Fortinet nse5-fmg-6-4 practice test
Fortinet NSE 5 - FortiManager 6.4 Exam
Question 1
View the following exhibit.
An administrator has created a firewall address object, Training, which is used in the Local-FortiGate
policy package. When the install operation is performed, which IP Netmask will be installed on the
Local-FortiGate, for the Training firewall address object?
- A. 10.0.1.0/24
- B. It will create firewall address group on Local-FortiGate with 192.168.0.1/24 and 10.0.1.0/24 object values
- C. 192.168.0.1/24
- D. Local-FortiGate will automatically choose an IP Network based on its network interface settings.
Answer:
A
Question 2
View the following exhibit.
When using Install Config option to install configuration changes to managed FortiGate, which of the
following statements are true? (Choose two.)
- A. Once initiated, the install process cannot be canceled and changes will be installed on the managed device
- B. Will not create new revision in the revision history
- C. Installs device-level changes to FortiGate without launching the Install Wizard
- D. Provides the option to preview configuration changes prior to installing them
Answer:
AC
Question 3
What does a policy package status of Modified indicate?
- A. FortiManager is unable to determine the policy package status
- B. The policy package was never imported after a device was registered on FortiManager
- C. The Policy configuration has been changed on a managed device and changes have not yet been imported into FortiManager
- D. The Policy package configuration has been changed on FortiManager and changes have not yet been installed on the managed device.
Answer:
D
Explanation:
Reference:
http://help.fortinet.com/fmgr/50hlp/56/5-6-
1/FortiManager_Admin_Guide/1200_Policy%20and%20Objects/0800_Managing%20policy%20packa
ges/2200_Policy%20Package%20Installation%20targets.htm
Question 4
An administrator has added all the devices in a Security Fabric group to FortiManager.
How does the administrator identify the root FortiGate?
- A. By a dollar symbol ($) at the end of the device name
- B. By an at symbol (@) at the end of the device name
- C. By a
- D. By an Asterisk (*) at the end of the device name
Answer:
D
Question 5
Which of the following statements are true regarding schedule backup of FortiManager? (Choose
two.)
- A. Backs up all devices and the FortiGuard database.
- B. Does not back up firmware images saved on FortiManager
- C. Supports FTP, SCP, and SFTP
- D. Can be configured from the CLI and GUI
Answer:
BC
Question 6
An administrator would like to create an SD-WAN using central management. What steps does the
administrator need to perform to create an SD-WAN using central management?
- A. First create an SD-WAN firewall policy, add member interfaces to the SD-WAN template and create a static route
- B. You must specify a gateway address when you create a default static route
- C. Remove all the interface references such as routes or policies
- D. Enable SD-WAN central management in the ADOM, add member interfaces, create a static route and SDWAN firewall policies.
Answer:
D
Question 7
An administrator would like to create an SD-WAN default static route for a newly created SD-WAN
using the FortiManager GUI. Both port1 and port2 are part of the SD-WAN member interfaces.
Which interface must the administrator select in the static route device drop-down list?
- A. port2
- B. virtual-wan-link
- C. port1
- D. auto-discovery
Answer:
B
Question 8
View the following exhibit.
Which one of the following statements is true regarding the object named ALL?
- A. FortiManager updated the object ALL using FortiGate’s value in its database
- B. FortiManager updated the object ALL using FortiManager’s value in its database
- C. FortiManager created the object ALL as a unique entity in its database, which can be only used by this managed FortiGate.
- D. FortiManager installed the object ALL with the updated value.
Answer:
A
Question 9
What does the diagnose dvm check-integrity command do? (Choose two.)
- A. Internally upgrades existing ADOMs to the same ADON version in order to clean up and correct the ADOM syntax
- B. Verifies and corrects unregistered, registered, and deleted device states
- C. Verifies and corrects database schemas in all object tables
- D. Verifies and corrects duplicate VDOM entries
Answer:
BD
Explanation:
6.2
Study
Guide
page
305
verify
and
correct
parts
of
the
device
manager
databases,
including:
inconsistent
device-to-group
and
group-to-ADOM
memberships
unregistered,
registered,
and
deleted
device
states
device
lock
statuses
duplicate VDOM entries
Question 10
An administrator has enabled Service Access on FortiManager.
What is the purpose of Service Access on the FortiManager interface?
- A. Allows FortiManager to download IPS packages
- B. Allows FortiManager to respond to request for FortiGuard services from FortiGate devices
- C. Allows FortiManager to run real-time debugs on the managed devices
- D. Allows FortiManager to automatically configure a default route
Answer:
B
Explanation:
FortiManager 6.2 Study guide page 350
Topic 3, Main Questions Pool C
Question 11
Refer to the exhibit.
An administrator has created a firewall address object, Training which is used in the Local-FortiGate
policy package.
When the installation operation is performed, which IP/Netmask will be installed on the Local-
FortiGate, for the Training firewall address object?
- A. 192.168.0.1/24
- B. 10.200.1.0/24
- C. It will create a firewall address group on Local-FortiGate with 192.168.0.1/24 and 10.0.1.0/24 object values.
- D. Local-FortiGate will automatically choose an IP/Netmask based on its network interface settings.
Answer:
B
Explanation:
FortiManager_6.4_Study_Guide-Online page 209
Explanation:
In the example, the dynamic address object LocalLan refers to the internal network address of the
managed firewalls. The object has a default value of 192.168.1.0/24. The mapping rules are defined
per device. For Remote-FortiGate, the address object LocalLan referes to 10.10.11.0/24. The devices
in the ADOM that do not have dynamic mapping for LocalLan have a default value of 192.168.1.0/2.
Question 12
An administrator configures a new firewall policy on FortiManager and has not yet pushed the
changes to the
managed FortiGate.
In which database will the configuration be saved?
- A. Device-level database
- B. Revision history database
- C. ADOM-level database
- D. Configuration-level database
Answer:
C
Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD47942
Question 13
What does a policy package status of Conflict indicate?
- A. The policy package reports inconsistencies and conflicts during a Policy Consistency Check.
- B. The policy package does not have a FortiGate as the installation target.
- C. The policy package configuration has been changed on both FortiManager and the managed device independently.
- D. The policy configuration has never been imported after a device was registered on FortiManager.
Answer:
C
Question 14
What will be the result of reverting to a previous revision version in the revision history?
- A. It will install configuration changes to managed device automatically
- B. It will tag the device settings status as Auto-Update
- C. It will generate a new version ID and remove all other revision history versions
- D. It will modify the device-level database
Answer:
D
Question 15
An administrator has assigned a global policy package to custom ADOM1. Then the administrator
creates a new policy package, Fortinet, in the custom ADOM1.
Which statement about the global policy package assignment to the newly-created policy package
Fortinet is true?
- A. When a new policy package is created, it automatically assigns the global policies to the new package.
- B. When a new policy package is created, you need to assign the global policy package from the global ADOM.
- C. When a new policy package is created, you need to reapply the global policy package to the ADOM.
- D. When a new policy package is created, you can select the option to assign the global policies to the new package.
Answer:
A
Explanation:
Global Policy Package is applied at the ADOM level and you have the option to choose which ADOM
policy packages you want to exclude (there is no option to choose Policy Packages to include).