Page: 1
/ 6
Total 81 questions
Refer to the exhibits.
ExhibitA shows the system interface with the static routes and exhibit B shows the firewall policies on the managed FortiGate.
Based on the FortiGate configuration shown in the exhibits, what issue might you encounter when creating an SD-WAN zone for port1 and port2?
- A. port2 is referenced in a static route.
- B. port1 is assigned a manual IP address.
- C. port1 and port2 are not administratively down.
- D. port1 is referenced in a firewall policy.
Answer : D
Which CLI command do you use to perform real-time troubleshooting for ADVPN negotiation?
- A. get ipsec tunnel list
- B. get router info routing-table
- C. diagnose debug application ike
- D. diagnose sys virtual-wan-link service
Answer : B
Refer to the exhibit.
Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2. The administrator configured ADVPN on both hub-and- spoke groups.
If an ADVPN on-demand tunnel is established between Toronto and London, which two configuration settings are required for ADVPN to work? (Choose two.)
- A. On the hubs, auto-discovery-sender is enabled on the IPsec VPNs to spokes.
- B. auto-discovery-forwarder is enabled on all IPsec VPNs.
- C. On the hubs, tunnel-search is set selectors.
- D. On the spokes, auto-discovery-receiver is enabled on the IPsec VPN to the hub.
Answer : BD
Which two interfaces are considered overlay links? (Choose two.)
- A. IPsec
- B. Physical
- C. LAG
- D. GRE
Answer : AD
Reference:
https://docs.fortinet.com/document/fortigate/7.0.0/sd-wan-architecture-for-enterprise/251352/ipsec-overlays
Which statement is correct about SD-WAN and ADVPN?
- A. You must use OSPF.
- B. SD-WAN can steer traffic to ADVPN shortcuts established over IPsec overlays configured as SD-WAN members.
- C. Routes for ADVPN shortcuts must be manually configured.
- D. SD-WAN does not monitor the health and performance of ADVPN shortcuts.
Answer : B
Which two statements about SLA targets and SD-WAN rules are true? (Choose two.)
- A. Member metrics are measured only if an SLA target is configured.
- B. SLA targets are used only by SD-WAN rules that are configured with Lowest Cost (SLA) or Maximize Bandwidth (SLA) as strategy.
- C. When configuring an SD-WAN rule, you can select multiple SLA targets of the same performance SLA.
- D. SD-WAN rules use SLA targets to check if the preferred members meet the SLA requirements.
Answer : CD
Which diagnostic command can you use to show interface-specific SLA logs for the last 10 minutes?
- A. diagnose sys sdwan log
- B. diagnose sys sdwan health-check
- C. diagnose sys sdwan intf-sla-log
- D. diagnose sys sdwan sla-log
Answer : C
Which two statements about SD-WAN central management are true? (Choose two.)
- A. It does not allow you to monitor the status of SD-WAN members.
- B. It is enabled or disabled on a per-ADOM basis.
- C. It is enabled by default.
- D. It uses templates to configure SD-WAN on managed devices.
Answer : BD
Refer to the exhibit.
Which two statements about the IPsec VPN configuration and the status of the IPsec VPN tunnel are true? (Choose two.)
- A. FortiGate creates separate virtual interfaces for each dial-up client.
- B. FortiGate creates a single IPsec virtual interface that is shared by all clients.
- C. FortiGate maps the remote gateway 100.64.3.1 to tunnel index interface 1.
- D. FortiGate does not install IPsec static routes for remote protected networks in the routing table.
Answer : AC
Refer to the exhibit.
Which are two expected behaviors of the traffic that matches the traffic shaper? (Choose two.)
- A. The traffic shaper limits the bandwidth of each source IP address to a maximum of 625 KB/sec.
- B. The number of simultaneous connections among all source IP addresses can exceed 5 connections.
- C. The number of simultaneous connections allowed for each source IP address can exceed 5 connections.
- D. The traffic shaper limits the combined bandwidth of all connections to a maximum of 5 MB/sec.
Answer : AC
Refer to the exhibit.
Based on output shown in the exhibit, which two settings can be used by SD-WAN rules? (Choose two.)
- A. set source 100.64.1.1
- B. set priority 10
- C. set load-balance-mode source-ip-based
- D. set cost 15
Answer : BC
Which two benefits from using forward error correction (FEC) in IPsec VPNs are true? (Choose two.)
- A. FEC transmits the original payload in full to recover the error in transmission.
- B. FEC reduces the stress on the remote device buffer to reconstruct packet loss.
- C. FEC transmits additional packets as redundant data to the remote device.
- D. FEC improves reliability, which overcomes adverse WAN conditions such as noisy links.
Answer : AC
Which two tasks about using central VPN management are true? (Choose two.)
- A. You can configure full mesh, star, and dial-up VPN topologies.
- B. FortiManager installs VPN settings on both managed and external gateways.
- C. You configure VPN communities to define common IPsec settings shared by all VPN gateways.
- D. You must enable VPN zones for SD-WAN deployments.
Answer : BC
Refer to the exhibits.
Exhibit A shows the SD-WAN performance SLA and exhibit B shows the SD-WAN member and the static routes configuration.
If port2 is detected dead by FortiGate, which expected behavior is correct?
- A. Port2 becomes alive after one successful probe is detected.
- B. The SD-WAN interface becomes disabled and port1 becomes the WAN interface.
- C. Dead members require manual administrator access to bring them back alive.
- D. Subnets 10.0.20.0/23 and 172.20.0.0/16 are reachable only through port1.
Answer : D
Refer to the exhibits.
Exhibit A shows the SD-WAN rules and exhibit B shows the traffic logs. The SD-WAN traffic logs reflect how FortiGate distributes traffic.
Based on the exhibits, what are two expected behaviors when FortiGate processes SD-WAN traffic? (Choose two.)
- A. The first Vimeo session may not match the Vimeo SD-WAN rule because the session is used for the application learning phase.
- B. The implicit rule overrides all other rules because parameters widely cover sources and destinations.
- C. The Vimeo SD-WAN rule steers Vimeo application traffic among all SD-WAN member interfaces.
- D. SD-WAN rules are evaluated in the same way as firewall policies: from top to bottom.
Answer : AD
30 days access 