Fortinet nse5-fmg-6-4 practice test
Fortinet NSE 5 - FortiManager 6.4 Exam
Last exam update: Jul 20 ,2024
Question 1
Refer to the exhibit.
An administrator has created a firewall address object, Training which is used in the Local-FortiGate
policy package.
When the installation operation is performed, which IP/Netmask will be installed on the Local-
FortiGate, for the Training firewall address object?
- A. 192.168.0.1/24
- B. 10.200.1.0/24
- C. It will create a firewall address group on Local-FortiGate with 192.168.0.1/24 and 10.0.1.0/24 object values.
- D. Local-FortiGate will automatically choose an IP/Netmask based on its network interface settings.
Answer:
B
Explanation:
FortiManager_6.4_Study_Guide-Online page 209
Explanation:
In the example, the dynamic address object LocalLan refers to the internal network address of the
managed firewalls. The object has a default value of 192.168.1.0/24. The mapping rules are defined
per device. For Remote-FortiGate, the address object LocalLan referes to 10.10.11.0/24. The devices
in the ADOM that do not have dynamic mapping for LocalLan have a default value of 192.168.1.0/2.
Question 2
An administrator configures a new firewall policy on FortiManager and has not yet pushed the
changes to the
managed FortiGate.
In which database will the configuration be saved?
- A. Device-level database
- B. Revision history database
- C. ADOM-level database
- D. Configuration-level database
Answer:
C
Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD47942
Question 3
What does a policy package status of Conflict indicate?
- A. The policy package reports inconsistencies and conflicts during a Policy Consistency Check.
- B. The policy package does not have a FortiGate as the installation target.
- C. The policy package configuration has been changed on both FortiManager and the managed device independently.
- D. The policy configuration has never been imported after a device was registered on FortiManager.
Answer:
C
Question 4
What will be the result of reverting to a previous revision version in the revision history?
- A. It will install configuration changes to managed device automatically
- B. It will tag the device settings status as Auto-Update
- C. It will generate a new version ID and remove all other revision history versions
- D. It will modify the device-level database
Answer:
D
Question 5
An administrator has assigned a global policy package to custom ADOM1. Then the administrator
creates a new policy package, Fortinet, in the custom ADOM1.
Which statement about the global policy package assignment to the newly-created policy package
Fortinet is true?
- A. When a new policy package is created, it automatically assigns the global policies to the new package.
- B. When a new policy package is created, you need to assign the global policy package from the global ADOM.
- C. When a new policy package is created, you need to reapply the global policy package to the ADOM.
- D. When a new policy package is created, you can select the option to assign the global policies to the new package.
Answer:
A
Explanation:
Global Policy Package is applied at the ADOM level and you have the option to choose which ADOM
policy packages you want to exclude (there is no option to choose Policy Packages to include).
Question 6
What is the purpose of ADOM revisions?
- A. To create System Checkpoints for the FortiManager configuration.
- B. To save the current state of the whole ADOM.
- C. To save the current state of all policy packages and objects for an ADOM.
- D. To revert individual policy packages and device-level settings for a managed FortiGate by reverting to a specific ADOM revision
Answer:
C
Explanation:
Fortimanager 6.4 Study guide page 198
Question 7
Refer to the exhibit.
An administrator has configured the command shown in the exhibit on FortiManager. A configuration
change has been installed from FortiManager to the managed FortiGate that causes the FGFM tunnel
to go down for more than 15 minutes.
What is the purpose of this command?
- A. It allows FortiGate to unset central management settings.
- B. It allows FortiGate to reboot and recover the previous configuration from its configuration file.
- C. It allows the FortiManager to revert and install a previous configuration revision on the managed FortiGate.
- D. It allows FortiGate to reboot and restore a previously working firmware image.
Answer:
B
Explanation:
Reference:
https://docs.fortinet.com/document/fortimanager/6.2.0/fortigate-fortimanager-
communicationsprotocol-guide/141304/fgfm-recovery-logic
Question 8
An administrator is replacing a device on FortiManager by running the following command:
execute device replace sn <devname> <serialnum>.
What device name and serial number must the administrator use?
- A. Device name and serial number of the original device.
- B. Device name and serial number of the replacement device.
- C. Device name of the replacement device and serial number of the original device.
- D. Device name of the original device and serial number of the replacement device.
Answer:
D
Question 9
Refer to the exhibit.
Which two statements about an ADOM set in Normal mode on FortiManager are true? (Choose two.)
- A. It supports the FortiManager script feature
- B. It allows making configuration changes for managed devices on FortiManager panes
- C. FortiManager automatically installs the configuration difference in revisions on the managed FortiGate
- D. You cannot assign the same ADOM to multiple administrators
Answer:
AB
Explanation:
"FortiGate units in the ADOM will query their own configuration every 5 seconds. If there has been a
configuration change, the FortiGate unit will send a diff revision on the change to the FortiManager
using the FGFM protocol."
Question 10
Refer to the exhibit.
Given the configuration shown in the exhibit, which two statements are true? (Choose two.)
- A. It allows two or more administrators to make configuration changes at the same time, in the same ADOM.
- B. It disables concurrent read-write access to an ADOM.
- C. It allows the same administrator to lock more than one ADOM at the same time.
- D. It is used to validate administrator login attempts through external servers.
Answer:
BC
Explanation:
Reference:
https://docs.fortinet.com/document/fortimanager/6.0.4/administration-
guide/86456/concurrentadom-access
Question 11
An administrators PC crashes before the administrator can submit a workflow session for approval.
After the PC is restarted, the administrator notices that the ADOM was locked from the session
before the crash.
How can the administrator unlock the ADOM?
- A. Restore the configuration from a previous backup.
- B. Log in as Super_User in order to unlock the ADOM.
- C. Log in using the same administrator account to unlock the ADOM.
- D. Delete the previous admin session manually through the FortiManager GUI or CLI.
Answer:
D
Question 12
Which two items are included in the FortiManager backup? (Choose two.)
- A. FortiGuard database
- B. Global database
- C. Logs
- D. All devices
Answer:
BD
Explanation:
Reference:
https://kb.fortinet.com/kb/viewContent.do?externalId=FD34549
Question 13
Refer to the exhibit.
An administrator logs into the FortiManager GUI and sees the panes shown in the exhibit.
Which two reasons can explain why the FortiAnalyzer feature panes do not appear? (Choose two.)
- A. The administrator logged in using the unsecure protocol HTTP, so the view is restricted.
- B. The administrator profile does not have full access privileges like the Super_User profile.
- C. The administrator IP address is not a part of the trusted hosts configured on FortiManager interfaces.
- D. FortiAnalyzer features are not enabled on FortiManager.
Answer:
BD
Question 14
Refer to the exhibit.
Which two statements are true if the script is executed using the Device Database option? (Choose
two.)
- A. You must install these changes using the Install Wizard to a managed device
- B. The successful execution of a script on the Device Database will create a new revision history
- C. The script history will show successful installation of the script on the remote FortiGate
- D. The Device Settings Status will be tagged as Modified
Answer:
AD
Question 15
Which two statements about Security Fabric integration with FortiManager are true? (Choose two.)
- A. The Security Fabric license, group name and password are required for the FortiManager Security Fabric integration
- B. The Fabric View module enables you to generate the Security Fabric ratings for Security Fabric devices
- C. The Security Fabric settings are part of the device level settings
- D. The Fabric View module enables you to view the Security Fabric ratings for Security Fabric devices
Answer:
CD