Welcome to TestSimulate

Pass Your Next Certification Exam Fast!

Everything you need to prepare, learn & pass your certification exam easily.

365 days free updates. First attempt guaranteed success.

  • Home
  • Blogs
  • Get Latest Nov-2021 Conduct effective penetration tests using TestSimulate NSE5_FMG-6.2 exam [Q10-Q31]

Get Latest Nov-2021 Conduct effective penetration tests using TestSimulate NSE5_FMG-6.2 exam [Q10-Q31]

Share

Get Latest [Nov-2021] Conduct effective penetration tests using  TestSimulate NSE5_FMG-6.2

Penetration testers simulate NSE5_FMG-6.2 exam PDF

NEW QUESTION 10
An administrator would like to review, approve, or reject all the firewall policy changes made by the junior administrators.
How should the Workspace mode be configured on FortiManager?

  • A. Set to normal and use the policy locking feature
  • B. Set to read/write and use the policy locking feature
  • C. Set to disable and use the policy locking feature
  • D. Set to workflow and use the ADOM locking feature

Answer: D

 

NEW QUESTION 11
View the following exhibit.

Which of the following statements are true if FortiManager and FortiGate are behind the NAT devices? (Choose two.)

  • A. During discovery, the FortiManager NATed IP address is not set by default on FortiGate.
  • B. If the FCFM tunnel is torn down, FortiManager will try to re-establish the FGFM tunnel.
  • C. FortiGate can announce itself to FortiManager only if the FortiManager IP address is configured on FortiGate under central management.
  • D. FortiGate is discovered by FortiManager through the FortiGate NATed IP address.

Answer: C,D

 

NEW QUESTION 12
In the event that the primary FortiManager fails, which of the following actions must be performed to return the FortiManager HA to a working state?

  • A. Manually promote one of the secondary devices to the primary role, and reconfigure all other secondary devices to point to the new primary device.
  • B. FortiManager HA state transition is transparent to administrators and does not require any reconfiguration.
  • C. Reboot one of the secondary devices to promote it automatically to the primary role, and reconfigure all other secondary devices to point to the new primary device.
  • D. Secondary device with highest priority will automatically be promoted to the primary role, and manually reconfigure all other secondary devices to point to the new primary device

Answer: A

Explanation:
If the primary FortiManager unit fails you must manually configure one of the backup units to become the primary unit. The new primary unit will have the same IP addresses as it did when it was the backup unit Reconfigure the cluster by removing the failed unit from the cluster configuration. If the primary unit has failed, this means configuring one of the backup units to be the primary unit and adding peer IPs for all of the remaining backup units to the new primary unit configuration.

 

NEW QUESTION 13
View the following exhibit.

Which one of the following statements is true regarding the object named ALL?

  • A. FortiManager updated the object ALL using FortiGate's value in its database
  • B. FortiManager created the object ALL as a unique entity in its database, which can be only used by this managed FortiGate.
  • C. FortiManager updated the object ALL using FortiManager's value in its database
  • D. FortiManager installed the object ALL with the updated value.

Answer: A

Explanation:
If a conflict is detected, FortiManager updates the object associated with the selected device. When you choose the FortiGate device value and import the address object ALL, an entry named update previous object is added to the import report.

 

NEW QUESTION 14
What does a policy package status of Modified indicate?

  • A. Policy configuration has been changed on a managed device and changes have not yet been imported into FortiManager
  • B. Policy package configuration has been changed on FortiManager and changes have not yet been installed on the managed device.
  • C. FortiManager is unable to determine the policy package status
  • D. The policy package was never imported after a device was registered on FortiManager

Answer: B

Explanation:
http://help.fortinet.com/fmgr/50hlp/56/5-6-1/FortiManager_Admin_Guide/1200_Policy%20and%20Objects/0800_Managing%20policy%20packages/2200_Policy%
20Package%20Installation%20targets.htm

 

NEW QUESTION 15
Refer to the exhibit.

You are using the Quick Install option to install configuration changes on the managed FortiGate.
Which two statements correctly describe the result? (Choose two.)

  • A. It provides the option to preview configuration changes prior to installing them
  • B. It installs device-level changes to FortiGate without launching the Install Wizard
  • C. It will not create a new revision in the revision history
  • D. It cannot be canceled once initiated and changes will be installed on the managed device

Answer: B,D

 

NEW QUESTION 16
View the following exhibit. An administrator has created a firewall address object, Training, which is used in the Local-FortiGate policy package.
When the install operation is performed, which IP Netmask will be installed on the Local-FortiGate, for the Training firewall address object?

  • A. It will create firewall address group on Local-FortiGate with 192.168.0.1/24 and 10.0.1.0/24 object values
  • B. Local-FortiGate will automatically choose an IP Network based on its network interface settings.
  • C. 192.168.0.1/24
  • D. 10.0.1.0/24

Answer: D

Explanation:
In the example, the dynamic address object LocalLan refers to the internal network address of the managed firewalls. The object has a default value of
192.168.1.0/24. The mapping rules are defined per device. For Remote-FortiGate, the address object LocalLan referes to 10.10.11.0/24. The devices in the ADOM that do not have dynamic mapping for LocalLan have a default value of 192.168.1.0/24.

 

NEW QUESTION 17
Refer to the exhibit.

Which two statements are true if the script is executed using the Device Database option? (Choose two.)

  • A. The Device Settings Status will be tagged as Modified
  • B. The successful execution of a script on the Device Database will create a new revision history
  • C. You must install these changes using the Install Wizard to a managed device
  • D. The script history will show successful installation of the script on the remote FortiGate

Answer: B,D

 

NEW QUESTION 18
Refer to the exhibit.

Which two statements about an ADOM set in Normal mode on FortiManager are true? (Choose two.)

  • A. You cannot assign the same ADOM to multiple administrators
  • B. It supports the FortiManager script feature
  • C. FortiManager automatically installs the configuration difference in revisions on the managed FortiGate
  • D. It allows making configuration changes for managed devices on FortiManager panes

Answer: C,D

 

NEW QUESTION 19
An administrator wants to delete an address object that is currently referenced in a firewall policy.
Which one of the following statements is true?

  • A. FortiManager will not allow the administrator to delete a referenced address object
  • B. FortiManager will replace the deleted address object with the none address object in the referenced firewall policy
  • C. FortiManager will disable the status of the referenced firewall policy
  • D. FortiManager will replace the deleted address object with all address object in the referenced firewall policy

Answer: B

Explanation:
On FortiManager, it is possible to delete a used object. FortiManager will display a warning message stating that the object is currently used by other firewall policies or objects. If you delete a used object, FortiManager will replace it with a none object. The none object is equal to null, which means any traffic that meets that firewall policy will be blocked.

 

NEW QUESTION 20
Refer to the exhibit. Given the configurations shown in the exhibit, what can you conclude from the installation targets in the Install On column?

  • A. Policy seq.# 3 will be installed on all managed devices and VDOMs that are listed under Installation Targets.
  • B. The Install On column value represents successful installations on the managed devices.
  • C. Policy seq.# 3 will be installed on the Trainer[NAT] VDOM only.
  • D. Policy seq.# 3 will not be installed on any managed device.

Answer: A

 

NEW QUESTION 21
View the following exhibit.

Based on the configuration setting, which one of the following statements is true?

  • A. The setting allows automatic updates to the policy package configuration for a managed device
  • B. This setting allows you to assign different VDOMs from the same FortiGate to different ADOMs.
  • C. The setting enables the ADOMs feature on FortiManager
  • D. The setting disables concurrent ADOM access and adds ADOM locking

Answer: B

 

NEW QUESTION 22
View the following exhibit:

Which of the following statements are true if the scripts is executed using Remote FortiGate Directly (via CLI) option? (Choose two.)

  • A. You must install these changes using Install Wizard
  • B. FortiManager provides a preview of CLI commands before executing this script on a managed FortiGate.
  • C. FortiGate will auto-update the FortiManager's device-level database.
  • D. FortiManager will create a new revision history.

Answer: B,C

 

NEW QUESTION 23
Refer to the exhibit.

An administrator has configured the command shown in the exhibit on FortiManager. A configuration change has been installed from FortiManager to the managed FortiGate that causes the FGFM tunnel to go down for more than 15 minutes.
What is the purpose of this command?

  • A. It allows FortiGate to reboot and restore a previously working firmware image.
  • B. It allows FortiGate to unset central management settings.
  • C. It allows the FortiManager to revert and install a previous configuration revision on the managed FortiGate.
  • D. It allows FortiGate to reboot and recover the previous configuration from its configuration file.

Answer: D

Explanation:
Explanation/Reference:
Reference: https://docs.fortinet.com/document/fortimanager/6.2.0/fortigate-fortimanager-communications- protocol-guide/141304/fgfm-recovery-logic

 

NEW QUESTION 24
What is the purpose of the Policy Check feature on FortiManager?

  • A. To find and delete disabled firewall policies in the policy package
  • B. To find and provide recommendation to combine multiple separate policy packages into one common policy package
  • C. To find and merge duplicate policies in the policy package
  • D. To find and provide recommendation for optimizing policies in a policy package

Answer: C

Explanation:
The policy check tool allows you to check all policy packages within an ADOM to ensure consistency and eliminate conflicts that may prevent your devices from passing traffic. This allows you to optimize your policy sets and potentially reduce the size of your databases. The check will verify:
1. Object duplication: two objects that have identical definitions
2. Object shadowing: a higher priority object completely encompasses another object of the same type
3. Object overlap: one object partially overlaps another object of the same type
4. Object orphaning: an object has been defined but has not been used anywhere.
Reference: https://docs.fortinet.com/uploaded/files/2905/FortiManager-5.4.0-Administration-Guide.pdf

 

NEW QUESTION 25
View the following exhibit:

How will FortiManager try to get updates for antivirus and IPS?

  • A. From the default server fdsl.fortinet.com
  • B. From the configured override server list only
  • C. From public FDNI server with highest index number only
  • D. From the list of configured override servers with ability to fall back to public FDN servers

Answer: D

 

NEW QUESTION 26
An administrator has added all the devices in a Security Fabric group to FortiManager. How does the administrator identify the root FortiGate?

  • A. By a dollar symbol ($) at the end of the device name
  • B. By an at symbol (@) at the end of the device name
  • C. By a Question: mark(?) at the end of the device name
  • D. By an Asterisk (*) at the end of the device name

Answer: D

 

NEW QUESTION 27
Setting workspace-mode to normal, as shown in the exhibit, allows what on FortiManager? (Choose two) config system global set workspace-mode normal end

  • A. VDOM locking
  • B. Restricted concurrent access
  • C. ADOM locking
  • D. Unrestricted concurrent access

Answer: B,C

 

NEW QUESTION 28
A FortiGate device is imported to FortiManager using the settings given in the exhibit.

An administrator subsequently modifies and installs the policy package.
Which two statements are correct regarding the scenario? (Choose two)

  • A. The FortiManager did not import unused objects to the ADOM object database. These objects cannot be used by referencing in the policies on FortiManager and installing to the managed devices.
  • B. The orphan (unused) objects that are not tied to policies locally on the FortiGate will not be deleted on install.
  • C. The FortiManager imported all unused objects to the ADOM object database. These objects can be used by referencing in the policies on FortiManager and installing to the managed devices.
  • D. The orphan (unused) objects that are not tied to policies locally on the FortiGate will be deleted on install.

Answer: A,D

 

NEW QUESTION 29
Which of the purpose of the Policy Check feature on FortiManager?

  • A. It provides recommendation for optimizing policies in a policy package.
  • B. It merges and creates dynamic mappings for duplicate objects used in a policy package.
  • C. It compares the policy packages with the revision history, and updates policy packages in the ADOM database.
  • D. It provides recommendation to combine similar policy packages within an ADOM into one single policy package.

Answer: A

 

NEW QUESTION 30
View the following exhibit.

Which statement is true regarding this failed installation log?

  • A. Policy ID 2 will not be installed
  • B. Policy ID 2 is installed in disabled state
  • C. Policy ID 2 is installed without a source device
  • D. Policy ID 2 is installed without a source address

Answer: C

 

NEW QUESTION 31
......

Tested Material Used To NSE5_FMG-6.2 Test Engine: https://www.testsimulate.com/NSE5_FMG-6.2-study-materials.html

 

Related Blogs

more
Go To NSE5_FMG-6.2 Questions

Copyright © 2026 TESTSIMULATE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.