• Home
  • Articles
  • NSE5_FMG-7.0 Free Exam Questions & Answers PDF Updated on Jan-2024 [Q31-Q48]

NSE5_FMG-7.0 Free Exam Questions & Answers PDF Updated on Jan-2024 [Q31-Q48]

Share

NSE5_FMG-7.0 Free Exam Questions and Answers PDF Updated on Jan-2024

Latest NSE5_FMG-7.0 Exam Dumps Recently Updated 74 Questions


The Fortinet NSE5_FMG-7.0 exam consists of 60 multiple-choice questions and has a time limit of 120 minutes. To pass the exam, candidates must score at least 70%. NSE5_FMG-7.0 exam covers a range of topics including FortiManager system configuration and management, device registration, policy management, security fabric integration, and troubleshooting.

 

NEW QUESTION # 31
Refer to the exhibit.

Which two statements about the output are true? (Choose two.)

  • A. The latest history for the managed FortiGate does not match with the device-level database
  • B. Configuration changes directly made on the FortiGate have been automatically updated to device-level
  • C. The latest revision history for the managed FortiGate does match with the FortiGate running configuration
  • D. Configuration changes have been installed to FortiGate and represents FortiGate configuration has been changed

Answer: A,C

Explanation:
database
Explanation:
STATUS: dev-db: modified; conf: in sync; cond: pending; dm: retrieved; conn: up - dev-db: modified - This is the device setting status which indicates that configuration changes were made on FortiManager. - conf: in sync - This is the sync status which shows that the latest revision history is in sync with Fortigate's configuration. - cond: pending - This is the configuration status which says that configuration changes need to be installed.
Most probably a retrieve was done in the past (dm: retrieved) updating the revision history DB (conf: in sync) and FortiManager device level DB, now there is a new modification on FortiManager device level DB (dev-db: modified) which wasn't installed to FortiGate (cond: pending), hence; revision history DB is not aware of that modification and doesn't match device DB.
Conclusion: - Revision DB does match FortiGate. - No changes were installed to FortiGate yet. - Device DB doesn't match Revision DB. - No changes were done on FortiGate (auto-update) but configuration was retrieved instead After an Auto-Update or Retrieve: device database = latest revision = FGT Then after a manual change on FMG end (but no install yet): latest revision = FGT (still) but now device database has been modified (is different).
After reverting to a previous revision in revision history: device database = reverted revision != FGT


NEW QUESTION # 32
In the event that the primary FortiManager fails, which of the following actions must be performed to return the FortiManager HA to a working state?

  • A. FortiManager HA state transition is transparent to administrators and does not require any reconfiguration.
  • B. Manually promote one of the secondary devices to the primary role, and reconfigure all other secondary devices to point to the new primary device.
  • C. Secondary device with highest priority will automatically be promoted to the primary role, and manually reconfigure all other secondary devices to point to the new primary device
  • D. Reboot one of the secondary devices to promote it automatically to the primary role, and reconfigure all other secondary devices to point to the new primary device.

Answer: B

Explanation:
FortiManager_6.4_Study_Guide-Online - page 346
FortiManager HA doesn't support IP takeover where an HA state transition is transparent to administrators. If a failure of the primary occurs, the administrator must take corrective action to resolve the problem that may include invoking the state transition. If the primary device fails, the administrator must do the following in order to return the FortiManager HA to a working state:
1. Manually reconfigure one of the secondary devices to become the primary device
2. Reconfigure all other secondary devices to point to the new primary device


NEW QUESTION # 33
An administrator's PC crashes before the administrator can submit a workflow session for approval. After the PC is restarted, the administrator notices that the ADOM was locked from the session before the crash.
How can the administrator unlock the ADOM?

  • A. Delete the previous admin session manually through the FortiManager GUI or CLI.
  • B. Restore the configuration from a previous backup.
  • C. Log in using the same administrator account to unlock the ADOM.
  • D. Log in as Super_User in order to unlock the ADOM.

Answer: A


NEW QUESTION # 34
View the following exhibit.

If both FortiManager and FortiGate are behind the NAT devices, what are the two expected results? (Choose two.)

  • A. During discovery, the FortiManager NATed IP address is not set by default on FortiGate.
  • B. FortiGate is discovered by FortiManager through the FortiGate NATed IP address.
  • C. If the FCFM tunnel is torn down, FortiManager will try to re-establish the FGFM tunnel.
  • D. FortiGate can announce itself to FortiManager only if the FortiManager IP address is configured on FortiGate under central management.

Answer: A,B

Explanation:
Fortimanager can discover FortiGate through a NATed FortiGate IP address. If a FortiManager NATed IP address is configured on FortiGate, then FortiGate can announce itself to FortiManager. FortiManager will not attempt to re-establish the FGFM tunnel to the FortiGate NATed IP address, if the FGFM tunnel is interrupted. Just like it was in the NATed FortiManager scenario, the FortiManager NATed IP address in this scenario is not configured under FortiGate central management configuration.


NEW QUESTION # 35
Which of the following statements are true regarding VPN Manager? (Choose three.)

  • A. VPN Manager automatically creates all the necessary firewall policies for traffic to be tunneled by IPsec.
  • B. VPN Manager can install common IPsec VPN settings on multiple FortiGate devices at the same time.
  • C. Common IPsec settings need to be configured only once in a VPN Community for all managed gateways.
  • D. VPN Manager automatically adds newly-registered devices to a VPN community.
  • E. VPN Manager must be enabled on a per ADOM basis.

Answer: B,C,E


NEW QUESTION # 36
Refer to the exhibit.

Given the configuration shown in the exhibit, how did FortiManager handle the service category named General?

  • A. FortiManager ignored the firewall service category General but created a new service category in its database.
  • B. FortiManager ignored the firewall service category general and deleted the duplicate value In Its database
  • C. FortiManager ignored the firewall service category General and did not update Its database with the value
  • D. FortiManager ignored the firewall service category General and updated the FortiGate duplicate value in the FortiGate database.

Answer: D


NEW QUESTION # 37
Which two conditions trigger FortiManager to create a new revision history? (Choose two.)

  • A. When FortiManager is auto-updated with configuration changes made directly on a managed device
  • B. When configuration revision is reverted to previous revision in the revision history
  • C. When FortiManager installs device-level changes to a managed device
  • D. When changes to device-level database is made on FortiManager

Answer: A,C


NEW QUESTION # 38
View the following exhibit.

An administrator has created a firewall address object, Training, which is used in the Local-FortiGate policy package. When the install operation is performed, which IP Netmask will be installed on the Local-FortiGate, for the Training firewall address object?

  • A. Local-FortiGate will automatically choose an IP Network based on its network interface settings.
  • B. 10.0.1.0/24
  • C. 192.168.0.1/24
  • D. It will create firewall address group on Local-FortiGate with 192.168.0.1/24 and 10.0.1.0/24 object values

Answer: B


NEW QUESTION # 39
An administrator has enabled Service Access on FortiManager.
What is the purpose of Service Access on the FortiManager interface?

  • A. Allows FortiManager to download IPS packages
  • B. Allows FortiManager to automatically configure a default route
  • C. Allows FortiManager to run real-time debugs on the managed devices
  • D. Allows FortiManager to respond to request for FortiGuard services from FortiGate devices

Answer: D

Explanation:
FortiManager 6.2 Study guide page 350


NEW QUESTION # 40
An administrator would like to create an SD-WAN using central management. What steps does the administrator need to perform to create an SD-WAN using central management?

  • A. First create an SD-WAN firewall policy, add member interfaces to the SD-WAN template and create a static route
  • B. Enable SD-WAN central management in the ADOM, add member interfaces, create a static route and SDWAN firewall policies.
  • C. You must specify a gateway address when you create a default static route
  • D. Remove all the interface references such as routes or policies

Answer: B


NEW QUESTION # 41
Which of the following statements are true regarding VPN Gateway configuration in VPN Manager? (Choose two.)

  • A. Protected subnets are the subnets behind the device that you don't want to allow access to over the IPsec
    VPN
  • B. Managed devices in other ADOMs must be treated as external gateways
  • C. External gateways are third-party VPN gateway devices only
  • D. Managed gateways are devices managed by FortiManager in the same ADOM

Answer: B,D


NEW QUESTION # 42
An administrator configures a new firewall policy on FortiManager and has not yet pushed the changes to the managed FortiGate.
In which database will the configuration be saved?

  • A. Configuration-level database
  • B. ADOM-level database
  • C. Revision history database
  • D. Device-level database

Answer: B

Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD47942


NEW QUESTION # 43
Refer to the exhibit.

According to the error message why is FortiManager failing to add the FortiAnalyzer device?

  • A. The administrator must turn off the Use Legacy Device login and add the FortiAnaJyzer device to the same network as Forti-Manager
  • B. The administrator must use the correct user name and password of the FortiAnalyzer device
  • C. The administrator must use the Add Model Device section and discover the FortiAnaJyzer device
  • D. The administrator must select the Forti-Manager administrative access checkbox on the FortiAnalyzer management interface

Answer: C


NEW QUESTION # 44
Refer to the exhibit.

Which two statements are true if the script is executed using the Device Database option? (Choose two.)

  • A. You must install these changes using the Install Wizard to a managed device
  • B. The script history will show successful installation of the script on the remote FortiGate
  • C. The Device Settings Status will be tagged as Modified
  • D. The successful execution of a script on the Device Database will create a new revision history

Answer: A,C


NEW QUESTION # 45
An administrator has assigned a global policy package to custom ADOM1. Then the administrator creates a new policy package, Fortinet, in the custom ADOM1.
Which statement about the global policy package assignment to the newly-created policy package Fortinet is true?

  • A. When a new policy package is created, you can select the option to assign the global policies to the new package.
  • B. When a new policy package is created, it automatically assigns the global policies to the new package.
  • C. When a new policy package is created, you need to assign the global policy package from the global ADOM.
  • D. When a new policy package is created, you need to reapply the global policy package to the ADOM.

Answer: B

Explanation:
Global Policy Package is applied at the ADOM level and you have the option to choose which ADOM policy packages you want to exclude (there is no option to choose Policy Packages to include).


NEW QUESTION # 46
View the following exhibit.

Which one of the following statements is true regarding the object named ALL?

  • A. FortiManager updated the object ALL using FortiGate's value in its database
  • B. FortiManager installed the object ALL with the updated value.
  • C. FortiManager created the object ALL as a unique entity in its database, which can be only used by this
    managed FortiGate.
  • D. FortiManager updated the object ALL using FortiManager's value in its database

Answer: A


NEW QUESTION # 47
View the following exhibit.

What is the purpose of setting ADOM Mode to Advanced?

  • A. The setting allows automatic updates to the policy package configuration for a managed device
  • B. This setting allows you to assign different VDOMs from the same FortiGate to different ADOMs.
  • C. The setting disables concurrent ADOM access and adds ADOM locking
  • D. The setting enables the ADOMs feature on FortiManager

Answer: B


NEW QUESTION # 48
......

Fortinet NSE5_FMG-7.0 Real 2024 Braindumps Mock Exam Dumps: https://freetorrent.actual4dumps.com/NSE5_FMG-7.0-study-material.html

Related Articles

more
Fortinet NSE5_FMG-7.0 Certification Practice Exam

Copyright © 2026 Actual4Dumps NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy