ExamGecko
Search Search Login
Home Home / Fortinet / NSE7_SDW-7.2

Fortinet NSE7_SDW-7.2 Practice Test - Questions Answers, Page 7

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibit. Based on the output shown in the exhibit, which two criteria on the SD-WAN member configuration can be used to select an outgoing interface in an SD-WAN rule? (Choose two.)
Refer to the exhibit. Based on the exhibit, which two actions does FortiGate perform on sessions after a firewall policy change? (Choose two.)
In which SD-WAN template field can you use a metadata variable?
Exhibit B -- Exhibit A shows the system interface with the static routes and exhibit B shows the firewall policies on the managed FortiGate. Based on the FortiGate configuration shown in the exhibits, what issue might you encounter when creating an SD-WAN zone for port1 and port2?
Refer to the exhibit. Which statement explains the output shown in the exhibit?
What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in a hub-and-spoke topology? (Choose two.)
Refer to the exhibit. The exhibit shows output of the command diagnose 3vg sdwan service collected on a FortiGate device. The administrator wants to know through which interface FortiGate will steer the traffic from local users on subnet 10.0.1.0/255.255.255.192 and with a destination of the business application Salesforce located on HO servers 10.0.0.1. Based on the exhibits, which two statements are correct? (Choose two.)
Refer to the exhibit. FortiGate has multiple dial-up VPN interfaces incoming on port1 that match only FIRST_VPN. Which two configuration changes must be made to both IPsec VPN interfaces to allow incoming connections to match all possible IPsec dial-up interfaces? (Choose two.)
Exhibit. The exhibit shows VPN event logs on FortiGate. In the output shown in the exhibit, which statement is true?
Exhibit. The exhibit shows the output of the command diagnose sys sdwan health-check status collected on a FortiGate device. Which two statements are correct about the health check status on this FortiGate device? (Choose two.)

Question 61

Report
Export
Collapse

Refer to the exhibit.

Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2.

Which two configuration settings are required for Toronto and London spokes to establish an ADVPN shortcut? (Choose two.)

A.
On the hubs, auto-discovery-sender must be enabled on the IPsec VPNs to spokes.
A.
On the hubs, auto-discovery-sender must be enabled on the IPsec VPNs to spokes.
Answers
B.
On the spokes, auto-discovery-receiver must be enabled on the IPsec VPN to the hub.
B.
On the spokes, auto-discovery-receiver must be enabled on the IPsec VPN to the hub.
Answers
C.
auto-discovery-forwarder must be enabled on all IPsec VPNs.
C.
auto-discovery-forwarder must be enabled on all IPsec VPNs.
Answers
D.
On the hubs, net-device must be enabled on all IPsec VPNs.
D.
On the hubs, net-device must be enabled on all IPsec VPNs.
Answers
Suggested answer: A, B

Question 62

Report
Export
Collapse

What are two benefits of using forward error correction (FEC) in IPsec VPNs? (Choose two.)

A.
FEC supports hardware offloading.
A.
FEC supports hardware offloading.
Answers
B.
FEC improves reliability of noisy links.
B.
FEC improves reliability of noisy links.
Answers
C.
FEC transmits parity packets that can be used to reconstruct packet loss.
C.
FEC transmits parity packets that can be used to reconstruct packet loss.
Answers
D.
FEC can leverage multiple IPsec tunnels for parity packets transmission.
D.
FEC can leverage multiple IPsec tunnels for parity packets transmission.
Answers
Suggested answer: B, C

Question 63

Report
Export
Collapse

Which two tasks are part of using central VPN management? (Choose two.)

A.
You can configure full mesh, star, and dial-up VPN topologies.
A.
You can configure full mesh, star, and dial-up VPN topologies.
Answers
B.
You must enable VPN zones for SD-WAN deployments.
B.
You must enable VPN zones for SD-WAN deployments.
Answers
C.
FortiManager installs VPN settings on both managed and external gateways.
C.
FortiManager installs VPN settings on both managed and external gateways.
Answers
D.
You configure VPN communities to define common IPsec settings shared by all VPN gateways.
D.
You configure VPN communities to define common IPsec settings shared by all VPN gateways.
Answers
Suggested answer: A, D

Question 64

Report
Export
Collapse

Refer to the exhibit.

Based on the exhibit, which two statements are correct about the health of the selected members? (Choose two.)

A.
After FortiGate switches to active mode, FortiGate never fails back to passive monitoring.
A.
After FortiGate switches to active mode, FortiGate never fails back to passive monitoring.
Answers
B.
During passive monitoring, FortiGate can't detect dead members.
B.
During passive monitoring, FortiGate can't detect dead members.
Answers
C.
FortiGate can offload the traffic that is subject to passive monitoring to hardware.
C.
FortiGate can offload the traffic that is subject to passive monitoring to hardware.
Answers
D.
FortiGate passively monitors the member if TCP traffic is passing through the member.
D.
FortiGate passively monitors the member if TCP traffic is passing through the member.
Answers
Suggested answer: B, D

Question 65

Report
Export
Collapse

The administrator uses the FortiManager SD-WAN overlay template to prepare an SD-WAN deployment. With information provided through the SD-WAN overlay template wizard, FortiManager creates templates ready to install on spoke and hub devices.

Select three templates created by the SD-WAN overlay template for a spoke device. (Choose three.)

A.
System template
A.
System template
Answers
B.
BGP template
B.
BGP template
Answers
C.
IPsec tunnel template
C.
IPsec tunnel template
Answers
D.
CLI template
D.
CLI template
Answers
E.
Overlay template
E.
Overlay template
Answers
Suggested answer: A, C, E

Explanation:

In a FortiManager SD-WAN overlay template configuration for a spoke device, the system template (A) is created to provide basic device settings. The IPsec tunnel template (C) is generated to establish secure tunnels between the spoke and the hub devices. Lastly, the overlay template (E) is configured to specify the overlay network settings, which often include the SD-WAN rules and performance SLAs.

Question 66

Report
Export
Collapse

Which type statements about the SD-WAN members are true? (Choose two.)

A.
You can manually define the SD-WAN members sequence number.
A.
You can manually define the SD-WAN members sequence number.
Answers
B.
Interfaces of type virtual wire pair can be used as SD-WAN members.
B.
Interfaces of type virtual wire pair can be used as SD-WAN members.
Answers
C.
Interfaces of type VLAN can be used as SD-WAN members.
C.
Interfaces of type VLAN can be used as SD-WAN members.
Answers
D.
An SD-WAN member can belong to two or more SD-WAN zones.
D.
An SD-WAN member can belong to two or more SD-WAN zones.
Answers
Suggested answer: A, C

Explanation:

SD-WAN members can be manually ordered by changing their sequence number (A), which allows administrators to prioritize the interfaces according to the routing requirements. Also, VLAN interfaces can be used as SD-WAN members (C), providing flexibility in network design and the use of existing VLAN infrastructure within the SD-WAN setup.

Question 67

Report
Export
Collapse

Refer to the exhibit, which shows the IPsec phase 1 configuration of a spoke.

What must you configure on the IPsec phase 1 configuration for ADVPN to work with SD-WAN?

A.
You must set ike-version to 1.
A.
You must set ike-version to 1.
Answers
B.
You must enable net-device.
B.
You must enable net-device.
Answers
C.
You must enable auto-discovery-sender.
C.
You must enable auto-discovery-sender.
Answers
D.
You must disable idle-timeout.
D.
You must disable idle-timeout.
Answers
Suggested answer: B

Question 68

Report
Export
Collapse

Refer to the exhibit.

Based on the exhibit, which statement about FortiGate re-evaluating traffic is true?

A.
The type of traffic defined and allowed on firewall policy ID 1 is UDP.
A.
The type of traffic defined and allowed on firewall policy ID 1 is UDP.
Answers
B.
FortiGate has terminated the session after a change on policy ID 1.
B.
FortiGate has terminated the session after a change on policy ID 1.
Answers
C.
Changes have been made on firewall policy ID 1 on FortiGate.
C.
Changes have been made on firewall policy ID 1 on FortiGate.
Answers
D.
Firewall policy ID 1 has source NAT disabled.
D.
Firewall policy ID 1 has source NAT disabled.
Answers
Suggested answer: C

Question 69

Report
Export
Collapse

What are two reasons for using FortiManager to organize and manage the network for a group of FortiGate devices? (Choose two.)

A.
It simplifies the deployment and administration of SD-WAN on managed FortiGate devices.
A.
It simplifies the deployment and administration of SD-WAN on managed FortiGate devices.
Answers
B.
It improves SD-WAN performance on the managed FortiGate devices.
B.
It improves SD-WAN performance on the managed FortiGate devices.
Answers
C.
It sends probe signals as health checks to the beacon servers on behalf of FortiGate.
C.
It sends probe signals as health checks to the beacon servers on behalf of FortiGate.
Answers
D.
It acts as a policy compliance entity to review all managed FortiGate devices.
D.
It acts as a policy compliance entity to review all managed FortiGate devices.
Answers
E.
It reduces WAN usage on FortiGate devices by acting as a local FortiGuard server.
E.
It reduces WAN usage on FortiGate devices by acting as a local FortiGuard server.
Answers
Suggested answer: A, E

Question 70

Report
Export
Collapse

In the default SD-WAN minimum configuration, which two statements are correct when traffic matches the default implicit SD-WAN rule? (Choose two )

A.
Traffic has matched none of the FortiGate policy routes.
A.
Traffic has matched none of the FortiGate policy routes.
Answers
B.
Matched traffic failed RPF and was caught by the rule.
B.
Matched traffic failed RPF and was caught by the rule.
Answers
C.
The FIB lookup resolved interface was the SD-WAN interface.
C.
The FIB lookup resolved interface was the SD-WAN interface.
Answers
D.
An absolute SD-WAN rule was defined and matched traffic.
D.
An absolute SD-WAN rule was defined and matched traffic.
Answers
Suggested answer: A, C
Total 97 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms