Page: 1
/ 4
Total 60 questions
Refer to the exhibits.
Exhibit A -
Exhibit B -
Exhibit A shows the SD-WAN performance SLA and exhibit B shows the SD-WAN member status, the routing table, and the performance SLA status.
If port2 is detected dead by FortiGate, what is the expected behavior?
- A. Host 8.3.8.8 is reachable through port1 and port2.
- B. Port2 becomes alive after three successful probes are detected.
- C. The administrator manually restores the static routes for port2, if port2 becomes alive.
- D. FortiGate disables all static routes for port2.
Answer : D
In which SD-WAN template field can you use a metadata variable?
- A. You can use metadata variables only to define interface members and the gateway IP.
- B. Any field identified with a dollar sign (S) in a magnifying glass.
- C. Any field identified with an "M" in a circle.
- D. All SD-WAN template fields support metadata variables.
Answer : C
Refer to the exhibit.
The device exchanges routes using IBGP.
Which two statements are correct about the IBGP configuration and routing information on the device? (Choose two.)
- A. Each BGP route is three hops away from the destination.
- B. ibgp-multipath is disabled.
- C. You can run the get router info routing-table database command to display the additional paths.
- D. additional-path is enabled.
Answer : CD
Refer to the exhibit, which shows output of the command diagnose sys sdwan health-check status collected on a FortiGate device.
Which two statements are correct about the health check status on this FortiGate device? (Choose two.)
- A. The interface T_INET_0 missed three SLA targets.
- B. The interface T_INET_1 missed one SLA target.
- C. There is no SLA criteria configured for the health-check Level3_DNS.
- D. The health-check VPN_PING orders the members according to the measured jitter.
Answer : BC
Refer to the exhibits.
Exhibit A -
Exhibit B -
Exhibit A shows a policy package definition. Exhibit B shows the install log that the administrator received when he tried to install the policy package on FortiGate devices.
Based on the output shown in the exhibits, what can the administrator do to solve the issue?
- A. Create dynamic mapping for the LAN interface for all devices in the installation target list.
- B. Policies can refer to only one LAN source interface. Keep only the D-LAN, which is the dynamic LAN interface.
- C. Dynamic mapping should be done automatically. Review the LAN interface configuration for branch2_fgt.
- D. Use a metadata variable instead of a dynamic interface to define the firewall policy.
Answer : A
What is true about SD-WAN multiregion topologies?
- A. It is not compatible with ADVPN.
- B. Routing between the hub and spokes must be BGP.
- C. Regions must correspond to geographical areas.
- D. Each region has its own SD-WAN topology.
Answer : D
Refer to the exhibit, which shows the IPsec phase 1 configuration of a spoke.
What must you configure on the IPsec phase 1 configuration for ADVPN to work with SD-WAN?
- A. You must disable idle-timeout.
- B. You must set ike-version to 1.
- C. You must enable auto-discovery-sender.
- D. You must enable net-device.
Answer : D
Which statement about using BGP for ADVPN is true?
- A. IBGP is preferred over EBGP, because IBGP preserves next hop information.
- B. You must configure AS path prepending.
- C. You must configure BGP communities.
- D. You must use BGP to route traffic for both overlay and underlay links.
Answer : A
Refer to the exhibit that shows VPN event logs on FortiGate.
Based on the output shown in the exhibit, which statement is true?
- A. There is one shortcut tunnel built from master tunnel T_MPLS_0.
- B. The master tunnel T_INET_0 cannot accept the ADVPN shortcut.
- C. There are no IPsec tunnel statistics log messages for ADVPN shortcuts.
- D. The VPN tunnel T_MPLS_0 is a shortcut tunnel.
Answer : B
Refer to the exhibit.
Based on the exhibit which action does FortiGate take?
- A. FortiGate brings down port5 after it detects all SD-WAN members as dead.
- B. FortiGate brings up port5 after it detects all SD-WAN members as alive.
- C. FortiGate bounces port5 after it detects all SD-WAN members as dead.
- D. FortiGate fails over to the secondary device after it detects all SD-WAN members as dead.
Answer : A
Which two settings can you configure to speed up routing convergence in BGP? (Choose two.)
- A. link-down-failover
- B. update-source
- C. holdtime-timer
- D. set-route-rag
Answer : AC
Refer to the exhibit.
Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules?
- A. All traffic from a source IP is sent to the most used interface.
- B. All traffic from a source IP to a destination IP is sent to the same interface.
- C. All traffic from a source IP is sent to the same interface.
- D. All traffic from a source IP to a destination IP is sent to the least used interface.
Answer : B
Refer to the exhibits.
Exhibit A -
Exhibit B -
Exhibit A shows two IPsec templates to define BranchIPsec_1 and Branch_IPsec_2. Each template defines a VPN tunnel.
Exhibit B shows the error message that FortiManager displayed when the administrator tried to assign the second template to the FortiGate device.
Which statement best explain the cause for this issue?
- A. You should review the branch1_fgt configuration for the already configured tunnel with the name HUB1-VPN2.
- B. You can define only one IPsec tunnel from branch devices to HUB1.
- C. You can assign only one template with a tunnel of type static to each FortiGate device.
- D. You can assign only one IPsec template to each FortiGate device.
Answer : A
Which two statements about SLA targets and SD-WAN rules are true? (Choose two.)
- A. SD-WAN rules use SLA targets to check if the preferred members meet the SLA requirements.
- B. Member metrics are measured only if an SLA target is configured.
- C. When configuring an SD-WAN rule, you can select multiple SLA targets of the same performance SLA.
- D. SLA targets are used only by SD-WAN rules that are configured with Lowest Cost (SLA) or Maximize Bandwidth (SLA) as strategy.
Answer : AD
Which two statements about the SD-WAN zone configuration are true? (Choose two.)
- A. You can use the service-sla-tie-break setting to configure preferred member selection based on the best route to the destination.
- B. The default zone is virtual-wan-link.
- C. You can delete the default zones.
- D. An SD-WAN member can belong to two or more zones.
Answer : AB
30 days access 