NSE5_FMG-7.0 Free Practice Test

- (Exam Topic 3)
An administrator is in the process of moving the system template profile between ADOMs by running the following command: execute improfile import-profile ADOM2 3547 /tmp/myfile Where does the administrator import the file from?

1. A. File system
2. B. ADOM1
3. C. ADOM2 object database
4. D. ADOM2

Correct Answer: D

- (Exam Topic 3)
What will happen if FortiAnalyzer features are enabled on FortiManager?

1. A. FortiManager will keep all the logs and reports on the FortiManager.
2. B. FortiManager will enable ADOMs to collect logs automatically from non-FortiGate devices.
3. C. FortiManager will install the logging configuration to the managed devices
4. D. FortiManager can be used only as a logging device.

Correct Answer: C

- (Exam Topic 1)
Refer to the exhibit.

Which two statements about the output are true? (Choose two.)

1. A. The latest revision history for the managed FortiGate does match with the FortiGate running configuration
2. B. Configuration changes have been installed to FortiGate and represents FortiGate configuration has been changed
3. C. The latest history for the managed FortiGate does not match with the device-level database
4. D. Configuration changes directly made on the FortiGate have been automatically updated to device-leveldatabase

Correct Answer: AC
STATUS: dev-db: modified; conf: in sync; cond: pending; dm: retrieved; conn: up– dev-db: modified –
This is the device setting status which indicates that configuration changes were made on FortiManager.
– conf: in sync – This is the sync status which shows that the latest revision history is in sync with Fortigate’s configuration.– cond: pending – This is the configuration status which says that configuration changes need to be installed.
Most probably a retrieve was done in the past (dm: retrieved) updating the revision history DB (conf: in sync) and FortiManager device level DB, now there is a new modification on FortiManager device level DB (dev-db: modified) which wasn’t installed to FortiGate (cond: pending), hence; revision history DB is not aware of that modification and doesn’t match device DB.
Conclusion:– Revision DB does match FortiGate.– No changes were installed to FortiGate yet.– Device DB doesn’t match Revision DB.– No changes were done on FortiGate (auto-update) but configuration was retrieved instead
After an Auto-Update or Retrieve:device database = latest revision = FGT
Then after a manual change on FMG end (but no install yet):latest revision = FGT (still) but now device database has been modified (is different).
After reverting to a previous revision in revision history:device database = reverted revision != FGT

- (Exam Topic 1)
An administrator would like to review, approve, or reject all the firewall policy changes made by the junior administrators.
How should the Workspace mode be configured on FortiManager?

1. A. Set to workflow and use the ADOM locking feature
2. B. Set to read/write and use the policy locking feature
3. C. Set to normal and use the policy locking feature
4. D. Set to disable and use the policy locking feature

Correct Answer: A
Reference:
https://help.fortinet.com/fmgr/50hlp/52/5-2-0/FMG_520_Online_Help/200_What's-New.03.03.html

- (Exam Topic 1)
An administrator wants to delete an address object that is currently referenced in a firewall policy. What can the administrator expect to happen?

1. A. FortiManager will not allow the administrator to delete a referenced address object
2. B. FortiManager will disable the status of the referenced firewall policy
3. C. FortiManager will replace the deleted address object with the none address object in the referencedfirewall policy
4. D. FortiManager will replace the deleted address object with all address object in the referenced firewall policy

Correct Answer: C
Reference:
https://help.fortinet.com/fmgr/50hlp/56/5-6-2/FortiManager_Admin_Guide/1200_Policy and Objects/12