without a source device

Policy ID 2 will not be installed

Policy ID 2 is installed in disabled state

None

An administrator is replacing a failed device on FortiManager by running the following command: execute device replace sn . Which device name and serial number must the administrator use?

The device name and serial number of the new device.

The device name of the new device and serial number of the failed device.

The device name and serial number of the failed device.

The device name of the failed device and serial number of the new device.

None

Refer to the exhibit. Which statement is true about the Forti Manager ADOM policy tab based on the API request?

The API command has enabled both central NAT and interface policy on the policy tab.

The API command has requested the policy tab permissions information only.

The API command has applied to customer with ID: 200.

The API command has failed when requesting policy tab permissions information.

None

Refer to the exhibit. An administrator logs in to the FortiManager GUI and sees the panes shown in the exhibit. Which two reasons can explain why the FortiAnalyzer feature panes do not appear? (Choose two.)

The admin session requires approval before administrator can see the FortiAnalyzer feature panes.

The administrator workflow is enabled on the ADOM.

FortiAnalyzer features are not enabled on FortiManager.

The administrator profile does not have full access privileges like the Super_User profile.

Which two statements about Security Fabric integration with FortiManager are true? (Choose two.)

The Fabric View module enables you to generate the Security Fabric ratings for Security Fabric devices.

The Security Fabric settings are part of the device-level settings.

The Fabric View module enables you to view the Security Fabric ratings for Security Fabric devices.

The Security Fabric license, group name, and password are required for the FortiManager Security Fabric integration.

An administrator enabled workspace mode and now wants to delete an address object that is currently referenced in a firewall policy. Which two results can the administrator expect to happen? (Choose two.)

FortiManager will temporarily change the status of the referenced firewall policy.

FortiManager will disable the status of the address object.

FortiManager will not allow the administrator to delete a referenced address object until the ADOM is locked.

FortiManager will replace the deleted address object with the none address object in the referenced firewall policy.

In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices only. The administrator authorized the FortiGate device on FortiManager using the Fortinet Security Fabric. Given the administrator’s actions, which statement correctly describes the expected result?

The authorized FortiGate will be automatically added to the Training ADOM.

The authorized FortiGate will appear in the root ADOM.

The authorized FortiGate can be added to the Training ADOM using FortiGate Fabric Connectors.

The FortiManager administrator must add the authorized device to the Training ADOM using the Add Device wizard only.

None

10.

Given the configuration shown in the exhibit, which two statements are true?

An administrator can also lock the Local-FortiGate-1 policy package.

The Forti Manager ADOM workspace mode is set to Normal.

Forti Manager is in workflow mode.

The FortiManager ADOM is locked by the administrator.

11.

When an installation is performed from FortiManager, what is the recovery logic used between FortiManager and FortiGate for an FGFM tunnel?

FortiManager will revert and install a previous configuration revision on the managed FortiGate.

After 15 minutes, FortiGate will unset all CLI commands that were part of the installation that caused the tunnel to go down.

FortiGate will reject the CLI commands that will cause the tunnel to go down.

FortiManager will not push the CLI commands as a part of the installation that will cause the tunnel to go down.

None

12.

What is the purpose of ADOM revisions?

To save the current state of all policy packages and objects for an ADOM

To save the current state of the whole ADOM

To save the FortiManager configuration in the System Checkpoints

To revert individual policy packages and device-level settings for a managed FortiGate

None

13.

Which two settings must be configured for SD-WAN Central Management? (Choose two.)

SD-WAN must be enabled on per-ADOM basis

The first step in creating an SD-WAN using FortiManager is to create two SD-WAN firewall policies.

You can create multiple SD-WAN interfaces per VDOM

When you configure an SD-WAN, you must specify at least two member interfaces.

14.

What does a policy package status of Never Installed indicate?

The policy package was never imported after a device was registered on Forti Manager.

The policy configuration has been changed on a managed device and changes have not yet been imported into FortiManager.

FortiManager is unable to determine the policy package status.

The policy configuration has been changed on FortiManager and changes have not yet been installed on the managed device.

None

15.

Which two conditions trigger FortiManager to create a new revision history? (Choose two.)

When FortiManager installs device-level changes to a managed device

When configuration revision is reverted to previous revision in the revision history

When FortiManager is auto-updated with configuration changes made directly on a managed device

When changes to device-level database is made on FortiManager

16.

An administrator has assigned a global policy package to a new ADOM called ADOM1. What will happen if the administrator tries to create a new policy package in ADOM1?

When a new policy package is created, the administrator must import the global policy package to ADOM1.

When a new policy package is created, the administrator must assign the global policy package from the global ADOM.

When the new policy package is created, FortiManager automatically assigns the global policy package to the new policy package.

When creating a new policy package, the administrator can select the option to assign the global policy package to the new policy package.

None

17.

View the following exhibit. What is the purpose of setting ADOM Mode to Advanced?

This setting allows you to assign different VDOMs from the same FortiGate to different ADOMs.

The setting allows automatic updates to the policy package configuration for a managed device

The setting disables concurrent ADOM access and adds ADOM locking

The setting enables the ADOMs feature on FortiManager

None

18.

An administrator has configured the command shown in the exhibit on FortiManager. A configuration change has been installed from FortiManager to the managed FortiGate that causes the FGFM tunnel to go down for more than 15 minutes. What is the purpose of this command?

It allows FortiGate to reboot and recover the previous configuration from its configuration file.

It allows FortiManager to revert and install a previous configuration revision on the managed FortiGate.

It allows FortiGate to reboot and restore a previously working firmware image.

It allows FortiManager to unset the new configuration through CLI and reboot FortiGate.

None

19.

Which two statements about the scheduled backup of FortiManager are true?

t can be configured using the CLI and GUI.

It backs up all devices and the FortiGuard database.

It does not back up firmware images saved on FortiManager.

It supports FTP, SCP, and SFTP.

20.

Refer to the exhibit. What will happen if the script is run using the Remote FortiGate Directly (via CLI) option? (Choose two.)

FortiManager will create a new revision history.

FortiGate will auto-update the FortiManager device-level database.

FortiManager provides a preview of CLI commands before executing this script on a managed FortiGate.

You must install these changes using the Install Wizard.

21.

Refer to the exhibit. What can you conclude from the failed installation log shown in the exhibit?

Policy ID 2 will not be installed.

Policy ID 2 is installed without the remote user student.

Policy ID 2 is installed without a source address.

Policy ID 2 is installed in the disabled state.

None

22.

What is the advantage of using FortiManager to manage FortiAnalyzer?

It allows FortiManager to act as a collector and FortiAnalyzer device.

It allows FortiManager to manage all FortiGate devices.

It allows FortiManager to run reports based on FortiAnalyzer.

It allows FortiManager to store all managed FortiGate device logs.

None

23.

Refer to the exhibit. An administrator wants to create a policy on the Staging ADOM in backup mode, and install it on the FortiGate device in the same ADOM. How can the administrator perform this task?

The administrator must use the FortiManager script.

The administrator must disable the FortiManager offline mode first.

The administrator must change the ADOM mode to Advanced to bring the FortiManager online.

The administrator must use the Policy & Objects section to create a policy first.

None

24.

Refer to the exhibit. How will FortiManager try to get updates for antivirus and IPS?

From the default server fds1.fortinet.com

From the list of configured override servers or public FDN servers

From the configured override server IP address 10.0.1.50 only

From public FDNI server IP address with the fourth highest octet only

None

25.

An administrator, Trainer, who is assigned the Super_User profile, is trying to approve a workflow session that was submitted by another administrator, Student. However, Trainer is unable to approve the workflow session. What can prevent an admin account that has Super_User rights over the device from approving a workflow session?

Trainer must close Student’s workflow session before approving the request.

Trainer does not have full rights over this ADOM.

Trainer must first create their own workflow session to approve student session.

Trainer is not a part of workflow approval group.

None

26.

FortiManager will replace the deleted address object with the none address object in the referenced firewall policy.

FortiManager will not allow the administrator to delete a referenced address object until the ADOM is locked.

FortiManager will temporarily change the status of the referenced firewall policy.

FortiManager will disable the status of the address object.

27.

Which two statements about an ADOM set in Normal mode on Forti Manager are true?

It supports the FortiManager script feature.

FortiManager automatically installs the configuration difference in revisions on the managed FortiGate.

You cannot assign the same ADOM to multiple administrators.

It allows making configuration changes for managed devices on FortiManager panes.

28.

Refer to the exhibit. You are using the Quick Install option to install configuration changes on the managed FortiGate. Which two statements correctly describe the result? (Choose two.)

It provides the option to preview only the policy package changes before installing them.

It installs all the changes in the device database first and the administrator must reinstall the changes on the FortiGate device.

It installs device-level changes on the FortiGate device without launching the Install Wizard.

It installs provisioning template changes on the FortiGate device.

29.

Refer to the exhibit. An administrator is about to add the FortiGate device to FortiManager using the discovery process. FortiManager is operating behind a NAT device, and the administrator configured the FortiManager NATed IP address under the FortiManager system administration settings. What is the expected result?

During discovery, FortiManager sets the FortiManager NATed IP address on FortiGate.

During discovery, FortiManager sets both the FortiManager NATed IP address and NAT device IP address on FortiGate.

During discovery, FortiManager uses only the FortiGate serial number to establish the connection.

During discovery, FortiManager sets the NATed device IP address on FortiGate.

None

30.

Which configuration setting for FortiGate is part of an ADOM-level database on FortiManager?

Security profiles

NSX-T Service Template

Routing

SNMP

None

Time's up

Follow Us

Fortinet NSE5 Forti Manager v7.2

PCNSE – Palo Alto Certified Network Security Engineer

No Comment! Be the first one.

Leave a Reply Cancel reply

Popular

IP Subnet Cheat sheet

Speed Up Your Windows PC

Social

Newsletter

Follow Us

Type and hit Enter to search

Fortinet NSE5 Forti Manager v7.2

Share Article

PCNSE – Palo Alto Certified Network Security Engineer

No Comment! Be the first one.

Leave a Reply Cancel reply

Popular

IP Subnet Cheat sheet

Speed Up Your Windows PC

Social

Newsletter