Certification Provider: FortinetExam: FCP: Forti Manager 7.2 AdministratorExam Code: NSE5 FMG v7.2Total Question: 72Question per Quiz: 35Updated On: 06 April 2024Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam. 1. Refer to the exhibit. Given the configuration shown in the exhibit, what are two results from this configuration? (Choose two.) The same administrator can lock more than one ADOM at the same time. Unlocking an ADOM will submit configuration changes automatically to the approval administrator. Unlocking an ADOM will install configuration changes automatically on managed devices. Ungraceful closed sessions will keep the ADOM in a locked state until the administrator session times out. 2. If both FortiManager and FortiGate are behind the NAT devices, what are the two expected results? (Choose two.) FortiGate is discovered by FortiManager through the FortiGate NATed IP address. If the FCFM tunnel is torn down, FortiManager will try to re-establish the FGFM tunnel. During discovery, the FortiManager NATed IP address is not set by default on FortiGate. FortiGate can announce itself to FortiManager only if the FortiManager IP address is configured on FortiGate under central management. 3. Which two items does an FGFM keepalive message include? (Choose two.) FortiGate license information FortiGate uptime FortiGate configuration checksum FortiGate IPS version 4. Refer to the exhibit. Which statement is true about the Forti Manager ADOM policy tab based on the API request? The API command has requested the policy tab permissions information only. The API command has applied to customer with ID: 200. The API command has failed when requesting policy tab permissions information. The API command has enabled both central NAT and interface policy on the policy tab. None 5. Which configuration setting for FortiGate is part of an ADOM-level database on FortiManager? NSX-T Service Template Routing Security profiles SNMP None 6. An administrator is in the process of moving the system template profile between ADOMs by running the following command: execute fmprofile import-profile ADOM2 3547 /tmp/myfile Where does the administrator import the file from? ADOM2 object database ADOM2 File system ADOM1 None 7. Which two settings are required for FortiManager Management Extension Applications (MEA)? (Choose two.) You must create an MEA special policy on Forti Manager using the super user profile. When you configure MEA, you must open TCP or UDP port 540. The administrator must have the super user profile. You must open the ports to the Fortinet registry. 8. An administrator would like to create an SD-WAN using central management in the Training ADOM. To create an SD-WAN using central management, which two steps must be completed? (Choose two) Remove all the interface references such as routes or policies that will be a part of SD-WAN member interfaces Configure and install the SD-WAN firewall policy and SD-WAN static route before installing the SDWAN template settings Specify a gateway address when you create a default SD-WAN static route Enable SD-WAN central management in the Training ADOM 9. Refer to the exhibit. Which statement about the object named ALL is true? FortiManager installed the object ALL with the updated value. FortiManager updated the object ALL using the FortiGate value in its database. FortiManager created the object ALL as a unique entity in its database, which can be only used by this managed FortiGate. FortiManager updated the object ALL using the FortiManager value in its database. None 10. Which two conditions trigger FortiManager to create a new revision history? (Choose two.) When FortiManager installs device-level changes to a managed device When configuration revision is reverted to previous revision in the revision history When changes to device-level database is made on FortiManager When FortiManager is auto-updated with configuration changes made directly on a managed device 11. An administrator run the reload failure command: diagnose test deploymanager reload config on FortiManager. What does this command do? It installs the latest configuration on the specified FortiGate and update the revision history database. It installs the provisioning template configuration on the specified FortiGate. It compares and provides differences in configuration on FortiManager with the current running configuration of the specified FortiGate. It downloads the latest configuration from the specified FortiGate and performs a reload operation on the device database. None 12. Given the configuration shown in the exhibit, what can you conclude from the installation targets in the Install On column? (Choose two.) Policy seq.# 3 will be skipped because no installation targets are specified. Policy seq.# 3 will be installed on all managed devices and VDOMs that are listed under Installation Targets. Policy 3 will be installed on all FortiGate devices and vdom belongs to the ADOM. Policy seq.# 2 will not be installed on the Local-FortiGate root VDOM because there is no root VDOM in the Installation Target. Policy seq # 1 will be installed on the Remote-FortiGate root[NAT] and Student[NAT] VDOMs only. 13. An administrator has assigned a global policy package to custom ADOM1. Then the administrator creates a new policy package, Fortinet, in the custom ADOM1. What will happen to the Fortinet policy package when it is created? You can select the option to assign the global policies. You need to assign the global policy package from the global ADOM. It automatically assigns the global policies. You need to reapply the global policy package to the ADOM. None 14. Which two settings must be configured for SD-WAN Central Management? (Choose two.) SD-WAN must be enabled on per-ADOM basis You can create multiple SD-WAN interfaces per VDOM The first step in creating an SD-WAN using FortiManager is to create two SD-WAN firewall policies. When you configure an SD-WAN, you must specify at least two member interfaces. 15. Refer to the exhibit. An administrator wants to create a policy on the Staging ADOM in backup mode, and install it on the FortiGate device in the same ADOM. How can the administrator perform this task? The administrator must change the ADOM mode to Advanced to bring the FortiManager online. The administrator must use the Policy & Objects section to create a policy first. The administrator must use the FortiManager script. The administrator must disable the FortiManager offline mode first. None 16. What will happen if the script is run using the Device Database option? (Choose two.) The Device Settings Status will be tagged as Modified. You must install these changes using the Install Wizard to a managed device. The successful execution of a script on the Device Database will create a new revision history. The script history will show successful installation of the script on the remote FortiGate. 17. An administrator has configured the command shown in the exhibit on FortiManager. A configuration change has been installed from FortiManager to the managed FortiGate that causes the FGFM tunnel to go down for more than 15 minutes. What is the purpose of this command? It allows FortiManager to unset the new configuration through CLI and reboot FortiGate. It allows FortiManager to revert and install a previous configuration revision on the managed FortiGate. It allows FortiGate to reboot and recover the previous configuration from its configuration file. It allows FortiGate to reboot and restore a previously working firmware image. None 18. View the following exhibit. Which statement is true regarding this failed installation log? Policy ID 2 is installed without a source address Policy ID 2 is installed without a source device Policy ID 2 is installed in disabled state Policy ID 2 will not be installed None 19. Refer to the exhibit. You are using the Quick Install option to install configuration changes on the managed FortiGate. Which two statements correctly describe the result? (Choose two.) It provides the option to preview only the policy package changes before installing them. It installs provisioning template changes on the FortiGate device. It installs all the changes in the device database first and the administrator must reinstall the changes on the FortiGate device. It installs device-level changes on the FortiGate device without launching the Install Wizard. 20. Which two statements about Security Fabric integration with FortiManager are true? (Choose two.) The Security Fabric license, group name, and password are required for the FortiManager Security Fabric integration. The Security Fabric settings are part of the device-level settings. The Fabric View module enables you to view the Security Fabric ratings for Security Fabric devices. The Fabric View module enables you to generate the Security Fabric ratings for Security Fabric devices. 21. Refer to the exhibit.On Forti Manager, an administrator created a new system template named Training with two new DNS addresses. During the installation preview stage, the administrator notices that central-management settings need to be purged.What can be the main reason for the central-management purge command? The Training system template has a default FortiGuard widget. The Remote-FortiGate device does not have any DNS server-list configured in the central-management settings. The DNS addresses in the default system settings are the same as the Training system template. The ADOM is locked by another administrator. None 22. An administrator has enabled Service Access on FortiManager. What is the purpose of Service Access on the FortiManager interface? It allows FortiManager to determine the connection status of managed devices. It allows FortiManager to respond to requests for FortiGuard services from FortiGate devices. It allows third-party applications to gain read/write access to FortiManager. It allows administrative access to FortiManager. None 23. Which two items are included in the FortiManager backup? (Choose two.) Firmware images All devices Flash configuration FortiGuard database 24. Refer to the exhibit. What will happen if the script is run using the Remote FortiGate Directly (via CLI) option? (Choose two.) You must install these changes using the Install Wizard. FortiGate will auto-update the FortiManager device-level database. FortiManager will create a new revision history. FortiManager provides a preview of CLI commands before executing this script on a managed FortiGate. 25. What will be the result of reverting to a previous revision version in the revision history? It will tag the device settings status as Auto-Update. It will install configuration changes to managed device automatically. It will generate a new version ID and remove all other revision history versions. It will modify the device-level database. None 26. In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices. The administrator sent a device registration to FortiManager from a remote FortiGate. Which one of the following statements is true? The FortiManager administrator must add the unregistered device manually to the unregistered device manually to the Training ADOM using the Add Device wizard The FortiGate will be added automatically to the default ADOM named FortiGate. The FortiGate will be automatically added to the Training ADOM. By default, the unregistered FortiGate will appear in the root ADOM. None 27. An administrator’s PC crashes before the administrator can submit a workflow session for approval. After the PC is restarted, the administrator notices that the ADOM was locked from the session before the crash. How can the administrator unlock the ADOM? Log in using the same administrator account to unlock the ADOM. Restore the configuration from a previous backup. Log in as Super_User in order to unlock the ADOM. Delete the previous admin session manually through the Forti Manager GUI or CLI. None 28. In the event that the monitored interface for the primary FortiManager device fails, which statement is true about Forti Manager HA? Manually promote one of the working secondary devices to the primary role, and reboot the old primary device to remove the peer IP of the failed device Reboot the failed device to remove its IP from the primary device. Reconfigure the primary device to remove the peer IP of the failed device. The FortiManager HA failover is transparent to administrators and does not require any reconfiguration. None 29. An administrator, Trainer, who is assigned the Super_User profile, is trying to approve a workflow session that was submitted by another administrator, Student. However, Trainer is unable to approve the workflow session. What can prevent an admin account that has Super_User rights over the device from approving a workflow session? Trainer is not a part of workflow approval group. Trainer does not have full rights over this ADOM. Trainer must first create their own workflow session to approve student session. Trainer must close Student’s workflow session before approving the request. None 30. Refer to the exhibit showing a Download Import Report. Why is it failing to import firewall policy ID 1? Policy ID 1 is configured from the interface any to port6. FortiManager rejects the request to import this policy because the any interface does not exist on FortiManager. Policy ID 1 does not have the ADOM Interface mapping configured on FortiManager. The address object used in policy ID 1 already exists in the ADOM database with any as the interface association, and conflicts with the address object interface association locally on FortiGate. Policy ID 1 for this managed FortiGate already exists on FortiManager in the policy package named Remote-FortiGate. None Time's up