Fortinet NSE5 Forti Manager v7.2

Certification Provider: Fortinet

Exam: FCP: Forti Manager 7.2 Administrator

Exam Code: NSE5 FMG v7.2

Total Question: 72

Question per Quiz: 35

Updated On: 06 April 2024

Note: In order to practice all the Q/A's, you have to practice multiple time. Question's and Answer's will be presented randomly and will help you get hands-on for real exam.

An administrator would like to review, approve or reject all the firewall policy changes made by the junior administrators. How should the workspace mode settings be configured on FortiManager?

Set to workspace and using the policy locking feature

Set to read/write and using the policy locking feature

Set to normal and using the approval group feature

Set to workflow and using the ADOM locking feature

None

Refer to the exhibit. Given the configuration shown in the exhibit, what are two results from this configuration? (Choose two.)

Unlocking an ADOM will submit configuration changes automatically to the approval administrator.

The same administrator can lock more than one ADOM at the same time.

Unlocking an ADOM will install configuration changes automatically on managed devices.

Ungraceful closed sessions will keep the ADOM in a locked state until the administrator session times out.

Which two items are included in the FortiManager backup? (Choose two.)

Flash configuration

All devices

Firmware images

FortiGuard database

What does a policy package status of Never Installed indicate?

The policy configuration has been changed on a managed device and changes have not yet been imported into FortiManager.

The policy configuration has been changed on FortiManager and changes have not yet been installed on the managed device.

The policy package was never imported after a device was registered on Forti Manager.

FortiManager is unable to determine the policy package status.

None

Refer to the exhibit. What can you conclude from the failed installation log shown in the exhibit?

Policy ID 2 is installed without a source address.

Policy ID 2 is installed in the disabled state.

Policy ID 2 is installed without the remote user student.

Policy ID 2 will not be installed.

None

Given the configuration shown in the exhibit, which two statements are true?

The FortiManager ADOM is locked by the administrator.

The Forti Manager ADOM workspace mode is set to Normal.

An administrator can also lock the Local-FortiGate-1 policy package.

Forti Manager is in workflow mode.

Refer to the exhibit. An administrator is about to add the FortiGate device to FortiManager using the discovery process. FortiManager is operating behind a NAT device, and the administrator configured the FortiManager NATed IP address under the FortiManager system administration settings. What is the expected result?

During discovery, FortiManager sets both the FortiManager NATed IP address and NAT device IP address on FortiGate.

During discovery, FortiManager uses only the FortiGate serial number to establish the connection.

During discovery, FortiManager sets the NATed device IP address on FortiGate.

During discovery, FortiManager sets the FortiManager NATed IP address on FortiGate.

None

Refer to the exhibit. According to the error message, why is FortiManager failing to add the FortiAnalyzer device?

The administrator must select the Forti Manager administrative access checkbox on the Forti Analyzer management interface.

The administrator must use the correct user name and password of the FortiAnalyzer device.

The administrator must turn off the Use Legacy Device login and add the FortiAnalyzer device to the same network as Forti Manager.

The administrator must use the Add Model Device section and discover the Forti Analyzer device.

None

Refer to the exhibit.

On Forti Manager, an administrator created a new system template named Training with two new DNS addresses. During the installation preview stage, the administrator notices that central-management settings need to be purged.
What can be the main reason for the central-management purge command?

The Remote-FortiGate device does not have any DNS server-list configured in the central-management settings.

The ADOM is locked by another administrator.

The Training system template has a default FortiGuard widget.

The DNS addresses in the default system settings are the same as the Training system template.

None

10.

Which two statements about an ADOM set in Normal mode on Forti Manager are true?

It allows making configuration changes for managed devices on FortiManager panes.

You cannot assign the same ADOM to multiple administrators.

It supports the FortiManager script feature.

FortiManager automatically installs the configuration difference in revisions on the managed FortiGate.

11.

In the event that the monitored interface for the primary FortiManager device fails, which statement is true about Forti Manager HA?

Reboot the failed device to remove its IP from the primary device.

The FortiManager HA failover is transparent to administrators and does not require any reconfiguration.

Manually promote one of the working secondary devices to the primary role, and reboot the old primary device to remove the peer IP of the failed device

Reconfigure the primary device to remove the peer IP of the failed device.

None

12.

Which two items does an FGFM keepalive message include? (Choose two.)

FortiGate uptime

FortiGate IPS version

FortiGate license information

FortiGate configuration checksum

13.

You are moving managed FortiGate devices from one ADOM to a new ADOM. Which statement correctly describes the expected result?

Policy packages will be imported into the new ADOM automatically.

The shared policy package will not be moved to the new ADOM.

Any unused objects from a previous ADOM are moved to the new ADOM automatically.

The shared device settings will be installed automatically.

None

14.

Which configuration setting for FortiGate is part of a device-level database on FortiManager?

Security profiles

Routing

VIP and IP Pools

Firewall policies

None

15.

An administrator configures a new OSPF route on FortiManager and has not yet pushed the changes to the managed FortiGate device. In which database will the configuration be saved?

Configuration-level database

Device-level database

Revision history database

ADOM-level database

None

16.

Push updates are failing on a FortiGate device that is located behind a NAT device. Which two settings should the administrator check? (Choose two.)

That the external IP address on the NAT device is set to DHCP and configured with the virtual IP

That the NAT device IP address and correct ports are configured on FortiManager

That the virtual IP address and correct ports are set on the NAT device

That the override server IP address is set on FortiManager and the NAT device

17.

Which two conditions trigger FortiManager to create a new revision history? (Choose two.)

When FortiManager installs device-level changes to a managed device

When FortiManager is auto-updated with configuration changes made directly on a managed device

When changes to device-level database is made on FortiManager

When configuration revision is reverted to previous revision in the revision history

18.

What will happen if FortiAnalyzer features are enabled on FortiManager?

FortiManager will enable ADOMs to collect logs automatically from non-FortiGate devices.

FortiManager will keep all the logs and reports on the FortiManager.

FortiManager will install the logging configuration to the managed devices.

FortiManager can be used only as a logging device.

None

19.

In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices. The administrator sent a device registration to FortiManager from a remote FortiGate. Which one of the following statements is true?

The FortiGate will be automatically added to the Training ADOM.

The FortiGate will be added automatically to the default ADOM named FortiGate.

The FortiManager administrator must add the unregistered device manually to the unregistered device manually to the Training ADOM using the Add Device wizard

By default, the unregistered FortiGate will appear in the root ADOM.

None

20.

Refer to the exhibit. A junior administrator is troubleshooting a FortiManager connectivity issue that is occurring with managed FortiGate devices. Given the FortiManager device manager settings shown in the exhibit, what can you conclude from the exhibit?

The administrator must refresh both devices to restore connectivity.

The administrator can reclaim the FGFM tunnel to get both devices online.

The administrator had restored the Forti Manager configuration file.

Forti Manager lost internet connectivity, therefore, both devices appear to be down.

None

21.

What does a policy package status of Conflict indicate?

The policy configuration has never been imported after a device was registered on FortiManager.

The policy package reports inconsistencies and conflicts during a Policy Consistency Check.

The policy package configuration has been changed on both FortiManager and the managed device independently.

None

22.

An administrator has configured the command shown in the exhibit on FortiManager. A configuration change has been installed from FortiManager to the managed FortiGate that causes the FGFM tunnel to go down for more than 15 minutes. What is the purpose of this command?

It allows FortiGate to reboot and restore a previously working firmware image.

It allows FortiManager to revert and install a previous configuration revision on the managed FortiGate.

It allows FortiManager to unset the new configuration through CLI and reboot FortiGate.

It allows FortiGate to reboot and recover the previous configuration from its configuration file.

None

23.

Refer to the exhibit. You are using the Quick Install option to install configuration changes on the managed FortiGate. Which two statements correctly describe the result? (Choose two.)

It installs provisioning template changes on the FortiGate device.

It provides the option to preview only the policy package changes before installing them.

It installs device-level changes on the FortiGate device without launching the Install Wizard.

It installs all the changes in the device database first and the administrator must reinstall the changes on the FortiGate device.

24.

What is the advantage of using FortiManager to manage FortiAnalyzer?

It allows FortiManager to manage all FortiGate devices.

It allows FortiManager to act as a collector and FortiAnalyzer device.

It allows FortiManager to run reports based on FortiAnalyzer.

It allows FortiManager to store all managed FortiGate device logs.

None

25.

Refer to the exhibit. A service provider administrator has assigned a global policy package to a managed customer ADOM named My_ADOM, which has four policy packages. The customer administrator has access only to My_ADOM. How can customer or service provider administrators remove both global header and footer policies from the policy package named Shared_Package?

The service provider administrator can unassign both policies from the global ADOM

The customer administrator can unassign both polices by locking My_ADOM

The service provider administrator can unassign both global policies from My_ADOM

The customer administrator can unassign both global polices from My_ADOM

None

26.

Refer to the exhibit. An administrator logs in to the FortiManager GUI and sees the panes shown in the exhibit. Which two reasons can explain why the FortiAnalyzer feature panes do not appear? (Choose two.)

The administrator profile does not have full access privileges like the Super_User profile.

FortiAnalyzer features are not enabled on FortiManager.

The administrator workflow is enabled on the ADOM.

The admin session requires approval before administrator can see the FortiAnalyzer feature panes.

27.

An administrator with the Super_User profile is unable to log in to FortiManager because of an authentication failure message. Which troubleshooting step should you take to resolve the issue?

Make sure FortiManager Access is enabled in the administrator profile

Make sure the administrator IP address is part of the trusted hosts.

Make sure ADOMs are enabled and the administrator has access to the Global ADOM

Make sure Offline Mode is disabled

None

28.

An administrator enabled workspace mode and now wants to delete an address object that is currently referenced in a firewall policy. Which two results can the administrator expect to happen? (Choose two.)

FortiManager will disable the status of the address object.

FortiManager will temporarily change the status of the referenced firewall policy.

FortiManager will not allow the administrator to delete a referenced address object until the ADOM is locked.

FortiManager will replace the deleted address object with the none address object in the referenced firewall policy.

29.

When an installation is performed from FortiManager, what is the recovery logic used between FortiManager and FortiGate for an FGFM tunnel?

FortiManager will not push the CLI commands as a part of the installation that will cause the tunnel to go down.

FortiManager will revert and install a previous configuration revision on the managed FortiGate.

After 15 minutes, FortiGate will unset all CLI commands that were part of the installation that caused the tunnel to go down.

FortiGate will reject the CLI commands that will cause the tunnel to go down.

None

30.

What will be the result of reverting to a previous revision version in the revision history?

It will install configuration changes to managed device automatically.

It will modify the device-level database.

It will tag the device settings status as Auto-Update.

It will generate a new version ID and remove all other revision history versions.

None

Time's up

Follow Us

Fortinet NSE5 Forti Manager v7.2

PCNSE – Palo Alto Certified Network Security Engineer

No Comment! Be the first one.

Leave a Reply Cancel reply

Popular

IPv4 Addressing and Subnetting

Get Free eBooks

Social

Newsletter

Follow Us

Type and hit Enter to search

Fortinet NSE5 Forti Manager v7.2

Share Article

PCNSE – Palo Alto Certified Network Security Engineer

No Comment! Be the first one.

Leave a Reply Cancel reply

Popular

IPv4 Addressing and Subnetting

Get Free eBooks

Social

Newsletter