CertsTopics Logo

Summer Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Fortinet NSE5_FMG-7.2 Dumps

Page: 1 / 7
Total 97 questions
Get NSE5_FMG-7.2 Full Access Download NSE5_FMG-7.2 PDF

Fortinet NSE 5 - FortiManager 7.2 Questions and Answers

Question 1

An administrator has assigned a global policy package to a new ADOM called ADOM1. What will happen if the administrator tries to create a new policy package in ADOM1?

Options:

A.

When creating a new policy package, the administrator can select the option to assign the global policy

package to the new policy package

B.

When a new policy package is created, the administrator needs to reapply the global policy package to

ADOM1.

C.

When a new policy package is created, the administrator must assign the global policy package from the global ADOM.

D.

When the new policy package is created, FortiManager automatically assigns the global policy package to the new policy package.

Question 2

An administrator would like to review, approve, or reject all the firewall policy changes made by the junior

administrators.

How should the Workspace mode be configured on FortiManager?

Options:

A.

Set to workflow and use the ADOM locking feature

B.

Set to read/write and use the policy locking feature

C.

Set to normal and use the policy locking feature

D.

Set to disable and use the policy locking feature

Question 3

Which two items does an FGFM keepalive message include? (Choose two.)

Options:

A.

FortiGate uptime

B.

FortiGate license information

C.

FortiGate IPS version

D.

FortiGate configuration checksum

Question 4

In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices. The administrator sent a device registration to FortiManager from a remote FortiGate. Which one of the following statements is true?

Options:

A.

The FortiGate will be added automatically to the default ADOM named FortiGate.

B.

The FortiGate will be automatically added to the Training ADOM.

C.

By default, the unregistered FortiGate will appear in the root ADOM.

D.

The FortiManager administrator must add the unregistered device manually to the unregistered device

manually to the Training ADOM using the Add Device wizard

Question 5

View the following exhibit.

Which statement is true regarding this failed installation log?

Options:

A.

Policy ID 2 is installed without a source address

B.

Policy ID 2 will not be installed

C.

Policy ID 2 is installed in disabled state

D.

Policy ID 2 is installed without a source device

Question 6

What is the purpose of the Policy Check feature on FortiManager?

Options:

A.

To find and provide recommendation to combine multiple separate policy packages into one common

policy package

B.

To find and merge duplicate policies in the policy package

C.

To find and provide recommendation for optimizing policies in a policy package

D.

To find and delete disabled firewall policies in the policy package

Question 7

Which configuration setting for FortiGate is part of a device-level database on FortiManager?

Options:

A.

VIP and IP Pools

B.

Firewall policies

C.

Security profiles

D.

Routing

Question 8

Refer to the exhibit.

Which two statements about the output are true? (Choose two.)

Options:

A.

The latest revision history for the managed FortiGate does match with the FortiGate running configuration

B.

Configuration changes have been installed to FortiGate and represents FortiGate configuration has been changed

C.

The latest history for the managed FortiGate does not match with the device-level database

D.

Configuration changes directly made on the FortiGate have been automatically updated to device-level

database

Question 9

Refer to the exhibits.

Exhibit one.

Exhibit two.

An administrator created a new system template named Training with two new DNS addresses on FortiManager. During the installation preview stage, the administrator notices that many unset commands need to be pushed.

What can be the main reason for these unset commands?

Options:

A.

The DNS addresses in the default system settings are the same as the Training system template

B.

The Training system template has other default settings

C.

The ADOM is locked by another administrator

D.

The Training system template does not have assigned devices

Question 10

View the following exhibit.

What is the purpose of setting ADOM Mode to Advanced?

Options:

A.

The setting allows automatic updates to the policy package configuration for a managed device

B.

The setting enables the ADOMs feature on FortiManager

C.

This setting allows you to assign different VDOMs from the same FortiGate to different ADOMs.

D.

The setting disables concurrent ADOM access and adds ADOM locking

Question 11

An administrator configures a new firewall policy on FortiManager and has not yet pushed the changes to the

managed FortiGate.

In which database will the configuration be saved?

Options:

A.

Device-level database

B.

Revision history database

C.

ADOM-level database

D.

Configuration-level database

Question 12

Refer to the exhibit.

An administrator has created a firewall address object, Training which is used in the Local-FortiGate policy package.

When the installation operation is performed, which IP/Netmask will be installed on the Local-FortiGate, for the Training firewall address object?

Options:

A.

192.168.0.1/24

B.

10.200.1.0/24

C.

It will create a firewall address group on Local-FortiGate with 192.168.0.1/24 and 10.0.1.0/24 object values.

D.

Local-FortiGate will automatically choose an IP/Netmask based on its network interface settings.

Question 13

An administrator’s PC crashes before the administrator can submit a workflow session for approval. After the PC is restarted, the administrator notices that the ADOM was locked from the session before the crash.

How can the administrator unlock the ADOM?

Options:

A.

Restore the configuration from a previous backup.

B.

Log in as Super_User in order to unlock the ADOM.

C.

Log in using the same administrator account to unlock the ADOM.

D.

Delete the previous admin session manually through the FortiManager GUI or CLI.

Question 14

Which two statements regarding device management on FortiManager are true? (Choose two.)

Options:

A.

FortiGate devices in HA cluster devices are counted as a single device.

B.

FortiGate in transparent mode configurations are not counted toward the device count on FortiManager.

C.

FortiGate devices in an HA cluster that has five VDOMs are counted as five separate devices.

D.

The maximum number of managed devices for each ADOM is 500.

Question 15

An administrator has enabled Service Access on FortiManager.

What is the purpose of Service Access on the FortiManager interface?

Options:

A.

Allows FortiManager to download IPS packages

B.

Allows FortiManager to respond to request for FortiGuard services from FortiGate devices

C.

Allows FortiManager to run real-time debugs on the managed devices

D.

Allows FortiManager to automatically configure a default route

Question 16

Refer to the exhibit.

Which two statements about an ADOM set in Normal mode on FortiManager are true? (Choose two.)

Options:

A.

It supports the FortiManager script feature

B.

It allows making configuration changes for managed devices on FortiManager panes

C.

FortiManager automatically installs the configuration difference in revisions on the managed FortiGate

D.

You cannot assign the same ADOM to multiple administrators

Question 17

Which two items are included in the FortiManager backup? (Choose two.)

Options:

A.

FortiGuard database

B.

Global database

C.

Logs

D.

All devices

Question 18

Refer to the exhibit.

An administrator logs into the FortiManager GUI and sees the panes shown in the exhibit.

Which two reasons can explain why the FortiAnalyzer feature panes do not appear? (Choose two.)

Options:

A.

The administrator logged in using the unsecure protocol HTTP, so the view is restricted.

B.

The administrator profile does not have full access privileges like the Super_User profile.

C.

The administrator IP address is not a part of the trusted hosts configured on FortiManager interfaces.

D.

FortiAnalyzer features are not enabled on FortiManager.

Question 19

What will be the result of reverting to a previous revision version in the revision history?

Options:

A.

It will install configuration changes to managed device automatically

B.

It will tag the device settings status as Auto-Update

C.

It will generate a new version ID and remove all other revision history versions

D.

It will modify the device-level database

Question 20

What is the purpose of ADOM revisions?

Options:

A.

To create System Checkpoints for the FortiManager configuration.

B.

To save the current state of the whole ADOM.

C.

To save the current state of all policy packages and objects for an ADOM.

D.

To revert individual policy packages and device-level settings for a managed FortiGate by reverting to a specific ADOM revision

Question 21

What does the diagnose dvm check-integrity command do? (Choose two.)

Options:

A.

Internally upgrades existing ADOMs to the same ADON version in order to clean up and correct the ADOM

syntax

B.

Verifies and corrects unregistered, registered, and deleted device states

C.

Verifies and corrects database schemas in all object tables

D.

Verifies and corrects duplicate VDOM entries

Question 22

What does a policy package status of Modified indicate?

Options:

A.

FortiManager is unable to determine the policy package status

B.

The policy package was never imported after a device was registered on FortiManager

C.

The Policy configuration has been changed on a managed device and changes have not yet been imported into FortiManager

D.

The Policy package configuration has been changed on FortiManager and changes have not yet been installed on the managed device.

Question 23

In the event that one of the secondary FortiManager devices fails, which action must be performed to return the FortiManager HA manual mode to a working state?

Options:

A.

The FortiManaqer HA state transition is transparent to administrators and does not require any reconfiguration.

B.

Manually promote one of the working secondary devices to the primary role, and reboot the old primary device to remove the peer IP of the failed device.

C.

Reconfigure the primary device to remove the peer IP of the failed device.

D.

Reboot the failed device to remove its IP from the primary device.

Question 24

An administrator has enabled Service Access on FortiManager. What is the purpose of Service Access on the FortiManager interface?

Options:

A.

It allows FortiManager to respond to requests for FortiGuard services from FortiGate devices.

B.

It allows FortiManager to determine the connection status of managed devices.

C.

It allows administrative access to FortiManager.

D.

It allows third-party applications to gain read/write access to FortiManager.

Question 25

An administrator has assigned a global policy package to custom ADOM1. Then the administrator creates a new policy package Fortinet in the custom ADOM1. What will happen to the Fortinet policy package when it is created?

Options:

A.

You need to assign the global policy package from the global ADOM

B.

You need to reapply the global poky package to the ADOM

C.

it automatically assigns the global policies

D.

You can select the option to assign the global polices

Question 26

Which two settings are required for FortiManager Management Extension Applications (MEA)? (Choose two.)

Options:

A.

When you configure MEA, you must open TCP or UDP port 540.

B.

You must open the ports to the Fortinet registry

C.

You must create a MEA special policy on FortiManager using the super user profile

D.

The administrator must have the super user profile.

Question 27

What will happen if FortiAnalyzer features are enabled on FortiManager?

Options:

A.

FortiManager will keep all the logs and reports on the FortiManager.

B.

FortiManager will enable ADOMs to collect logs automatically from non-FortiGate devices.

C.

FortiManager will install the logging configuration to the managed devices

D.

FortiManager can be used only as a logging device.

Question 28

View the following exhibit.

When using Install Config option to install configuration changes to managed FortiGate, which of the following statements are true? (Choose two.)

Options:

A.

Once initiated, the install process cannot be canceled and changes will be installed on the managed device

B.

Will not create new revision in the revision history

C.

Installs device-level changes to FortiGate without launching the Install Wizard

D.

Provides the option to preview configuration changes prior to installing them

Question 29

Refer to the exhibit.

How will FortiManager try to get updates for antivirus and IPS?

Options:

A.

From the list of configured override servers or public FDN servers

B.

From the default server fds1.fortinet.com

C.

From the configured override server IP address 10.0.1.50 only

D.

From public FDNI server IP address with the fourth highest octet only

Page: 1 / 7
Total 97 questions
Get NSE5_FMG-7.2 Full Access Download NSE5_FMG-7.2 PDF