A Review Of High Quality NSE5_FMG-6.4 Free Exam Questions

NEW QUESTION 1

An administrator wants to delete an address object that is currently referenced in a firewall policy. What can the administrator expect to happen?

• A. FortiManager will not allow the administrator to delete a referenced address object
• B. FortiManager will disable the status of the referenced firewall policy
• C. FortiManager will replace the deleted address object with the none address object in the referencedfirewall policy
• D. FortiManager will replace the deleted address object with all address object in the referenced firewall policy

Answer: C

Explanation:
Reference:
https://help.fortinet.com/fmgr/50hlp/56/5-6-2/FortiManager_Admin_Guide/1200_Policy%20and%20Objects/12

NEW QUESTION 2

What are two outcomes of ADOM revisions? (Choose two.)

• A. ADOM revisions can significantly increase the size of the configuration backups.
• B. ADOM revisions can save the current size of the whole ADOM
• C. ADOM revisions can create System Checkpoints for the FortiManager configuration
• D. ADOM revisions can save the current state of all policy packages and objects for an ADOM

Answer: AD

Explanation:
Reference: https://docs2.fortinet.com/document/fortimanager/6.0.0/best-practices/101837/adom-revisions

NEW QUESTION 3

View the following exhibit.

What is the purpose of setting ADOM Mode to Advanced?

• A. The setting allows automatic updates to the policy package configuration for a managed device
• B. The setting enables the ADOMs feature on FortiManager
• C. This setting allows you to assign different VDOMs from the same FortiGate to different ADOMs.
• D. The setting disables concurrent ADOM access and adds ADOM locking

Answer: C

Explanation:
Reference:
https://docs.fortinet.com/document/fortianalyzer/7.0.0/administration-guide/66530/adom-device-modes

NEW QUESTION 4

View the following exhibit.

An administrator is importing a new device to FortiManager and has selected the shown options. What will happen if the administrator makes the changes and installs the modified policy package on this managed FortiGate?

• A. The unused objects that are not tied to the firewall policies will be installed on FortiGate
• B. The unused objects that are not tied to the firewall policies will remain as read-only locally on FortiGate
• C. The unused objects that are not tied to the firewall policies locally on FortiGate will be deleted
• D. The unused objects that are not tied to the firewall policies in policy package will be deleted from the FortiManager database

Answer: C

Explanation:
Reference:
https://community.fortinet.com/t5/FortiManager/Import-all-objects-Versus-Import-only-policy-dependent-objec

NEW QUESTION 5

An administrator has enabled Service Access on FortiManager.
What is the purpose of Service Access on the FortiManager interface?

• A. Allows FortiManager to download IPS packages
• B. Allows FortiManager to respond to request for FortiGuard services from FortiGate devices
• C. Allows FortiManager to run real-time debugs on the managed devices
• D. Allows FortiManager to automatically configure a default route

Answer: B

Explanation:
FortiManager 6.2 Study guide page 350

NEW QUESTION 6

Which configuration setting for FortiGate is part of a device-level database on FortiManager?

• A. VIP and IP Pools
• B. Firewall policies
• C. Security profiles
• D. Routing

Answer: D

Explanation:
The FortiManager stores the FortiGate configuration details in two distinct databases. The device-level database includes configuration details related to device-level settings, such as interfaces, DNS, routing, and more. The ADOM-level database includes configuration details related to firewall policies, objects, and security profiles.

NEW QUESTION 7

An administrator has assigned a global policy package to a new ADOM called ADOM1. What will happen if the administrator tries to create a new policy package in ADOM1?

• A. When creating a new policy package, the administrator can select the option to assign the global policy package to the new policy package
• B. When a new policy package is created, the administrator needs to reapply the global policy package toADOM1.
• C. When a new policy package is created, the administrator must assign the global policy package from the global ADOM.
• D. When the new policy package is created, FortiManager automatically assigns the global policy package to the new policy package.

Answer: D

Explanation:
Reference:
https://help.fortinet.com/fmgr/50hlp/56/5-6-2/FortiManager_Admin_Guide/1200_Policy%20and%20Objects/08

NEW QUESTION 8

What does a policy package status of Conflict indicate?

• A. The policy package reports inconsistencies and conflicts during a Policy Consistency Check.
• B. The policy package does not have a FortiGate as the installation target.
• C. The policy package configuration has been changed on both FortiManager and the managed device independently.
• D. The policy configuration has never been imported after a device was registered on FortiManager.

Answer: C

NEW QUESTION 9

An administrator would like to create an SD-WAN using central management in the Training ADOM. To create an SD-WAN using central management, which two steps must be completed? (Choose two.)

• A. Specify a gateway address when you create a default SD-WAN static route
• B. Enable SD-WAN central management in the Training ADOM
• C. Configure and install the SD-WAN firewall policy and SD-WAN static route before installing the SD-WANtemplate settings
• D. Remove all the interface references such as routes or policies that will be a part of SD-WAN member interfaces

Answer: BD

Explanation:
Reference:
https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/676493/removing-existing-configuration-reference

NEW QUESTION 10

An administrator would like to create an SD-WAN default static route for a newly created SD-WAN using the FortiManager GUI. Both port1 and port2 are part of the SD-WAN member interfaces.
Which interface must the administrator select in the static route device drop-down list?

• A. port2
• B. virtual-wan-link
• C. port1
• D. auto-discovery

Answer: B

NEW QUESTION 11

In addition to the default ADOMs, an administrator has created a new ADOM named Training for FortiGate devices. The administrator sent a device registration to FortiManager from a remote FortiGate. Which one of the following statements is true?

• A. The FortiGate will be added automatically to the default ADOM named FortiGate.
• B. The FortiGate will be automatically added to the Training ADOM.
• C. By default, the unregistered FortiGate will appear in the root ADOM.
• D. The FortiManager administrator must add the unregistered device manually to the unregistered device manually to the Training ADOM using the Add Device wizard

Answer: C

Explanation:
Reference: https://docs.fortinet.com/document/fortimanager/7.0.0/administration-guide/718923/root-adom

NEW QUESTION 12

Which two statements regarding device management on FortiManager are true? (Choose two.)

• A. FortiGate devices in HA cluster devices are counted as a single device.
• B. FortiGate in transparent mode configurations are not counted toward the device count on FortiManager.
• C. FortiGate devices in an HA cluster that has five VDOMs are counted as five separate devices.
• D. The maximum number of managed devices for each ADOM is 500.

Answer: AC

NEW QUESTION 13

An administrator would like to create an SD-WAN using central management. What steps does the administrator need to perform to create an SD-WAN using central management?

• A. First create an SD-WAN firewall policy, add member interfaces to the SD-WAN template and create a static route
• B. You must specify a gateway address when you create a default static route
• C. Remove all the interface references such as routes or policies
• D. Enable SD-WAN central management in the ADOM, add member interfaces, create a static route and SDWAN firewall policies.

Answer: D

NEW QUESTION 14

An administrator run the reload failure command: diagnose test deploymanager reload config
<deviceid> on FortiManager. What does this command do?

• A. It downloads the latest configuration from the specified FortiGate and performs a reload operation on the device database.
• B. It installs the latest configuration on the specified FortiGate and update the revision history database.
• C. It compares and provides differences in configuration on FortiManager with the current running configuration of the specified FortiGate.
• D. It installs the provisioning template configuration on the specified FortiGate.

Answer: A

Explanation:
Reference:
https://community.fortinet.com/t5/FortiManager/Technical-Note-Retrieve-configuration-file-using-CLI-from-a/t

NEW QUESTION 15

Refer to the exhibit.

Which two statements about an ADOM set in Normal mode on FortiManager are true? (Choose two.)

• A. It supports the FortiManager script feature
• B. It allows making configuration changes for managed devices on FortiManager panes
• C. FortiManager automatically installs the configuration difference in revisions on the managed FortiGate
• D. You cannot assign the same ADOM to multiple administrators

Answer: AB

Explanation:
"FortiGate units in the ADOM will query their own configuration every 5 seconds. If there has been a configuration change, the FortiGate unit will send a diff revision on the change to the FortiManager using the FGFM protocol."

NEW QUESTION 16

An administrator would like to review, approve, or reject all the firewall policy changes made by the junior administrators.
How should the Workspace mode be configured on FortiManager?

• A. Set to workflow and use the ADOM locking feature
• B. Set to read/write and use the policy locking feature
• C. Set to normal and use the policy locking feature
• D. Set to disable and use the policy locking feature

Answer: A

Explanation:
Reference:
https://help.fortinet.com/fmgr/50hlp/52/5-2-0/FMG_520_Online_Help/200_What's-New.03.03.html

NEW QUESTION 17

View the following exhibit.

If both FortiManager and FortiGate are behind the NAT devices, what are the two expected results? (Choose two.)

• A. FortiGate is discovered by FortiManager through the FortiGate NATed IP address.
• B. FortiGate can announce itself to FortiManager only if the FortiManager IP address is configured on FortiGate under central management.
• C. During discovery, the FortiManager NATed IP address is not set by default on FortiGate.
• D. If the FCFM tunnel is torn down, FortiManager will try to re-establish the FGFM tunnel.

Answer: AC

Explanation:
Fortimanager can discover FortiGate through a NATed FortiGate IP address. If a FortiManager NATed IP address is configured on FortiGate, then FortiGate can announce itself to FortiManager. FortiManager will not attempt to re-establish the FGFM tunnel to the FortiGate NATed IP address, if the FGFM tunnel is interrupted. Just like it was in the NATed FortiManager scenario, the FortiManager NATed IP address in this scenario is not configured under FortiGate central management configuration.

NEW QUESTION 18
......