Use Fortinet NSE5_FMG-7.0 Dumps To Succeed Instantly in NSE5_FMG-7.0 Exam [Q45-Q68]

Use Fortinet NSE5_FMG-7.0 Dumps To Succeed Instantly in NSE5_FMG-7.0 Exam

Ultimate Guide to NSE5_FMG-7.0 Dumps - Enhance Your Future Career Now

Fortinet NSE5_FMG-7.0 certification exam is a comprehensive exam that tests the knowledge and skills of individuals in managing and administering FortiManager 7.0. NSE5_FMG-7.0 exam covers a wide range of topics, including FortiManager 7.0 architecture, device management, policy management, and configuration management. Individuals who pass NSE5_FMG-7.0 exam are able to demonstrate their expertise in managing and administering FortiManager 7.0.

 

NEW QUESTION # 45
Which two items does an FGFM keepalive message include? (Choose two.)

• A. FortiGate license information
• B. FortiGate uptime
• C. FortiGate IPS version
• D. FortiGate configuration checksum

Answer: C,D

NEW QUESTION # 46
Which of the following statements are true regarding VPN Gateway configuration in VPN Manager? (Choose two.)

• A. Managed gateways are devices managed by FortiManager in the same ADOM
• B. Protected subnets are the subnets behind the device that you don't want to allow access to over the IPsec VPN
• C. Managed devices in other ADOMs must be treated as external gateways
• D. External gateways are third-party VPN gateway devices only

Answer: A,C

NEW QUESTION # 47
An administrator has added all the devices in a Security Fabric group to FortiManager.
How does the administrator identify the root FortiGate?

• A. By an at symbol (@) at the end of the device name
• B. By a Question:
• C. By a dollar symbol ($) at the end of the device name
• D. By an Asterisk (*) at the end of the device name

Answer: D

NEW QUESTION # 48
Which two statements about Security Fabric integration with FortiManager are true? (Choose two.)

• A. The Security Fabric license, group name and password are required for the FortiManager Security Fabric
  integration
• B. The Fabric View module enables you to generate the Security Fabric ratings for Security Fabric devices
• C. The Security Fabric settings are part of the device level settings
• D. The Fabric View module enables you to view the Security Fabric ratings for Security Fabric devices

Answer: C,D

NEW QUESTION # 49
View the following exhibit.

Which one of the following statements is true regarding the object named ALL?

• A. FortiManager created the object ALL as a unique entity in its database, which can be only used by this
  managed FortiGate.
• B. FortiManager installed the object ALL with the updated value.
• C. FortiManager updated the object ALL using FortiGate's value in its database
• D. FortiManager updated the object ALL using FortiManager's value in its database

Answer: C

NEW QUESTION # 50
Which configuration setting for FortiGate is part of an ADOM-level database on FortiManager?

• A. NSX-T Service Template
• B. Routing
• C. SNMP
• D. Security profiles

Answer: B

NEW QUESTION # 51
View the following exhibit.

If both FortiManager and FortiGate are behind the NAT devices, what are the two expected results? (Choose two.)

• A. If the FCFM tunnel is torn down, FortiManager will try to re-establish the FGFM tunnel.
• B. FortiGate can announce itself to FortiManager only if the FortiManager IP address is configured on FortiGate under central management.
• C. During discovery, the FortiManager NATed IP address is not set by default on FortiGate.
• D. FortiGate is discovered by FortiManager through the FortiGate NATed IP address.

Answer: C,D

Explanation:
Fortimanager can discover FortiGate through a NATed FortiGate IP address. If a FortiManager NATed IP address is configured on FortiGate, then FortiGate can announce itself to FortiManager. FortiManager will not attempt to re-establish the FGFM tunnel to the FortiGate NATed IP address, if the FGFM tunnel is interrupted. Just like it was in the NATed FortiManager scenario, the FortiManager NATed IP address in this scenario is not configured under FortiGate central management configuration.

NEW QUESTION # 52
An administrator configures a new firewall policy on FortiManager and has not yet pushed the changes to the managed FortiGate.
In which database will the configuration be saved?

• A. Revision history database
• B. Configuration-level database
• C. ADOM-level database
• D. Device-level database

Answer: C

Explanation:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD47942

NEW QUESTION # 53
What does a policy package status of Conflict indicate?

• A. The policy configuration has never been imported after a device was registered on FortiManager.
• B. The policy package does not have a FortiGate as the installation target.
• C. The policy package configuration has been changed on both FortiManager and the managed device independently.
• D. The policy package reports inconsistencies and conflicts during a Policy Consistency Check.

Answer: C

NEW QUESTION # 54
An administrator has added all the devices in a Security Fabric group to FortiManager.
How does the administrator identify the root FortiGate?

• A. By a Question NO : mark(?) at the end of the device name
• B. By an at symbol (@) at the end of the device name
• C. By a dollar symbol ($) at the end of the device name
• D. By an Asterisk (*) at the end of the device name

Answer: D

NEW QUESTION # 55
An administrator has assigned a global policy package to custom ADOM1. Then the administrator creates a new policy package Fortinet in the custom ADOM1. What will happen to the Fortinet policy package when it is created?

• A. You need to reapply the global poky package to the ADOM
• B. You need to assign the global policy package from the global ADOM
• C. You can select the option to assign the global polices
• D. it automatically assigns the global policies

Answer: D

NEW QUESTION # 56
You are moving managed FortiGate devices from one ADOM to a new ADOM.
Which statement correctly describes the expected result?

• A. Policy packages will be imported into the new ADOM automaticallyD
• B. Any pending device settings will be installed automatically
• C. The shared policy package will not be moved to the new ADOM
• D. Any unused objects from a previous ADOM are moved to the new ADOM automatically

Answer: C

NEW QUESTION # 57
Which two statements regarding device management on FortiManager are true? (Choose two.)

• A. FortiGate devices in an HA cluster that has five VDOMs are counted as five separate devices.
• B. FortiGate in transparent mode configurations are not counted toward the device count on FortiManager.
• C. FortiGate devices in HA cluster devices are counted as a single device.
• D. The maximum number of managed devices for each ADOM is 500.

Answer: A,C

NEW QUESTION # 58
An administrator would like to review, approve, or reject all the firewall policy changes made by the junior
administrators.
How should the Workspace mode be configured on FortiManager?

• A. Set to disable and use the policy locking feature
• B. Set to workflow and use the ADOM locking feature
• C. Set to read/write and use the policy locking feature
• D. Set to normal and use the policy locking feature

Answer: B

NEW QUESTION # 59
Refer to the exhibit.

An administrator has created a firewall address object, Training which is used in the Local-FortiGate policy package.
When the installation operation is performed, which IP/Netmask will be installed on the Local-FortiGate, for the Training firewall address object?

• A. 192.168.0.1/24
• B. Local-FortiGate will automatically choose an IP/Netmask based on its network interface settings.
• C. It will create a firewall address group on Local-FortiGate with 192.168.0.1/24 and 10.0.1.0/24 object values.
• D. 10.200.1.0/24

Answer: D

Explanation:
FortiManager_6.4_Study_Guide-Online - page 209
In the example, the dynamic address object LocalLan refers to the internal network address of the managed firewalls. The object has a default value of 192.168.1.0/24. The mapping rules are defined per device. For Remote-FortiGate, the address object LocalLan referes to 10.10.11.0/24. The devices in the ADOM that do not have dynamic mapping for LocalLan have a default value of 192.168.1.0/2.

NEW QUESTION # 60
Refer to the exhibit.

Given the configuration shown in the exhibit, what can you conclude from the installation targets m the Install On column? (Choose two)

• A. Policy seq # 2 will not be installed on the Local-FortiGate root VDOM because there is no root VDOM in the Installation Target
• B. Policy 3 will be installed on all FortiGate devices and vdom belongs to the ADOM
• C. Policy seq # 3 will be skipped because no installation targets are specified
• D. Policy seq # 3 will be installed on all managed devices and VDOMs that are listed under Installation Targets
• E. Policy seq # 1 will be installed on the Remoto-FortiGate root[NAT] and Student[NAT] VDOMs only

Answer: D,E

NEW QUESTION # 61
An administrator has added all the devices in a Security Fabric group to FortiManager.
How does the administrator identify the root FortiGate?

• A. By an at symbol (@) at the end of the device name
• B. By a dollar symbol ($) at the end of the device name
• C. By an Asterisk (*) at the end of the device name
• D. By a

Answer: C

NEW QUESTION # 62
What will happen if FortiAnalyzer features are enabled on FortiManager?

• A. FortiManager will install the logging configuration to the managed devices
• B. FortiManager can be used only as a logging device.
• C. FortiManager will enable ADOMs to collect logs automatically from non-FortiGate devices.
• D. FortiManager will keep all the logs and reports on the FortiManager.

Answer: A

NEW QUESTION # 63
What is the purpose of the Policy Check feature on FortiManager?

• A. To find and delete disabled firewall policies in the policy package
• B. To find and merge duplicate policies in the policy package
• C. To find and provide recommendation for optimizing policies in a policy package
• D. To find and provide recommendation to combine multiple separate policy packages into one common
  policy package

Answer: C

NEW QUESTION # 64
An administrator with the Super_User profile is unable to log in to FortiManager because of an authentication failure message.
Which troubleshooting step should you take to resolve the issue?

• A. Make sure FortiManager Access is enabled in the administrator profile
• B. Make sure Offline Mode is disabled
• C. Make sure the administrator IP address is part of the trusted hosts.
• D. Make sure ADOMs are enabled and the administrator has access to the Global ADOM

Answer: C

Explanation:
Even if a user entered the correct userid/password, the FMG denies access if a user is logging in from an untrusted source IP subnets.

NEW QUESTION # 65
Refer to the exhibit.

Which two statements about the output are true? (Choose two.)

• A. The latest history for the managed FortiGate does not match with the device-level database
• B. The latest revision history for the managed FortiGate does match with the FortiGate running configuration
• C. Configuration changes directly made on the FortiGate have been automatically updated to device-level
• D. Configuration changes have been installed to FortiGate and represents FortiGate configuration has been changed

Answer: A,B

Explanation:
database
Explanation:
STATUS: dev-db: modified; conf: in sync; cond: pending; dm: retrieved; conn: up - dev-db: modified - This is the device setting status which indicates that configuration changes were made on FortiManager. - conf: in sync - This is the sync status which shows that the latest revision history is in sync with Fortigate's configuration. - cond: pending - This is the configuration status which says that configuration changes need to be installed.
Most probably a retrieve was done in the past (dm: retrieved) updating the revision history DB (conf: in sync) and FortiManager device level DB, now there is a new modification on FortiManager device level DB (dev-db: modified) which wasn't installed to FortiGate (cond: pending), hence; revision history DB is not aware of that modification and doesn't match device DB.
Conclusion: - Revision DB does match FortiGate. - No changes were installed to FortiGate yet. - Device DB doesn't match Revision DB. - No changes were done on FortiGate (auto-update) but configuration was retrieved instead
After an Auto-Update or Retrieve: device database = latest revision = FGT
Then after a manual change on FMG end (but no install yet): latest revision = FGT (still) but now device database has been modified (is different).
After reverting to a previous revision in revision history: device database = reverted revision != FGT

NEW QUESTION # 66
When an installation is performed from FortiManager, what is the recovery logic used between FortiManager and FortiGate for an FGFM tunnel?

• A. FortiGate will reject the CLI commands that will cause the tunnel to go down.
• B. FortiManager will revert and install a previous configuration revision on the managed FortiGate.
• C. FortiManager will not push the CLI commands as a part of the installation that will cause the tunnel to go down.
• D. After 15 minutes, FortiGate will unset all CLI commands that were part of the installation that caused the tunnel to go down.

Answer: D

NEW QUESTION # 67
Which of the following statements are true regarding VPN Gateway configuration in VPN Manager? (Choose two.)

• A. Managed gateways are devices managed by FortiManager in the same ADOM
• B. Managed devices in other ADOMs must be treated as external gateways
• C. Protected subnets are the subnets behind the device that you don't want to allow access to over the IPsec
  VPN
• D. External gateways are third-party VPN gateway devices only

Answer: A,B

NEW QUESTION # 68
......

Fortinet Dumps - Learn How To Deal With The Exam Anxiety: https://www.exams-boost.com/NSE5_FMG-7.0-valid-materials.html

Now, get the Latest NSE5_FMG-7.0 dumps in Test Engine from : https://drive.google.com/open?id=1cDs4F9_qrxqQ3F-ORJtmFqgcx5X0K709