Fortinet FCSS_SDW_AR-7.4 - FCSS - SD-WAN 7.4 Architect Exam
Page: 1 / 14
Total 68 questions
Question #1 (Topic: Exam A)
Which two statements correctly describe what happens when traffic matches the implicit SD-WAN rule? (Choose two.)
A. The session information output displays no SD-WAN service id.
B. Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting.
C. FortiGate flags the session with may_dirty and vwl_default.
D. Traffic does not match any of the entries in the policy route table.
E. The traffic is distributed, regardless of weight, through all available static routes.
Answer: AD
Question #2 (Topic: Exam A)
Refer to the exhibit.
Two hub-and-spoke groups are connected through redundant site-to-site IPsec VPNs between Hub1 and Hub2.
Which two configuration settings are required for the spoke A1 to establish an ADVPN shortcut with the spoke B2? (Choose two.)
Two hub-and-spoke groups are connected through redundant site-to-site IPsec VPNs between Hub1 and Hub2.
Which two configuration settings are required for the spoke A1 to establish an ADVPN shortcut with the spoke B2? (Choose two.)
A. On hubs, auto-discovery-sender must be enabled on the IPsec VPNs to spokes.
B. On hubs, auto-discovery-forwarder must be enabled on the IPsec VPNs to hubs.
C. On hubs, auto-discovery-receiver must be enabled on the IPsec VPNs to spokes.
D. On hubs, auto-discovery-forwarder must be enabled on the IPsec VPNs to spokes.
Answer: AD
Question #3 (Topic: Exam A)
Refer to the exhibit.
The exhibit shows output of the command diagnose sys sdwan service4 collected on a FortiGate device
The administrator wants to know through which interface FortiGate will steer traffic from local users on subnet 10 0.1.0/255.255.255.192 and with a destination of the social media application Facebook.
Based on the exhibits, which two statements are correct? (Choose two.)
The exhibit shows output of the command diagnose sys sdwan service4 collected on a FortiGate device
The administrator wants to know through which interface FortiGate will steer traffic from local users on subnet 10 0.1.0/255.255.255.192 and with a destination of the social media application Facebook.
Based on the exhibits, which two statements are correct? (Choose two.)
A. FortiGate steers traffic for social media applications according to the service rule 2 and steers traffic through port2.
B. When FortiGate cannot recognize the application of the flow, it load balances the traffic through the tunnels HQ_T1, HQ_T2, HQ_T3.
C. There is no service defined for the Facebook application, so FortiGate appliesservice rule 3 and directs the traffic to headquarters.
D. When FortiGate cannot recognize the application of the flow, it steers the traffic through the preferred member of rule 3, HQ_T1.
Answer: AB
Question #4 (Topic: Exam A)
Refer to the exhibit.
The administrator used the SD-WAN overlay template to prepare an IPsec tunnels configuration for a hub-and-spoke SD-WAN topology. The exhibit shows the FortiManager installation preview for one FortiGate device.
Based on the exhibit, which statement best describes the configuration applied to the FortiGate device?
The administrator used the SD-WAN overlay template to prepare an IPsec tunnels configuration for a hub-and-spoke SD-WAN topology. The exhibit shows the FortiManager installation preview for one FortiGate device.
Based on the exhibit, which statement best describes the configuration applied to the FortiGate device?
A. It is a spoke device that establishes dynamic IPsec tunnels to the hub. The local subnet range is 10.10 128.0/23.
B. It is a hub device. It can send ADVPN shortcut offers.
C. It is a hub device. It will automatically discover the spoke devices and add them to the SD-WAN topology.
D. It is a spoke device that establishes dynamic IPsec tunnels to the hub. It can send ADVPN shortcut requests.
Answer: D
Question #5 (Topic: Exam A)
You are planning a new SD-WAN deployment with the following criteria:
Two regions
Most of the traffic is expected to remain within its region
No requirement for inter-region ADVPN
To remain within the recommended best practices, which routing protocol should you select for the overlays?
Two regions
Most of the traffic is expected to remain within its region
No requirement for inter-region ADVPN
To remain within the recommended best practices, which routing protocol should you select for the overlays?
A. IBGP with BGP on loopback within each region and EBGP between the regions.
B. OSPF for the routing within each region and EBGP between the regions.
C. IBGP within each region and between the regions.
D. IBGP with BGP per overlays within each region and IBGP with BGP on loopback between the regions.
Answer: A
