Certification Provider: FortinetExam: FCP: Forti Manager 7.2 AdministratorExam Code: NSE5 FMG v7.2Total Question: 72Question per Quiz: 35Updated On: 06 April 2024Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam. 1. Which two settings are required for FortiManager Management Extension Applications (MEA)? (Choose two.) You must create an MEA special policy on Forti Manager using the super user profile. You must open the ports to the Fortinet registry. When you configure MEA, you must open TCP or UDP port 540. The administrator must have the super user profile. 2. In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices only. The administrator authorized the FortiGate device on FortiManager using the Fortinet Security Fabric. Given the administrator’s actions, which statement correctly describes the expected result? The authorized FortiGate can be added to the Training ADOM using FortiGate Fabric Connectors. The authorized FortiGate will appear in the root ADOM. The FortiManager administrator must add the authorized device to the Training ADOM using the Add Device wizard only. The authorized FortiGate will be automatically added to the Training ADOM. None 3. Which configuration setting for FortiGate is part of a device-level database on FortiManager? Firewall policies Security profiles VIP and IP Pools Routing None 4. Refer to the exhibit.On Forti Manager, an administrator created a new system template named Training with two new DNS addresses. During the installation preview stage, the administrator notices that central-management settings need to be purged.What can be the main reason for the central-management purge command? The Training system template has a default FortiGuard widget. The Remote-FortiGate device does not have any DNS server-list configured in the central-management settings. The ADOM is locked by another administrator. The DNS addresses in the default system settings are the same as the Training system template. None 5. What does a policy package status of Never Installed indicate? The policy configuration has been changed on FortiManager and changes have not yet been installed on the managed device. The policy configuration has been changed on a managed device and changes have not yet been imported into FortiManager. FortiManager is unable to determine the policy package status. The policy package was never imported after a device was registered on Forti Manager. None 6. An administrator with the Super_User profile is unable to log in to FortiManager because of an authentication failure message. Which troubleshooting step should you take to resolve the issue? Make sure FortiManager Access is enabled in the administrator profile Make sure Offline Mode is disabled Make sure the administrator IP address is part of the trusted hosts. Make sure ADOMs are enabled and the administrator has access to the Global ADOM None 7. In the event that the primary FortiManager fails, which of the following actions must be performed to return the FortiManager HA to a working state? Secondary device with highest priority will automatically be promoted to the primary role, and manually reconfigure all other secondary devices to point to the new primary device. FortiManager HA state transition is transparent to administrators and does not require any reconfiguration. Reboot one of the secondary devices to promote it automatically to the primary role, and reconfigure all other secondary devices to point to the new primary device. Manually promote one of the secondary devices to the primary role, and reconfigure all other secondary devices to point to the new primary device. None 8. How are bulk configuration changes made using FortiManager CLI scripts? (Choose two.) When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history. When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation. When run on the Device Database, changes are applied directly to the managed FortiGate device. 9. Refer to the exhibit. How will FortiManager try to get updates for antivirus and IPS? From public FDNI server IP address with the fourth highest octet only From the configured override server IP address 10.0.1.50 only From the list of configured override servers or public FDN servers From the default server fds1.fortinet.com None 10. An administrator’s PC crashes before the administrator can submit a workflow session for approval. After the PC is restarted, the administrator notices that the ADOM was locked from the session before the crash. How can the administrator unlock the ADOM? Log in using the same administrator account to unlock the ADOM. Restore the configuration from a previous backup. Delete the previous admin session manually through the Forti Manager GUI or CLI. Log in as Super_User in order to unlock the ADOM. None 11. An administrator runs the Policy Check feature on Forti Manager ADOM. What will be the result? It will find and merge duplicate policies in the policy package. It will find and provide recommendations to combine multiple separate policy packages into one common policy package. It will find and delete disabled firewall policies in the policy package. It will find and provide recommendations for optimizing policies in a policy package. None 12. What does a policy package status of Conflict indicate? The policy configuration has never been imported after a device was registered on FortiManager. The policy package configuration has been changed on both FortiManager and the managed device independently. The policy package reports inconsistencies and conflicts during a Policy Consistency Check. None 13. You are moving managed FortiGate devices from one ADOM to a new ADOM. Which statement correctly describes the expected result? The shared policy package will not be moved to the new ADOM. The shared device settings will be installed automatically. Policy packages will be imported into the new ADOM automatically. Any unused objects from a previous ADOM are moved to the new ADOM automatically. None 14. Which two items does an FGFM keepalive message include? (Choose two.) FortiGate IPS version FortiGate uptime FortiGate license information FortiGate configuration checksum 15. Push updates are failing on a FortiGate device that is located behind a NAT device. Which two settings should the administrator check? (Choose two.) That the virtual IP address and correct ports are set on the NAT device That the NAT device IP address and correct ports are configured on FortiManager That the override server IP address is set on FortiManager and the NAT device That the external IP address on the NAT device is set to DHCP and configured with the virtual IP 16. An administrator enabled workspace mode and now wants to delete an address object that is currently referenced in a firewall policy. Which two results can the administrator expect to happen? (Choose two.) FortiManager will disable the status of the address object. FortiManager will temporarily change the status of the referenced firewall policy. FortiManager will replace the deleted address object with the none address object in the referenced firewall policy. FortiManager will not allow the administrator to delete a referenced address object until the ADOM is locked. 17. In the event that the monitored interface for the primary FortiManager device fails, which statement is true about Forti Manager HA? Reboot the failed device to remove its IP from the primary device. The FortiManager HA failover is transparent to administrators and does not require any reconfiguration. Reconfigure the primary device to remove the peer IP of the failed device. Manually promote one of the working secondary devices to the primary role, and reboot the old primary device to remove the peer IP of the failed device None 18. An administrator has assigned a global policy package to a new ADOM called ADOM1. What will happen if the administrator tries to create a new policy package in ADOM1? When creating a new policy package, the administrator can select the option to assign the global policy package to the new policy package. When a new policy package is created, the administrator must assign the global policy package from the global ADOM. When the new policy package is created, FortiManager automatically assigns the global policy package to the new policy package. When a new policy package is created, the administrator must import the global policy package to ADOM1. None 19. Refer to the exhibit. An administrator would like to create three ADOMs on FortiManager with different access levels based on departments. What two conclusions can you draw from the design shown in the exhibit? (Choose two.) The administrator must set the FortiManager ADOM mode to Advanced. Admin A can access VDOM2 and VDOM3 with the super user profile. The FortiManager policies and objects database can be shared between the Financial and HR ADOMs. The administrator must configure FortiManager in workspace mode. 20. An administrator would like to review, approve or reject all the firewall policy changes made by the junior administrators. How should the workspace mode settings be configured on FortiManager? Set to normal and using the approval group feature Set to workspace and using the policy locking feature Set to read/write and using the policy locking feature Set to workflow and using the ADOM locking feature None 21. View the following exhibit. Which statement is true regarding this failed installation log? Policy ID 2 will not be installed Policy ID 2 is installed in disabled state Policy ID 2 is installed without a source device Policy ID 2 is installed without a source address None 22. What is the advantage of using FortiManager to manage FortiAnalyzer? It allows FortiManager to store all managed FortiGate device logs. It allows FortiManager to act as a collector and FortiAnalyzer device. It allows FortiManager to run reports based on FortiAnalyzer. It allows FortiManager to manage all FortiGate devices. None 23. In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices. The administrator sent a device registration to FortiManager from a remote FortiGate. Which one of the following statements is true? The FortiGate will be automatically added to the Training ADOM. The FortiManager administrator must add the unregistered device manually to the unregistered device manually to the Training ADOM using the Add Device wizard By default, the unregistered FortiGate will appear in the root ADOM. The FortiGate will be added automatically to the default ADOM named FortiGate. None 24. Refer to the exhibit. An administrator is importing a new device to FortiManager and has selected the options shown in the exhibit. What will happen if the administrator makes the changes and installs the modified policy package on this managed FortiGate? The unused objects that are not tied to the firewall policies in the policy package will be deleted from the FortiManager database. The unused objects that are not tied to the firewall policies locally on FortiGate will be deleted. The unused objects that are not tied to the firewall policies will be installed on FortiGate. The unused objects that are not tied to the firewall policies will remain as read-only locally on FortiGate. None 25. Refer to the exhibit. An administrator has created a firewall address object, Local, which is used in the Remote-FortiGate policy package. When the installation operation is performed, which IP/Netmask will be installed on Remote-FortiGate, for the Local firewall address object? 10.0.2.0/24 192.168.5.0/24 Remote-FortiGate will automatically choose an IP/netmask based on its network interface settings. It will create the Local and Remote-Local firewall address objects on Remote-FortiGate with 192.168.5.0/24 and 10.0.2.0/24 values. None 26. An administrator run the reload failure command: diagnose test deploymanager reload config on FortiManager. What does this command do? It downloads the latest configuration from the specified FortiGate and performs a reload operation on the device database. It installs the provisioning template configuration on the specified FortiGate. It installs the latest configuration on the specified FortiGate and update the revision history database. It compares and provides differences in configuration on FortiManager with the current running configuration of the specified FortiGate. None 27. Refer to the exhibit. Given the configuration shown in the exhibit, how did Forti Manager handle the service category named General? FortiManager ignored the firewall service category General and deleted the duplicate value in its database. Forti Manager ignored the firewall service category General and did not update its database with the value. Forti Manager ignored the firewall service category General and updated the FortiGate duplicate value in the FortiGate database. FortiManager ignored the firewall service category General but created a new service category in its database. None 28. Refer to the exhibit. You are using the Quick Install option to install configuration changes on the managed FortiGate. Which two statements correctly describe the result? (Choose two.) It provides the option to preview only the policy package changes before installing them. It installs provisioning template changes on the FortiGate device. It installs device-level changes on the FortiGate device without launching the Install Wizard. It installs all the changes in the device database first and the administrator must reinstall the changes on the FortiGate device. 29. Refer to the exhibit. Which two statements about the output are true? (Choose two.) The latest revision history for the managed FortiGate does match the FortiGate running configuration. The latest revision history for the managed FortiGate does not match the device-level database. Configuration changes directly made on FortiGate have been automatically updated to the device-level database. Configuration changes have been installed on FortiGate, which means the FortiGate configuration has been changed. 30. If both FortiManager and FortiGate are behind the NAT devices, what are the two expected results? (Choose two.) During discovery, the FortiManager NATed IP address is not set by default on FortiGate. FortiGate can announce itself to FortiManager only if the FortiManager IP address is configured on FortiGate under central management. FortiGate is discovered by FortiManager through the FortiGate NATed IP address. If the FCFM tunnel is torn down, FortiManager will try to re-establish the FGFM tunnel. Time's up