Fortinet NSE5 Forti Manager v7.2

Certification Provider: Fortinet

Exam: FCP: Forti Manager 7.2 Administrator

Exam Code: NSE5 FMG v7.2

Total Question: 72

Question per Quiz: 35

Updated On: 10 April 2025

Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam.

What will happen if FortiAnalyzer features are enabled on FortiManager?

FortiManager will enable ADOMs to collect logs automatically from non-FortiGate devices.

FortiManager can be used only as a logging device.

FortiManager will keep all the logs and reports on the FortiManager.

FortiManager will install the logging configuration to the managed devices.

None

Which two statements about the scheduled backup of FortiManager are true?

It does not back up firmware images saved on FortiManager.

It supports FTP, SCP, and SFTP.

It backs up all devices and the FortiGuard database.

t can be configured using the CLI and GUI.

An administrator wants to delete an address object that is currently referenced in a firewall policy. What can the administrator expect to happen?

FortiManager will replace the deleted address object with all address object in the referenced firewall policy

FortiManager will not allow the administrator to delete a referenced address object

FortiManager will disable the status of the referenced firewall policy

FortiManager will replace the deleted address object with the none address object in the referenced firewall policy

None

An administrator would like to review, approve or reject all the firewall policy changes made by the junior administrators. How should the workspace mode settings be configured on FortiManager?

Set to normal and using the approval group feature

Set to workspace and using the policy locking feature

Set to read/write and using the policy locking feature

Set to workflow and using the ADOM locking feature

None

What does a policy package status of Conflict indicate?

The policy package reports inconsistencies and conflicts during a Policy Consistency Check.

The policy package configuration has been changed on both FortiManager and the managed device independently.

The policy configuration has never been imported after a device was registered on FortiManager.

None

An administrator’s PC crashes before the administrator can submit a workflow session for approval. After the PC is restarted, the administrator notices that the ADOM was locked from the session before the crash. How can the administrator unlock the ADOM?

Restore the configuration from a previous backup.

Delete the previous admin session manually through the Forti Manager GUI or CLI.

None

In the event that the primary FortiManager fails, which of the following actions must be performed to return the FortiManager HA to a working state?

Secondary device with highest priority will automatically be promoted to the primary role, and manually reconfigure all other secondary devices to point to the new primary device.

FortiManager HA state transition is transparent to administrators and does not require any reconfiguration.

Manually promote one of the secondary devices to the primary role, and reconfigure all other secondary devices to point to the new primary device.

Reboot one of the secondary devices to promote it automatically to the primary role, and reconfigure all other secondary devices to point to the new primary device.

None

How are bulk configuration changes made using FortiManager CLI scripts? (Choose two.)

When run on the Device Database, changes are applied directly to the managed FortiGate device.

When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.

When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history.

An administrator, Trainer, who is assigned the Super_User profile, is trying to approve a workflow session that was submitted by another administrator, Student. However, Trainer is unable to approve the workflow session. What can prevent an admin account that has Super_User rights over the device from approving a workflow session?

Trainer does not have full rights over this ADOM.

Trainer must close Student’s workflow session before approving the request.

Trainer must first create their own workflow session to approve student session.

Trainer is not a part of workflow approval group.

None

10.

Refer to the exhibit showing a Download Import Report. Why is it failing to import firewall policy ID 1?

Policy ID 1 is configured from the interface any to port6. FortiManager rejects the request to import this policy because the any interface does not exist on FortiManager.

Policy ID 1 does not have the ADOM Interface mapping configured on FortiManager.

The address object used in policy ID 1 already exists in the ADOM database with any as the interface association, and conflicts with the address object interface association locally on FortiGate.

Policy ID 1 for this managed FortiGate already exists on FortiManager in the policy package named Remote-FortiGate.

None

11.

Which three settings are the factory default settings on FortiManager? (Choose three.)

The administrative domain is disabled.

The Forti Manager setup wizard is disabled.

FortiAnalyzer features are disabled

port1 interface IP address is 192.168.1.99/24

Reports and Event Monitor panes are enabled

12.

Which two settings must be configured for SD-WAN Central Management? (Choose two.)

When you configure an SD-WAN, you must specify at least two member interfaces.

You can create multiple SD-WAN interfaces per VDOM

SD-WAN must be enabled on per-ADOM basis

The first step in creating an SD-WAN using FortiManager is to create two SD-WAN firewall policies.

13.

Refer to the exhibit. Given the configuration shown in the exhibit, how did Forti Manager handle the service category named General?

FortiManager ignored the firewall service category General and deleted the duplicate value in its database.

Forti Manager ignored the firewall service category General and updated the FortiGate duplicate value in the FortiGate database.

Forti Manager ignored the firewall service category General and did not update its database with the value.

FortiManager ignored the firewall service category General but created a new service category in its database.

None

14.

Refer to the exhibit. A junior administrator is troubleshooting a FortiManager connectivity issue that is occurring with managed FortiGate devices. Given the FortiManager device manager settings shown in the exhibit, what can you conclude from the exhibit?

The administrator had restored the Forti Manager configuration file.

The administrator must refresh both devices to restore connectivity.

The administrator can reclaim the FGFM tunnel to get both devices online.

Forti Manager lost internet connectivity, therefore, both devices appear to be down.

None

15.

Which two conditions trigger FortiManager to create a new revision history? (Choose two.)

When changes to device-level database is made on FortiManager

When FortiManager is auto-updated with configuration changes made directly on a managed device

When FortiManager installs device-level changes to a managed device

When configuration revision is reverted to previous revision in the revision history

16.

What will happen if the script is run using the Device Database option? (Choose two.)

The successful execution of a script on the Device Database will create a new revision history.

The script history will show successful installation of the script on the remote FortiGate.

You must install these changes using the Install Wizard to a managed device.

The Device Settings Status will be tagged as Modified.

17.

In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices only. The administrator authorized the FortiGate device on FortiManager using the Fortinet Security Fabric. Given the administrator’s actions, which statement correctly describes the expected result?

The authorized FortiGate will be automatically added to the Training ADOM.

The FortiManager administrator must add the authorized device to the Training ADOM using the Add Device wizard only.

The authorized FortiGate can be added to the Training ADOM using FortiGate Fabric Connectors.

The authorized FortiGate will appear in the root ADOM.

None

18.

An administrator runs the Policy Check feature on Forti Manager ADOM. What will be the result?

It will find and provide recommendations to combine multiple separate policy packages into one common policy package.

It will find and provide recommendations for optimizing policies in a policy package.

It will find and delete disabled firewall policies in the policy package.

It will find and merge duplicate policies in the policy package.

None

19.

Which two statements about an ADOM set in Normal mode on Forti Manager are true?

You cannot assign the same ADOM to multiple administrators.

It supports the FortiManager script feature.

It allows making configuration changes for managed devices on FortiManager panes.

FortiManager automatically installs the configuration difference in revisions on the managed FortiGate.

20.

An administrator would like to create an SD-WAN using central management in the Training ADOM. To create an SD-WAN using central management, which two steps must be completed? (Choose two)

Specify a gateway address when you create a default SD-WAN static route

Remove all the interface references such as routes or policies that will be a part of SD-WAN member interfaces

Enable SD-WAN central management in the Training ADOM

Configure and install the SD-WAN firewall policy and SD-WAN static route before installing the SDWAN template settings

21.

Refer to the exhibit. Which statement about the object named ALL is true?

FortiManager updated the object ALL using the FortiManager value in its database.

FortiManager updated the object ALL using the FortiGate value in its database.

FortiManager created the object ALL as a unique entity in its database, which can be only used by this managed FortiGate.

FortiManager installed the object ALL with the updated value.

None

22.

Refer to the exhibit. An administrator is about to add the FortiGate device to FortiManager using the discovery process. FortiManager is operating behind a NAT device, and the administrator configured the FortiManager NATed IP address under the FortiManager system administration settings. What is the expected result?

During discovery, FortiManager uses only the FortiGate serial number to establish the connection.

During discovery, FortiManager sets both the FortiManager NATed IP address and NAT device IP address on FortiGate.

During discovery, FortiManager sets the FortiManager NATed IP address on FortiGate.

During discovery, FortiManager sets the NATed device IP address on FortiGate.

None

23.

An administrator has configured the command shown in the exhibit on FortiManager. A configuration change has been installed from FortiManager to the managed FortiGate that causes the FGFM tunnel to go down for more than 15 minutes. What is the purpose of this command?

It allows FortiManager to revert and install a previous configuration revision on the managed FortiGate.

It allows FortiManager to unset the new configuration through CLI and reboot FortiGate.

It allows FortiGate to reboot and restore a previously working firmware image.

It allows FortiGate to reboot and recover the previous configuration from its configuration file.

None

24.

Which configuration setting for FortiGate is part of an ADOM-level database on FortiManager?

Security profiles

NSX-T Service Template

SNMP

Routing

None

25.

What does a policy package status of Never Installed indicate?

FortiManager is unable to determine the policy package status.

The policy package was never imported after a device was registered on Forti Manager.

The policy configuration has been changed on FortiManager and changes have not yet been installed on the managed device.

The policy configuration has been changed on a managed device and changes have not yet been imported into FortiManager.

None

26.

An administrator has enabled Service Access on FortiManager. What is the purpose of Service Access on the FortiManager interface?

It allows FortiManager to determine the connection status of managed devices.

It allows FortiManager to respond to requests for FortiGuard services from FortiGate devices.

It allows third-party applications to gain read/write access to FortiManager.

It allows administrative access to FortiManager.

None

27.

An administrator has assigned a global policy package to a new ADOM called ADOM1. What will happen if the administrator tries to create a new policy package in ADOM1?

When creating a new policy package, the administrator can select the option to assign the global policy package to the new policy package.

When a new policy package is created, the administrator must import the global policy package to ADOM1.

When the new policy package is created, FortiManager automatically assigns the global policy package to the new policy package.

When a new policy package is created, the administrator must assign the global policy package from the global ADOM.

None

28.

Refer to the exhibit. How will FortiManager try to get updates for antivirus and IPS?

From the configured override server IP address 10.0.1.50 only

From the default server fds1.fortinet.com

From the list of configured override servers or public FDN servers

From public FDNI server IP address with the fourth highest octet only

None

29.

View the following exhibit. Which statement is true regarding this failed installation log?

Policy ID 2 is installed in disabled state

Policy ID 2 will not be installed

Policy ID 2 is installed without a source address

Policy ID 2 is installed without a source device

None

30.

What is the advantage of using FortiManager to manage FortiAnalyzer?

It allows FortiManager to store all managed FortiGate device logs.

It allows FortiManager to act as a collector and FortiAnalyzer device.

It allows FortiManager to manage all FortiGate devices.

It allows FortiManager to run reports based on FortiAnalyzer.

None

Time's up

Follow Us

Fortinet NSE5 Forti Manager v7.2

PCNSE – Palo Alto Certified Network Security Engineer

PCNSC – Paloalto Certified Network Security Consultant

No Comment! Be the first one.

Leave a Reply Cancel reply

Popular

Interswitch Connectivity | VLAN Tagging | Trunk Port

Social

Newsletter

Follow Us

Type and hit Enter to search

Fortinet NSE5 Forti Manager v7.2

Share Article

PCNSE – Palo Alto Certified Network Security Engineer

PCNSC – Paloalto Certified Network Security Consultant

No Comment! Be the first one.

Leave a Reply Cancel reply

Popular

Interswitch Connectivity | VLAN Tagging | Trunk Port

Setup Windows Hello Fingerprint Login

Social

Newsletter