Fortinet NSE7_SDW-7.2 - Fortinet NSE 7 - SD-WAN 7.2 Exam
Page: 2 / 14
Total 70 questions
Question #6 (Topic: Exam A)
Which are three key routing principles in SD-WAN? (Choose three.)
A. By default. SD-WAN members are skipped if they do not have a valid route to the destination.
B. By default. SD-WAN rules are skipped if the best route to the destination is not an SD-WAN member.
C. FortiGate performs route lookups for new sessions only.
D. SD-WAN rules have precedence over ISDB routes.
E. Regular policy routes have precedence over SD-WAN rules.
Answer: ABE
Question #7 (Topic: Exam A)
Refer to the exhibit.

Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2.
Which two configuration settings are required for Toronto and London spokes to establish an ADVPN shortcut? (Choose two.)

Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2.
Which two configuration settings are required for Toronto and London spokes to establish an ADVPN shortcut? (Choose two.)
A. On the hubs, net-device must be enabled on all IPsec VPNs.
B. auto-discovery-forwarder must be enabled on all IPsec VPNs.
C. On the spokes, auto-discovery-receiver must be enabled on the IPsec VPN to the hub.
D. On the hubs, auto-discovery-sender must be enabled on the IPsec VPNs to spokes.
Answer: CD
Question #8 (Topic: Exam A)
Which CLI command do you use to perform real-time troubleshooting for ADVPN negotiation?
A. get router info routing-table all
B. get ipsec tunnel list
C. diagnose vpn tunnel list
D. diagnose debug application ike
Answer: D
Question #9 (Topic: Exam A)
What are two common use cases for remote internet access (RIA)? (Choose two.)
A. Provide internet access through the hub.
B. Centralize security inspection on the hub.
C. Provide thorough inspection on spokes.
D. Provide direct internet access on spokes.
Answer: AB
Question #10 (Topic: Exam A)
Refer to the exhibits.
Exhibit A.

Exhibit B.

An administrator is testing application steering in SD-WAN. Before generating test traffic, the administrator collected the information shown in exhibit A.
After generating GoToMeeting test traffic, the administrator examined the respective traffic log on FortiAnalyzer, which is shown in exhibit B. The administrator noticed that the traffic matched the implicit SD-WAN rule, but they expected the traffic to match rule ID 1.
Which two reasons explain why some log messages show that the traffic matched the implicit SD-WAN rule? (Choose two.)
Exhibit A.

Exhibit B.

An administrator is testing application steering in SD-WAN. Before generating test traffic, the administrator collected the information shown in exhibit A.
After generating GoToMeeting test traffic, the administrator examined the respective traffic log on FortiAnalyzer, which is shown in exhibit B. The administrator noticed that the traffic matched the implicit SD-WAN rule, but they expected the traffic to match rule ID 1.
Which two reasons explain why some log messages show that the traffic matched the implicit SD-WAN rule? (Choose two.)
A. Port1 and port2 do not have a valid route to the destination.
B. The session 3-tuple did not match any of the existing entries in the ISDB application cache.
C. Full SSL inspection is not enabled on the matching firewall policy.
D. FortiGate did not refresh the routing information on the session after the application was detected.
Answer: BD