Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

  1. Home
  2. Fortinet
  3. Fortinet Certification
  4. NSE7_SDW-7.2 - Fortinet NSE 7 - SD-WAN 7.2

NSE7_SDW-7.2 Exam Dumps - Fortinet NSE 7 - SD-WAN 7.2

Question # 4

Which two interfaces are considered overlay links? (Choose two.)

A.

LAG

B.

IPsec

C.

Physical

D.

GRE

Full Access
Question # 5

Which two protocols in the IPsec suite are most used for authentication and encryption? (Choose two.)

A.

Encapsulating Security Payload (ESP)

B.

Secure Shell (SSH)

C.

Internet Key Exchange (IKE)

D.

Security Association (SA)

Full Access
Question # 6

Which two statements are correct when traffic matches the implicit SD-WAN rule? (Choose two.)

A.

The sdwan_service_id flag in the session information is 0.

B.

All SD-WAN rules have the default setting enabled.

C.

Traffic does not match any of the entries in the policy route table.

D.

Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting.

Full Access
Question # 7

Refer to the exhibit.

The exhibit shows the SD-WAN rule status and configuration.

Based on the exhibit, which change in the measured latency will make T_MPLS_0 the new preferred member?

A.

When T_INET_0_0 and T_MPLS_0 have the same latency.

B.

When T_MPLS_0 has a latency of 100 ms.

C.

When T_INET_0_0 has a latency of 250 ms.

D.

When T_N1PLS_0 has a latency of 80 ms.

Full Access
Question # 8

Which diagnostic command can you use to show the configured SD-WAN zones and their assigned members?

A.

diagnose sys sdwan zone

B.

diagnose sys sdwan service

C.

diagnose sys sdwan member

D.

diagnose sys sdwan interface

Full Access
Question # 9

Refer to the exhibit.

Which configuration change is required if the responder FortiGate uses a dynamic routing protocol to exchange routes over IPsec?

A.

type must be set to static.

B.

mode-cfg must be enabled.

C.

exchange-interface-ip must be enabled.

D.

add-route must be disabled.

Full Access
Question # 10

What does enabling the exchange-interface-ip setting enable FortiGate devices to exchange?

A.

The gateway address of their IPsec interfaces

B.

The tunnel ID of their IPsec interfaces

C.

The IP address of their IPsec interfaces

D.

The name of their IPsec interfaces

Full Access
Question # 11

Refer to the exhibit.

The exhibit shows the details of a session and the index numbers of some relevant interfaces on a FortiGate appliance that supports hardware offloading. Based on the information shown in the exhibits, which two statements about the session are true? (Choose two.)

A.

The reply direction of the asymmetric traffic flows from port2 to port3.

B.

The auxiliary session can be offloaded to hardware.

C.

The original direction of the symmetric traffic flows from port3 to port2.

D.

The main session cannot be offloaded to hardware.

Full Access
Question # 12

Refer to the exhibits.

Exhibit A -

Exhibit B -

Exhibit A shows a site-to-site topology between two FortiGate devices: branch1_fgt and dc1_fgt. Exhibit B shows the system global and system settings configuration on dc1_fgt.

When branch1_client establishes a connection to dc1_host, the administrator observes that, on dc1_fgt, the reply traffic is routed over T_INET_0_0, even though T_INET_1_0 is the preferred member in the matching SD-WAN rule.

Based on the information shown in the exhibits, what configuration change must be made on dc1_fgt so dc1_fgt routes the reply traffic over T_INET_1_0?

A.

Enable auxiliary-session under config system settings.

B.

Disable tсp-session-without-syn under config system settings.

C.

Enable snat-route-change under config system global.

D.

Disable allow-subnet-overlap under config system settings.

Full Access
Question # 13

What are two benefits of using forward error correction (FEC) in IPsec VPNs? (Choose two.)

A.

FEC supports hardware offloading.

B.

FEC improves reliability of noisy links.

C.

FEC transmits parity packets that can be used to reconstruct packet loss.

D.

FEC can leverage multiple IPsec tunnels for parity packets transmission.

Full Access
Question # 14

In the default SD-WAN minimum configuration, which two statements are correct when traffic matches the default implicit SD-WAN rule? (Choose two )

A.

Traffic has matched none of the FortiGate policy routes.

B.

Matched traffic failed RPF and was caught by the rule.

C.

The FIB lookup resolved interface was the SD-WAN interface.

D.

An absolute SD-WAN rule was defined and matched traffic.

Full Access
Question # 15

What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in a hub-and-spoke topology? (Choose two.)

A.

VPN monitor tool provides additional statistics for tunnels defined with an IPsec recommended template.

B.

FortiManager automatically installs IPsec tunnels to every spoke when they are added to the FortiManager ADOM.

C.

IPsec recommended template guides the administrator to use Fortinet recommended settings.

D.

IPsec recommended template ensures consistent settings between phase1 and phase2

Full Access
Question # 16

Which two settings can you configure to speed up routing convergence in BGP? (Choose two.)

A.

update-source

B.

set-route-tag

C.

holdtime-timer

D.

link-down-failover

Full Access
Question # 17

Refer to the exhibits.

Exhibit A shows the SD-WAN rule status and the learned BGP routes with community 65000:10.

Exhibit B shows the SD-WAN rule configuration, the BGP neighbor configuration, and the route map configuration.

The administrator wants to steer corporate traffic using routes tags in the SD-WAN rule ID 1.

However, the administrator observes that the corporate traffic does not match the SD-WAN rule ID 1.

Based on the exhibits, which configuration change is required to fix issue?

A.

In the dcl-lab-rm route map configuration, set set-route-tag to 10.

B.

In SD-WAN rule ID 1, change the destination to use ISDB entries.

C.

In the BGP neighbor configuration, apply the route map dcl-lab-rm in the outbound direction.

D.

In the dcl-lab-rm route map configuration, unset match-community.

Full Access
Question # 18

Refer to the exhibit.

Based on the exhibit, which two actions does FortiGate perform on traffic passing through port2? (Choose two.)

A.

FortiGate does not change the routing information on existing sessions that use a valid gateway, after a route change.

B.

FortiGate performs routing lookups for new sessions only, after a route change.

C.

FortiGate always blocks all traffic, after a route change.

D.

FortiGate flushes all routing information from the session table, after a route change.

Full Access
Question # 19

Refer to the exhibit.

Which are two expected behaviors of the traffic that matches the traffic shaper? (Choose two.)

A.

The number of simultaneous connections among all source IP addresses cannot exceed five connections.

B.

The traffic shaper limits the combined bandwidth of all connections to a maximum of 5 MB/sec.

C.

The number of simultaneous connections allowed for each source IP address cannot exceed five connections.

D.

The traffic shaper limits the bandwidth of each source IP address to a maximum of 625 KB/sec.

Full Access
Question # 20

Refer to the exhibits.

Exhibit A -

Exhibit B -

Exhibit A shows the SD-WAN performance SLA and exhibit B shows the SD-WAN member status, the routing table, and the performance SLA status.

If port2 is detected dead by FortiGate, what is the expected behavior?

A.

Port2 becomes alive after three successful probes are detected.

B.

FortiGate removes all static routes for port2.

C.

The administrator manually restores the static routes for port2, if port2 becomes alive.

D.

Host 8.8.8.8 is reachable through port1 and port2.

Full Access
Question # 21

Which two performance SLA protocols enable you to verify that the server response contains a specific value? (Choose two.)

A.

http

B.

icmp

C.

twamp

D.

dns

Full Access
Question # 22

Exhibit.

The exhibit shows the output of the command diagnose sys sdwan health-check status collected on a FortiGate device. Which two statements are correct about the health check status on this FortiGate device? (Choose two.)

A.

The health-check VPN_PING orders the members according to the lowest jitter.

B.

The interface T_INET_1 missed one SLA target.

C.

There is no SLA criteria configured for the health-check Level3_DNS.

D.

The interface T_INET_0 missed three SLA targets.

Full Access
Question # 23

What three characteristics apply to provisioning templates available on FortiManager? (Choose three.)

A.

You can apply a system template and a CLI template to the same FortiGate device.

B.

A CLI template can be of type CLI script or Perl script.

C.

A template group can include a system template and an SD-WAN template.

D.

A template group can contain CLI templates of both types.

E.

Templates are applied in order, from top to bottom.

Full Access
Question # 24

The SD-WAN overlay template helps to prepare SD-WAN deployments. To complete the tasks performed by the SD-WAN overlay template, the administrator must perform some post-run tasks. What are three mandatory post-run tasks that must be performed? (Choose three.)

A.

Create policy packages for branch devices.

B.

Assign an sdwan_id metadata variable to each device (branch and hub}.

C.

Configure routing through overlay tunnels created by the SD-WAN overlay template.

D.

Assign a branch_id metadata variable to each branch device.

E.

Configure SD-WAN rules.

Full Access

Hot Exams

ADM-201 Dumps
Sales-Cloud-Consultant Dumps
PCNSE Dumps
Service-Cloud-Consultant Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
Associate-Cloud-Engineer Dumps
350-701 Dumps
AZ-104 Dumps
CKA Dumps
SY0-601 Dumps
NCSE-Core Dumps