Special Summer Sale - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65percent

Welcome To DumpsPedia

NSE7_SDW-7.2 Sample Questions Answers

Questions 4

Refer to the exhibit.

In a dual-hub hub-and-spoke SD-WAN deployment, which is a benefit of disabling theanti-replaysetting on the hubs?

Options:

A.

It instructs the hub to disable the reordering of TCP packets on behalf of the receiver, to improve performance.

B.

It instructs the hub to disable TCP sequence number check, which is required for TCP sessions originated from spokes to fail over back and forth between the hubs.

C.

It instructs the hub to not check the ESP sequence numbers on IPsec traffic, to improve performance.

D.

It instructs the hub to skip content inspection on TCP traffic, to improve performance.

Buy Now
Questions 5

Refer to the exhibit.

An administrator used the SD-WAN overlay template to prepare an IPsec configuration for a hub-and-spoke SD-WAN topology. The exhibit shows the installation preview for one FortiGate device. In the exhibit, which statement best describes the configuration applied to the FortiGate device?

Options:

A.

It is a hub device. It can send ADVPN shortcut offers.

B.

It is a spoke device that establishes dynamic IPsec tunnels to the hub. The subnet range is 10.10.128.0/23.

C.

It is a spoke device that establishes dynamic IPsec tunnels to the hub. It can send ADVPN shortcut requests.

D.

It is a hub device and will automatically discover the spoke devices that are in the SD-WAN topology.

Buy Now
Questions 6

The SD-WAN overlay template helps to prepare SD-WAN deployments. To complete the tasks performed by the SD-WAN overlay template, the administrator must perform some post-run tasks. What are three mandatory post-run tasks that must be performed? (Choose three.)

Options:

A.

Assign an sdwan_id metadata variable to each device (branch and hub).

B.

Assign a branch_id metadata variable to each branch device.

C.

Create policy packages for branch devices.

D.

Configure SD-WAN rules.

E.

Configure routing through overlay tunnels created by the SD-WAN overlay template.

Buy Now
Questions 7

Refer to the exhibit.

Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules?

Options:

A.

All traffic from a source IP to a destination IP is sent to the same interface.

B.

All traffic from a source IP is sent to the same interface.

C.

All traffic from a source IP is sent to the most used interface.

D.

All traffic from a source IP to a destination IP is sent to the least used interface.

Buy Now
Questions 8

What are two benefits of choosing packet duplication over FEC for data loss correction on noisy links? (Choose two.)

Options:

A.

Packet duplication can leverage multiple IPsec overlays for sending additional data.

B.

Packet duplication does not require a route to the destination.

C.

Packet duplication supports hardware offloading.

D.

Packet duplication uses smaller parity packets which results in less bandwidth consumption.

Buy Now
Questions 9

What are two reasons for using FortiManager to organize and manage the network for a group of FortiGate devices? (Choose two.)

Options:

A.

It simplifies the deployment and administration of SD-WAN on managed FortiGate devices.

B.

It improves SD-WAN performance on the managed FortiGate devices.

C.

It sends probe signals as health checks to the beacon servers on behalf of FortiGate.

D.

It acts as a policy compliance entity to review all managed FortiGate devices.

E.

It reduces WAN usage on FortiGate devices by acting as a local FortiGuard server.

Buy Now
Questions 10

Which SD-WAN setting enables FortiGate to delay the recovery of ADVPN shortcuts?

Options:

A.

hold-down-time

B.

link-down-failover

C.

auto-discovery-shortcuts

D.

idle-timeout

Buy Now
Questions 11

Refer to the exhibit.

Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2.

Which two configuration settings are required for Toronto and London spokes to establish an ADVPN shortcut? (Choose two.)

Options:

A.

On the hubs,auto-discovery-sendermust be enabled on the IPsec VPNs to spokes.

B.

On the spokes,auto-discovery-receivermust be enabled on the IPsec VPN to the hub.

C.

auto-discovery-forwardermust be enabled on all IPsec VPNs.

D.

On the hubs,net-devicemust be enabled on all IPsec VPNs.

Buy Now
Questions 12

Refer to the exhibits.

Exhibit A -

Exhibit B -

Exhibit A shows a site-to-site topology between two FortiGate devices: branch1_fgt and dc1_fgt. Exhibit B shows the system global and system settings configuration on dc1_fgt.

When branch1_client establishes a connection to dc1_host, the administrator observes that, on dc1_fgt, the reply traffic is routed over T_INET_0_0, even though T_INET_1_0 is the preferred member in the matching SD-WAN rule.

Based on the information shown in the exhibits, what configuration change must be made on dc1_fgt so dc1_fgt routes the reply traffic over T_INET_1_0?

Options:

A.

Enable auxiliary-session under config system settings.

B.

Disable tсp-session-without-syn under config system settings.

C.

Enable snat-route-change under config system global.

D.

Disable allow-subnet-overlap under config system settings.

Buy Now
Questions 13

Which diagnostic command can you use to show the member utilization statistics measured by performance SLAs for the last 10 minutes?

Options:

A.

diagnose sys sdwan sla-log

B.

diagnose ays sdwan health-check

C.

diagnose sys sdwan intf-sla-log

D.

diagnose sys sdwan log

Buy Now
Questions 14

Refer to the exhibit.

Which two statements about the IPsec VPN configuration and the status of the IPsec VPN tunnel are true? (Choose two.)

Options:

A.

FortiGate does not install IPsec static routes for remote protected networks in the routing table.

B.

The phase 1 configuration supports the network-overlay setting.

C.

FortiGate facilitated the negotiation of the T_INET_1_0_0 ADVPN shortcut over T_INET_1_0.

D.

Dead peer detection is disabled.

Buy Now
Questions 15

In a hub-and-spoke topology, what are two advantages of enabling ADVPN on the IPsec overlays? (Choose two.)

Options:

A.

It provides the benefits of a full-mesh topology in a hub-and-spoke network.

B.

It provides direct connectivity between spokes by creating shortcuts.

C.

It enables spokes to bypass the hub during shortcut negotiation.

D.

It enables spokes to establish shortcuts to third-party gateways.

Buy Now
Questions 16

What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in an hub-and-spoke topology? (Choose two.)

Options:

A.

It ensures consistent settings between phase1 and phase2.

B.

It guides the administrator to use Fortinet recommended settings.

C.

It automatically install IPsec tunnels to every spoke when they are added to the FortiManager ADOM.

D.

The VPN monitor tool provides additional statistics for tunnels defined with an IPsec recommended template.

Buy Now
Questions 17

Which two statements about SD-WAN central management are true? (Choose two.)

Options:

A.

The objects are saved in the ADOM common object database.

B.

It does not support meta fields.

C.

It uses templates to configure SD-WAN on managed devices.

D.

It supports normalized interfaces for SD-WAN member configuration.

Buy Now
Questions 18

What three characteristics apply to provisioning templates available on FortiManager? (Choose three.)

Options:

A.

You can apply a system template and a CLI template to the same FortiGate device.

B.

A CLI template can be of type CLI script or Perl script.

C.

A template group can include a system template and an SD-WAN template.

D.

A template group can contain CLI templates of both types.

E.

Templates are applied in order, from top to bottom.

Buy Now
Questions 19

Refer to the exhibits.

Exhibit A shows a policy package definition Exhibit B shows the install log that the administrator received when he tried to install the policy package on FortiGate devices.

Based on the output shown in the exhibits, what can the administrator do to solve the Issue?

Options:

A.

Create dynamic mapping for the LAN interface for all devices in the installation target list.

B.

Use a metadata variable instead of a dynamic interface to define the firewall policy.

C.

Dynamic mapping should be done automatically. Review the LAN interface configuration for branch2_fgt.

D.

Policies can refer to only one LAN source interface. Keep only the D-LAN, which is the dynamic LAN interface.

Buy Now
Questions 20

Refer to the exhibit.

Based on the exhibit, which two actions does FortiGate perform on sessions after a firewall policy change? (Choose two.)

Options:

A.

FortiGate flushes all sessions.

B.

FortiGate terminates the old sessions.

C.

FortiGate does not change existing sessions.

D.

FortiGate evaluates new sessions.

Buy Now
Questions 21

What are two reasons why FortiGate would be unable to complete the zero-touch provisioning process? (Choose two.)

Options:

A.

The FortiGate cloud key has not been added to the FortiGate cloud portal.

B.

FortiDeploy has connected with FortiGate and provided the initial configuration to contact FortiManager

C.

The zero-touch provisioning process has completed internally, behind FortiGate.

D.

FortiGate has obtained a configuration from the platform template in FortiGate cloud.

E.

A factory reset performed on FortiGate.

Buy Now
Questions 22

Which statement about SD-WAN zones is true?

Options:

A.

An SD-WAN zone can contain only one type of interface.

B.

An SD-WAN zone can contain between 0 and 512 members.

C.

You cannot use an SD-WAN zone in static route definitions.

D.

You can configure up to 32 SD-WAN zones per VDOM.

Buy Now
Questions 23

Which diagnostic command can you use to show the configured SD-WAN zones and their assigned members?

Options:

A.

diagnose sys sdwan zone

B.

diagnose sys sdwan service

C.

diagnose sys sdwan member

D.

diagnose sys sdwan interface

Buy Now
Questions 24

Refer to the exhibit.

Which statement about the role of the ADVPN device in handling traffic is true?

Options:

A.

This is a spoke that has received a query from a remote hub and has forwarded the response to its hub.

B.

Two hubs,10.0.1.101and10.0.2.101, are receiving and forwarding queries between each other.

C.

This is a hub that has received a query from a spoke and has forwarded it to another spoke.

D.

Two spokes,192.2.0.1and10.0.2.101, forward their queries to their hubs.

Buy Now
Questions 25

What is true about SD-WAN multiregion topologies?

Options:

A.

Each region has its own SD-WAN topology

B.

It is not compatible with ADVPN.

C.

Regions must correspond to geographical areas.

D.

Routing between the hub and spokes must be BGP.

Buy Now
Questions 26

Refer to the exhibit.

Which conclusion about the packet debug flow output is correct?

Options:

A.

The original traffic exceeded the maximum packets per second of the outgoing interface, and the packet was dropped.

B.

The reply traffic exceeded the maximum bandwidth configured in the traffic shaper, and the packet was dropped.

C.

The original traffic exceeded the maximum bandwidth of the outgoing interface, and the packet was dropped.

D.

The original traffic exceeded the maximum bandwidth configured in the traffic shaper, and the packet was dropped.

Buy Now
Questions 27

Which two statements are true about using SD-WAN to steer local-out traffic? (Choose two.)

Options:

A.

FortiGate does not consider the source address of the packet when matching an SD-WAN rule for local-out traffic.

B.

By default, local-out traffic does not use SD-WAN.

C.

By default, FortiGate does not check if the selected member has a valid route to the destination.

D.

You must configure each local-out feature individually, to use SD-WAN.

Buy Now
Questions 28

Refer to the exhibits.

Exhibit A shows the SD-WAN rule status and the learned BGP routes with community 65000:10.

Exhibit B shows the SD-WAN rule configuration, the BGP neighbor configuration, and the route map configuration.

The administrator wants to steer corporate traffic using routes tags in the SD-WAN rule ID 1.

However, the administrator observes that the corporate traffic does not match the SD-WAN rule ID 1.

Based on the exhibits, which configuration change is required to fix issue?

Options:

A.

In the dc1-lan-rm route map configuration, set set-route-tag to 10.

B.

In SD-WAN rule ID 1, change the destination to use ISDB entries.

C.

In the dc1-lan-rm route map configuration, unset match-community.

D.

In the BGP neighbor configuration, apply the route map dc1-lan-rm in the outbound direction.

Buy Now
Questions 29

Which two protocols in the IPsec suite are most used for authentication and encryption? (Choose two.)

Options:

A.

Encapsulating Security Payload (ESP)

B.

Secure Shell (SSH)

C.

Internet Key Exchange (IKE)

D.

Security Association (SA)

Buy Now
Exam Code: NSE7_SDW-7.2
Exam Name: Fortinet NSE 7 - SD-WAN 7.2
Last Update: Mar 31, 2025
Questions: 99
$57.75  $164.99
$43.75  $124.99
$36.75  $104.99
buy now NSE7_SDW-7.2