CertsTopics Logo

Summer Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Fortinet NSE7_SDW-7.2 Dumps

Page: 1 / 7
Total 93 questions
Get NSE7_SDW-7.2 Full Access Download NSE7_SDW-7.2 PDF

Fortinet NSE 7 - SD-WAN 7.2 Questions and Answers

Question 1

Refer to the exhibit.

Based on the exhibit, which statement about FortiGate re-evaluating traffic is true?

Options:

A.

The type of traffic defined and allowed on firewall policy ID 1 is UDP.

B.

FortiGate has terminated the session after a change on policy ID 1.

C.

Changes have been made on firewall policy ID 1 on FortiGate.

D.

Firewall policy ID 1 has source NAT disabled.

Question 2

Refer to the exhibit.

The exhibit shows the SD-WAN rule status and configuration.

Based on the exhibit, which change in the measured latency will make T_MPLS_0 the new preferred member?

Options:

A.

When T_INET_0_0 and T_MPLS_0 have the same latency.

B.

When T_MPLS_0 has a latency of 100 ms.

C.

When T_INET_0_0 has a latency of 250 ms.

D.

When T_N1PLS_0 has a latency of 80 ms.

Question 3

Which two performance SLA protocols enable you to verify that the server response contains a specific value? (Choose two.)

Options:

A.

http

B.

icmp

C.

twamp

D.

dns

Question 4

Exhibit B –

Exhibit A shows the system interface with the static routes and exhibit B shows the firewall policies on the managed FortiGate.

Based on the FortiGate configuration shown in the exhibits, what issue might you encounter when creating an SD-WAN zone for port1 and port2?

Options:

A.

port1 is assigned a manual IP address.

B.

port1 is referenced in a firewall policy.

C.

port2 is referenced in a static route.

D.

port1 and port2 are not administratively down.

Question 5

What three characteristics apply to provisioning templates available on FortiManager? (Choose three.)

Options:

A.

You can apply a system template and a CLI template to the same FortiGate device.

B.

A CLI template can be of type CLI script or Perl script.

C.

A template group can include a system template and an SD-WAN template.

D.

A template group can contain CLI templates of both types.

E.

Templates are applied in order, from top to bottom.

Question 6

Refer to the exhibit.

The exhibit shows the details of a session and the index numbers of some relevant interfaces on a FortiGate appliance that supports hardware offloading. Based on the information shown in the exhibits, which two statements about the session are true? (Choose two.)

Options:

A.

The reply direction of the asymmetric traffic flows from port2 to port3.

B.

The auxiliary session can be offloaded to hardware.

C.

The original direction of the symmetric traffic flows from port3 to port2.

D.

The main session cannot be offloaded to hardware.

Question 7

Which are two benefits of using CLI templates in FortiManager? (Choose two.)

Options:

A.

You can reference meta fields.

B.

You can configure interfaces as SD-WAN members without having to remove references first.

C.

You can configure FortiManager to sync local configuration changes made on the managed device, to the CLI template.

D.

You can configure advanced CLI settings.

Question 8

Refer to the exhibits.

Exhibit A -

Exhibit B -

Exhibit A shows a site-to-site topology between two FortiGate devices: branch1_fgt and dc1_fgt. Exhibit B shows the system global and system settings configuration on dc1_fgt.

When branch1_client establishes a connection to dc1_host, the administrator observes that, on dc1_fgt, the reply traffic is routed over T_INET_0_0, even though T_INET_1_0 is the preferred member in the matching SD-WAN rule.

Based on the information shown in the exhibits, what configuration change must be made on dc1_fgt so dc1_fgt routes the reply traffic over T_INET_1_0?

Options:

A.

Enable auxiliary-session under config system settings.

B.

Disable tсp-session-without-syn under config system settings.

C.

Enable snat-route-change under config system global.

D.

Disable allow-subnet-overlap under config system settings.

Question 9

Refer to the exhibits.

Exhibit A

Exhibit B

Exhibit A shows the source NAT (SNAT) global setting and exhibit B shows the routing table on FortiGate.

Based on the exhibits, which two actions does FortiGate perform on existing sessions established over port2, if the administrator increases the static route priority on port2 to 20? (Choose two.)

Options:

A.

FortiGate flags the sessions as dirty.

B.

FortiGate continues routing the sessions with no SNAT, over port2.

C.

FortiGate performs a route lookup for the original traffic only.

D.

FortiGate updates the gateway information of the sessions with SNAT so that they use port1 instead of port2.

Question 10

Which three matching traffic criteria are available in SD-WAN rules? (Choose three.)

Options:

A.

Type of physical link connection

B.

Internet service database (ISDB) address object

C.

Source and destination IP address

D.

URL categories

E.

Application signatures

Question 11

Refer to the exhibit.

An administrator used the SD-WAN overlay template to prepare an IPsec configuration for a hub-and-spoke SD-WAN topology. The exhibit shows the installation preview for one FortiGate device. In the exhibit, which statement best describes the configuration applied to the FortiGate device?

Options:

A.

It is a hub device. It can send ADVPN shortcut offers.

B.

It is a spoke device that establishes dynamic IPsec tunnels to the hub. The subnet range is 10.10.128.0/23.

C.

It is a spoke device that establishes dynamic IPsec tunnels to the hub. It can send ADVPN shortcut requests.

D.

It is a hub device and will automatically discover the spoke devices that are in the SD-WAN topology.

Question 12

Refer to the exhibit.

Based on the exhibit, which action does FortiGate take?

Options:

A.

FortiGate bounces port5 after it detects all SD-WAN members as dead.

B.

FortiGate fails over to the secondary device after it detects all SD-WAN members as dead.

C.

FortiGate brings up port5 after it detects all SD-WAN members as alive.

D.

FortiGate brings down port5 after it detects all SD-WAN members as dead.

Question 13

Refer to the exhibit.

The device exchanges routes using IBGP.

Which two statements are correct about the IBGP configuration and routing information on the device? (Choose two.)

Options:

A.

Each BGP route is three hops away from the destination.

B.

ibgp-multipath is disabled.

C.

additional-path is enabled.

D.

You can run the get router info routing-table database command to display the additional paths.

Question 14

Refer to the exhibit.

Based on the output shown in the exhibit, which two criteria on the SD-WAN member configuration can be used to select an outgoing interface in an SD-WAN rule? (Choose two.)

Options:

A.

Set priority 10.

B.

Set cost 15.

C.

Set load-balance-mode source-ip-ip-based.

D.

Set source 100.64.1.1.

Question 15

What are two common use cases for remote internet access (RIA)? (Choose two.)

Options:

A.

Provide direct internet access on spokes

B.

Provide internet access through the hub

C.

Centralize security inspection on the hub

D.

Provide thorough inspection on spokes

Question 16

Which action fortigate performs on the traffic that is subject to a per-IP traffic shaper of 10 Mbps?

Options:

A.

FortiGate applies traffic shaping to the original traffic direction only.

B.

FortiGate shares 10 Mbps of bandwidth equally among all source IP addresses.

RIAS

C.

Fortigate limits each source ip address to a maximum bandwidth of 10 Mbps.

D.

FortiGate guarantees a minimum of 10 Mbps of bandwidth to each source IP address.

Question 17

Which two statements are correct when traffic matches the implicit SD-WAN rule? (Choose two.)

Options:

A.

The sdwan_service_id flag in the session information is 0.

B.

All SD-WAN rules have the default setting enabled.

C.

Traffic does not match any of the entries in the policy route table.

D.

Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting.

Question 18

Which diagnostic command can you use to show the configured SD-WAN zones and their assigned members?

Options:

A.

diagnose sys sdwan zone

B.

diagnose sys sdwan service

C.

diagnose sys sdwan member

D.

diagnose sys sdwan interface

Question 19

Which type statements about the SD-WAN members are true? (Choose two.)

Options:

A.

You can manually define the SD-WAN members sequence number.

B.

Interfaces of type virtual wire pair can be used as SD-WAN members.

C.

Interfaces of type VLAN can be used as SD-WAN members.

D.

An SD-WAN member can belong to two or more SD-WAN zones.

Question 20

Refer to the exhibit.

Which statement about the role of the ADVPN device in handling traffic is true?

Options:

A.

This is a spoke that has received a query from a remote hub and has forwarded the response to its hub.

B.

Two hubs, 10.0.1.101 and 10.0.2.101, are receiving and forwarding queries between each other.

C.

This is a hub that has received a query from a spoke and has forwarded it to another spoke.

D.

Two spokes, 192.2.0.1 and 10.0.2.101, forward their queries to their hubs.

Question 21

Refer to the exhibit.

Based on the output, which two conclusions are true? (Choose two.)

Options:

A.

There is more than one SD-WAN rule configured.

B.

The SD-WAN rules take precedence over regular policy routes.

C.

The all_rules rule represents the implicit SD-WAN rule.

D.

Entry 1(id=1) is a regular policy route.

Question 22

What are two reasons why FortiGate would be unable to complete the zero-touch provisioning process? (Choose two.)

Options:

A.

The FortiGate cloud key has not been added to the FortiGate cloud portal.

B.

FortiDeploy has connected with FortiGate and provided the initial configuration to contact FortiManager

C.

The zero-touch provisioning process has completed internally, behind FortiGate.

D.

FortiGate has obtained a configuration from the platform template in FortiGate cloud.

E.

A factory reset performed on FortiGate.

Question 23

Refer to the exhibit, which shows an SD-WAN zone configuration on the FortiGate GUI.

Based on the exhibit, which statement is true?

Options:

A.

You can delete the virtual-wan-link zone because it contains no member.

B.

The corporate zone contains no member.

C.

You can move port1 from the underlay zone to the overlay zone.

D.

The overlay zone contains four members.

Question 24

Refer to the exhibit.

Which conclusion about the packet debug flow output is correct?

Options:

A.

The original traffic exceeded the maximum packets per second of the outgoing interface, and the packet was dropped.

B.

The reply traffic exceeded the maximum bandwidth configured in the traffic shaper, and the packet was dropped.

C.

The original traffic exceeded the maximum bandwidth of the outgoing interface, and the packet was dropped.

D.

The original traffic exceeded the maximum bandwidth configured in the traffic shaper, and the packet was dropped.

Question 25

The SD-WAN overlay template helps to prepare SD-WAN deployments. To complete the tasks performed by the SD-WAN overlay template, the administrator must perform some post-run tasks. What are three mandatory post-run tasks that must be performed? (Choose three.)

Options:

A.

Create policy packages for branch devices.

B.

Assign an sdwan_id metadata variable to each device (branch and hub}.

C.

Configure routing through overlay tunnels created by the SD-WAN overlay template.

D.

Assign a branch_id metadata variable to each branch device.

E.

Configure SD-WAN rules.

Question 26

Exhibit A shows the firewall policy and exhibit B shows the traffic shaping policy.

The traffic shaping policy is being applied to all outbound traffic; however, inbound traffic is not being evaluated by the shaping policy.

Based on the exhibits, what configuration change must be made in which policy so that traffic shaping can be applied to inbound traffic?

Options:

A.

Create a new firewall policy, and the select the SD-WAN zone as Incoming Interface.

B.

In the traffic shaping policy, select Assign Shaping Class ID as Action.

C.

In the firewall policy, select Proxy-based as Inspection Mode.

D.

In the traffic shaping policy, enable Reverse shaper, and then select the traffic shaper to use.

Question 27

Refer to the exhibits.

Exhibit A shows the SD-WAN rule status and the learned BGP routes with community 65000:10.

Exhibit B shows the SD-WAN rule configuration, the BGP neighbor configuration, and the route map configuration.

The administrator wants to steer corporate traffic using routes tags in the SD-WAN rule ID 1.

However, the administrator observes that the corporate traffic does not match the SD-WAN rule ID 1.

Based on the exhibits, which configuration change is required to fix issue?

Options:

A.

In the dcl-lab-rm route map configuration, set set-route-tag to 10.

B.

In SD-WAN rule ID 1, change the destination to use ISDB entries.

C.

In the BGP neighbor configuration, apply the route map dcl-lab-rm in the outbound direction.

D.

In the dcl-lab-rm route map configuration, unset match-community.

Page: 1 / 7
Total 93 questions
Get NSE7_SDW-7.2 Full Access Download NSE7_SDW-7.2 PDF