Fortinet NSE5 Forti Manager v7.2

Certification Provider: Fortinet

Exam: FCP: Forti Manager 7.2 Administrator

Exam Code: NSE5 FMG v7.2

Total Question: 72

Question per Quiz: 35

Updated On: 10 April 2025

Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam.

What is the purpose of ADOM revisions?

To revert individual policy packages and device-level settings for a managed FortiGate

To save the current state of all policy packages and objects for an ADOM

To save the FortiManager configuration in the System Checkpoints

To save the current state of the whole ADOM

None

Refer to the exhibit. Given the configuration shown in the exhibit, how did Forti Manager handle the service category named General?

FortiManager ignored the firewall service category General and deleted the duplicate value in its database.

Forti Manager ignored the firewall service category General and updated the FortiGate duplicate value in the FortiGate database.

FortiManager ignored the firewall service category General but created a new service category in its database.

Forti Manager ignored the firewall service category General and did not update its database with the value.

None

Refer to the exhibit. An administrator wants to create a policy on the Staging ADOM in backup mode, and install it on the FortiGate device in the same ADOM. How can the administrator perform this task?

The administrator must change the ADOM mode to Advanced to bring the FortiManager online.

The administrator must use the FortiManager script.

The administrator must use the Policy & Objects section to create a policy first.

The administrator must disable the FortiManager offline mode first.

None

An administrator has assigned a global policy package to a new ADOM called ADOM1. What will happen if the administrator tries to create a new policy package in ADOM1?

When creating a new policy package, the administrator can select the option to assign the global policy package to the new policy package.

When a new policy package is created, the administrator must assign the global policy package from the global ADOM.

When a new policy package is created, the administrator must import the global policy package to ADOM1.

When the new policy package is created, FortiManager automatically assigns the global policy package to the new policy package.

None

Refer to the exhibit. An administrator is about to add the FortiGate device to FortiManager using the discovery process. FortiManager is operating behind a NAT device, and the administrator configured the FortiManager NATed IP address under the FortiManager system administration settings. What is the expected result?

During discovery, FortiManager sets both the FortiManager NATed IP address and NAT device IP address on FortiGate.

During discovery, FortiManager uses only the FortiGate serial number to establish the connection.

During discovery, FortiManager sets the NATed device IP address on FortiGate.

During discovery, FortiManager sets the FortiManager NATed IP address on FortiGate.

None

What will happen if FortiAnalyzer features are enabled on FortiManager?

FortiManager will keep all the logs and reports on the FortiManager.

FortiManager will enable ADOMs to collect logs automatically from non-FortiGate devices.

FortiManager can be used only as a logging device.

FortiManager will install the logging configuration to the managed devices.

None

An administrator has configured the command shown in the exhibit on FortiManager. A configuration change has been installed from FortiManager to the managed FortiGate that causes the FGFM tunnel to go down for more than 15 minutes. What is the purpose of this command?

It allows FortiGate to reboot and restore a previously working firmware image.

It allows FortiGate to reboot and recover the previous configuration from its configuration file.

It allows FortiManager to unset the new configuration through CLI and reboot FortiGate.

It allows FortiManager to revert and install a previous configuration revision on the managed FortiGate.

None

Refer to the exhibit. An administrator has created a firewall address object, Local, which is used in the Remote-FortiGate policy package. When the installation operation is performed, which IP/Netmask will be installed on Remote-FortiGate, for the Local firewall address object?

192.168.5.0/24

It will create the Local and Remote-Local firewall address objects on Remote-FortiGate with 192.168.5.0/24 and 10.0.2.0/24 values.

Remote-FortiGate will automatically choose an IP/netmask based on its network interface settings.

10.0.2.0/24

None

Refer to the exhibit. An administrator logs in to the FortiManager GUI and sees the panes shown in the exhibit. Which two reasons can explain why the FortiAnalyzer feature panes do not appear? (Choose two.)

The administrator profile does not have full access privileges like the Super_User profile.

FortiAnalyzer features are not enabled on FortiManager.

The admin session requires approval before administrator can see the FortiAnalyzer feature panes.

The administrator workflow is enabled on the ADOM.

10.

In the event that the primary FortiManager fails, which of the following actions must be performed to return the FortiManager HA to a working state?

Manually promote one of the secondary devices to the primary role, and reconfigure all other secondary devices to point to the new primary device.

Reboot one of the secondary devices to promote it automatically to the primary role, and reconfigure all other secondary devices to point to the new primary device.

Secondary device with highest priority will automatically be promoted to the primary role, and manually reconfigure all other secondary devices to point to the new primary device.

FortiManager HA state transition is transparent to administrators and does not require any reconfiguration.

None

11.

Refer to the exhibit. According to the error message, why is FortiManager failing to add the FortiAnalyzer device?

The administrator must turn off the Use Legacy Device login and add the FortiAnalyzer device to the same network as Forti Manager.

The administrator must select the Forti Manager administrative access checkbox on the Forti Analyzer management interface.

The administrator must use the Add Model Device section and discover the Forti Analyzer device.

The administrator must use the correct user name and password of the FortiAnalyzer device.

None

12.

Refer to the exhibit. How will FortiManager try to get updates for antivirus and IPS?

From the default server fds1.fortinet.com

From the configured override server IP address 10.0.1.50 only

From public FDNI server IP address with the fourth highest octet only

From the list of configured override servers or public FDN servers

None

13.

Given the configuration shown in the exhibit, what can you conclude from the installation targets in the Install On column? (Choose two.)

Policy 3 will be installed on all FortiGate devices and vdom belongs to the ADOM.

Policy seq.# 2 will not be installed on the Local-FortiGate root VDOM because there is no root VDOM in the Installation Target.

Policy seq # 1 will be installed on the Remote-FortiGate root[NAT] and Student[NAT] VDOMs only.

Policy seq.# 3 will be skipped because no installation targets are specified.

Policy seq.# 3 will be installed on all managed devices and VDOMs that are listed under Installation Targets.

14.

Which two conditions trigger FortiManager to create a new revision history? (Choose two.)

When FortiManager installs device-level changes to a managed device

When configuration revision is reverted to previous revision in the revision history

When changes to device-level database is made on FortiManager

When FortiManager is auto-updated with configuration changes made directly on a managed device

15.

An administrator’s PC crashes before the administrator can submit a workflow session for approval. After the PC is restarted, the administrator notices that the ADOM was locked from the session before the crash. How can the administrator unlock the ADOM?

Delete the previous admin session manually through the Forti Manager GUI or CLI.

Restore the configuration from a previous backup.

None

16.

An administrator has enabled Service Access on FortiManager. What is the purpose of Service Access on the FortiManager interface?

It allows administrative access to FortiManager.

It allows third-party applications to gain read/write access to FortiManager.

It allows FortiManager to determine the connection status of managed devices.

It allows FortiManager to respond to requests for FortiGuard services from FortiGate devices.

None

17.

An administrator runs the Policy Check feature on Forti Manager ADOM. What will be the result?

It will find and provide recommendations to combine multiple separate policy packages into one common policy package.

It will find and provide recommendations for optimizing policies in a policy package.

It will find and delete disabled firewall policies in the policy package.

It will find and merge duplicate policies in the policy package.

None

18.

Refer to the exhibit showing a Download Import Report. Why is it failing to import firewall policy ID 1?

Policy ID 1 for this managed FortiGate already exists on FortiManager in the policy package named Remote-FortiGate.

Policy ID 1 does not have the ADOM Interface mapping configured on FortiManager.

The address object used in policy ID 1 already exists in the ADOM database with any as the interface association, and conflicts with the address object interface association locally on FortiGate.

Policy ID 1 is configured from the interface any to port6. FortiManager rejects the request to import this policy because the any interface does not exist on FortiManager.

None

19.

In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices. The administrator sent a device registration to FortiManager from a remote FortiGate. Which one of the following statements is true?

The FortiGate will be added automatically to the default ADOM named FortiGate.

The FortiGate will be automatically added to the Training ADOM.

By default, the unregistered FortiGate will appear in the root ADOM.

The FortiManager administrator must add the unregistered device manually to the unregistered device manually to the Training ADOM using the Add Device wizard

None

20.

Refer to the exhibit. A service provider administrator has assigned a global policy package to a managed customer ADOM named My_ADOM, which has four policy packages. The customer administrator has access only to My_ADOM. How can customer or service provider administrators remove both global header and footer policies from the policy package named Shared_Package?

The service provider administrator can unassign both global policies from My_ADOM

The customer administrator can unassign both global polices from My_ADOM

The customer administrator can unassign both polices by locking My_ADOM

The service provider administrator can unassign both policies from the global ADOM

None

21.

Refer to the exhibit.

On Forti Manager, an administrator created a new system template named Training with two new DNS addresses. During the installation preview stage, the administrator notices that central-management settings need to be purged.
What can be the main reason for the central-management purge command?

The Remote-FortiGate device does not have any DNS server-list configured in the central-management settings.

The Training system template has a default FortiGuard widget.

The DNS addresses in the default system settings are the same as the Training system template.

The ADOM is locked by another administrator.

None

22.

What will happen if the script is run using the Device Database option? (Choose two.)

The Device Settings Status will be tagged as Modified.

The script history will show successful installation of the script on the remote FortiGate.

The successful execution of a script on the Device Database will create a new revision history.

You must install these changes using the Install Wizard to a managed device.

23.

Refer to the exhibit. An administrator is importing a new device to FortiManager and has selected the options shown in the exhibit. What will happen if the administrator makes the changes and installs the modified policy package on this managed FortiGate?

The unused objects that are not tied to the firewall policies will remain as read-only locally on FortiGate.

The unused objects that are not tied to the firewall policies locally on FortiGate will be deleted.

The unused objects that are not tied to the firewall policies will be installed on FortiGate.

The unused objects that are not tied to the firewall policies in the policy package will be deleted from the FortiManager database.

None

24.

Refer to the exhibit. Which statement is true about the Forti Manager ADOM policy tab based on the API request?

The API command has failed when requesting policy tab permissions information.

The API command has enabled both central NAT and interface policy on the policy tab.

The API command has applied to customer with ID: 200.

The API command has requested the policy tab permissions information only.

None

25.

An administrator wants to delete an address object that is currently referenced in a firewall policy. What can the administrator expect to happen?

FortiManager will disable the status of the referenced firewall policy

FortiManager will replace the deleted address object with the none address object in the referenced firewall policy

FortiManager will not allow the administrator to delete a referenced address object

FortiManager will replace the deleted address object with all address object in the referenced firewall policy

None

26.

How are bulk configuration changes made using FortiManager CLI scripts? (Choose two.)

When run on the Remote FortiGate directly, administrators do not have the option to review the changes prior to installation.

When run on the Device Database, changes are applied directly to the managed FortiGate device.

When run on the All FortiGate in ADOM, changes are automatically installed without the creation of a new revision history.

27.

Which two settings must be configured for SD-WAN Central Management? (Choose two.)

The first step in creating an SD-WAN using FortiManager is to create two SD-WAN firewall policies.

You can create multiple SD-WAN interfaces per VDOM

SD-WAN must be enabled on per-ADOM basis

When you configure an SD-WAN, you must specify at least two member interfaces.

28.

What is the purpose of the Policy Check feature on FortiManager?

To find and provide recommendation for optimizing policies in a policy package

To find and delete disabled firewall policies in the policy package

To find and merge duplicate policies in the policy package

To find and provide recommendation to combine multiple separate policy packages into one common

None

29.

Which configuration setting for FortiGate is part of a device-level database on FortiManager?

VIP and IP Pools

Routing

Security profiles

Firewall policies

None

30.

Which two statements about Security Fabric integration with FortiManager are true? (Choose two.)

The Fabric View module enables you to generate the Security Fabric ratings for Security Fabric devices.

The Fabric View module enables you to view the Security Fabric ratings for Security Fabric devices.

The Security Fabric settings are part of the device-level settings.

The Security Fabric license, group name, and password are required for the FortiManager Security Fabric integration.

Time's up

Follow Us

Fortinet NSE5 Forti Manager v7.2

PCNSE – Palo Alto Certified Network Security Engineer

PCNSC – Paloalto Certified Network Security Consultant

No Comment! Be the first one.

Leave a Reply Cancel reply

Popular

Interswitch Connectivity | VLAN Tagging | Trunk Port

Social

Newsletter

Follow Us

Type and hit Enter to search

Fortinet NSE5 Forti Manager v7.2

Share Article

PCNSE – Palo Alto Certified Network Security Engineer

PCNSC – Paloalto Certified Network Security Consultant

No Comment! Be the first one.

Leave a Reply Cancel reply

Popular

Setup Windows Hello Fingerprint Login

Interswitch Connectivity | VLAN Tagging | Trunk Port

Social

Newsletter