Summer Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 28522818

 
Home > Fortinet > Fortinet Certification > NSE7_SDW-7.2

NSE7_SDW-7.2 Fortinet NSE 7 - SD-WAN 7.2 Question and Answers

Question # 4

Which action fortigate performs on the traffic that is subject to a per-IP traffic shaper of 10 Mbps?

A.

FortiGate applies traffic shaping to the original traffic direction only.

B.

FortiGate shares 10 Mbps of bandwidth equally among all source IP addresses.

RIAS

C.

Fortigate limits each source ip address to a maximum bandwidth of 10 Mbps.

D.

FortiGate guarantees a minimum of 10 Mbps of bandwidth to each source IP address.

Full Access
Question # 5

Refer to the exhibit.

Based on the output shown in the exhibit, which two criteria on the SD-WAN member configuration can be used to select an outgoing interface in an SD-WAN rule? (Choose two.)

A.

Set priority 10.

B.

Set cost 15.

C.

Set load-balance-mode source-ip-ip-based.

D.

Set source 100.64.1.1.

Full Access
Question # 6

Which CLI command do you use to perform real-time troubleshooting for ADVPN negotiation?

A.

get router info routing-table all

B.

diagnose debug application ike

C.

diagnose vpn tunnel list

D.

get ipsec tunnel list

Full Access
Question # 7

Refer to the exhibit.

Based on the exhibit, which statement about FortiGate re-evaluating traffic is true?

A.

The type of traffic defined and allowed on firewall policy ID 1 is UDP.

B.

FortiGate has terminated the session after a change on policy ID 1.

C.

Changes have been made on firewall policy ID 1 on FortiGate.

D.

Firewall policy ID 1 has source NAT disabled.

Full Access
Question # 8

Exhibit.

The exhibit shows VPN event logs on FortiGate. In the output shown in the exhibit, which statement is true?

A.

There are no IPsec tunnel statistics log messages for ADVPN cuts.

B.

There is one shortcut tunnel built from master tunnel T_MPLS_0.

C.

The VPN tunnel T_MPLS_0 is a shortcut tunnel.

D.

The master tunnel T_INET_0 cannot accept the ADVPN shortcut. 

Full Access
Question # 9

Refer to the exhibit.

Based on the exhibit, which action does FortiGate take?

A.

FortiGate bounces port5 after it detects all SD-WAN members as dead.

B.

FortiGate fails over to the secondary device after it detects all SD-WAN members as dead.

C.

FortiGate brings up port5 after it detects all SD-WAN members as alive.

D.

FortiGate brings down port5 after it detects all SD-WAN members as dead.

Full Access
Question # 10

Which two statements describe how IPsec phase 1 main mode is different from aggressive mode when performing IKE negotiation? (Choose two )

A.

A peer ID is included in the first packet from the initiator, along with suggested security policies.

B.

XAuth is enabled as an additional level of authentication, which requires a username and password.

C.

A total of six packets are exchanged between an initiator and a responder instead of three packets.

D.

The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.

Full Access
Question # 11

What are two benefits of choosing packet duplication over FEC for data loss correction on noisy links? (Choose two.)

A.

Packet duplication can leverage multiple IPsec overlays for sending additional data.

B.

Packet duplication does not require a route to the destination.

C.

Packet duplication supports hardware offloading.

D.

Packet duplication uses smaller parity packets which results in less bandwidth consumption.

Full Access
Question # 12

Refer to the exhibits.

Exhibit A

Exhibit B

Exhibit A shows an SD-WAN event log and exhibit B shows the member status and the SD-WAN rule configuration.

Based on the exhibits, which two statements are correct? (Choose two.)

A.

FortiGate updated the outgoing interface list on the rule so it prefers port2.

B.

Port2 has the highest member priority.

C.

Port2 has a lower latency than port1.

D.

SD-WAN rule ID 1 is set to lowest cost (SLA) mode.

Full Access
Question # 13

Which statement is correct about SD-WAN and ADVPN?

A.

Routes for ADVPN shortcuts must be manually configured.

B.

SD-WAN can steer traffic to ADVPN shortcuts, established over IPsec overlays, configured as SD-WAN members.

C.

SD-WAN does not monitor the health and performance of ADVPN shortcuts.

D.

You must use IKEv2 on IPsec tunnels.

Full Access
Question # 14

Which statement about using BGP for ADVPN is true?

A.

You must use BGP to route traffic for both overlay and underlay links.

B.

You must configure AS path prepending.

C.

You must configure BGP communities.

D.

IBGP is preferred over EBGP, because IBGP preserves next hop information.

Full Access
Question # 15

Refer to the exhibit.

The exhibit shows the BGP configuration on the hub in a hub-and-spoke topology. The administrator wants BGP to advertise prefixes from spokes to other spokes over the IPsec overlays, including additional paths. However, when looking at the spoke routing table, the administrator does not see the prefixes from other spokes and the additional paths.

Based on the exhibit, which three settings must the administrator configure inside each BGP neighbor group so spokes can learn other spokes prefixes and their additional paths? (Choose three.)

A.

Setadditional-pathtosend

B.

Enableroute-reflector-client

C.

Setadvertisement-intervalto the number of additional paths to advertise

D.

Setadv-additional-pathto the number of additional paths to advertise

E.

Enablesoft-reconfiguration

Full Access
Question # 16

Refer to the exhibit.

Which two SD-WAN template member settings support the use of FortiManager meta fields? (Choose two.)

A.

Cost

B.

Interface member

C.

Priority

D.

Gateway IP

Full Access
Question # 17

Which two settings can you configure to speed up routing convergence in BGP? (Choose two.)

A.

update-source

B.

set-route-tag

C.

holdtime-timer

D.

link-down-failover

Full Access
Question # 18

What are two reasons for using FortiManager to organize and manage the network for a group of FortiGate devices? (Choose two.)

A.

It simplifies the deployment and administration of SD-WAN on managed FortiGate devices.

B.

It improves SD-WAN performance on the managed FortiGate devices.

C.

It sends probe signals as health checks to the beacon servers on behalf of FortiGate.

D.

It acts as a policy compliance entity to review all managed FortiGate devices.

E.

It reduces WAN usage on FortiGate devices by acting as a local FortiGuard server.

Full Access
Question # 19

Refer to the exhibits.

Exhibit A -

Exhibit B -

Exhibit A shows a site-to-site topology between two FortiGate devices: branch1_fgt and dc1_fgt. Exhibit B shows the system global and system settings configuration on dc1_fgt.

When branch1_client establishes a connection to dc1_host, the administrator observes that, on dc1_fgt, the reply traffic is routed over T_INET_0_0, even though T_INET_1_0 is the preferred member in the matching SD-WAN rule.

Based on the information shown in the exhibits, what configuration change must be made on dc1_fgt so dc1_fgt routes the reply traffic over T_INET_1_0?

A.

Enable auxiliary-session under config system settings.

B.

Disable tсp-session-without-syn under config system settings.

C.

Enable snat-route-change under config system global.

D.

Disable allow-subnet-overlap under config system settings.

Full Access
Question # 20

Which best describes the SD-WAN traffic shaping mode that bases itself on a percentage of available bandwidth?

A.

Interface-based shaping mode

B.

Reverse-policy shaping mode

C.

Shared-policy shaping mode

D.

Per-IP shaping mode

Full Access
Question # 21

Refer to the exhibit.

Which statement about the role of the ADVPN device in handling traffic is true?

A.

This is a spoke that has received a query from a remote hub and has forwarded the response to its hub.

B.

Two hubs,10.0.1.101and10.0.2.101, are receiving and forwarding queries between each other.

C.

This is a hub that has received a query from a spoke and has forwarded it to another spoke.

D.

Two spokes,192.2.0.1and10.0.2.101, forward their queries to their hubs.

Full Access
Question # 22

Which two interfaces are considered overlay links? (Choose two.)

A.

LAG

B.

IPsec

C.

Physical

D.

GRE

Full Access
Question # 23

Refer to the exhibits.

Exhibit A -

Exhibit B -

Exhibit A shows the traffic shaping policy and exhibit B shows the firewall policy.

The administrator wants FortiGate to limit the bandwidth used by YouTube. When testing, the administrator determines that FortiGate does not apply traffic shaping on YouTube traffic.

Based on the policies shown in the exhibits, what configuration change must be made so FortiGate performs traffic shaping on YouTube traffic?

A.

Destination internet service must be enabled on the traffic shaping policy.

B.

Application control must be enabled on the firewall policy.

C.

Web filtering must be enabled on the firewall policy.

D.

Individual SD-WAN members must be selected as the outgoing interface on the traffic shaping policy.

Full Access
Question # 24

Refer to the exhibit.

Based on the exhibit, which two actions does FortiGate perform on traffic passing through port2? (Choose two.)

A.

FortiGate does not change the routing information on existing sessions that use a valid gateway, after a route change.

B.

FortiGate performs routing lookups for new sessions only, after a route change.

C.

FortiGate always blocks all traffic, after a route change.

D.

FortiGate flushes all routing information from the session table, after a route change.

Full Access
Question # 25

Refer to the Exhibits:

Exhibit A, which shows the SD-WAN performance SLA and exhibit B shows the health of the participating SD-WAN members.

Based on the exhibits, which statement is correct?

A.

The dead member interface stays unavailable until an administrator manually brings the interface back.

B.

Port2 needs to wait 500 milliseconds to change the status from alive to dead.

C.

Static routes using port2 are active in the routing table.

D.

FortiGate has not received three consecutive requests from the SLA server configured for port2.

Full Access
Question # 26

Refer to the exhibit.

Which two statements about the IPsec VPN configuration and the status of the IPsec VPN tunnel are true? (Choose two.)

A.

FortiGate does not install IPsec static routes for remote protected networks in the routing table. Most Voted

B.

The phase 1 configuration supports the network-overlay setting. Most Voted

C.

FortiGate facilitated the negotiation of the T_INET_1_0_0 ADVPN shortcut over T_INET_1_0.

D.

Dead peer detection is disabled.

Full Access
Question # 27

Exhibit B –

Exhibit A shows the system interface with the static routes and exhibit B shows the firewall policies on the managed FortiGate.

Based on the FortiGate configuration shown in the exhibits, what issue might you encounter when creating an SD-WAN zone for port1 and port2?

A.

port1 is assigned a manual IP address.

B.

port1 is referenced in a firewall policy.

C.

port2 is referenced in a static route.

D.

port1 and port2 are not administratively down.

Full Access
Question # 28

Which statement about using BGP routes in SD-WAN is true?

A.

Learned routes can be used as dynamic destinations in SD-WAN rules.

B.

You must use BGP to route traffic for both overlay and underlay links.

C.

You must configure AS path prepending.

D.

You must use external BGP.

Full Access
Question # 29

Refer to the exhibits.

Exhibit A -

Exhibit B -

Exhibit A shows the SD-WAN performance SLA and exhibit B shows the SD-WAN member status, the routing table, and the performance SLA status.

If port2 is detected dead by FortiGate, what is the expected behavior?

A.

Port2 becomes alive after three successful probes are detected.

B.

FortiGate removes all static routes for port2.

C.

The administrator manually restores the static routes for port2, if port2 becomes alive.

D.

Host 8.8.8.8 is reachable through port1 and port2.

Full Access
Copyright myexamcollection.com. All Right Reserved.