Certification Provider: FortinetExam: FCP: Forti Manager 7.2 AdministratorExam Code: NSE5 FMG v7.2Total Question: 72Question per Quiz: 35Updated On: 06 April 2024Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam. 1. Which three settings are the factory default settings on FortiManager? (Choose three.) FortiAnalyzer features are disabled The Forti Manager setup wizard is disabled. port1 interface IP address is 192.168.1.99/24 The administrative domain is disabled. Reports and Event Monitor panes are enabled 2. When an installation is performed from FortiManager, what is the recovery logic used between FortiManager and FortiGate for an FGFM tunnel? FortiGate will reject the CLI commands that will cause the tunnel to go down. FortiManager will not push the CLI commands as a part of the installation that will cause the tunnel to go down. After 15 minutes, FortiGate will unset all CLI commands that were part of the installation that caused the tunnel to go down. FortiManager will revert and install a previous configuration revision on the managed FortiGate. None 3. An administrator’s PC crashes before the administrator can submit a workflow session for approval. After the PC is restarted, the administrator notices that the ADOM was locked from the session before the crash. How can the administrator unlock the ADOM? Restore the configuration from a previous backup. Delete the previous admin session manually through the Forti Manager GUI or CLI. Log in as Super_User in order to unlock the ADOM. Log in using the same administrator account to unlock the ADOM. None 4. An administrator would like to create an SD-WAN using central management in the Training ADOM. To create an SD-WAN using central management, which two steps must be completed? (Choose two) Enable SD-WAN central management in the Training ADOM Specify a gateway address when you create a default SD-WAN static route Configure and install the SD-WAN firewall policy and SD-WAN static route before installing the SDWAN template settings Remove all the interface references such as routes or policies that will be a part of SD-WAN member interfaces 5. Refer to the exhibit. An administrator has created a firewall address object, Local, which is used in the Remote-FortiGate policy package. When the installation operation is performed, which IP/Netmask will be installed on Remote-FortiGate, for the Local firewall address object? Remote-FortiGate will automatically choose an IP/netmask based on its network interface settings. 192.168.5.0/24 It will create the Local and Remote-Local firewall address objects on Remote-FortiGate with 192.168.5.0/24 and 10.0.2.0/24 values. 10.0.2.0/24 None 6. An administrator wants to delete an address object that is currently referenced in a firewall policy. What can the administrator expect to happen? FortiManager will replace the deleted address object with all address object in the referenced firewall policy FortiManager will not allow the administrator to delete a referenced address object FortiManager will disable the status of the referenced firewall policy FortiManager will replace the deleted address object with the none address object in the referenced firewall policy None 7. Push updates are failing on a FortiGate device that is located behind a NAT device. Which two settings should the administrator check? (Choose two.) That the external IP address on the NAT device is set to DHCP and configured with the virtual IP That the virtual IP address and correct ports are set on the NAT device That the override server IP address is set on FortiManager and the NAT device That the NAT device IP address and correct ports are configured on FortiManager 8. What will be the result of reverting to a previous revision version in the revision history? It will install configuration changes to managed device automatically. It will modify the device-level database. It will tag the device settings status as Auto-Update. It will generate a new version ID and remove all other revision history versions. None 9. Which two settings must be configured for SD-WAN Central Management? (Choose two.) When you configure an SD-WAN, you must specify at least two member interfaces. SD-WAN must be enabled on per-ADOM basis The first step in creating an SD-WAN using FortiManager is to create two SD-WAN firewall policies. You can create multiple SD-WAN interfaces per VDOM 10. Which two items does an FGFM keepalive message include? (Choose two.) FortiGate configuration checksum FortiGate IPS version FortiGate license information FortiGate uptime 11. Refer to the exhibit. What will happen if the script is run using the Remote FortiGate Directly (via CLI) option? (Choose two.) FortiManager will create a new revision history. FortiManager provides a preview of CLI commands before executing this script on a managed FortiGate. You must install these changes using the Install Wizard. FortiGate will auto-update the FortiManager device-level database. 12. Refer to the exhibit. What can you conclude from the failed installation log shown in the exhibit? Policy ID 2 is installed without a source address. Policy ID 2 is installed without the remote user student. Policy ID 2 will not be installed. Policy ID 2 is installed in the disabled state. None 13. An administrator would like to review, approve or reject all the firewall policy changes made by the junior administrators. How should the workspace mode settings be configured on FortiManager? Set to workspace and using the policy locking feature Set to workflow and using the ADOM locking feature Set to normal and using the approval group feature Set to read/write and using the policy locking feature None 14. Refer to the exhibit. How will FortiManager try to get updates for antivirus and IPS? From the default server fds1.fortinet.com From public FDNI server IP address with the fourth highest octet only From the configured override server IP address 10.0.1.50 only From the list of configured override servers or public FDN servers None 15. Refer to the exhibit. You are using the Quick Install option to install configuration changes on the managed FortiGate. Which two statements correctly describe the result? (Choose two.) It installs device-level changes on the FortiGate device without launching the Install Wizard. It provides the option to preview only the policy package changes before installing them. It installs all the changes in the device database first and the administrator must reinstall the changes on the FortiGate device. It installs provisioning template changes on the FortiGate device. 16. What does a policy package status of Never Installed indicate? The policy configuration has been changed on a managed device and changes have not yet been imported into FortiManager. The policy package was never imported after a device was registered on Forti Manager. FortiManager is unable to determine the policy package status. The policy configuration has been changed on FortiManager and changes have not yet been installed on the managed device. None 17. Refer to the exhibit. Which two statements about the output are true? (Choose two.) The latest revision history for the managed FortiGate does not match the device-level database. Configuration changes have been installed on FortiGate, which means the FortiGate configuration has been changed. Configuration changes directly made on FortiGate have been automatically updated to the device-level database. The latest revision history for the managed FortiGate does match the FortiGate running configuration. 18. An administrator created a header and footer global policy package and assigned it to an ADOM. What are two outcomes from this action? (Choose two.) You must manually move the header and footer policies after the policy assignment. f you assign an additional global policy package to the same ADOM, FortiManager removes previously assigned policies. You can edit or delete all the global objects in the global ADOM. After you assign the global policy package to an ADOM, the policy package is hidden from the ADOM and cannot be viewed. 19. Refer to the exhibit. An administrator wants to create a policy on the Staging ADOM in backup mode, and install it on the FortiGate device in the same ADOM. How can the administrator perform this task? The administrator must use the FortiManager script. The administrator must change the ADOM mode to Advanced to bring the FortiManager online. The administrator must disable the FortiManager offline mode first. The administrator must use the Policy & Objects section to create a policy first. None 20. Which two conditions trigger FortiManager to create a new revision history? (Choose two.) When FortiManager is auto-updated with configuration changes made directly on a managed device When FortiManager installs device-level changes to a managed device When changes to device-level database is made on FortiManager When configuration revision is reverted to previous revision in the revision history 21. Refer to the exhibit. A junior administrator is troubleshooting a FortiManager connectivity issue that is occurring with managed FortiGate devices. Given the FortiManager device manager settings shown in the exhibit, what can you conclude from the exhibit? The administrator can reclaim the FGFM tunnel to get both devices online. The administrator must refresh both devices to restore connectivity. Forti Manager lost internet connectivity, therefore, both devices appear to be down. The administrator had restored the Forti Manager configuration file. None 22. An administrator with the Super_User profile is unable to log in to FortiManager because of an authentication failure message. Which troubleshooting step should you take to resolve the issue? Make sure Offline Mode is disabled Make sure ADOMs are enabled and the administrator has access to the Global ADOM Make sure FortiManager Access is enabled in the administrator profile Make sure the administrator IP address is part of the trusted hosts. None 23. In the event that the monitored interface for the primary FortiManager device fails, which statement is true about Forti Manager HA? Manually promote one of the working secondary devices to the primary role, and reboot the old primary device to remove the peer IP of the failed device Reboot the failed device to remove its IP from the primary device. The FortiManager HA failover is transparent to administrators and does not require any reconfiguration. Reconfigure the primary device to remove the peer IP of the failed device. None 24. Refer to the exhibit.On Forti Manager, an administrator created a new system template named Training with two new DNS addresses. During the installation preview stage, the administrator notices that central-management settings need to be purged.What can be the main reason for the central-management purge command? The DNS addresses in the default system settings are the same as the Training system template. The ADOM is locked by another administrator. The Training system template has a default FortiGuard widget. The Remote-FortiGate device does not have any DNS server-list configured in the central-management settings. None 25. In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices. The administrator sent a device registration to FortiManager from a remote FortiGate. Which one of the following statements is true? The FortiManager administrator must add the unregistered device manually to the unregistered device manually to the Training ADOM using the Add Device wizard The FortiGate will be automatically added to the Training ADOM. By default, the unregistered FortiGate will appear in the root ADOM. The FortiGate will be added automatically to the default ADOM named FortiGate. None 26. What does a policy package status of Conflict indicate? The policy configuration has never been imported after a device was registered on FortiManager. The policy package configuration has been changed on both FortiManager and the managed device independently. The policy package reports inconsistencies and conflicts during a Policy Consistency Check. None 27. An administrator enabled workspace mode and now wants to delete an address object that is currently referenced in a firewall policy. Which two results can the administrator expect to happen? (Choose two.) FortiManager will not allow the administrator to delete a referenced address object until the ADOM is locked. FortiManager will temporarily change the status of the referenced firewall policy. FortiManager will disable the status of the address object. FortiManager will replace the deleted address object with the none address object in the referenced firewall policy. 28. In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices only. The administrator authorized the FortiGate device on FortiManager using the Fortinet Security Fabric. Given the administrator’s actions, which statement correctly describes the expected result? The FortiManager administrator must add the authorized device to the Training ADOM using the Add Device wizard only. The authorized FortiGate will be automatically added to the Training ADOM. The authorized FortiGate will appear in the root ADOM. The authorized FortiGate can be added to the Training ADOM using FortiGate Fabric Connectors. None 29. An administrator has assigned a global policy package to a new ADOM called ADOM1. What will happen if the administrator tries to create a new policy package in ADOM1? When the new policy package is created, FortiManager automatically assigns the global policy package to the new policy package. When creating a new policy package, the administrator can select the option to assign the global policy package to the new policy package. When a new policy package is created, the administrator must assign the global policy package from the global ADOM. When a new policy package is created, the administrator must import the global policy package to ADOM1. None 30. What will happen if the script is run using the Device Database option? (Choose two.) You must install these changes using the Install Wizard to a managed device. The successful execution of a script on the Device Database will create a new revision history. The script history will show successful installation of the script on the remote FortiGate. The Device Settings Status will be tagged as Modified. Time's up