Weekend Biggest Discount Flat 70% Offer - Ends in 0d 00h 00m 00s - Coupon code: 70diswrap

DumpsWrap Logo

Fortinet NSE7_SDW-7.2 Dumps

Page: 1 / 10
Total 99 questions
Get NSE7_SDW-7.2 Full Access Download NSE7_SDW-7.2 PDF

Fortinet NSE 7 - SD-WAN 7.2 Questions and Answers

Question 1

What does enabling theexchange-interface-ipsetting enable FortiGate devices to exchange?

Options:

A.

The gateway address of their IPsec interfaces

B.

The tunnel ID of their IPsec interfaces

C.

The IP address of their IPsec interfaces

D.

The name of their IPsec interfaces

Question 2

Refer to the Exhibits:

as

Exhibit A, which shows the SD-WAN performance SLA and exhibit B shows the health of the participating SD-WAN members.

Based on the exhibits, which statement is correct?

Options:

A.

The dead member interface stays unavailable until an administrator manually brings the interface back.

B.

Port2 needs to wait 500 milliseconds to change the status from alive to dead.

C.

Static routes using port2 are active in the routing table.

D.

FortiGate has not received three consecutive requests from the SLA server configured for port2.

Question 3

Refer to the exhibits.

as

Exhibit A shows a policy package definition Exhibit B shows the install log that the administrator received when he tried to install the policy package on FortiGate devices.

Based on the output shown in the exhibits, what can the administrator do to solve the Issue?

Options:

A.

Create dynamic mapping for the LAN interface for all devices in the installation target list.

B.

Use a metadata variable instead of a dynamic interface to define the firewall policy.

C.

Dynamic mapping should be done automatically. Review the LAN interface configuration for branch2_fgt.

D.

Policies can refer to only one LAN source interface. Keep only the D-LAN, which is the dynamic LAN interface.

Question 4

Which two statements about the SD-WAN zone configuration are true? (Choose two.)

Options:

A.

Theservice-sla-tie-breaksetting enables you to configure preferred member selection based on the best route to the destination.

B.

You can delete the default zones.

C.

The default zones are virtual-wan-link and SASE.

D.

An SD-WAN member can belong to two or more zones.

Question 5

Which three matching traffic criteria are available in SD-WAN rules? (Choose three.)

Options:

A.

Type of physical link connection

B.

Internet service database (ISDB) address object

C.

Source and destination IP address

D.

URL categories

E.

Application signatures

Question 6

Which diagnostic command can you use to show the SD-WAN rules, interface information, and state?

    diagnose sys sdwan service

    diagnose sys sdwan route-tag-list

    diagnose sys sdwan member

Options:

A.

diagnose sys sdwan neighbor

Question 7

Which two statements about SLA targets and SD-WAN rules are true? (Choose two.)

Options:

A.

When configuring an SD-WAN rule, you can select multiple SLA targets of the same performance SLA.

B.

SD-WAN rules use SLA targets to check if the preferred members meet the SLA requirements.

C.

SLA targets are used only by SD-WAN rules that are configured with Lowest Cost (SLA) or Maximize Bandwidth (SLA) as strategy.

D.

Member metrics are measured only if an SLA target is configured.

Question 8

Which best describes the SD-WAN traffic shaping mode that bases itself on a percentage of available bandwidth?

Options:

A.

Interface-based shaping mode

B.

Reverse-policy shaping mode

C.

Shared-policy shaping mode

D.

Per-IP shaping mode

Question 9

What is the route-tag setting in an SD-WAN rule used for?

Options:

A.

To indicate the routes for health check probes.

B.

To indicate the destination of a rule based on learned BGP prefixes.

C.

To indicate the routes that can be used for routing SD-WAN traffic.

D.

To indicate the members that can be used to route SD-WAN traffic.

Question 10

Refer to the exhibit.

as

The exhibit shows output of the command diagnose 3vg sdwan service collected on a FortiGate device.

The administrator wants to know through which interface FortiGate will steer the traffic from local users on subnet 10.0.1.0/255.255.255.192 and with a destination of the business application Salesforce located on HO servers 10.0.0.1.

Based on the exhibits, which two statements are correct? (Choose two.)

Options:

A.

When FortiGate cannot recognize the application of the flow it steers the traffic destined to server 10.0.0.1 according to service rule 3.

B.

FortiGate steers traffic to HO servers according to service rule 1 and it uses port1 or port2 because both interfaces are selected.

C.

There is no service defined for the Salesforce application, so FortiGate will use the service rule 3 and steer the traffic through interface T_HQ1.

D.

FortiGate steers traffic for business application according to service rule 2 and steers traffic through port2.

Question 11

Refer to the exhibit, which shows an SD-WAN zone configuration on the FortiGate GUI.

as

Based on the exhibit, which statement is true?

Options:

A.

You can delete the virtual-wan-link zone because it contains no member.

B.

The corporate zone contains no member.

C.

You can move port1 from the underlay zone to the overlay zone.

D.

The overlay zone contains four members.

Question 12

Refer to the exhibit.

as

The exhibit shows the BGP configuration on the hub in a hub-and-spoke topology. The administrator wants BGP to advertise prefixes from spokes to other spokes over the IPsec overlays, including additional paths. However, when looking at the spoke routing table, the administrator does not see the prefixes from other spokes and the additional paths.

Based on the exhibit, which three settings must the administrator configure inside each BGP neighbor group so spokes can learn other spokes prefixes and their additional paths? (Choose three.)

Options:

A.

Setadditional-pathtosend

B.

Enableroute-reflector-client

C.

Setadvertisement-intervalto the number of additional paths to advertise

D.

Setadv-additional-pathto the number of additional paths to advertise

E.

Enablesoft-reconfiguration

Question 13

Which two settings can you configure to speed up routing convergence in BGP? (Choose two.)

Options:

A.

update-source

B.

set-route-tag

C.

holdtime-timer

D.

link-down-failover

Question 14

Refer to the exhibit.

as

Based on the output, which two conclusions are true? (Choose two.)

Options:

A.

There is more than one SD-WAN rule configured.

B.

The SD-WAN rules take precedence over regular policy routes.

C.

Theall_rulesrule represents the implicit SD-WAN rule.

D.

Entry1(id=1)is a regular policy route.

Question 15

What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in a hub-and-spoke topology? (Choose two.)

Options:

A.

VPN monitor tool provides additional statistics for tunnels defined with an IPsec recommended template.

B.

FortiManager automatically installs IPsec tunnels to every spoke when they are added to the FortiManager ADOM.

C.

IPsec recommended template guides the administrator to use Fortinet recommended settings.

D.

IPsec recommended template ensures consistent settings between phase1 and phase2

Question 16

as

as

Exhibit A shows the firewall policy and exhibit B shows the traffic shaping policy.

The traffic shaping policy is being applied to all outbound traffic; however, inbound traffic is not being evaluated by the shaping policy.

Based on the exhibits, what configuration change must be made in which policy so that traffic shaping can be applied to inbound traffic?

Options:

A.

Create a new firewall policy, and the select the SD-WAN zone as Incoming Interface.

B.

In the traffic shaping policy, select Assign Shaping Class ID as Action.

C.

In the firewall policy, select Proxy-based as Inspection Mode.

D.

In the traffic shaping policy, enable Reverse shaper, and then select the traffic shaper to use.

Question 17

Refer to the exhibits.

Exhibit A -

as

Exhibit B -

as

Exhibit A shows the traffic shaping policy and exhibit B shows the firewall policy.

The administrator wants FortiGate to limit the bandwidth used by YouTube. When testing, the administrator determines that FortiGate does not apply traffic shaping on YouTube traffic.

Based on the policies shown in the exhibits, what configuration change must be made so FortiGate performs traffic shaping on YouTube traffic?

Options:

A.

Destination internet service must be enabled on the traffic shaping policy.

B.

Application control must be enabled on the firewall policy.

C.

Web filtering must be enabled on the firewall policy.

D.

Individual SD-WAN members must be selected as the outgoing interface on the traffic shaping policy.

Question 18

Refer to the exhibit.

as

FortiGate has multiple dial-up VPN interfaces incoming on port1 that match only FIRST_VPN.

Which two configuration changes must be made to both IPsec VPN interfaces to allow incoming connections to match all possible IPsec dial-up interfaces? (Choose two.)

Options:

A.

Specify a unique peer ID for each dial-up VPN interface.

B.

Use different proposals are used between the interfaces.

C.

Configure the IKE mode to be aggressive mode.

D.

Use unique Diffie Hellman groups on each VPN interface.

Question 19

Refer to the exhibits.

as

as

Exhibit A shows the SD-WAN rule status and the learned BGP routes with community 65000:10.

Exhibit B shows the SD-WAN rule configuration, the BGP neighbor configuration, and the route map configuration.

The administrator wants to steer corporate traffic using routes tags in the SD-WAN rule ID 1.

However, the administrator observes that the corporate traffic does not match the SD-WAN rule ID 1.

Based on the exhibits, which configuration change is required to fix issue?

Options:

A.

In the dc1-lan-rm route map configuration, set set-route-tag to 10.

B.

In SD-WAN rule ID 1, change the destination to use ISDB entries.

C.

In the dc1-lan-rm route map configuration, unset match-community.

D.

In the BGP neighbor configuration, apply the route map dc1-lan-rm in the outbound direction.

Question 20

Which diagnostic command can you use to show the member utilization statistics measured by performance SLAs for the last 10 minutes?

Options:

A.

diagnose sys sdwan sla-log

B.

diagnose ays sdwan health-check

C.

diagnose sys sdwan intf-sla-log

D.

diagnose sys sdwan log

Question 21

What are two benefits of using the Internet service database (ISDB) in an SD-WAN rule? (Choose two.)

Options:

A.

The ISDB is dynamically updated and reduces administrative overhead.

B.

The ISDB requires application control to maintain signatures and perform load balancing.

C.

The ISDB applies rules to traffic from specific sources, based on application type.

D.

The ISDB contains the IP addresses and port ranges of well-known internet services.

Question 22

Refer to the exhibit.

as

Based on the exhibit, which two statements are correct about the health of the selected members? (Choose two.)

Options:

A.

After FortiGate switches to active mode, FortiGate never fails back to passive monitoring.

B.

During passive monitoring, FortiGate can’t detect dead members.

C.

FortiGate can offload the traffic that is subject to passive monitoring to hardware.

D.

FortiGate passively monitors the member if TCP traffic is passing through the member.

Question 23

Refer to the exhibit.

as

The exhibit shows the SD-WAN rule status and configuration.

Based on the exhibit, which change in the measured packet loss will make T_INET_1_0 the new preferred member?

Options:

A.

When all three members have the same packet loss.

B.

When T_INET_0_0 has 4% packet loss.

C.

When T_INET_0_0 has 12% packet loss.

D.

When T_INET_1_0 has 4% packet loss.

Question 24

Which diagnostic command can you use to show the configured SD-WAN zones and their assigned members?

Options:

A.

diagnose sys sdwan zone

B.

diagnose sys sdwan service

C.

diagnose sys sdwan member

D.

diagnose sys sdwan interface

Question 25

Refer to the exhibit.

as

The exhibit shows the details of a session and the index numbers of some relevant interfaces on a FortiGate appliance that supports hardware offloading. Based on the information shown in the exhibits, which two statements about the session are true? (Choose two.)

Options:

A.

The reply direction of the asymmetric traffic flows from port2 to port3.

B.

The auxiliary session can be offloaded to hardware.

C.

The original direction of the symmetric traffic flows from port3 to port2.

D.

The main session cannot be offloaded to hardware.

Question 26

Refer to the exhibit.

as

Based on the exhibit, which action does FortiGate take?

Options:

A.

FortiGate bounces port5 after it detects all SD-WAN members as dead.

B.

FortiGate fails over to the secondary device after it detects all SD-WAN members as dead.

C.

FortiGate brings up port5 after it detects all SD-WAN members as alive.

D.

FortiGate brings down port5 after it detects all SD-WAN members as dead.

Question 27

In a hub-and-spoke topology, what are two advantages of enabling ADVPN on the IPsec overlays? (Choose two.)

Options:

A.

It provides the benefits of a full-mesh topology in a hub-and-spoke network.

B.

It provides direct connectivity between spokes by creating shortcuts.

C.

It enables spokes to bypass the hub during shortcut negotiation.

D.

It enables spokes to establish shortcuts to third-party gateways.

Question 28

Refer to the exhibit.

as

Which statement about the role of the ADVPN device in handling traffic is true?

Options:

A.

An IKE session is established between 10.0.1.101 and 10.0.2.101 in the process of forming a shortcut tunnel.

B.

This is a hub that has received an offer from a spoke and has forwarded it to another spoke.

C.

Two spokes. 192.2. 1 and 10.0.2.101. establish a shortcut.

D.

This is a spoke that has received an offer from a remote hub.

Question 29

Which action fortigate performs on the traffic that is subject to a per-IP traffic shaper of 10 Mbps?

Options:

A.

FortiGate applies traffic shaping to the original traffic direction only.

B.

FortiGate shares 10 Mbps of bandwidth equally among all source IP addresses.

RIAS

C.

Fortigate limits each source ip address to a maximum bandwidth of 10 Mbps.

D.

FortiGate guarantees a minimum of 10 Mbps of bandwidth to each source IP address.

Load More NSE7_SDW-7.2 Questions
Page: 1 / 10
Total 99 questions
Get NSE7_SDW-7.2 Full Access Download NSE7_SDW-7.2 PDF