NSE7_SDW-7.0 Exam Dumps - Fortinet NSE 7 - SD-WAN 7.0

Question # 4

Which CLI command do you use to perform real-time troubleshooting for ADVPN negotiation?

get router info routing-table all

diagnose debug application ike

diagnose vpn tunnel list

get ipsec tunnel list

Full Access

Question # 5

Refer to the exhibits.

Exhibit A

Exhibit B

Exhibit A shows the source NAT (SNAT) global setting and exhibit B shows the routing table on FortiGate.

Based on the exhibits, which two actions does FortiGate perform on existing sessions established over port2, if the administrator increases the static route priority on port2 to 20? (Choose two.)

FortiGate flags the sessions as dirty.

FortiGate continues routing the sessions with no SNAT, over port2.

FortiGate performs a route lookup for the original traffic only.

FortiGate updates the gateway information of the sessions with SNAT so that they use port1 instead of port2.

Full Access

Question # 6

In the default SD-WAN minimum configuration, which two statements are correct when traffic matches the default implicit SD-WAN rule? (Choose two )

Traffic has matched none of the FortiGate policy routes.

Matched traffic failed RPF and was caught by the rule.

The FIB lookup resolved interface was the SD-WAN interface.

An absolute SD-WAN rule was defined and matched traffic.

Full Access

Question # 7

Refer to the exhibit.

The exhibit shows the SD-WAN rule status and configuration.

Based on the exhibit, which change in the measured latency will make T_MPLS_0 the new preferred member?

When T_INET_0_0 and T_MPLS_0 have the same latency.

When T_MPLS_0 has a latency of 100 ms.

When T_INET_0_0 has a latency of 250 ms.

When T_N1PLS_0 has a latency of 80 ms.

Full Access

Question # 8

Which two statements about the SD-WAN zone configuration are true? (Choose two.)

The service-sla-tie-break setting enables you to configure preferred member selection based on the best route to the destination.

You can delete the default zones.

The default zones are virtual-wan-link and SASE.

An SD-WAN member can belong to two or more zones.

Full Access

Question # 9

Refer to the exhibits.

Exhibit A

Exhibit B

Exhibit A shows the SD-WAN performance SLA configuration, the SD-WAN rule configuration, and the application IDs of Facebook and YouTube. Exhibit B shows the firewall policy configuration and the underlay zone status.

Based on the exhibits, which two statements are correct about the health and performance of port1 and port2? (Choose two.)

The performance is an average of the metrics measured for Facebook and YouTube traffic passing through the member.

FortiGate is unable to measure jitter and packet loss on Facebook and YouTube traffic.

FortiGate identifies the member as dead when there is no Facebook and YouTube traffic passing through the member.

Non-TCP Facebook and YouTube traffic are not used for performance measurement.

Full Access

Question # 10

Which best describes the SD-WAN traffic shaping mode that bases itself on a percentage of available bandwidth?

Interface-based shaping mode

Reverse-policy shaping mode

Shared-policy shaping mode

Per-IP shaping mode

Full Access

Question # 11

Refer to the exhibit.

The device exchanges routes using IBGP.

Which two statements are correct about the IBGP configuration and routing information on the device? (Choose two.)

Each BGP route is three hops away from the destination.

ibgp-multipath is disabled.

additional-path is enabled.

You can run the get router info routing-table database command to display the additional paths.

Full Access

Question # 12

Refer to the exhibits.

Which two statements about the IPsec VPN configuration and the status of the IPsec VPN tunnel are true? (Choose two.)

FortiGate does not install IPsec static routes for remote protected networks in the routing table.

The phase 1 configuration supports the network-overlay setting.

FortiGate facilitated the negotiation of the T_INET_1_0_0 ADVPN shortcut over T_INET_1_0.

Dead peer detection is disabled.

Full Access

Question # 13

Refer to the exhibit.

The exhibit shows the details of a session and the index numbers of some relevant interfaces on a FortiGate appliance that supports hardware offloading. Based on the information shown in the exhibits, which two statements about the session are true? (Choose two.)

The reply direction of the asymmetric traffic flows from port2 to port3.

The auxiliary session can be offloaded to hardware.

The original direction of the symmetric traffic flows from port3 to port2.

The main session cannot be offloaded to hardware.

Full Access

Question # 14

Exhibit.

Which conclusion about the packet debug flow output is correct?

The total number of daily sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped.

The packet size exceeded the outgoing interface MTU.

The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped.

The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the firewall policy, and the packet was dropped.

Full Access

Question # 15

Which statement is correct about SD-WAN and ADVPN?

Routes for ADVPN shortcuts must be manually configured.

SD-WAN can steer traffic to ADVPN shortcuts, established over IPsec overlays, configured as SD-WAN members.

SD-WAN does not monitor the health and performance of ADVPN shortcuts.

You must use IKEv2 on IPsec tunnels.

Full Access

Question # 16

Refer to the exhibit.

Which conclusion about the packet debug flow output is correct?

The original traffic exceeded the maximum packets per second of the outgoing interface, and the packet was dropped.

The reply traffic exceeded the maximum bandwidth configured in the traffic shaper, and the packet was dropped.

The original traffic exceeded the maximum bandwidth of the outgoing interface, and the packet was dropped.

The original traffic exceeded the maximum bandwidth configured in the traffic shaper, and the packet was dropped.

Full Access

Question # 17

What are two benefits of using the Internet service database (ISDB) in an SD-WAN rule? (Choose two.)

The ISDB is dynamically updated and reduces administrative overhead.

The ISDB requires application control to maintain signatures and perform load balancing.

The ISDB applies rules to traffic from specific sources, based on application type.

The ISDB contains the IP addresses and port ranges of well-known internet services.

Full Access

Question # 18

Refer to the exhibit.

Which two SD-WAN template member settings support the use of FortiManager meta fields? (Choose two.)

Cost

Interface member

Priority

Gateway IP

Full Access

Question # 19

Refer to the exhibit.

FortiGate has multiple dial-up VPN interfaces incoming on port1 that match only FIRST_VPN.

Which two configuration changes must be made to both IPsec VPN interfaces to allow incoming connections to match all possible IPsec dial-up interfaces? (Choose two.)

Specify a unique peer ID for each dial-up VPN interface.

Use different proposals are used between the interfaces.

Configure the IKE mode to be aggressive mode.

Use unique Diffie Hellman groups on each VPN interface.

Full Access

Question # 20

Refer to the exhibits.

Exhibit A