DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Pass the Fortinet NSE5 Exam Easily with Updated NSE5_FMG-7.2 Practice Questions

Preparing for the Fortinet NSE5_FMG-7.2 exam requires a strategic approach, and SPOTO offers valuable resources to aid in your preparation. Their collection of exam questions and answers is designed to emulate the actual exam environment, allowing you to practice with confidence and familiarize yourself with the exam format. By utilizing SPOTO's test questions, you can assess your knowledge and identify areas that need improvement, ensuring a thorough exam preparation process. Their study materials provide comprehensive coverage of the exam syllabus, equipping you with the necessary knowledge and skills to pass successfully. Additionally, SPOTO offers exam resources such as tips, strategies, and mock exams to enhance your preparation further. Engaging in mock exams helps simulate real exam conditions, improving your time management and confidence levels. With SPOTO's support, you can be well-prepared and confident to tackle the NSE5_FMG-7.2 exam and achieve success.
Take other online exams

Question #1
What does a policy package status of Modified indicate?
A. FortiManager is unable to determine the policy package status
B. The policy package was never imported after a device was registered on FortiManager
C. Policy configuration has been changed on a managed device and changes have not yet been imported into FortiManager
D. Policy package configuration has been changed on FortiManager and changes have not yet been installed on the managed device
View answer
Correct Answer: D
Question #2
View the following exhibit.When using Install Config option to install configuration changes to managed FortiGate, which of the following statements are true? (Choose two.)
A. Once initiated, the install process cannot be canceled and changes will be installed on the managed device
B. Will not create new revision in the revision history
C. Installs device-level changes to FortiGate without launching the Install Wizard
D. Provides the option to preview configuration changes prior to installing them
View answer
Correct Answer: AC
Question #3
What does a policy package status of Modified indicate?
A. The policy configuration has been changed on a managed device and changes have not yet been imported into FortiManager
B. The policy package was never imported after a device was registered on FortiManager
C. FortiManager is unable to determine the policy package status
D. The policy configuration has been changed on FortiManager and changes have not yet been installed on the managed device
View answer
Correct Answer: D
Question #4
You are moving managed FortiGate devices from one ADOM to a new ADOM.Which statement correctly describes the expected result?
A. Policy packages will be imported into the new ADOM automatically
B. Any pending device settings will be installed automatically
C. The shared policy package will not be moved to the new ADOM
D. Any unused objects from a previous ADOM are moved to the new ADOM automatically
View answer
Correct Answer: A
Question #5
You are moving managed FortiGate devices from one ADOM to a new ADOM. Which statement correctly describes the expected result?
A. econdary device with highest priority will automatically be promoted to the primary role, and manuallyreconfigure all other secondary devices to point to the new primary device
B. eboot one of the secondary devices to promote it automatically to the primary role, and reconfigure all other secondary devices to point to the new primary device
C. anually promote one of the secondary devices to the primary role, and reconfigure all other secondary devices to point to the new primary device
D. ortiManager HA state transition is transparent to administrators and does not require any reconfiguration
View answer
Correct Answer: C
Question #6
An administrator would like to review, approve, or reject all the firewall policy changes made by the junior administrators.How should the Workspace mode be configured on FortiManager?
A. Set to workflow and use the ADOM locking feature
B. Set to disable and use the policy locking feature
C. Set to normal and use the policy locking feature
D. Set to read/write and use the policy locking feature
View answer
Correct Answer: A
Question #7
Refer to the exhibit.What can you conclude from the failed installation log shown in the exhibit?
A. Policy ID 2 will not be installed
B. Policy ID 2 is installed in the disabled state
C. Policy ID 2 is installed without a source address
D. Policy ID 2 is installed without the remote user student
View answer
Correct Answer: A
Question #8
View the following exhibit:
A. The administrator IP address is not a part of the trusted hosts configured on FortiManager"?s interfaces
B. FortiAnalyzer features are not enabled on FortiManager
C. The administrator logged in using unsecure protocol HTTP, so the view is restricted
D. The administrator profile does not have full access privileges like the Super_User profile
View answer
Correct Answer: AB
Question #9
In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices. The administrator sent a device registration to FortiManager from a remote FortiGate. Which one of the following statements is true?
A. he FortiGate will be added automatically to the default ADOM named FortiGate
B. he FortiGate will be automatically added to the Training ADOM
C. y default, the unregistered FortiGate will appear in the root ADOM
D. he FortiManager administrator must add the unregistered device manually to the unregistered device manually to the Training ADOM using the Add Device wizard
View answer
Correct Answer: C
Question #10
Which of the following are included in the FortiManager backup? (Choose two.)
A. Global database
B. FortiGuard database
C. Logs
D. All devices
View answer
Correct Answer: CD
Question #11
What will be the result of reverting to a previous revision version in the revision history?
A. It will install configuration changes to managed device automatically
B. It will tag the device settings status as Auto-Update
C. It will generate a new version ID and remove all other revision history versions
D. It will modify the device-level database
View answer
Correct Answer: D
Question #12
Which two items does an FGFM keepalive message include? (Choose two.)
A. FortiGate configuration checksum
B. FortiGate IPS version
C. FortiGate license information
D. FortiGate uptime
View answer
Correct Answer: AB
Question #13
An administrator run the reload failure command: diagnose test deploymanager reload config on FortiManager. What does this command do?
A. t downloads the latest configuration from the specified FortiGate and performs a reload operation on the device database
B. t installs the latest configuration on the specified FortiGate and update the revision history database
C. t compares and provides differences in configuration on FortiManager with the current running configuration of the specified FortiGate
D. t installs the provisioning template configuration on the specified FortiGate
View answer
Correct Answer: A
Question #14
In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices. The administrator sent a device registration request to FortiManager from a remote FortiGate. Which one of the following statements is true?
A. The FortiGate will be automatically added to the Training ADOM
B. By default, the unregistered FortiGate will appear in the root ADOM
C. The FortiManager administrator must add the unregistered device manually to the Training ADOM using the Add Device wizard
D. The FortiGate will be added automatically to the default ADOM named FortiGate
View answer
Correct Answer: B
Question #15
Refer to the exhibit.An administrator, Trainer, who is assigned the Super_User profile, is trying to approve a workflow session that was submitted by another administrator, Student. However, Trainer is unable to approve the workflow session.What can prevent an admin account that has Super_User rights over the device from approving a workflow session?
A. Trainer must close Student's workflow session before approving the request
B. Trainer does not have full rights over this ADOM
C. Student, who submitted the workflow session, must first self-approve the request
D. Trainer is not a part of workflow approval group
View answer
Correct Answer: D
Question #16
Which two conditions trigger FortiManager to create a new revision history? (Choose two.)
A. fter 15 minutes, FortiGate will unset all CLI commands that were part of the installation that caused the tunnel to go down
B. ortiManager will revert and install a previous configuration revision on the managed FortiGate
C. ortiGate will reject the CLI commands that will cause the tunnel to go down
D. ortiManager will not push the CLI commands as a part of the installation that will cause the tunnel to go down
View answer
Correct Answer: BC
Question #17
View the following exhibit.Which statement is true regarding this failed installation log?
A. olicy ID 2 is installed without a source address
B. olicy ID 2 will not be installed
C. olicy ID 2 is installed in disabled state
D. olicy ID 2 is installed without a source device
View answer
Correct Answer: D
Question #18
View the following exhibit.
A. The Install On column value represents successful installation on the managed devices
B. Policy seq=3 will be installed on all managed devices and VDOMs that are listed under Installation Targets
C. Policy seq=3 will be installed on the Trainer[NAT] VDOM only
D. Policy seq=3 will be not installed on any managed device
View answer
Correct Answer: B
Question #19
When an installation is performed from FortiManager, what is the recovery logic used between FortiManager and FortiGate for an FGFM tunnel?
A. FortiGate will reject the CLI commands that will cause the tunnel to go down
B. FortiManager will revert and install a previous configuration revision on the managed FortiGate
C. FortiManager will not push the CLI commands as part of the installation that will cause the tunnel to go down
D. After 15 minutes, FortiGate will unset all CLI commands that were part of the installation that caused the tunnel to go down
View answer
Correct Answer: D
Question #20
Refer to the exhibit.Given the configuration shown in the exhibit, how did FortiManager handle the service category named General?
A. FortiManager ignored the firewall service category General and updated the FortiGate duplicate value in the FortiGate database
B. FortiManager ignored the firewall service category General and did not update its database with the value
C. FortiManager ignored the firewall service category General but created a new service category in its database
D. FortiManager ignored the firewall service category General and deleted the duplicate value in its database
View answer
Correct Answer: B
Question #21
View the following exhibit.Based on the configuration setting, which one of the following statements is true?
A. he setting allows automatic updates to the policy package configuration for a managed device
B. he setting enables the ADOMs feature on FortiManager
C. his setting allows you to assign different VDOMs from the same FortiGate to different ADOMs
D. he setting disables concurrent ADOM access and adds ADOM locking
View answer
Correct Answer: C
Question #22
View the following exhibit.Based on the configuration setting, which one of the following statements is true?
A. he setting allows automatic updates to the policy package configuration for a managed device
B. he setting enables the ADOMs feature on FortiManager
C. his setting allows you to assign different VDOMs from the same FortiGate to different ADOMs
D. he setting disables concurrent ADOM access and adds ADOM locking
View answer
Correct Answer: C
Question #23
An administrator has assigned a global policy package to custom ADOM1. Then the administrator created a new policy package, Fortinet, in the custom ADOM1.Which one of the following statements is true regarding global policy package assignment to the newly-created policy package Fortinet?
A. When a new policy package is created, you need to reapply the global policy package to the ADOM
B. When a new policy package is created, it automatically assigns the global policies to the new package
C. When a new policy package is created, you need to assign the global policy package from the global ADOM
D. When a new policy package is created, you can select the option to assign the global policies to the new package
View answer
Correct Answer: B
Question #24
Refer to the exhibit.
A. Policy ID 2 does not have ADOM Interface mapping configured on FortiManager
B. Policy ID 2 for this managed FortiGate already exists on FortiManager in policy package named Remote-FortiGate
C. The address object used in policy ID 2 already exists in the ADOM database with any as the interface association, and conflicts with the address object interface association locally on FortiGate
D. Policy ID 2 is configured from the interface any to port6
View answer
Correct Answer: C
Question #25
What does a policy package status of Never Installed indicate?
A. The policy configuration has been changed on a managed device and changes have not yet been imported into FortiManager
B. FortiManager is unable to determine the policy package status
C. The policy configuration has been changed on FortiManager and changes have not yet been installed on the managed device
D. The policy package was never imported after a device was registered on FortiManager
View answer
Correct Answer: D
Question #26
An administrator"?s PC crashed before the administrator could submit a workflow session for approval. After the PC restarted, the administrator noticed that theADOM was locked from the session before the crash. How can the administrator unlock the ADOM?
A. The administrator must log in as Super_User in order to unlock the ADOM
B. The administrator must restore the configuration from a previous backup
C. Delete the previous admin session manually through the FortiManager"?s GUI or CLI
D. The administrator must log in using the same administrator account to unlock the ADOM
View answer
Correct Answer: D
Question #27
In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices. The administrator sent a device registration to FortiManager from a remote FortiGate. Which one of the following statements is true?
A. he FortiGate will be added automatically to the default ADOM named FortiGate
B. he FortiGate will be automatically added to the Training ADOM
C. y default, the unregistered FortiGate will appear in the root ADOM
D. he FortiManager administrator must add the unregistered device manually to the unregistered devicemanually to the Training ADOM using the Add Device wizard
View answer
Correct Answer: C
Question #28
An administrator wants to delete an address object that is currently referenced in a firewall policy. What can the administrator expect to happen?
A. et to workflow and use the ADOM locking feature
B. et to read/write and use the policy locking feature
C. et to normal and use the policy locking feature
D. et to disable and use the policy locking feature
View answer
Correct Answer: C
Question #29
Refer to the exhibit.Which statement about the object named ALL is true?
A. ortiManager updated the object ALL using the FortiGate value in its database
B. ortiManager installed the object ALL with the updated value
C. ortiManager created the object ALL as a unique entity in its database, which can be only used by thismanaged FortiGate
D. ortiManager updated the object ALL using the FortiManager value in its database
View answer
Correct Answer: A
Question #30
Refer to the exhibit.How will FortiManager try to get updates for antivirus and IPS?
A. From the list of configured override servers that have the ability to fall back to public FDN servers
B. From the default server fdsl
C. From public FDNI servers with the highest index number only
D. From the configured override server list only
View answer
Correct Answer: A
Question #31
Refer to the exhibit.What is the purpose of setting ADOM Mode to Advanced?
A. This setting enables the ADOMs feature on FortiManager
B. This setting allows you to assign a VDOM when offline mode is enabled
C. This setting disables concurrent ADOM access and adds ADOM locking
D. This setting allows you to assign a VDOM from a single device to a different ADOM
View answer
Correct Answer: D
Question #32
Refer to the exhibit.If both FortiManager and FortiGate are behind the NAT devices, what are the two expected results? (Choose two.)
A. During discovery, the FortiManager NATed IP address is not set by default on FortiGate
B. If the FGFM tunnel is torn down, FortiManager will try to re-establish the FGFM tunnel
C. FortiGate is discovered by FortiManager through the FortiGate NATed IP address
D. FortiGate can announce itself to FortiManager only if the FortiManager non-NATed IP address is configured on FortiGate under central management
View answer
Correct Answer: AB
Question #33
Refer to the exhibit.Given the configuration shown in the exhibit, which two statements are true? (Choose two.)
A. Ungraceful closed sessions will keep the ADOM in a locked state until the administrator session times out
B. The same administrator can lock more than one ADOM at the same time
C. Unlocking an ADOM will submit configuration changes automatically to the approval administrator
D. Unlocking an ADOM will install configuration changes automatically on managed devices
View answer
Correct Answer: AB
Question #34
An administrator run the reload failure command: diagnose test deploymanager reload config on FortiManager. What does this command do?
A. t downloads the latest configuration from the specified FortiGate and performs a reload operation on the device database
B. t installs the latest configuration on the specified FortiGate and update the revision history database
C. t compares and provides differences in configuration on FortiManager with the current running configuration of the specified FortiGate
D. t installs the provisioning template configuration on the specified FortiGate
View answer
Correct Answer: A
Question #35
What is the advantage of using FortiManager to manage FortiAnalyzer?
A. It allows FortiManager to act as a collector and FortiAnalyzer device
B. It allows FortiManager to manage all FortiGate devices
C. It allows FortilManager to run reports based on FortiAnalyzer
D. It allows FortiManager to store all managed FortiGate device logs
View answer
Correct Answer: A
Question #36
Which two conditions trigger FortiManager to create a new revision history? (Choose two.)
A. When FortiManager is auto-updated with configuration changes made directly on a managed device
B. When changes to the device-level database are made on FortiManager
C. When FortiManager installs device-level changes on a managed device
D. When a configuration revision is reverted to a previous revision in the revision history
View answer
Correct Answer: BC
Question #37
Refer to the exhibit.What is the purpose of setting ADOM Mode to Advanced?
A. This setting enables the ADOMs feature on FortiManager
B. This setting allows automatic updates to the policy package configuration for a managed device
C. This setting allows you to assign different VDOMs from the same FortiGate to different ADOMs
D. This setting disables concurrent ADOM access and adds ADOM locking
View answer
Correct Answer: C
Question #38
Which two statements about the scheduled backup of FortiManager are true? (Choose two.)
A. It can be configured using the CLI and GUI
B. It does not back up firmware images saved on FortiManager
C. It backs up all devices and the FortiGuard database
D. It supports FTP, SCP, and SFTP
View answer
Correct Answer: AD
Question #39
What is the purpose of the Policy Check feature on FortiManager?
A. To find and provide recommendation to combine multiple separate policy packages into one common policy package
B. To find and merge duplicate policies in the policy package
C. To find and provide recommendation for optimizing policies in a policy package
D. To find and delete disabled firewall policies in the policy package
View answer
Correct Answer: B
Question #40
An administrator is replacing a failed device on FortiManager by running the following command: execute device replace sn .What device name and serial number must the administrator use?
A. The device name of the new device and serial number of the failed device
B. The device name and serial number of the new device
C. The device name and serial number of the failed device
D. The device name of the failed device and serial number of the new device
View answer
Correct Answer: D
Question #41
Which of the following statements are true regarding schedule backup of FortiManager? (Choose two.)
A. Backs up all devices and the FortiGuard database
B. Does not back up firmware images saved on FortiManager
C. Supports FTP, SCP, and SFTP
D. Can be configured from the CLI and GUI
View answer
Correct Answer: CD
Question #42
In the event that the primary FortiManager fails, which of the following actions must be performed to return the FortiManager HA to a working state?
A. econdary device with highest priority will automatically be promoted to the primary role, and manually reconfigure all other secondary devices to point to the new primary device
B. eboot one of the secondary devices to promote it automatically to the primary role, and reconfigure all other secondary devices to point to the new primary device
C. anually promote one of the secondary devices to the primary role, and reconfigure all other secondary devices to point to the new primary device
D. ortiManager HA state transition is transparent to administrators and does not require any reconfiguration
View answer
Correct Answer: C
Question #43
What will happen if FortiAnalyzer features are enabled on FortiManager?
A. IP and IP Pools
B. irewall policies
C. ecurity profiles
D. outing
View answer
Correct Answer: A
Question #44
You are moving managed FortiGate devices from one ADOM to a new ADOM.Which statement correctly describes the expected result?
A. ortiManager will reboot
B. ortiManager will send the logging configuration to the managed devices so the managed devices will start sending logs to FortiManager
C. ortiManager will enable ADOMs automatically to collect logs from non-FortiGate devices
D. ortiManager can be used only as a logging device
View answer
Correct Answer: C
Question #45
Refer to the exhibit.Given the configuration shown in the exhibit, what are two results from this configuration? (Choose two.)
A. Two or more administrators can make configuration changes at the same time, in the same ADOM
B. Concurrent read-write access to an ADOM is disabled
C. You can validate administrator login attempts through external servers
D. The same administrator can lock more than one ADOM at the same time
View answer
Correct Answer: BD
Question #46
Refer to the exhibit.
A. Policy seq
B. Policy seq
C. Policy seq
D. The Install On column value represents successful installations on the managed devices
View answer
Correct Answer: C
Question #47
What are the factory default settings on FortiManager? (Choose three.)
A. Username is admin
B. Password is fortinet
C. FortiAnalyzer features are disabled
D. Reports and Event Monitor panes are enabled
E. port1 interface IP address is 192
View answer
Correct Answer: ACE
Question #48
In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices. The administrator sent a device registration to FortiManager from a remote FortiGate. Which one of the following statements is true?
A. ny pending device settings will be installed automatically
B. ny unused objects from a previous ADOM are moved to the new ADOM automatically
C. he shared policy package will not be moved to the new ADOM
D. olicy packages will be imported into the new ADOM automatically
View answer
Correct Answer: C
Question #49
In the event that the primary FortiManager fails, which of the following actions must be performed to return the FortiManager HA to a working state?
A. Secondary device with highest priority will automatically be promoted to the primary role, and manually reconfigure all other secondary devices to point to the new primary device
B. FortiManager HA state transition is transparent to administrators and does not require any reconfiguration
C. Manually promote one of the secondary devices to the primary role, and reconfigure all other secondary devices to point to the new primary device
D. Reboot one of the secondary devices to promote it automatically to the primary role, and reconfigure all other secondary devices to point to the new primary device
View answer
Correct Answer: C
Question #50
You are moving managed FortiGate devices from one ADOM to a new ADOM.Which statement correctly describes the expected result?
A. Any pending device settings will be installed automatically
B. Any unused objects from a previous ADOM are moved to the new ADOM automatically
C. The shared policy package will not be moved to the new ADOM
D. Policy packages will be imported into the new ADOM automatically
View answer
Correct Answer: D
Question #51
An administrator would like to create an SD-WAN using central management in the Training ADOM.To create an SD-WAN using central management, which two steps must be completed? (Choose two.)
A. Specify a gateway address when you create a default SD-WAN static route
B. Enable SD-WAN central management in the Training ADOM
C. Configure and install the SD-WAN firewall policy and SD-WAN static route before installing the SD-WAN template settings
D. Remove all the interface references such as routes or policies that will be a part of SD-WAN member interfaces
View answer
Correct Answer: BD
Question #52
Which of the following statements are true regarding SD-WAN Central Management? (Choose three.)
A. SD-WAN must be enabled on per-ADOM basis
B. SD-WAN settings can be installed on multiple FortiGate devices at the same time
C. You can create multiple SD-WAN interfaces per VDOM
D. When you configure an SD-WAN, you must specify at least two member interfaces
E. The first step in creating an SD-WAN using FortiManager is to create two SD-WAN firewall policies
View answer
Correct Answer: BCD
Question #53
What does the diagnose dvm check-integrity command do? (Choose two.)
A. ortiManager updated the object ALL using FortiGate’s value in its database
B. ortiManager updated the object ALL using FortiManager’s value in its database
C. ortiManager created the object ALL as a unique entity in its database, which can be only used by this managed FortiGate
D. ortiManager installed the object ALL with the updated value
View answer
Correct Answer: BD
Question #54
An administrator would like to create an SD-WAN default static route for a newly created SD-WAN using the FortiManager GUI. Both port1 and port2 are part of the SD-WAN member interfaces.Which interface must the administrator select in the static route device drop-down list?
A. he address object used in policy ID 2 already exist in ADON database with any as interface association and conflicts with address object interface association locally on the FortiGate
B. olicy ID 2 is configured from interface any to port6 FortiManager rejects to import this policy because any interface does not exist on FortiManager
C. olicy ID 2 does not have ADOM Interface mapping configured on FortiManager
D. olicy ID 2 for this managed FortiGate already exists on FortiManager in policy package named Remote-FortiGate
View answer
Correct Answer: B
Question #55
View the following exhibit. What is the purpose of setting ADOM Mode to Advanced?
A. he setting allows automatic updates to the policy package configuration for a managed device
B. he setting enables the ADOMs feature on FortiManager
C. his setting allows you to assign different VDOMs from the same FortiGate to different ADOMs
D. he setting disables concurrent ADOM access and adds ADOM locking
View answer
Correct Answer: C
Question #56
An administrator has assigned a global policy package to a new ADOM called ADOM1. What will happen if the administrator tries to create a new policy package in ADOM1?
A. hen creating a new policy package, the administrator can select the option to assign the global policy package to the new policy package
B. hen a new policy package is created, the administrator needs to reapply the global policy package to ADOM1
C. hen a new policy package is created, the administrator must assign the global policy package from the global ADOM
D. hen the new policy package is created, FortiManager automatically assigns the global policy package to the new policy package
View answer
Correct Answer: D
Question #57
An administrator runs the reload failure command diagnose test deploymanager reloadconf on FortiManager.What does this command do?
A. It reloads the policy package from the FortiManager to FortiGate
B. It installs the latest configuration on the specified FortiGate and updates the revision history database
C. It downloads the latest configuration from the specified FortiGate and performs a reload operation on the device database
D. It compares and provides differences in configuration on FortiManager with the current running configuration of the specified FortiGate
View answer
Correct Answer: C
Question #58
What is the purpose of the Policy Check feature on FortiManager?
A. o find and provide recommendation to combine multiple separate policy packages into one commonpolicy package
B. o find and merge duplicate policies in the policy package
C. o find and provide recommendation for optimizing policies in a policy package
D. o find and delete disabled firewall policies in the policy package
View answer
Correct Answer: C
Question #59
An administrator wants to delete an address object that is currently referenced in a firewall policy.What can the administrator expect to happen?
A. ortiManager will not allow the administrator to delete a referenced address object
B. ortiManager will disable the status of the referenced firewall policy
C. ortiManager will replace the deleted address object with the none address object in the referencedfirewall policy
D. ortiManager will replace the deleted address object with all address object in the referenced firewall policy
View answer
Correct Answer: C
Question #60
View the following exhibit.What of the following statements are true regarding the output? (Choose two.)
A. ort2
B. irtual-wan-link
C. ort1
D. uto-discovery
View answer
Correct Answer: BD
Question #61
View the following exhibit:How will FortiManager try to get updates for antivirus and IPS?
A. rom the list of configured override servers with ability to fall back to public FDN servers
B. rom the configured override server list only
C. rom the default server fdsl
D. rom public FDNI server with highest index number only
View answer
Correct Answer: A
Question #62
An administrator with the Super_User profile is unable to log in to FortiManager because of an authentication failure message.Which troubleshooting step should you take to resolve the issue?
A. ake sure FortiManager Access is enabled in the administrator profile
B. ake sure Offline Mode is disabled
C. ake sure the administrator IP address is part of the trusted hosts
D. ake sure ADOMs are enabled and the administrator has access to the Global ADOM
View answer
Correct Answer: C
Question #63
Which two settings must be configured for SD-WAN Central Management? (Choose two.)
A. fter 15 minutes, FortiGate will unset all CLI commands that were part of the installation that caused the tunnel to go down
B. ortiManager will revert and install a previous configuration revision on the managed FortiGate
C. ortiGate will reject the CLI commands that will cause the tunnel to go down
D. ortiManager will not push the CLI commands as a part of the installation that will cause the tunnel to go down
View answer
Correct Answer: AC
Question #64
An administrator, Trainer, who is assigned the Super_User profile, is trying to approve a workflow session that was submitted by another administrator, Student. However, Trainer is unable to approve the workflow session.What can prevent an admin account that has Super_User rights over the device from approving a workflow session?
A. rainer is not a part of workflow approval group
B. rainer does not have full rights over this ADOM
C. rainer must close Student’s workflow session before approving the request
D. tudent, who submitted the workflow session, must first self-approve the request
View answer
Correct Answer: A
Question #65
An administrator has assigned a global policy package to custom ADOM1. Then the administrator creates a new policy package, Fortinet, in the custom ADOM1.What will happen to the Fortinet policy package?
A. When the Fortinet policy package is created, it automatically assigns the global policies
B. When the Fortinet policy package is created, you can select the option to assign the global policies
C. When the Fortinet policy package is created, you need to reapply the global policy package to the ADOM
D. When the Fortinet policy package is created, you need to assign the global policy package from the global ADOM
View answer
Correct Answer: A
Question #66
Refer to the exhibit. An administrator is importing a new device to FortiManager and has selected the options shown in the exhibit.What will happen if the administrator makes the changes and installs the modified policy package on this managed FortiGate?
A. t compares the policy packages with the revision history, and updates policy packages in the ADOM database
B. t merges and creates dynamic mappings for duplicate objects used in a policy package
C. t provides recommendation to combine similar policy packages within an ADOM into one single policy package
D. t provides recommendation for optimizing policies in a policy package
View answer
Correct Answer: A
Question #67
An administrator has enabled Service Access on FortiManager.What is the purpose of Service Access on the FortiManager interface?
A. It allows administrative access to FortiManager
B. It allows FortiManager to respond to requests for FortiGuard services from FortiGate devices
C. It allows FortiManager to determine the connection status of managed devices
D. It allows third-party applications to gain read/write access to FortiManager
View answer
Correct Answer: B
Question #68
Which two items does an FGFM keepalive message include? (Choose two.)
A. FortiGate IPS version
B. FortiGate uptime
C. FortiGate configuration checksum
D. FortiGate license information
View answer
Correct Answer: AC
Question #69
Refer to the following exhibit:
A. Unlocking an ADOM will submit configuration changes automatically to the approval administrator
B. Unlocking an ADOM will install configuration changes automatically on managed devices
C. Ungraceful closed sessions will keep the ADOM in a locked state until the administrator session times out
D. The same administrator can lock more than one ADOM at the same time
View answer
Correct Answer: CD
Question #70
Which of the following statements are true regarding reverting to previous revision version from the revision history? (Choose two.)
A. To push these changes to a managed device, it required an install operation to the managed FortiGate
B. Reverting to a previous revision history will generate a new version ID and remove all other history versions
C. Reverting to a previous revision history will tag the device settings status as Auto-Update
D. It will modify device-level database
View answer
Correct Answer: AD
Question #71
An administrator wants to delete an address object that is currently referenced in a firewall policy.What can the administrator expect to happen?
A. FortiManager will replace the deleted address object with the none address object in the referenced firewall policy
B. FortiManager will replace the deleted address object with the all address object in the referenced firewall policy
C. FortiManager will disable the status of the referenced firewall policy
D. FortiManager will not allow the administrator to delete a referenced address object
View answer
Correct Answer: A
Question #72
An administrator would like to create an SD-WAN using central management. What steps does the administrator need to perform to create an SD-WAN using central management?
A. First create an SD-WAN firewall policy, add member interfaces to the SD-WAN template and create a static route
B. You must specify a gateway address when you create a default static route
C. Remove all the interface references such as routes or policies
D. Enable SD-WAN central management in the ADOM, add member interfaces, create a static route and SD-WAN firewall policies
View answer
Correct Answer: D
Question #73
View the following exhibit:How will FortiManager try to get updates for antivirus and IPS?
A. rom the list of configured override servers with ability to fall back to public FDN servers
B. rom the configured override server list only
C. rom the default server fdsl
D. rom public FDNI server with highest index number only
View answer
Correct Answer: A
Question #74
An administrator run the reload failure command: diagnose test deploymanager reload config on FortiManager. What does this command do?
A. t downloads the latest configuration from the specified FortiGate and performs a reload operation on the device database
B. t installs the latest configuration on the specified FortiGate and update the revision history database
C. t compares and provides differences in configuration on FortiManager with the current runningconfiguration of the specified FortiGate
D. t installs the provisioning template configuration on the specified FortiGate
View answer
Correct Answer: A
Question #75
View the following exhibit.
A. FortiGate is discovered by FortiManager through the FortiGate NATed IP address
B. FortiGate can announce itself to FortiManager only if the FortiManager IP address is configured on FortiGate under central management
C. During discovery, the FortiManager NATed IP address is not set by default on FortiGate
D. If the FCFM tunnel is torn down, FortiManager will try to re-establish the FGFM tunnel
View answer
Correct Answer: AD
Question #76
Refer to the exhibit.A junior administrator is troubleshooting a FortiManager connectivity issue that is occurring with managed FortiGate devices.Given the FortiManager device manager settings shown in the exhibit, what can you conclude from the exhibit?
A. FortiManager lost internet connectivity, therefore, both devices appear to be down
B. The administrator must refresh both devices to restore connectivity
C. The administrator had restored the FortiManager configuration file
D. The administrator can reclaim the FGFM tunnel to get both devices online
View answer
Correct Answer: C
Question #77
An administrator with the Super_User profile is unable to log in to FortiManager because of an authentication failure message.Which troubleshooting step should you take to resolve the issue?
A. ake sure FortiManager Access is enabled in the administrator profile
B. ake sure Offline Mode is disabled
C. ake sure the administrator IP address is part of the trusted hosts
D. ake sure ADOMs are enabled and the administrator has access to the Global ADOM
View answer
Correct Answer: C
Question #78
Refer to the exhibit.Given the configurations shown in the exhibit, what can you conclude from the installation targets in the Install On column?
A. Policy seq
B. Policy seq
C. The Install On column value represents successful installations on the managed devices
D. Policy seq
View answer
Correct Answer: B
Question #79
In the event that one of the secondary FortiManager devices fails, which action must be performed to return the FortiManager HA manual mode to a working state?
A. The FortiManager HA state transition is transparent to administrators and does not require any reconfiguration
B. Manually promote one of the working secondary devices to the primary role, and reboot the old primary device to remove the peer IP of the failed device
C. Reconfigure the primary device to remove the peer IP of the failed device
D. Reboot the failed device to remove its IP from the primary device
View answer
Correct Answer: B

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: