ExamGecko
Search Search Login
Home Home / Fortinet / NSE7_SDW-7.2

Fortinet NSE7_SDW-7.2 Practice Test - Questions Answers, Page 8

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibit. Based on the output shown in the exhibit, which two criteria on the SD-WAN member configuration can be used to select an outgoing interface in an SD-WAN rule? (Choose two.)
Refer to the exhibit. Based on the exhibit, which two actions does FortiGate perform on sessions after a firewall policy change? (Choose two.)
In which SD-WAN template field can you use a metadata variable?
Exhibit B -- Exhibit A shows the system interface with the static routes and exhibit B shows the firewall policies on the managed FortiGate. Based on the FortiGate configuration shown in the exhibits, what issue might you encounter when creating an SD-WAN zone for port1 and port2?
Refer to the exhibit. Which statement explains the output shown in the exhibit?
What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in a hub-and-spoke topology? (Choose two.)
Refer to the exhibit. The exhibit shows output of the command diagnose 3vg sdwan service collected on a FortiGate device. The administrator wants to know through which interface FortiGate will steer the traffic from local users on subnet 10.0.1.0/255.255.255.192 and with a destination of the business application Salesforce located on HO servers 10.0.0.1. Based on the exhibits, which two statements are correct? (Choose two.)
Refer to the exhibit. FortiGate has multiple dial-up VPN interfaces incoming on port1 that match only FIRST_VPN. Which two configuration changes must be made to both IPsec VPN interfaces to allow incoming connections to match all possible IPsec dial-up interfaces? (Choose two.)
Exhibit. The exhibit shows VPN event logs on FortiGate. In the output shown in the exhibit, which statement is true?
Exhibit. The exhibit shows the output of the command diagnose sys sdwan health-check status collected on a FortiGate device. Which two statements are correct about the health check status on this FortiGate device? (Choose two.)

Question 71

Report
Export
Collapse

Refer to the exhibit.

FortiGate has multiple dial-up VPN interfaces incoming on port1 that match only FIRST_VPN.

Which two configuration changes must be made to both IPsec VPN interfaces to allow incoming connections to match all possible IPsec dial-up interfaces? (Choose two.)

A.
Specify a unique peer ID for each dial-up VPN interface.
A.
Specify a unique peer ID for each dial-up VPN interface.
Answers
B.
Use different proposals are used between the interfaces.
B.
Use different proposals are used between the interfaces.
Answers
C.
Configure the IKE mode to be aggressive mode.
C.
Configure the IKE mode to be aggressive mode.
Answers
D.
Use unique Diffie Hellman groups on each VPN interface.
D.
Use unique Diffie Hellman groups on each VPN interface.
Answers
Suggested answer: A, C

Question 72

Report
Export
Collapse

Refer to the exhibits.

Exhibit A

Exhibit B

Exhibit A shows an SD-WAN event log and exhibit B shows the member status and the SD-WAN rule configuration.

Based on the exhibits, which two statements are correct? (Choose two.)

A.
FortiGate updated the outgoing interface list on the rule so it prefers port2.
A.
FortiGate updated the outgoing interface list on the rule so it prefers port2.
Answers
B.
Port2 has the highest member priority.
B.
Port2 has the highest member priority.
Answers
C.
Port2 has a lower latency than port1.
C.
Port2 has a lower latency than port1.
Answers
D.
SD-WAN rule ID 1 is set to lowest cost (SLA) mode.
D.
SD-WAN rule ID 1 is set to lowest cost (SLA) mode.
Answers
Suggested answer: A, C

Question 73

Report
Export
Collapse

Which statement is correct about SD-WAN and ADVPN?

A.
Routes for ADVPN shortcuts must be manually configured.
A.
Routes for ADVPN shortcuts must be manually configured.
Answers
B.
SD-WAN can steer traffic to ADVPN shortcuts, established over IPsec overlays, configured as SD-WAN members.
B.
SD-WAN can steer traffic to ADVPN shortcuts, established over IPsec overlays, configured as SD-WAN members.
Answers
C.
SD-WAN does not monitor the health and performance of ADVPN shortcuts.
C.
SD-WAN does not monitor the health and performance of ADVPN shortcuts.
Answers
D.
You must use IKEv2 on IPsec tunnels.
D.
You must use IKEv2 on IPsec tunnels.
Answers
Suggested answer: B

Question 74

Report
Export
Collapse

Refer to the exhibit.

The exhibit shows the BGP configuration on the hub in a hub-and-spoke topology. The administrator wants BGP to advertise prefixes from spokes to other spokes over the IPsec overlays, including additional paths. However, when looking at the spoke routing table, the administrator does not see the prefixes from other spokes and the additional paths.

Based on the exhibit, which three settings must the administrator configure inside each BGP neighbor group so spokes can learn other spokes prefixes and their additional paths? (Choose three.)

A.
Set additional-path to send
A.
Set additional-path to send
Answers
B.
Enable route-reflector-client
B.
Enable route-reflector-client
Answers
C.
Set advertisement-interval to the number of additional paths to advertise
C.
Set advertisement-interval to the number of additional paths to advertise
Answers
D.
Set adv-additional-path to the number of additional paths to advertise
D.
Set adv-additional-path to the number of additional paths to advertise
Answers
E.
Enable soft-reconfiguration
E.
Enable soft-reconfiguration
Answers
Suggested answer: A, B, D

Question 75

Report
Export
Collapse

Refer to the exhibit.

The exhibit shows the details of a session and the index numbers of some relevant interfaces on a FortiGate appliance that supports hardware offloading. Based on the information shown in the exhibits, which two statements about the session are true? (Choose two.)

A.
The reply direction of the asymmetric traffic flows from port2 to port3.
A.
The reply direction of the asymmetric traffic flows from port2 to port3.
Answers
B.
The auxiliary session can be offloaded to hardware.
B.
The auxiliary session can be offloaded to hardware.
Answers
C.
The original direction of the symmetric traffic flows from port3 to port2.
C.
The original direction of the symmetric traffic flows from port3 to port2.
Answers
D.
The main session cannot be offloaded to hardware.
D.
The main session cannot be offloaded to hardware.
Answers
Suggested answer: A, B

Question 76

Report
Export
Collapse

Refer to the exhibit.

In a dual-hub hub-and-spoke SD-WAN deployment, which is a benefit of disabling the anti-replay setting on the hubs?

A.
It instructs the hub to disable the reordering of TCP packets on behalf of the receiver, to improve performance.
A.
It instructs the hub to disable the reordering of TCP packets on behalf of the receiver, to improve performance.
Answers
B.
It instructs the hub to disable TCP sequence number check, which is required for TCP sessions originated from spokes to fail over back and forth between the hubs.
B.
It instructs the hub to disable TCP sequence number check, which is required for TCP sessions originated from spokes to fail over back and forth between the hubs.
Answers
C.
It instructs the hub to not check the ESP sequence numbers on IPsec traffic, to improve performance.
C.
It instructs the hub to not check the ESP sequence numbers on IPsec traffic, to improve performance.
Answers
D.
It instructs the hub to skip content inspection on TCP traffic, to improve performance.
D.
It instructs the hub to skip content inspection on TCP traffic, to improve performance.
Answers
Suggested answer: B

Question 77

Report
Export
Collapse

Refer to the exhibit.

Based on the exhibit, which two actions does FortiGate perform on traffic passing through port2? (Choose two.)

A.
FortiGate does not change the routing information on existing sessions that use a valid gateway, after a route change.
A.
FortiGate does not change the routing information on existing sessions that use a valid gateway, after a route change.
Answers
B.
FortiGate performs routing lookups for new sessions only, after a route change.
B.
FortiGate performs routing lookups for new sessions only, after a route change.
Answers
C.
FortiGate always blocks all traffic, after a route change.
C.
FortiGate always blocks all traffic, after a route change.
Answers
D.
FortiGate flushes all routing information from the session table, after a route change.
D.
FortiGate flushes all routing information from the session table, after a route change.
Answers
Suggested answer: A, B

Question 78

Report
Export
Collapse

Refer to the exhibit, which shows an SD-WAN zone configuration on the FortiGate GUI.

Based on the exhibit, which statement is true?

A.
You can delete the virtual-wan-link zone because it contains no member.
A.
You can delete the virtual-wan-link zone because it contains no member.
Answers
B.
The corporate zone contains no member.
B.
The corporate zone contains no member.
Answers
C.
You can move port1 from the underlay zone to the overlay zone.
C.
You can move port1 from the underlay zone to the overlay zone.
Answers
D.
The overlay zone contains four members.
D.
The overlay zone contains four members.
Answers
Suggested answer: B

Explanation:

Based on the exhibit, the 'corporate' zone contains no member (B). In the FortiGate GUI, zones without members do not display any interfaces listed under them, which is the case for the corporate zone in the exhibit.

Reference: This conclusion is based on standard Fortinet GUI interpretation and the operational logic of SD-WAN zones as per Fortinet's guidelines and user interface standards.

Question 79

Report
Export
Collapse

What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in an hub-and-spoke topology? (Choose two.)

A.
It ensures consistent settings between phase1 and phase2.
A.
It ensures consistent settings between phase1 and phase2.
Answers
B.
It guides the administrator to use Fortinet recommended settings.
B.
It guides the administrator to use Fortinet recommended settings.
Answers
C.
It automatically install IPsec tunnels to every spoke when they are added to the FortiManager ADOM.
C.
It automatically install IPsec tunnels to every spoke when they are added to the FortiManager ADOM.
Answers
D.
The VPN monitor tool provides additional statistics for tunnels defined with an IPsec recommended template.
D.
The VPN monitor tool provides additional statistics for tunnels defined with an IPsec recommended template.
Answers
Suggested answer: A, B

Explanation:

The use of an IPsec recommended template offers the advantage of ensuring consistent settings between phase1 and phase2 (A), which is essential for the stability and security of the IPsec tunnel. Additionally, it guides the administrator to use Fortinet's recommended settings (B), which are designed to optimize performance and security based on Fortinet's best practices.

Reference: The benefits of using IPsec recommended templates are outlined in Fortinet's SD-WAN documentation, which emphasizes the importance of consistency and adherence to recommended configurations.

Question 80

Report
Export
Collapse

Which diagnostic command can you use to show the SD-WAN rules, interface information, and state?

A.
diagnose sys sdwan service
A.
diagnose sys sdwan service
Answers
B.
diagnose sys sdwan route-tag-list
B.
diagnose sys sdwan route-tag-list
Answers
C.
diagnose sys sdwan member
C.
diagnose sys sdwan member
Answers
D.
diagnose sys sdwan neighbor
D.
diagnose sys sdwan neighbor
Answers
Suggested answer: A
Total 97 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms