New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

NSE5_FMG-7.2 Questions and Answers

Question # 6

View the following exhibit.

Which one of the following statements is true regarding the object named ALL?

A.

FortiManager updated the object ALL using FortiGate’s value in its database

B.

FortiManager updated the object ALL using FortiManager’s value in its database

C.

FortiManager created the object ALL as a unique entity in its database, which can be only used by this

managed FortiGate.

D.

FortiManager installed the object ALL with the updated value.

Full Access
Question # 7

Which three settings are the factory default settings on FortiManager? (Choose three.)

A.

The administrative domain is disabled.

B.

The Port1 interface IP address is 192.168.1.99/24.

C.

Management Extension applications are enabled.

D.

The FortiManager setup wizard is disabled.

E.

FortiAnalvzer features are disabled.

Full Access
Question # 8

Which of the following statements are true regarding VPN Gateway configuration in VPN Manager? (Choose two.)

A.

Managed gateways are devices managed by FortiManager in the same ADOM

B.

External gateways are third-party VPN gateway devices only

C.

Protected subnets are the subnets behind the device that you don’t want to allow access to over the IPsec

VPN

D.

Managed devices in other ADOMs must be treated as external gateways

Full Access
Question # 9

Refer to the exhibit.

In the event that the monitored interface for the primary FortiManager device fails, which statement is true about FortiManager HA?

A.

Manually promote one of the working secondary devices to the primary role, and reboot the old primary device to remove the peer IP of the failed device.

B.

Reboot the failed device to remove its IP from the primary device.

C.

Reconfigure the primary device lo remove the peer IP of the failed device.

D.

The FortiManager HAfailover is transparent to administrators and does not require any reconfiguration.

Full Access
Question # 10

An administrator is replacing a failed device on FortiManager by running the following command:

execute device replace sn .

Which device name and serial number must the administrator use?

A.

The device name of the new device and serial number of the failed device

B.

The device name and serial number of the failed device

C.

The device name of the failed device and serial number of the new device

D.

The device name and serial number of the new device

Full Access
Question # 11

An administrator has enabled Service Access on FortiManager. What is the purpose of Service Access on the FortiManager interface?

A.

It allows FortiManager to respond to requests for FortiGuard services from FortiGate devices.

B.

It allows FortiManager to determine the connection status of managed devices.

C.

It allows administrative access to FortiManager.

D.

It allows third-party applications to gain read/write access to FortiManager.

Full Access
Question # 12

Refer to the exhibit.

An administrator has created a firewall address object that is used in multiple policy packages for multiple FortiGate devices in an ADOM.

After the installation operation is performed, which IP/netmask will be shown on FortiManager for this firewall address object without specify Per-Device Mapping?

A.

The FortiManager replaces the address object to none.

B.

0.0.0.0/0.

C.

192.168.1.0/24.

D.

10.0.5.0/24.

Full Access
Question # 13

Refer to the exhibit.

An administrator wants to create a policy on the Staging ADOM in backup mode, and install it on the FortiGate device in the same ADOM.

How can the administrator perform this task?

A.

The administrator must use the Policy & Objects section to create a policy first.

B.

The administrator must use the FortiManager script.

C.

The administrator must disable the FortiManager offline mode first.

D.

The administrator must change the ADOM mode to Advanced to bring the FortiManager online.

Full Access
Question # 14

In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices. The administrator authorized the FortiGate device on FortiManager using the Fortinet Security Fabric.

Given the administrator's actions, which statement correctly describes the expected result?

A.

The FortiManager administrator must add the authorized device to the Training ADOM using the Add Device wizard only.

B.

The authorized FortiGate will be automatically added to the Training ADOM.

C.

The authorized FortiGate will appear in the root ADOM.

D.

The authorized FortiGate can be added to the Training ADOM using FortiGate Fabric Connectors.

Full Access
Question # 15

An administrator would like to authorize a newly-installed AP using AP Manager. What steps does the administrator need to perform to authorize an AP?

A.

Authorize the new AP using AP Manager and wait until the change is updated on the FortiAP. Changes to the AP's state do not require installation.

B.

Changes to the AP's state must be performed directly on the managed FortiGate.

C.

Authorize the new AP using AP Manager and install the policy package changes on the managed FortiGate.

D.

Authorize the new AP using AP Manager and install the device level settings on the managed FortiGate.

Full Access
Question # 16

What are two outcomes of ADOM revisions? (Choose two.)

A.

ADOM revisions can significantly increase the size of the configuration backups.

B.

ADOM revisions can save the current size of the whole ADOM

C.

ADOM revisions can create System Checkpoints for the FortiManager configuration

D.

ADOM revisions can save the current state of all policy packages and objects for an ADOM

Full Access
Question # 17

Which configuration setting for FortiGate is part of a device-level database on FortiManager?

A.

VIP and IP Pools

B.

Firewall policies

C.

Security profiles

D.

Routing

Full Access
Question # 18

An administrator with the Super_User profile is unable to log in to FortiManager because of an authentication failure message.

Which troubleshooting step should you take to resolve the issue?

A.

Make sure FortiManager Access is enabled in the administrator profile

B.

Make sure Offline Mode is disabled

C.

Make sure the administrator IP address is part of the trusted hosts.

D.

Make sure ADOMs are enabled and the administrator has access to the Global ADOM

Full Access
Question # 19

An administrator would like to review, approve, or reject all the firewall policy changes made by the junior

administrators.

How should the Workspace mode be configured on FortiManager?

A.

Set to workflow and use the ADOM locking feature

B.

Set to read/write and use the policy locking feature

C.

Set to normal and use the policy locking feature

D.

Set to disable and use the policy locking feature

Full Access
Question # 20

What will happen if FortiAnalyzer features are enabled on FortiManager?

A.

FortiManager will reboot

B.

FortiManager will send the logging configuration to the managed devices so the managed devices will start sending logs to FortiManager

C.

FortiManager will enable ADOMs automatically to collect logs from non-FortiGate devices

D.

FortiManager can be used only as a logging device.

Full Access
Question # 21

An administrator has assigned a global policy package to a new ADOM called ADOM1. What will happen if the administrator tries to create a new policy package in ADOM1?

A.

When creating a new policy package, the administrator can select the option to assign the global policy

package to the new policy package

B.

When a new policy package is created, the administrator needs to reapply the global policy package to

ADOM1.

C.

When a new policy package is created, the administrator must assign the global policy package from the global ADOM.

D.

When the new policy package is created, FortiManager automatically assigns the global policy package to the new policy package.

Full Access
Question # 22

In the event that the primary FortiManager fails, which of the following actions must be performed to return the FortiManager HA to a working state?

A.

Secondary device with highest priority will automatically be promoted to the primary role, and manually

reconfigure all other secondary devices to point to the new primary device

B.

Reboot one of the secondary devices to promote it automatically to the primary role, and reconfigure all other secondary devices to point to the new primary device.

C.

Manually promote one of the secondary devices to the primary role, and reconfigure all other secondary devices to point to the new primary device.

D.

FortiManager HA state transition is transparent to administrators and does not require any reconfiguration.

Full Access
Question # 23

Refer to the following exhibit:

Which of the following statements are true based on this configuration? (Choose two.)

A.

The same administrator can lock more than one ADOM at the same time

B.

Ungraceful closed sessions will keep the ADOM in a locked state until the administrator session times out

C.

Unlocking an ADOM will submit configuration changes automatically to the approval administrator

D.

Unlocking an ADOM will install configuration automatically on managed devices

Full Access
Question # 24

What is the purpose of the Policy Check feature on FortiManager?

A.

To find and provide recommendation to combine multiple separate policy packages into one common

policy package

B.

To find and merge duplicate policies in the policy package

C.

To find and provide recommendation for optimizing policies in a policy package

D.

To find and delete disabled firewall policies in the policy package

Full Access
Question # 25

An administrator, Trainer, who is assigned the Super_User profile, is trying to approve a workflow session that was submitted by another administrator, Student. However, Trainer is unable to approve the workflow session.

What can prevent an admin account that has Super_User rights over the device from approving a workflow session?

A.

Trainer is not a part of workflow approval group

B.

Trainer does not have full rights over this ADOM

C.

Trainer must close Student’s workflow session before approving the request

D.

Student, who submitted the workflow session, must first self-approve the request

Full Access
Question # 26

What is the purpose of ADOM revisions?

A.

To create System Checkpoints for the FortiManager configuration.

B.

To save the current state of the whole ADOM.

C.

To save the current state of all policy packages and objects for an ADOM.

D.

To revert individual policy packages and device-level settings for a managed FortiGate by reverting to a specific ADOM revision

Full Access
Question # 27

An administrator is replacing a device on FortiManager by running the following command:

execute device replace sn .

What device name and serial number must the administrator use?

A.

Device name and serial number of the original device.

B.

Device name and serial number of the replacement device.

C.

Device name of the replacement device and serial number of the original device.

D.

Device name of the original device and serial number of the replacement device.

Full Access
Question # 28

Which two statements regarding device management on FortiManager are true? (Choose two.)

A.

FortiGate devices in HA cluster devices are counted as a single device.

B.

FortiGate in transparent mode configurations are not counted toward the device count on FortiManager.

C.

FortiGate devices in an HA cluster that has five VDOMs are counted as five separate devices.

D.

The maximum number of managed devices for each ADOM is 500.

Full Access
Question # 29

An administrator configures a new firewall policy on FortiManager and has not yet pushed the changes to the

managed FortiGate.

In which database will the configuration be saved?

A.

Device-level database

B.

Revision history database

C.

ADOM-level database

D.

Configuration-level database

Full Access
Question # 30

Refer to the exhibit.

An administrator logs into the FortiManager GUI and sees the panes shown in the exhibit.

Which two reasons can explain why the FortiAnalyzer feature panes do not appear? (Choose two.)

A.

The administrator logged in using the unsecure protocol HTTP, so the view is restricted.

B.

The administrator profile does not have full access privileges like the Super_User profile.

C.

The administrator IP address is not a part of the trusted hosts configured on FortiManager interfaces.

D.

FortiAnalyzer features are not enabled on FortiManager.

Full Access