Month End Sale - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65percent

Welcome To DumpsPedia
  1. Home
  2. Fortinet
  3. NSE 7 Network Security Architect
  4. NSE7_SDW-7.2
  5. Fortinet NSE 7 - SD-WAN 7.2 Questions and Answers

NSE7_SDW-7.2 Sample Questions Answers

Questions 4

Which two conclusions for traffic that matches the traffic shaper are true? (Choose two.)

Options:

A.

The traffic shaper drops packets if the bandwidth is less than 2500 KBps.

B.

The measured bandwidth is less than 100 KBps.

C.

The traffic shaper drops packets if the bandwidth exceeds 6250 KBps.

D.

The traffic shaper limits the bandwidth of each source IP to a maximum of 6250 KBps.

Buy Now
Questions 5

Refer to the exhibit.

Based on the exhibit, which two actions does FortiGate perform on sessions after a firewall policy change? (Choose two.)

Options:

A.

FortiGate flushes all sessions.

B.

FortiGate terminates the old sessions.

C.

FortiGate does not change existing sessions.

D.

FortiGate evaluates new sessions.

Buy Now
Questions 6

Which statement about SD-WAN zones is true?

Options:

A.

An SD-WAN zone can contain only one type of interface.

B.

An SD-WAN zone can contain between 0 and 512 members.

C.

You cannot use an SD-WAN zone in static route definitions.

D.

You can configure up to 32 SD-WAN zones per VDOM.

Buy Now
Questions 7

Refer to the exhibit.

Which conclusion about the packet debug flow output is correct?

Options:

A.

The original traffic exceeded the maximum packets per second of the outgoing interface, and the packet was dropped.

B.

The reply traffic exceeded the maximum bandwidth configured in the traffic shaper, and the packet was dropped.

C.

The original traffic exceeded the maximum bandwidth of the outgoing interface, and the packet was dropped.

D.

The original traffic exceeded the maximum bandwidth configured in the traffic shaper, and the packet was dropped.

Buy Now
Questions 8

The SD-WAN overlay template helps to prepare SD-WAN deployments. To complete the tasks performed by the SD-WAN overlay template, the administrator must perform some post-run tasks. What are three mandatory post-run tasks that must be performed? (Choose three.)

Options:

A.

Create policy packages for branch devices.

B.

Assign an sdwan_id metadata variable to each device (branch and hub}.

C.

Configure routing through overlay tunnels created by the SD-WAN overlay template.

D.

Assign a branch_id metadata variable to each branch device.

E.

Configure SD-WAN rules.

Buy Now
Questions 9

Refer to the exhibit.

Based on the output shown in the exhibit, which two criteria on the SD-WAN member configuration can be used to select an outgoing interface in an SD-WAN rule? (Choose two.)

Options:

A.

Set priority 10.

B.

Set cost 15.

C.

Set load-balance-mode source-ip-ip-based.

D.

Set source 100.64.1.1.

Buy Now
Questions 10

Refer to the exhibit.

Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules?

Options:

A.

All traffic from a source IP to a destination IP is sent to the same interface.

B.

All traffic from a source IP is sent to the same interface.

C.

All traffic from a source IP is sent to the most used interface.

D.

All traffic from a source IP to a destination IP is sent to the least used interface.

Buy Now
Questions 11

Refer to the exhibit.

Which two statements about the IPsec VPN configuration and the status of the IPsec VPN tunnel are true? (Choose two.)

Options:

A.

FortiGate does not install IPsec static routes for remote protected networks in the routing table. Most Voted

B.

The phase 1 configuration supports the network-overlay setting. Most Voted

C.

FortiGate facilitated the negotiation of the T_INET_1_0_0 ADVPN shortcut over T_INET_1_0.

D.

Dead peer detection is disabled.

Buy Now
Questions 12

What does enabling the exchange-interface-ip setting enable FortiGate devices to exchange?

Options:

A.

The gateway address of their IPsec interfaces

B.

The tunnel ID of their IPsec interfaces

C.

The IP address of their IPsec interfaces

D.

The name of their IPsec interfaces

Buy Now
Questions 13

What is a benefit of using application steering in SD-WAN?

Options:

A.

The traffic always skips the regular policy routes.

B.

You steer traffic based on the detected application.

C.

You do not need to enable SSL inspection.

D.

You do not need to configure firewall policies that accept the SD-WAN traffic.

Buy Now
Questions 14

Refer to the exhibit.

In a dual-hub hub-and-spoke SD-WAN deployment, which is a benefit of disabling the anti-replay setting on the hubs?

Options:

A.

It instructs the hub to disable the reordering of TCP packets on behalf of the receiver, to improve performance.

B.

It instructs the hub to disable TCP sequence number check, which is required for TCP sessions originated from spokes to fail over back and forth between the hubs.

C.

It instructs the hub to not check the ESP sequence numbers on IPsec traffic, to improve performance.

D.

It instructs the hub to skip content inspection on TCP traffic, to improve performance.

Buy Now
Questions 15

Exhibit.

The exhibit shows the output of the command diagnose sys sdwan health-check status collected on a FortiGate device. Which two statements are correct about the health check status on this FortiGate device? (Choose two.)

Options:

A.

The health-check VPN_PING orders the members according to the lowest jitter.

B.

The interface T_INET_1 missed one SLA target.

C.

There is no SLA criteria configured for the health-check Level3_DNS.

D.

The interface T_INET_0 missed three SLA targets.

Buy Now
Questions 16

Which two statements describe how IPsec phase 1 main mode id different from aggressive mode when performing IKE negotiation? (Choose two.)

Options:

A.

A peer ID is included in the first packet from the initiator, along with suggested security policies.

B.

XAuth is enabled as an additional level of authentication, which requires a username and password.

C.

Three packets are exchanged between an initiator and a responder instead of six packets.

D.

The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.

Buy Now
Questions 17

Which are three key routing principles in SD-WAN? (Choose three.)

Options:

A.

FortiGate performs route lookups for new sessions only.

B.

Regular policy routes have precedence over SD-WAN rules.

C.

SD-WAN rules have precedence over ISDB routes.

D.

By default, SD-WAN members are skipped if they do not have a valid route to the destination.

E.

By default, SD-WAN rules are skipped if the best route to the destination is not an SD-WAN member.

Buy Now
Questions 18

Refer to the exhibits.

Exhibit A

Exhibit B -

Exhibit A shows the configuration for an SD-WAN rule and exhibit B shows the respective rule status, the routing table, and the member status.

The administrator wants to understand the expected behavior for traffic matching the SD-WAN rule.

Based on the exhibits, what can the administrator expect for traffic matching the SD-WAN rule?

Options:

A.

The traffic will be load balanced across all three overlays.

B.

The traffic will be routed over T_INET_0_0.

C.

The traffic will be routed over T_MPLS_0.

D.

The traffic will be routed over T_INET_1_0.

Buy Now
Questions 19

Exhibit B –

Exhibit A shows the system interface with the static routes and exhibit B shows the firewall policies on the managed FortiGate.

Based on the FortiGate configuration shown in the exhibits, what issue might you encounter when creating an SD-WAN zone for port1 and port2?

Options:

A.

port1 is assigned a manual IP address.

B.

port1 is referenced in a firewall policy.

C.

port2 is referenced in a static route.

D.

port1 and port2 are not administratively down.

Buy Now
Questions 20

Which best describes the SD-WAN traffic shaping mode that bases itself on a percentage of available bandwidth?

Options:

A.

Interface-based shaping mode

B.

Reverse-policy shaping mode

C.

Shared-policy shaping mode

D.

Per-IP shaping mode

Buy Now
Questions 21

Refer to the exhibits.

Exhibit A

Exhibit B

Exhibit A shows the source NAT (SNAT) global setting and exhibit B shows the routing table on FortiGate.

Based on the exhibits, which two actions does FortiGate perform on existing sessions established over port2, if the administrator increases the static route priority on port2 to 20? (Choose two.)

Options:

A.

FortiGate flags the sessions as dirty.

B.

FortiGate continues routing the sessions with no SNAT, over port2.

C.

FortiGate performs a route lookup for the original traffic only.

D.

FortiGate updates the gateway information of the sessions with SNAT so that they use port1 instead of port2.

Buy Now
Questions 22

Exhibit.

Which conclusion about the packet debug flow output is correct?

Options:

A.

The total number of daily sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped.

B.

The packet size exceeded the outgoing interface MTU.

C.

The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped.

D.

The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the firewall policy, and the packet was dropped.

Buy Now
Questions 23

Refer to the exhibits.

Exhibit A shows the packet duplication rule configuration, the SD-WAN zone status output, and the sniffer output on FortiGate acting as the sender. Exhibit B shows the sniffer output on a FortiGate acting as the receiver.

The administrator configured packet duplication on both FortiGate devices. The sniffer output on the sender FortiGate shows that FortiGate forwards an ICMP echo request packet over three overlays, but it only receives one reply packet through T_INET_1_0.

Based on the output shown in the exhibits, which two reasons can cause the observed behavior? (Choose two.)

Options:

A.

On the receiver FortiGate, packet-de-duplication is enabled.

B.

The ICMP echo request packets sent over T_INET_0_0 and T_MPLS_0 were dropped along the way.

C.

The ICMP echo request packets received over T_INET_0_0 and T_MPLS_0 were offloaded to NPU.

D.

On the sender FortiGate, duplication-max-num is set to 3.

Buy Now
Questions 24

Refer to the exhibit.

An administrator is troubleshooting SD-WAN on FortiGate. A device behind branch1_fgt generates traffic to the 10.0.0.0/8 network. The administrator expects the traffic to match SD-WAN rule ID 1 and be routed over T_INET_0_0. However, the traffic is routed over T_INET_1_0.

Based on the output shown in the exhibit, which two reasons can cause the observed behavior? (Choose two.)

Options:

A.

The traffic matches a regular policy route configured with T_INET_1_0 as the outgoing device.

B.

T_INET_1_0 has a lower route priority value (higher priority) than T_INET_0_0.

C.

T_INET_0_0 does not have a valid route to the destination.

D.

T_INET_1_0 has a higher member configuration priority than T_INET_0_0.

Buy Now
Questions 25

What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in a hub-and-spoke topology? (Choose two.)

Options:

A.

VPN monitor tool provides additional statistics for tunnels defined with an IPsec recommended template.

B.

FortiManager automatically installs IPsec tunnels to every spoke when they are added to the FortiManager ADOM.

C.

IPsec recommended template guides the administrator to use Fortinet recommended settings.

D.

IPsec recommended template ensures consistent settings between phase1 and phase2

Buy Now
Questions 26

Which CLI command do you use to perform real-time troubleshooting for ADVPN negotiation?

Options:

A.

get router info routing-table all

B.

diagnose debug application ike

C.

diagnose vpn tunnel list

D.

get ipsec tunnel list

Buy Now
Questions 27

Which two protocols in the IPsec suite are most used for authentication and encryption? (Choose two.)

Options:

A.

Encapsulating Security Payload (ESP)

B.

Secure Shell (SSH)

C.

Internet Key Exchange (IKE)

D.

Security Association (SA)

Buy Now
Questions 28

Which two statements about SLA targets and SD-WAN rules are true? (Choose two.)

Options:

A.

SD-WAN rules use SLA targets to check if the preferred members meet the SLA requirements

B.

Member metrics are measured only if an SLA target is configured

C.

When configuring an SD-WAN rule you can select multiple SLA targets of the same performance SLA

D.

SLA targets are used only by SD-WAN rules that are configured with Lowest Cost (SLA) or Maximize Bandwidth (SLA) as strategy

Buy Now
Questions 29

What are two reasons for using FortiManager to organize and manage the network for a group of FortiGate devices?  (Choose two.)

Options:

A.

It simplifies the deployment and administration of SD-WAN on managed FortiGate devices.

B.

It improves SD-WAN performance on the managed FortiGate devices.

C.

It sends probe signals as health checks to the beacon servers on behalf of FortiGate.

D.

It acts as a policy compliance entity to review all managed FortiGate devices.

E.

It reduces WAN usage on FortiGate devices by acting as a local FortiGuard server.

Buy Now
Exam Code: NSE7_SDW-7.2
Exam Name: Fortinet NSE 7 - SD-WAN 7.2
Last Update: Jan 27, 2025
Questions: 97
$57.75  $164.99
$43.75  $124.99
$36.75  $104.99
buy now NSE7_SDW-7.2