ExamGecko
Search Search Login
Home Home / Fortinet / NSE7_SDW-7.2

Fortinet NSE7_SDW-7.2 Practice Test - Questions Answers, Page 10

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibit. Based on the output shown in the exhibit, which two criteria on the SD-WAN member configuration can be used to select an outgoing interface in an SD-WAN rule? (Choose two.)
Refer to the exhibit. Based on the exhibit, which two actions does FortiGate perform on sessions after a firewall policy change? (Choose two.)
In which SD-WAN template field can you use a metadata variable?
Exhibit B -- Exhibit A shows the system interface with the static routes and exhibit B shows the firewall policies on the managed FortiGate. Based on the FortiGate configuration shown in the exhibits, what issue might you encounter when creating an SD-WAN zone for port1 and port2?
Refer to the exhibit. Which statement explains the output shown in the exhibit?
What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in a hub-and-spoke topology? (Choose two.)
Refer to the exhibit. The exhibit shows output of the command diagnose 3vg sdwan service collected on a FortiGate device. The administrator wants to know through which interface FortiGate will steer the traffic from local users on subnet 10.0.1.0/255.255.255.192 and with a destination of the business application Salesforce located on HO servers 10.0.0.1. Based on the exhibits, which two statements are correct? (Choose two.)
Refer to the exhibit. FortiGate has multiple dial-up VPN interfaces incoming on port1 that match only FIRST_VPN. Which two configuration changes must be made to both IPsec VPN interfaces to allow incoming connections to match all possible IPsec dial-up interfaces? (Choose two.)
Exhibit. The exhibit shows VPN event logs on FortiGate. In the output shown in the exhibit, which statement is true?
Exhibit. The exhibit shows the output of the command diagnose sys sdwan health-check status collected on a FortiGate device. Which two statements are correct about the health check status on this FortiGate device? (Choose two.)

Question 91

Report
Export
Collapse

Refer to the exhibit.

Which are two expected behaviors of the traffic that matches the traffic shaper? (Choose two.)

A.
The number of simultaneous connections among all source IP addresses cannot exceed five connections.
A.
The number of simultaneous connections among all source IP addresses cannot exceed five connections.
Answers
B.
The traffic shaper limits the combined bandwidth of all connections to a maximum of 5 MB/sec.
B.
The traffic shaper limits the combined bandwidth of all connections to a maximum of 5 MB/sec.
Answers
C.
The number of simultaneous connections allowed for each source IP address cannot exceed five connections.
C.
The number of simultaneous connections allowed for each source IP address cannot exceed five connections.
Answers
D.
The traffic shaper limits the bandwidth of each source IP address to a maximum of 625 KB/sec.
D.
The traffic shaper limits the bandwidth of each source IP address to a maximum of 625 KB/sec.
Answers
Suggested answer: C, D

Question 92

Report
Export
Collapse

Which two statements are true about using SD-WAN to steer local-out traffic? (Choose two.)

A.
FortiGate does not consider the source address of the packet when matching an SD-WAN rule for local-out traffic.
A.
FortiGate does not consider the source address of the packet when matching an SD-WAN rule for local-out traffic.
Answers
B.
By default, local-out traffic does not use SD-WAN.
B.
By default, local-out traffic does not use SD-WAN.
Answers
C.
By default, FortiGate does not check if the selected member has a valid route to the destination.
C.
By default, FortiGate does not check if the selected member has a valid route to the destination.
Answers
D.
You must configure each local-out feature individually, to use SD-WAN.
D.
You must configure each local-out feature individually, to use SD-WAN.
Answers
Suggested answer: B, D

Question 93

Report
Export
Collapse

Refer to the exhibit.

Which conclusion about the packet debug flow output is correct?

A.
The original traffic exceeded the maximum packets per second of the outgoing interface, and the packet was dropped.
A.
The original traffic exceeded the maximum packets per second of the outgoing interface, and the packet was dropped.
Answers
B.
The reply traffic exceeded the maximum bandwidth configured in the traffic shaper, and the packet was dropped.
B.
The reply traffic exceeded the maximum bandwidth configured in the traffic shaper, and the packet was dropped.
Answers
C.
The original traffic exceeded the maximum bandwidth of the outgoing interface, and the packet was dropped.
C.
The original traffic exceeded the maximum bandwidth of the outgoing interface, and the packet was dropped.
Answers
D.
The original traffic exceeded the maximum bandwidth configured in the traffic shaper, and the packet was dropped.
D.
The original traffic exceeded the maximum bandwidth configured in the traffic shaper, and the packet was dropped.
Answers
Suggested answer: D

Question 94

Report
Export
Collapse

What is true about SD-WAN multiregion topologies?

A.
Each region has its own SD-WAN topology
A.
Each region has its own SD-WAN topology
Answers
B.
It is not compatible with ADVPN.
B.
It is not compatible with ADVPN.
Answers
C.
Regions must correspond to geographical areas.
C.
Regions must correspond to geographical areas.
Answers
D.
Routing between the hub and spokes must be BGP.
D.
Routing between the hub and spokes must be BGP.
Answers
Suggested answer: A

Question 95

Report
Export
Collapse

In which SD-WAN template field can you use a metadata variable?

A.
You can use metadata variables only to define interface members and the gateway IP.
A.
You can use metadata variables only to define interface members and the gateway IP.
Answers
B.
All SD-WAN template fields support metadata variables.
B.
All SD-WAN template fields support metadata variables.
Answers
C.
Any field Identified with a dollar sign ($) in a magnifying glass.
C.
Any field Identified with a dollar sign ($) in a magnifying glass.
Answers
D.
Any field identified with an 'M' in a circle.
D.
Any field identified with an 'M' in a circle.
Answers
Suggested answer: B

Question 96

Report
Export
Collapse

Refer to the exhibits.

Exhibit A shows a policy package definition Exhibit B shows the install log that the administrator received when he tried to install the policy package on FortiGate devices.

Based on the output shown in the exhibits, what can the administrator do to solve the Issue?

A.
Create dynamic mapping for the LAN interface for all devices in the installation target list.
A.
Create dynamic mapping for the LAN interface for all devices in the installation target list.
Answers
B.
Use a metadata variable instead of a dynamic interface to define the firewall policy.
B.
Use a metadata variable instead of a dynamic interface to define the firewall policy.
Answers
C.
Dynamic mapping should be done automatically. Review the LAN interface configuration for branch2_fgt.
C.
Dynamic mapping should be done automatically. Review the LAN interface configuration for branch2_fgt.
Answers
D.
Policies can refer to only one LAN source interface. Keep only the D-LAN, which is the dynamic LAN interface.
D.
Policies can refer to only one LAN source interface. Keep only the D-LAN, which is the dynamic LAN interface.
Answers
Suggested answer: A

Question 97

Report
Export
Collapse

Refer to the exhibit.

The exhibit shows output of the command diagnose 3vg sdwan service collected on a FortiGate device.

The administrator wants to know through which interface FortiGate will steer the traffic from local users on subnet 10.0.1.0/255.255.255.192 and with a destination of the business application Salesforce located on HO servers 10.0.0.1.

Based on the exhibits, which two statements are correct? (Choose two.)

A.
When FortiGate cannot recognize the application of the flow it steers the traffic destined to server 10.0.0.1 according to service rule 3.
A.
When FortiGate cannot recognize the application of the flow it steers the traffic destined to server 10.0.0.1 according to service rule 3.
Answers
B.
FortiGate steers traffic to HO servers according to service rule 1 and it uses port1 or port2 because both interfaces are selected.
B.
FortiGate steers traffic to HO servers according to service rule 1 and it uses port1 or port2 because both interfaces are selected.
Answers
C.
There is no service defined for the Salesforce application, so FortiGate will use the service rule 3 and steer the traffic through interface T_HQ1.
C.
There is no service defined for the Salesforce application, so FortiGate will use the service rule 3 and steer the traffic through interface T_HQ1.
Answers
D.
FortiGate steers traffic for business application according to service rule 2 and steers traffic through port2.
D.
FortiGate steers traffic for business application according to service rule 2 and steers traffic through port2.
Answers
Suggested answer: A, B
Total 97 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms