Fortinet Fortinet Certifications NSE5_FMG-7.0 Questions & Answers

• Question 41:

  An administrator run the reload failure command: diagnose test deploymanager reload config on FortiManager. What does this command do?

  A. It downloads the latest configuration from the specified FortiGate and performs a reload operation on the device database.

  B. It installs the latest configuration on the specified FortiGate and update the revision history database.

  C. It compares and provides differences in configuration on FortiManager with the current running configuration of the specified FortiGate.

  D. It installs the provisioning template configuration on the specified FortiGate.

  Correct Answer: A

  Reference: https://community.fortinet.com/t5/FortiManager/Technical-Note-Retrieve-configuration-file-using-CLI-from-a/ta-p/191000?externalID=FD36387

• Question 42:

  Refer to the exhibits. Exhibit one.

  

  Exhibit two.

  

  An administrator created a new system template named Training with two new DNS addresses on FortiManager. During the installation preview stage, the administrator notices that many unset commands need to be pushed. What can be the main reason for these unset commands?

  A. The DNS addresses in the default system settings are the same as the Training system template

  B. The Training system template has other default settings

  C. The ADOM is locked by another administrator

  D. The Training system template does not have assigned devices

  Correct Answer: B

• Question 43:

  An administrator would like to review, approve, or reject all the firewall policy changes made by the junior administrators. How should the Workspace mode be configured on FortiManager?

  A. Set to workflow and use the ADOM locking feature

  B. Set to read/write and use the policy locking feature

  C. Set to normal and use the policy locking feature

  D. Set to disable and use the policy locking feature

  Correct Answer: A

  Reference: https://help.fortinet.com/fmgr/50hlp/52/5-2-0/FMG_520_Online_Help/200_What's-New.03.03.html

• Question 44:

  In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices. The administrator sent a device registration to FortiManager from a remote FortiGate. Which one of the following statements is true?

  A. The FortiGate will be added automatically to the default ADOM named FortiGate.

  B. The FortiGate will be automatically added to the Training ADOM.

  C. By default, the unregistered FortiGate will appear in the root ADOM.

  D. The FortiManager administrator must add the unregistered device manually to the unregistered device manually to the Training ADOM using the Add Device wizard

  Correct Answer: C

  Reference: https://docs.fortinet.com/document/fortimanager/7.0.0/administration-guide/718923/root-adom

• Question 45:

  What are two outcomes of ADOM revisions? (Choose two.)

  A. ADOM revisions can significantly increase the size of the configuration backups.

  B. ADOM revisions can save the current size of the whole ADOM

  C. ADOM revisions can create System Checkpoints for the FortiManager configuration

  D. ADOM revisions can save the current state of all policy packages and objects for an ADOM

  Correct Answer: AD

  Reference: https://docs2.fortinet.com/document/fortimanager/6.0.0/best-practices/101837/adom-revisions

• Question 46:

  When an installation is performed from FortiManager, what is the recovery logic used between FortiManager and FortiGate for an FGFM tunnel?

  A. After 15 minutes, FortiGate will unset all CLI commands that were part of the installation that caused the tunnel to go down.

  B. FortiManager will revert and install a previous configuration revision on the managed FortiGate.

  C. FortiGate will reject the CLI commands that will cause the tunnel to go down.

  D. FortiManager will not push the CLI commands as a part of the installation that will cause the tunnel to go down.

  Correct Answer: B

  The configuration change will break the fgfm connection, causing the FortiGate unit to attempt to reconnect for 900 seconds. If the FortiGate cannot reconnect, it will rollback to its previous configuration.

• Question 47:

  View the following exhibit:

  

  How will FortiManager try to get updates for antivirus and IPS?

  A. From the list of configured override servers with ability to fall back to public FDN servers

  B. From the configured override server list only

  C. From the default server fdsl.fortinet.com

  D. From public FDNI server with highest index number only

  Correct Answer: A

  Reference: https://community.fortinet.com/t5/Fortinet-Forum/Clarification-of-FortiManager-s-quot-Server-Override-Mode-quot/td-p/89973

• Question 48:

  Refer to the exhibit.

  

  You are using the Quick Install option to install configuration changes on the managed FortiGate. Which two statements correctly describe the result? (Choose two.)

  A. It will not create a new revision in the revision history

  B. It installs device-level changes to FortiGate without launching the Install Wizard

  C. It cannot be canceled once initiated and changes will be installed on the managed device

  D. It provides the option to preview configuration changes prior to installing them

  Correct Answer: BC

  FortiManager_6.4_Study_Guide-Online ?page 164

  The Install Config option allows you to perform a quick installation of device-level settings without launching the Install Wizard. When you use this option, you cannot preview the changes prior to committing. Administrator should be certain of the changes before using this install option, because the install can't be cancelled after the process is initiated.

• Question 49:

  Which configuration setting for FortiGate is part of a device-level database on FortiManager?

  A. VIP and IP Pools

  B. Firewall policies

  C. Security profiles

  D. Routing

  Correct Answer: D

  The FortiManager stores the FortiGate configuration details in two distinct databases. The device-level database includes configuration details related to device-level settings, such as interfaces, DNS, routing, and more. The ADOM-level database includes configuration details related to firewall policies, objects, and security profiles.

• Question 50:

  View the following exhibit.

  

  If both FortiManager and FortiGate are behind the NAT devices, what are the two expected results? (Choose two.)

  A. FortiGate is discovered by FortiManager through the FortiGate NATed IP address.

  B. FortiGate can announce itself to FortiManager only if the FortiManager IP address is configured on FortiGate under central management.

  C. During discovery, the FortiManager NATed IP address is not set by default on FortiGate.

  D. If the FCFM tunnel is torn down, FortiManager will try to re-establish the FGFM tunnel.

  Correct Answer: AC

  Fortimanager can discover FortiGate through a NATed FortiGate IP address. If a FortiManager NATed IP address is configured on FortiGate, then FortiGate can announce itself to FortiManager. FortiManager will not attempt to re-establish the FGFM tunnel to the FortiGate NATed IP address, if the FGFM tunnel is interrupted. Just like it was in the NATed FortiManager scenario, the FortiManager NATed IP address in this scenario is not configured under FortiGate central management configuration.