Fortinet NSE5_FMG-7.2 Practice Questions

Which two items does an FGFM keepalive message include? (Choose two.)

A. FortiGate uptime

B. FortiGate license information

C. FortiGate IPS version

D. FortiGate configuration checksum

An administrator has assigned a global policy package to a new ADOM called ADOM1. What will happen if the administrator tries to create a new policy package in ADOM1?

A. When creating a new policy package, the administrator can select the option to assign the global policy package to the new policy package

B. When a new policy package is created, the administrator needs to reapply the global policy package to ADOM1.

C. When a new policy package is created, the administrator must assign the global policy package from the global ADOM.

D. When the new policy package is created, FortiManager automatically assigns the global policy package to the new policy package.

Which two settings are required for FortiManager Management Extension Applications (MEA)? (Choose two.)

A. When you configure MEA, you must open TCP or UDP port 540.

B. You must open the ports to the Fortinet registry

C. You must create a MEA special policy on FortiManager using the super user profile

D. The administrator must have the super user profile.

An administrator would like to create an SD-WAN default static route for a newly created SD-WAN using the FortiManager GUI. Both port1 and port2 are part of the SD-WAN member interfaces. Which interface must the administrator select in the static route device drop-down list?

A. port2

B. virtual-wan-link

C. port1

D. auto-discovery

In the event that one of the secondary FortiManager devices fails, which action must be performed to return the FortiManager HA manual mode to a working state?

A. The FortiManaqer HA state transition is transparent to administrators and does not require any reconfiguration.

B. Manually promote one of the working secondary devices to the primary role, and reboot the old primary device to remove the peer IP of the failed device.

C. Reconfigure the primary device to remove the peer IP of the failed device.

D. Reboot the failed device to remove its IP from the primary device.

Which of the following statements are true regarding VPN Manager? (Choose three.)

A. VPN Manager must be enabled on a per ADOM basis.

B. VPN Manager automatically adds newly-registered devices to a VPN community.

C. VPN Manager can install common IPsec VPN settings on multiple FortiGate devices at the same time.

D. Common IPsec settings need to be configured only once in a VPN Community for all managed gateways.

E. VPN Manager automatically creates all the necessary firewall policies for traffic to be tunneled by IPsec.

Refer to the exhibit showing a Download Import Report. Why is it failing to import firewall policy ID 1?

A. Policy ID 1 is configured from the interface any to port6. FortiManager rejects the request to import this policy because the any interface does not exist on FortiManager.

B. The address object used in policy ID 1 already exists in the ADOM database with any as the interface association, and conflicts with the address object interface association locally on FortiGate.

C. Policy ID 1 does not have the ADOM Interface mapping configured on FortiManager.

D. Policy ID 1 for this managed FortiGate already exists on FortiManager in the policy package named Remote-FortiGate.