Fortinet NSE5 Forti Manager v7.2

Certification Provider: Fortinet

Exam: FCP: Forti Manager 7.2 Administrator

Exam Code: NSE5 FMG v7.2

Total Question: 72

Question per Quiz: 35

Updated On: 10 April 2025

Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam.

Which two statements about the scheduled backup of FortiManager are true?

t can be configured using the CLI and GUI.

It does not back up firmware images saved on FortiManager.

It supports FTP, SCP, and SFTP.

It backs up all devices and the FortiGuard database.

Which three settings are the factory default settings on FortiManager? (Choose three.)

FortiAnalyzer features are disabled

The Forti Manager setup wizard is disabled.

Reports and Event Monitor panes are enabled

port1 interface IP address is 192.168.1.99/24

The administrative domain is disabled.

Which two settings are required for FortiManager Management Extension Applications (MEA)? (Choose two.)

You must create an MEA special policy on Forti Manager using the super user profile.

You must open the ports to the Fortinet registry.

When you configure MEA, you must open TCP or UDP port 540.

The administrator must have the super user profile.

What will happen if FortiAnalyzer features are enabled on FortiManager?

FortiManager will install the logging configuration to the managed devices.

FortiManager can be used only as a logging device.

FortiManager will enable ADOMs to collect logs automatically from non-FortiGate devices.

FortiManager will keep all the logs and reports on the FortiManager.

None

Refer to the exhibit. Which statement is true about the Forti Manager ADOM policy tab based on the API request?

The API command has applied to customer with ID: 200.

The API command has enabled both central NAT and interface policy on the policy tab.

The API command has requested the policy tab permissions information only.

The API command has failed when requesting policy tab permissions information.

None

Refer to the exhibit. You are using the Quick Install option to install configuration changes on the managed FortiGate. Which two statements correctly describe the result? (Choose two.)

It installs device-level changes on the FortiGate device without launching the Install Wizard.

It provides the option to preview only the policy package changes before installing them.

It installs all the changes in the device database first and the administrator must reinstall the changes on the FortiGate device.

It installs provisioning template changes on the FortiGate device.

An administrator has assigned a global policy package to custom ADOM1. Then the administrator creates a new policy package, Fortinet, in the custom ADOM1. What will happen to the Fortinet policy package when it is created?

You need to assign the global policy package from the global ADOM.

It automatically assigns the global policies.

You need to reapply the global policy package to the ADOM.

You can select the option to assign the global policies.

None

What will happen if the script is run using the Device Database option? (Choose two.)

You must install these changes using the Install Wizard to a managed device.

The Device Settings Status will be tagged as Modified.

The successful execution of a script on the Device Database will create a new revision history.

The script history will show successful installation of the script on the remote FortiGate.

Refer to the exhibit. An administrator would like to create three ADOMs on FortiManager with different access levels based on departments. What two conclusions can you draw from the design shown in the exhibit? (Choose two.)

The FortiManager policies and objects database can be shared between the Financial and HR ADOMs.

Admin A can access VDOM2 and VDOM3 with the super user profile.

The administrator must set the FortiManager ADOM mode to Advanced.

The administrator must configure FortiManager in workspace mode.

10.

An administrator configures a new OSPF route on FortiManager and has not yet pushed the changes to the managed FortiGate device. In which database will the configuration be saved?

Configuration-level database

Revision history database

Device-level database

ADOM-level database

None

11.

You are moving managed FortiGate devices from one ADOM to a new ADOM. Which statement correctly describes the expected result?

The shared device settings will be installed automatically.

The shared policy package will not be moved to the new ADOM.

Policy packages will be imported into the new ADOM automatically.

Any unused objects from a previous ADOM are moved to the new ADOM automatically.

None

12.

Which configuration setting for FortiGate is part of a device-level database on FortiManager?

Security profiles

Firewall policies

Routing

VIP and IP Pools

None

13.

Refer to the exhibit. Which two statements about the output are true? (Choose two.)

Configuration changes have been installed on FortiGate, which means the FortiGate configuration has been changed.

The latest revision history for the managed FortiGate does match the FortiGate running configuration.

Configuration changes directly made on FortiGate have been automatically updated to the device-level database.

The latest revision history for the managed FortiGate does not match the device-level database.

14.

An administrator run the reload failure command: diagnose test deploymanager reload config on FortiManager. What does this command do?

It compares and provides differences in configuration on FortiManager with the current running configuration of the specified FortiGate.

It downloads the latest configuration from the specified FortiGate and performs a reload operation on the device database.

It installs the latest configuration on the specified FortiGate and update the revision history database.

It installs the provisioning template configuration on the specified FortiGate.

None

15.

Which two conditions trigger FortiManager to create a new revision history? (Choose two.)

When configuration revision is reverted to previous revision in the revision history

When FortiManager is auto-updated with configuration changes made directly on a managed device

When changes to device-level database is made on FortiManager

When FortiManager installs device-level changes to a managed device

16.

Refer to the exhibit. How will FortiManager try to get updates for antivirus and IPS?

From the configured override server IP address 10.0.1.50 only

From the list of configured override servers or public FDN servers

From public FDNI server IP address with the fourth highest octet only

From the default server fds1.fortinet.com

None

17.

Which two items are included in the FortiManager backup? (Choose two.)

Firmware images

Flash configuration

FortiGuard database

All devices

18.

An administrator has enabled Service Access on FortiManager. What is the purpose of Service Access on the FortiManager interface?

It allows FortiManager to determine the connection status of managed devices.

It allows FortiManager to respond to requests for FortiGuard services from FortiGate devices.

It allows administrative access to FortiManager.

It allows third-party applications to gain read/write access to FortiManager.

None

19.

Refer to the exhibit. An administrator has created a firewall address object, Local, which is used in the Remote-FortiGate policy package. When the installation operation is performed, which IP/Netmask will be installed on Remote-FortiGate, for the Local firewall address object?

It will create the Local and Remote-Local firewall address objects on Remote-FortiGate with 192.168.5.0/24 and 10.0.2.0/24 values.

Remote-FortiGate will automatically choose an IP/netmask based on its network interface settings.

192.168.5.0/24

10.0.2.0/24

None

20.

View the following exhibit. What is the purpose of setting ADOM Mode to Advanced?

The setting enables the ADOMs feature on FortiManager

The setting disables concurrent ADOM access and adds ADOM locking

The setting allows automatic updates to the policy package configuration for a managed device

This setting allows you to assign different VDOMs from the same FortiGate to different ADOMs.

None

21.

Refer to the exhibit.

On Forti Manager, an administrator created a new system template named Training with two new DNS addresses. During the installation preview stage, the administrator notices that central-management settings need to be purged.
What can be the main reason for the central-management purge command?

The ADOM is locked by another administrator.

The DNS addresses in the default system settings are the same as the Training system template.

The Remote-FortiGate device does not have any DNS server-list configured in the central-management settings.

The Training system template has a default FortiGuard widget.

None

22.

Given the configuration shown in the exhibit, what can you conclude from the installation targets in the Install On column? (Choose two.)

Policy seq.# 2 will not be installed on the Local-FortiGate root VDOM because there is no root VDOM in the Installation Target.

Policy seq.# 3 will be skipped because no installation targets are specified.

Policy seq # 1 will be installed on the Remote-FortiGate root[NAT] and Student[NAT] VDOMs only.

Policy 3 will be installed on all FortiGate devices and vdom belongs to the ADOM.

Policy seq.# 3 will be installed on all managed devices and VDOMs that are listed under Installation Targets.

23.

An administrator’s PC crashes before the administrator can submit a workflow session for approval. After the PC is restarted, the administrator notices that the ADOM was locked from the session before the crash. How can the administrator unlock the ADOM?

Delete the previous admin session manually through the Forti Manager GUI or CLI.

Restore the configuration from a previous backup.

None

24.

Which two settings must be configured for SD-WAN Central Management? (Choose two.)

When you configure an SD-WAN, you must specify at least two member interfaces.

You can create multiple SD-WAN interfaces per VDOM

SD-WAN must be enabled on per-ADOM basis

The first step in creating an SD-WAN using FortiManager is to create two SD-WAN firewall policies.

25.

Refer to the exhibit. A service provider administrator has assigned a global policy package to a managed customer ADOM named My_ADOM, which has four policy packages. The customer administrator has access only to My_ADOM. How can customer or service provider administrators remove both global header and footer policies from the policy package named Shared_Package?

The service provider administrator can unassign both policies from the global ADOM

The service provider administrator can unassign both global policies from My_ADOM

The customer administrator can unassign both polices by locking My_ADOM

The customer administrator can unassign both global polices from My_ADOM

None

26.

An administrator enabled workspace mode and now wants to delete an address object that is currently referenced in a firewall policy. Which two results can the administrator expect to happen? (Choose two.)

FortiManager will temporarily change the status of the referenced firewall policy.

FortiManager will disable the status of the address object.

FortiManager will not allow the administrator to delete a referenced address object until the ADOM is locked.

FortiManager will replace the deleted address object with the none address object in the referenced firewall policy.

27.

Refer to the exhibit. What is the purpose of setting ADOM Mode to Advanced?

This setting allows you to manage FortiGate chassis models.

This setting disables concurrent ADOM access and adds ADOM locking.

This setting allows you to assign a VDOM from a single device to a different ADOM.

This setting enables the ADOMs feature on FortiManager.

None

28.

Refer to the exhibit. What can you conclude from the failed installation log shown in the exhibit?

Policy ID 2 is installed in the disabled state.

Policy ID 2 will not be installed.

Policy ID 2 is installed without a source address.

Policy ID 2 is installed without the remote user student.

None

29.

What is the purpose of the Policy Check feature on FortiManager?

To find and merge duplicate policies in the policy package

To find and delete disabled firewall policies in the policy package

To find and provide recommendation for optimizing policies in a policy package

To find and provide recommendation to combine multiple separate policy packages into one common

None

30.

How are bulk configuration changes made using FortiManager CLI scripts? (Choose two.)

When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.

When run on the Device Database, changes are applied directly to the managed FortiGate device.

When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history.

Time's up

Follow Us

Fortinet NSE5 Forti Manager v7.2

PCNSE – Palo Alto Certified Network Security Engineer

PCNSC – Paloalto Certified Network Security Consultant

No Comment! Be the first one.

Leave a Reply Cancel reply

Popular

Get Free eBooks

Broken Access Control

Social

Newsletter

Follow Us

Type and hit Enter to search

Fortinet NSE5 Forti Manager v7.2

Share Article

PCNSE – Palo Alto Certified Network Security Engineer

PCNSC – Paloalto Certified Network Security Consultant

No Comment! Be the first one.

Leave a Reply Cancel reply

Popular

Get Free eBooks

Broken Access Control

Social

Newsletter