Get NSE5_FMG-7.0 Products Practice Material for NSE5_FMG-7.0 Exam Question Preparation
Most Reliable Fortinet NSE5_FMG-7.0 Training Materials
Fortinet NSE5_FMG-7.0 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
NEW QUESTION 25
Which of the following statements are true regarding reverting to previous revision version from the revision history? (Choose two.)
- A. Reverting to a previous revision history will tag the device settings status as Auto-Update.
- B. It will modify device-level database
- C. Reverting to a previous revision history will generate a new version ID and remove all other history
- D. To push these changes to a managed device, it required an install operation to the managed FortiGate.
Answer: B,D
NEW QUESTION 26
What is the purpose of ADOM revisions?
- A. To save the current state of the whole ADOM.
- B. To save the current state of all policy packages and objects for an ADOM.
- C. To create System Checkpoints for the FortiManager configuration.
- D. To revert individual policy packages and device-level settings for a managed FortiGate by reverting to a specific ADOM revision
Answer: B
Explanation:
Fortimanager 6.4 Study guide page 198
NEW QUESTION 27
An administrator configures a new firewall policy on FortiManager and has not yet pushed the changes to the
managed FortiGate.
In which database will the configuration be saved?
- A. Configuration-level database
- B. Device-level database
- C. ADOM-level database
- D. Revision history database
Answer: C
Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD47942
NEW QUESTION 28
Refer to the exhibit.
Which two statements about an ADOM set in Normal mode on FortiManager are true? (Choose two.)
- A. You cannot assign the same ADOM to multiple administrators
- B. It supports the FortiManager script feature
- C. FortiManager automatically installs the configuration difference in revisions on the managed FortiGate
- D. It allows making configuration changes for managed devices on FortiManager panes
Answer: B,D
Explanation:
"FortiGate units in the ADOM will query their own configuration every 5 seconds. If there has been a configuration change, the FortiGate unit will send a diff revision on the change to the FortiManager using the FGFM protocol."
NEW QUESTION 29
When an installation is performed from FortiManager, what is the recovery logic used between FortiManager and FortiGate for an FGFM tunnel?
- A. FortiManager will not push the CLI commands as a part of the installation that will cause the tunnel to go down.
- B. After 15 minutes, FortiGate will unset all CLI commands that were part of the installation that caused the tunnel to go down.
- C. FortiGate will reject the CLI commands that will cause the tunnel to go down.
- D. FortiManager will revert and install a previous configuration revision on the managed FortiGate.
Answer: B
Explanation:
The configuration change will break the fgfm connection, causing the FortiGate unit to attempt to reconnect for 900 seconds. If the FortiGate cannot reconnect, it will rollback to its previous configuration.
NEW QUESTION 30
View the following exhibit.
If both FortiManager and FortiGate are behind the NAT devices, what are the two expected results? (Choose two.)
- A. During discovery, the FortiManager NATed IP address is not set by default on FortiGate.
- B. If the FCFM tunnel is torn down, FortiManager will try to re-establish the FGFM tunnel.
- C. FortiGate is discovered by FortiManager through the FortiGate NATed IP address.
- D. FortiGate can announce itself to FortiManager only if the FortiManager IP address is configured on
FortiGate under central management.
Answer: A,C
Explanation:
Fortimanager can discover FortiGate through a NATed FortiGate IP address. If a FortiManager NATed IP address is configured on FortiGate, then FortiGate can announce itself to FortiManager. FortiManager will not attempt to re-establish the FGFM tunnel to the FortiGate NATed IP address, if the FGFM tunnel is interrupted. Just like it was in the NATed FortiManager scenario, the FortiManager NATed IP address in this scenario is not configured under FortiGate central management configuration.
NEW QUESTION 31
An administrator has enabled Service Access on FortiManager.
What is the purpose of Service Access on the FortiManager interface?
- A. Allows FortiManager to run real-time debugs on the managed devices
- B. Allows FortiManager to automatically configure a default route
- C. Allows FortiManager to respond to request for FortiGuard services from FortiGate devices
- D. Allows FortiManager to download IPS packages
Answer: C
Explanation:
FortiManager 6.2 Study guide page 350
NEW QUESTION 32
An administrator has assigned a global policy package to custom ADOM1. Then the administrator creates a new policy package, Fortinet, in the custom ADOM1.
Which statement about the global policy package assignment to the newly-created policy package Fortinet is true?
- A. When a new policy package is created, you can select the option to assign the global policies to the new package.
- B. When a new policy package is created, you need to reapply the global policy package to the ADOM.
- C. When a new policy package is created, you need to assign the global policy package from the global
ADOM. - D. When a new policy package is created, it automatically assigns the global policies to the new package.
Answer: D
Explanation:
Global Policy Package is applied at the ADOM level and you have the option to choose which ADOM policy packages you want to exclude (there is no option to choose Policy Packages to include).
NEW QUESTION 33
What is the purpose of the Policy Check feature on FortiManager?
- A. To find and provide recommendation to combine multiple separate policy packages into one common
policy package - B. To find and delete disabled firewall policies in the policy package
- C. To find and merge duplicate policies in the policy package
- D. To find and provide recommendation for optimizing policies in a policy package
Answer: D
NEW QUESTION 34
An administrator with the Super_User profile is unable to log in to FortiManager because of an authentication failure message.
Which troubleshooting step should you take to resolve the issue?
- A. Make sure FortiManager Access is enabled in the administrator profile
- B. Make sure ADOMs are enabled and the administrator has access to the Global ADOM
- C. Make sure the administrator IP address is part of the trusted hosts.
- D. Make sure Offline Mode is disabled
Answer: C
Explanation:
Even if a user entered the correct userid/password, the FMG denies access if a user is logging in from an untrusted source IP subnets.
NEW QUESTION 35
In the event that the primary FortiManager fails, which of the following actions must be performed to return the FortiManager HA to a working state?
- A. Reboot one of the secondary devices to promote it automatically to the primary role, and reconfigure all other secondary devices to point to the new primary device.
- B. FortiManager HA state transition is transparent to administrators and does not require any reconfiguration.
- C. Secondary device with highest priority will automatically be promoted to the primary role, and manually
reconfigure all other secondary devices to point to the new primary device - D. Manually promote one of the secondary devices to the primary role, and reconfigure all other secondary devices to point to the new primary device.
Answer: D
Explanation:
FortiManager_6.4_Study_Guide-Online - page 346
FortiManager HA doesn't support IP takeover where an HA state transition is transparent to administrators. If a failure of the primary occurs, the administrator must take corrective action to resolve the problem that may include invoking the state transition. If the primary device fails, the administrator must do the following in order to return the FortiManager HA to a working state:
1. Manually reconfigure one of the secondary devices to become the primary device
2. Reconfigure all other secondary devices to point to the new primary device
NEW QUESTION 36
What will be the result of reverting to a previous revision version in the revision history?
- A. It will tag the device settings status as Auto-Update
- B. It will generate a new version ID and remove all other revision history versions
- C. It will install configuration changes to managed device automatically
- D. It will modify the device-level database
Answer: D
NEW QUESTION 37
An administrator has added all the devices in a Security Fabric group to FortiManager.
How does the administrator identify the root FortiGate?
- A. By an Asterisk (*) at the end of the device name
- B. By a
- C. By a dollar symbol ($) at the end of the device name
- D. By an at symbol (@) at the end of the device name
Answer: A
NEW QUESTION 38
Which of the following statements are true regarding VPN Manager? (Choose three.)
- A. Common IPsec settings need to be configured only once in a VPN Community for all managed gateways.
- B. VPN Manager automatically creates all the necessary firewall policies for traffic to be tunneled by IPsec.
- C. VPN Manager can install common IPsec VPN settings on multiple FortiGate devices at the same time.
- D. VPN Manager automatically adds newly-registered devices to a VPN community.
- E. VPN Manager must be enabled on a per ADOM basis.
Answer: A,C,E
NEW QUESTION 39
What will happen if FortiAnalyzer features are enabled on FortiManager?
- A. FortiManager can be used only as a logging device.
- B. FortiManager will send the logging configuration to the managed devices so the managed devices will start sending logs to FortiManager
- C. FortiManager will reboot
- D. FortiManager will enable ADOMs automatically to collect logs from non-FortiGate devices
Answer: C
NEW QUESTION 40
Which two statements regarding device management on FortiManager are true? (Choose two.)
- A. FortiGate devices in HA cluster devices are counted as a single device.
- B. FortiGate in transparent mode configurations are not counted toward the device count on FortiManager.
- C. The maximum number of managed devices for each ADOM is 500.
- D. FortiGate devices in an HA cluster that has five VDOMs are counted as five separate devices.
Answer: A,D
NEW QUESTION 41
Which three settings are the factory default settings on FortiManager? (Choose three.)
- A. FortiAnalyzer features are disabled
- B. Username is admin
- C. Password is fortinet
- D. Reports and Event Monitor panes are enabled
- E. port1 interface IP address is 192.168.1.99/24
Answer: A,B,E
NEW QUESTION 42
What does a policy package status of Conflict indicate?
- A. The policy package configuration has been changed on both FortiManager and the managed device independently.
- B. The policy configuration has never been imported after a device was registered on FortiManager.
- C. The policy package does not have a FortiGate as the installation target.
- D. The policy package reports inconsistencies and conflicts during a Policy Consistency Check.
Answer: A
NEW QUESTION 43
View the following exhibit.
Which one of the following statements is true regarding the object named ALL?
- A. FortiManager updated the object ALL using FortiManager's value in its database
- B. FortiManager updated the object ALL using FortiGate's value in its database
- C. FortiManager installed the object ALL with the updated value.
- D. FortiManager created the object ALL as a unique entity in its database, which can be only used by this
managed FortiGate.
Answer: B
NEW QUESTION 44
An administrator would like to create an SD-WAN using central management. What steps does the administrator need to perform to create an SD-WAN using central management?
- A. First create an SD-WAN firewall policy, add member interfaces to the SD-WAN template and create a static route
- B. Enable SD-WAN central management in the ADOM, add member interfaces, create a static route and SDWAN firewall policies.
- C. Remove all the interface references such as routes or policies
- D. You must specify a gateway address when you create a default static route
Answer: B
NEW QUESTION 45
Refer to the exhibit.
According to the error message why is FortiManager failing to add the FortiAnalyzer device?
- A. The administrator must use the correct user name and password of the FortiAnalyzer device
- B. The administrator must use the Add Model Device section and discover the FortiAnaJyzer device
- C. The administrator must turn off the Use Legacy Device login and add the FortiAnaJyzer device to the same network as Forti-Manager
- D. The administrator must select the Forti-Manager administrative access checkbox on the FortiAnalyzer management interface
Answer: B
NEW QUESTION 46
......
LATEST NSE5_FMG-7.0 Exam Practice Material: https://troytec.test4engine.com/NSE5_FMG-7.0-real-exam-questions.html