Fortinet NSE 7 - SD-WAN 7.2 v1.0 (NSE7_SDW-7.2)

Page:    1 / 3   
Total 37 questions

Which two statements about the SD-WAN members are true? (Choose two.)

  • A. Interfaces of type virtual wire pair can be used as SD-WAN members.
  • B. You can manually define the SD-WAN members sequence number.
  • C. An SD-WAN member can belong to two or more SD-WAN zones.
  • D. Interfaces of type VLAN can be used as SD-WAN members.


Answer : BD

Refer to the exhibit.

An administrator is troubleshooting SD-WAN on FortiGate. A device behind branch1_fgt generates traffic to the 10.0.0.0/8 network. The administrator expects the traffic to match SD-WAN rule ID 1 and be routed over T_INET_0. However, the traffic is routed over T_INET_1.
Based on the output shown in the exhibit, which two reasons can cause the observed behavior? (Choose two.)

  • A. T_INET_1 has a lower route priority value (higher priority) than T_INET_0.
  • B. The traffic matches a regular policy route configured with T_INET_1 as the outgoing device.
  • C. T_INET_1 has a higher member configuration priority than T_INET_0.
  • D. T_INET_0 does not have a valid route to the destination.


Answer : AB

Within IPsec tunnel templates available on FortiManager, which template will you use to configure static tunnels for a hub and spoke topology?

  • A. Hub_IPsec_Recommended
  • B. Static_IPsec_Recommended
  • C. IPsec Fortinet Recommended
  • D. Branch IPsec Recommended


Answer : A

The administrator uses the FortiManager SD-WAN overlay template to prepare an SD-WAN deployment. With information provided through the SD-WAN overlay template wizard, FortiManager creates templates ready to install on spoke and hub devices.
Select three templates created by the SD-WAN overlay template for a spoke device. (Choose three.)

  • A. IPsec tunnel template
  • B. BGP template
  • C. Overlay template
  • D. System template
  • E. CLI template


Answer : ABE

Refer to the exhibit.

Based on the output, which two conclusions are true? (Choose two.)

  • A. Entry 1 (id=1) is a regular policy route.
  • B. There is more than one SD-WAN rule configured.
  • C. The SD-WAN rules take precedence over regular policy routes.
  • D. The all_rules rule represents the implicit SD-WAN rule.


Answer : AB

What are two benefits of using forward error correction (FEC) in IPsec VPNs? (Choose two.)

  • A. FEC can leverage multiple IPsec tunnels for parity packets transmission.
  • B. FEC transmits parity packets that can be used to reconstruct packet loss.
  • C. FEC improves reliability of noisy links.
  • D. FEC supports hardware offloading.


Answer : BC

Refer to the exhibit, which shows an SD-WAN zone configuration on the FortiGate GUI.

Based on the exhibit, which statement is true?

  • A. You can move port1 from the underlay zone to the overlay zone.
  • B. You can delete the virtual-wan-link zone because it contains no member.
  • C. The corporate zone contains no member.
  • D. The overlay zone contains four members.


Answer : D

Refer to the exhibit.

Based on the exhibit, which two actions does FortiGate perform on sessions after a firewall policy change? (Choose two.)

  • A. FortiGate terminates the old sessions.
  • B. FortiGate evaluates new sessions.
  • C. FortiGate does not change existing sessions.
  • D. FortiGate flushes all sessions.


Answer : BC

Refer to the exhibit.

The exhibit shows the details of a session and the index numbers of some relevant interfaces on a FortiGate appliance that supports hardware offloading.
Based on the information shown in the exhibits, which two statements about the session are true? (Choose two.)

  • A. The main session cannot be offloaded to hardware.
  • B. The original direction of the symmetric traffic flows from port3 to port2.
  • C. The reply direction of the asymmetric traffic flows from port2 to port3.
  • D. The auxiliary session can be offloaded to hardware.


Answer : CD

The SD-WAN overlay template helps to prepare SD-WAN deployments. To complete the tasks performed by the SD-WAN overlay template, the administrator must perform some post-run tasks.
What are three mandatory post-run tasks that must be performed? (Choose three.)

  • A. Assign an sdwan_id metadata variable to each device (branch and hub).
  • B. Assign a branch_id metadata variable to each branch device.
  • C. Create policy packages for branch devices.
  • D. Configure SD-WAN rules.
  • E. Configure routing through overlay tunnels created by the SD-WAN overlay template.


Answer : BDE

Refer to the exhibit.

In a dual-hub hub-and-spoke SD-WAN deployment, which is a benefit of disabling the anti-replay setting on the hubs?

  • A. It instructs the hub to skip content inspection on TCP traffic, to improve performance.
  • B. It instructs the hub to not check the ESP sequence numbers on IPsec traffic, to improve performance.
  • C. It instructs the hub to disable TCP sequence number check, which is required for TCP sessions originated from spokes to fail over back and forth between the hubs.
  • D. It instructs the hub to disable the reordering of TCP packets on behalf of the receiver, to improve performance.


Answer : B

Which two statements are correct when traffic matches the implicit SD-WAN rule? (Choose two.)

  • A. The session information output displays no SD-WAN-specific details.
  • B. All SD-WAN rules have the default and gateway setting enabled.
  • C. Traffic does not match any of the entries in the policy route table.
  • D. Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting.


Answer : AC

Refer to the exhibits.

Exhibit A -


Exhibit B -

Exhibit A shows the packet duplication rule configuration, the SD-WAN zone status output, and the sniffer output on a FortiGate device acting as the sender. Exhibit B shows the sniffer output on a FortiGate device acting as the receiver.
The administrator configured packet duplication on both FortiGate devices. The sniffer output on the sender FortiGate shows that FortiGate forwards an ICMP echo request packet over three overlays, but it only receives one reply packet through T_INET_1.
Based on the output shown in the exhibits, which two reasons can cause the observed behavior?
(Choose two.)

  • A. The ICMP echo request packets sent over T_INET_0 and T_MPLS were dropped along the way.
  • B. On the receiver FortiGate, packet-de-duplication is enabled.
  • C. On the sender FortiGate, duplication-max-num is set to 3.
  • D. The sender FortiGate has anti-replay enabled to block duplicate ICMP replies.


Answer : BC

Refer to the exhibit.

Which statement about the role of the ADVPN device in handling traffic is true?

  • A. This is a spoke that has received an offer from a remote hub.
  • B. Two spokes, 192.2.0.1 and 10.0.2.101, establish a shortcut.
  • C. This is a hub that has received an offer from a spoke and has forwarded it to another spoke.
  • D. An IKE session is established between 10.0.1.101 and 10.0.2.101 in the process of forming a shortcut tunnel.


Answer : C

Which two statements are true about using SD-WAN to steer local-out traffic? (Choose two.)

  • A. By default, FortiGate does not check if the selected member has a valid route to the destination.
  • B. You must configure each local-out feature individually, to use SD-WAN.
  • C. By default, local-out traffic does not use SD-WAN.
  • D. FortiGate does not consider the source address of the packet when matching an SD-WAN rule for local-out traffic.


Answer : BC

Page:    1 / 3   
Total 37 questions