ExamGecko
Search Search Login
Home Home / Fortinet / NSE7_SDW-7.2

Fortinet NSE7_SDW-7.2 Practice Test - Questions Answers, Page 6

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibit. Based on the output shown in the exhibit, which two criteria on the SD-WAN member configuration can be used to select an outgoing interface in an SD-WAN rule? (Choose two.)
Refer to the exhibit. Based on the exhibit, which two actions does FortiGate perform on sessions after a firewall policy change? (Choose two.)
In which SD-WAN template field can you use a metadata variable?
Exhibit B -- Exhibit A shows the system interface with the static routes and exhibit B shows the firewall policies on the managed FortiGate. Based on the FortiGate configuration shown in the exhibits, what issue might you encounter when creating an SD-WAN zone for port1 and port2?
Refer to the exhibit. Which statement explains the output shown in the exhibit?
What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in a hub-and-spoke topology? (Choose two.)
Refer to the exhibit. The exhibit shows output of the command diagnose 3vg sdwan service collected on a FortiGate device. The administrator wants to know through which interface FortiGate will steer the traffic from local users on subnet 10.0.1.0/255.255.255.192 and with a destination of the business application Salesforce located on HO servers 10.0.0.1. Based on the exhibits, which two statements are correct? (Choose two.)
Refer to the exhibit. FortiGate has multiple dial-up VPN interfaces incoming on port1 that match only FIRST_VPN. Which two configuration changes must be made to both IPsec VPN interfaces to allow incoming connections to match all possible IPsec dial-up interfaces? (Choose two.)
Exhibit. The exhibit shows VPN event logs on FortiGate. In the output shown in the exhibit, which statement is true?
Exhibit. The exhibit shows the output of the command diagnose sys sdwan health-check status collected on a FortiGate device. Which two statements are correct about the health check status on this FortiGate device? (Choose two.)

Question 51

Report
Export
Collapse

Refer to the exhibit.

Which statement about the role of the ADVPN device in handling traffic is true?

A.
This is a spoke that has received a query from a remote hub and has forwarded the response to its hub.
A.
This is a spoke that has received a query from a remote hub and has forwarded the response to its hub.
Answers
B.
Two hubs, 10.0.1.101 and 10.0.2.101, are receiving and forwarding queries between each other.
B.
Two hubs, 10.0.1.101 and 10.0.2.101, are receiving and forwarding queries between each other.
Answers
C.
This is a hub that has received a query from a spoke and has forwarded it to another spoke.
C.
This is a hub that has received a query from a spoke and has forwarded it to another spoke.
Answers
D.
Two spokes, 192.2.0.1 and 10.0.2.101, forward their queries to their hubs.
D.
Two spokes, 192.2.0.1 and 10.0.2.101, forward their queries to their hubs.
Answers
Suggested answer: C

Question 52

Report
Export
Collapse

The SD-WAN overlay template helps to prepare SD-WAN deployments. To complete the tasks performed by the SD-WAN overlay template, the administrator must perform some post-run tasks. What are three mandatory post-run tasks that must be performed? (Choose three.)

A.
Create policy packages for branch devices.
A.
Create policy packages for branch devices.
Answers
B.
Assign an sdwan_id metadata variable to each device (branch and hub}.
B.
Assign an sdwan_id metadata variable to each device (branch and hub}.
Answers
C.
Configure routing through overlay tunnels created by the SD-WAN overlay template.
C.
Configure routing through overlay tunnels created by the SD-WAN overlay template.
Answers
D.
Assign a branch_id metadata variable to each branch device.
D.
Assign a branch_id metadata variable to each branch device.
Answers
E.
Configure SD-WAN rules.
E.
Configure SD-WAN rules.
Answers
Suggested answer: A, B, C

Question 53

Report
Export
Collapse

Which diagnostic command can you use to show the member utilization statistics measured by performance SLAs for the last 10 minutes?

A.
diagnose sys sdwan sla-log
A.
diagnose sys sdwan sla-log
Answers
B.
diagnose ays sdwan health-check
B.
diagnose ays sdwan health-check
Answers
C.
diagnose sys sdwan intf-sla-log
C.
diagnose sys sdwan intf-sla-log
Answers
D.
diagnose sys sdwan log
D.
diagnose sys sdwan log
Answers
Suggested answer: A

Question 54

Report
Export
Collapse

Which two statements about SLA targets and SD-WAN rules are true? (Choose two.)

A.
SD-WAN rules use SLA targets to check if the preferred members meet the SLA requirements
A.
SD-WAN rules use SLA targets to check if the preferred members meet the SLA requirements
Answers
B.
Member metrics are measured only if an SLA target is configured
B.
Member metrics are measured only if an SLA target is configured
Answers
C.
When configuring an SD-WAN rule you can select multiple SLA targets of the same performance SLA
C.
When configuring an SD-WAN rule you can select multiple SLA targets of the same performance SLA
Answers
D.
SLA targets are used only by SD-WAN rules that are configured with Lowest Cost (SLA) or Maximize Bandwidth (SLA) as strategy
D.
SLA targets are used only by SD-WAN rules that are configured with Lowest Cost (SLA) or Maximize Bandwidth (SLA) as strategy
Answers
Suggested answer: A, D

Question 55

Report
Export
Collapse

Which two protocols in the IPsec suite are most used for authentication and encryption? (Choose two.)

A.
Encapsulating Security Payload (ESP)
A.
Encapsulating Security Payload (ESP)
Answers
B.
Secure Shell (SSH)
B.
Secure Shell (SSH)
Answers
C.
Internet Key Exchange (IKE)
C.
Internet Key Exchange (IKE)
Answers
D.
Security Association (SA)
D.
Security Association (SA)
Answers
Suggested answer: A, C

Question 56

Report
Export
Collapse

Which two performance SLA protocols enable you to verify that the server response contains a specific value? (Choose two.)

A.
http
A.
http
Answers
B.
icmp
B.
icmp
Answers
C.
twamp
C.
twamp
Answers
D.
dns
D.
dns
Answers
Suggested answer: A, D

Explanation:

Performance SLA (Service Level Agreement) protocols are used in SD-WAN to monitor the quality and performance of various network services. The two protocols that specifically allow for verifying a specific value in the server response are:

HTTP (Hypertext Transfer Protocol): HTTP is the foundation of data communication on the World Wide Web. It allows for fetching resources, such as HTML documents. You can configure an HTTP performance SLA to send specific requests (e.g., GET or POST) and then check if the response body contains a particular string or value. This is useful for validating web server functionality and content delivery.

DNS (Domain Name System): DNS is responsible for translating domain names into IP addresses. A DNS performance SLA can be set up to query a specific domain and verify that the returned IP address or other DNS record values match what is expected. This helps ensure proper name resolution and accessibility of resources.

Question 57

Report
Export
Collapse

Exhibit.

Which conclusion about the packet debug flow output is correct?

A.
The total number of daily sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped.
A.
The total number of daily sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped.
Answers
B.
The packet size exceeded the outgoing interface MTU.
B.
The packet size exceeded the outgoing interface MTU.
Answers
C.
The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped.
C.
The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped.
Answers
D.
The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the firewall policy, and the packet was dropped.
D.
The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the firewall policy, and the packet was dropped.
Answers
Suggested answer: C

Explanation:

In a Per-IP shaper configuration, if an IP address exceeds the configured concurrent session limit, the message 'Denied by quota check' appears. SD-WAN 7.0 Study Guide page 287

Question 58

Report
Export
Collapse

Refer to the exhibit.

The exhibit shows the SD-WAN rule status and configuration.

Based on the exhibit, which change in the measured latency will make T_MPLS_0 the new preferred member?

A.
When T_INET_0_0 and T_MPLS_0 have the same latency.
A.
When T_INET_0_0 and T_MPLS_0 have the same latency.
Answers
B.
When T_MPLS_0 has a latency of 100 ms.
B.
When T_MPLS_0 has a latency of 100 ms.
Answers
C.
When T_INET_0_0 has a latency of 250 ms.
C.
When T_INET_0_0 has a latency of 250 ms.
Answers
D.
When T_N1PLS_0 has a latency of 80 ms.
D.
When T_N1PLS_0 has a latency of 80 ms.
Answers
Suggested answer: D

Question 59

Report
Export
Collapse

Refer to the exhibits.

Exhibit A -

Exhibit B -

Exhibit A shows the traffic shaping policy and exhibit B shows the firewall policy.

The administrator wants FortiGate to limit the bandwidth used by YouTube. When testing, the administrator determines that FortiGate does not apply traffic shaping on YouTube traffic.

Based on the policies shown in the exhibits, what configuration change must be made so FortiGate performs traffic shaping on YouTube traffic?

A.
Destination internet service must be enabled on the traffic shaping policy.
A.
Destination internet service must be enabled on the traffic shaping policy.
Answers
B.
Application control must be enabled on the firewall policy.
B.
Application control must be enabled on the firewall policy.
Answers
C.
Web filtering must be enabled on the firewall policy.
C.
Web filtering must be enabled on the firewall policy.
Answers
D.
Individual SD-WAN members must be selected as the outgoing interface on the traffic shaping policy.
D.
Individual SD-WAN members must be selected as the outgoing interface on the traffic shaping policy.
Answers
Suggested answer: C

Question 60

Report
Export
Collapse

What is a benefit of using application steering in SD-WAN?

A.
The traffic always skips the regular policy routes.
A.
The traffic always skips the regular policy routes.
Answers
B.
You steer traffic based on the detected application.
B.
You steer traffic based on the detected application.
Answers
C.
You do not need to enable SSL inspection.
C.
You do not need to enable SSL inspection.
Answers
D.
You do not need to configure firewall policies that accept the SD-WAN traffic.
D.
You do not need to configure firewall policies that accept the SD-WAN traffic.
Answers
Suggested answer: B
Total 97 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms