NSE5_FMG-7.2 Fortinet NSE 5 - FortiManager 7.2 Questions and Answers

The FortiGate will be added automatically to the default ADOM named FortiGate.

The FortiGate will be automatically added to the Training ADOM.

By default, the unregistered FortiGate will appear in the root ADOM.

The FortiManager administrator must add the unregistered device manually to the unregistered device

manually to the Training ADOM using the Add Device wizard

Make sure FortiManager Access is enabled in the administrator profile

Make sure Offline Mode is disabled

Make sure the administrator IP address is part of the trusted hosts.

Make sure ADOMs are enabled and the administrator has access to the Global ADOM

FortiGate uptime

FortiGate license information

FortiGate IPS version

FortiGate configuration checksum

The address object used in policy ID 2 already exist in ADON database with any as interface association and conflicts with address object interface association locally on the FortiGate

Policy ID 2 is configured from interface any to port6 FortiManager rejects to import this policy because any interface does not exist on FortiManager

Policy ID 2 does not have ADOM Interface mapping configured on FortiManager

Policy ID 2 for this managed FortiGate already exists on FortiManager in policy package named Remote-FortiGate.

The Install On column value represents successful installation on the managed devices

Policy seq#3 will be installed on all managed devices and VDOMs that are listed under Installation Targets

Policy seq#3 will be installed on the Trainer[NAT] VDOM only

Policy seq#3 will be not installed on any managed device

FortiManager updated the object ALL using the FortiGate value in its database.

FortiManager installed the object ALL with the updated value.

FortiManager created the object ALL as a unique entity in its database, which can be only used by this

managed FortiGate.

FortiManager updated the object ALL using the FortiManager value in its database.

It will install configuration changes to managed device automatically

It will tag the device settings status as Auto-Update

It will generate a new version ID and remove all other revision history versions

It will modify the device-level database

FortiGuard database

Global database

Logs

All devices

The policy package reports inconsistencies and conflicts during a Policy Consistency Check.

The policy package does not have a FortiGate as the installation target.

The policy package configuration has been changed on both FortiManager and the managed device

independently.

The policy configuration has never been imported after a device was registered on FortiManager.

Restore the configuration from a previous backup.

Log in as Super_User in order to unlock the ADOM.

Log in using the same administrator account to unlock the ADOM.

Delete the previous admin session manually through the FortiManager GUI or CLI.

You must install these changes using the Install Wizard to a managed device

The successful execution of a script on the Device Database will create a new revision history

The script history will show successful installation of the script on the remote FortiGate

The Device Settings Status will be tagged as Modified

FortiGate devices in HA cluster devices are counted as a single device.

FortiGate in transparent mode configurations are not counted toward the device count on FortiManager.

FortiGate devices in an HA cluster that has five VDOMs are counted as five separate devices.

The maximum number of managed devices for each ADOM is 500.

When a new policy package is created, it automatically assigns the global policies to the new package.

When a new policy package is created, you need to assign the global policy package from the global

ADOM.

When a new policy package is created, you need to reapply the global policy package to the ADOM.

When a new policy package is created, you can select the option to assign the global policies to the new package.

It supports the FortiManager script feature

It allows making configuration changes for managed devices on FortiManager panes

FortiManager automatically installs the configuration difference in revisions on the managed FortiGate

You cannot assign the same ADOM to multiple administrators

The Security Fabric license, group name and password are required for the FortiManager Security Fabric

integration

The Fabric View module enables you to generate the Security Fabric ratings for Security Fabric devices

The Security Fabric settings are part of the device level settings

The Fabric View module enables you to view the Security Fabric ratings for Security Fabric devices

Device name and serial number of the original device.

Device name and serial number of the replacement device.

Device name of the replacement device and serial number of the original device.

Device name of the original device and serial number of the replacement device.

port2

virtual-wan-link

port1

auto-discovery

Backs up all devices and the FortiGuard database.

Does not back up firmware images saved on FortiManager

Supports FTP, SCP, and SFTP

Can be configured from the CLI and GUI

The administrator had restored the FortiManager configuration file

The administrator must refresh both devices to restore connectivity

FortiManager test internet connectivity therefore, both devices appear to be down

The administrator can reclaim the FGFM tunnel to get both devices online

File system

ADOM1

ADOM2 object database

ADOM2

Once initiated, the install process cannot be canceled and changes will be installed on the managed device

Will not create new revision in the revision history

Installs device-level changes to FortiGate without launching the Install Wizard

Provides the option to preview configuration changes prior to installing them

To push these changes to a managed device, it required an install operation to the managed FortiGate.

Reverting to a previous revision history will generate a new version ID and remove all other history

versions.

Reverting to a previous revision history will tag the device settings status as Auto-Update.

It will modify device-level database

VPN Manager must be enabled on a per ADOM basis.

VPN Manager automatically adds newly-registered devices to a VPN community.

VPN Manager can install common IPsec VPN settings on multiple FortiGate devices at the same time.

Common IPsec settings need to be configured only once in a VPN Community for all managed gateways.

VPN Manager automatically creates all the necessary firewall policies for traffic to be tunneled by IPsec.

First create an SD-WAN firewall policy, add member interfaces to the SD-WAN template and create a static route

You must specify a gateway address when you create a default static route

Remove all the interface references such as routes or policies

Enable SD-WAN central management in the ADOM, add member interfaces, create a static route and SDWAN firewall policies.

Managed gateways are devices managed by FortiManager in the same ADOM

External gateways are third-party VPN gateway devices only

Protected subnets are the subnets behind the device that you don’t want to allow access to over the IPsec

VPN

Managed devices in other ADOMs must be treated as external gateways

Authorize the new AP using AP Manager and wait until the change is updated on the FortiAP. Changes to the AP's state do not require installation.

Changes to the AP's state must be performed directly on the managed FortiGate.

Authorize the new AP using AP Manager and install the policy package changes on the managed FortiGate.

Authorize the new AP using AP Manager and install the device level settings on the managed FortiGate.