ExamGecko
Search Search Login
Home Home / Fortinet / NSE7_SDW-7.2

Fortinet NSE7_SDW-7.2 Practice Test - Questions Answers, Page 9

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibit. Based on the output shown in the exhibit, which two criteria on the SD-WAN member configuration can be used to select an outgoing interface in an SD-WAN rule? (Choose two.)
Refer to the exhibit. Based on the exhibit, which two actions does FortiGate perform on sessions after a firewall policy change? (Choose two.)
In which SD-WAN template field can you use a metadata variable?
Exhibit B -- Exhibit A shows the system interface with the static routes and exhibit B shows the firewall policies on the managed FortiGate. Based on the FortiGate configuration shown in the exhibits, what issue might you encounter when creating an SD-WAN zone for port1 and port2?
Refer to the exhibit. Which statement explains the output shown in the exhibit?
What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in a hub-and-spoke topology? (Choose two.)
Refer to the exhibit. The exhibit shows output of the command diagnose 3vg sdwan service collected on a FortiGate device. The administrator wants to know through which interface FortiGate will steer the traffic from local users on subnet 10.0.1.0/255.255.255.192 and with a destination of the business application Salesforce located on HO servers 10.0.0.1. Based on the exhibits, which two statements are correct? (Choose two.)
Refer to the exhibit. FortiGate has multiple dial-up VPN interfaces incoming on port1 that match only FIRST_VPN. Which two configuration changes must be made to both IPsec VPN interfaces to allow incoming connections to match all possible IPsec dial-up interfaces? (Choose two.)
Exhibit. The exhibit shows VPN event logs on FortiGate. In the output shown in the exhibit, which statement is true?
Exhibit. The exhibit shows the output of the command diagnose sys sdwan health-check status collected on a FortiGate device. Which two statements are correct about the health check status on this FortiGate device? (Choose two.)

Question 81

Report
Export
Collapse

Refer to the exhibit.

Exhibit A shows the firewall policy and exhibit B shows the traffic shaping policy.

The traffic shaping policy is being applied to all outbound traffic; however, inbound traffic is not being evaluated by the shaping policy.

Based on the exhibits, what configuration change must be made in which policy so that traffic shaping can be applied to inbound traffic?

A.
Create a new firewall policy, and the select the SD-WAN zone as Incoming Interface.
A.
Create a new firewall policy, and the select the SD-WAN zone as Incoming Interface.
Answers
B.
In the traffic shaping policy, select Assign Shaping Class ID as Action.
B.
In the traffic shaping policy, select Assign Shaping Class ID as Action.
Answers
C.
In the firewall policy, select Proxy-based as Inspection Mode.
C.
In the firewall policy, select Proxy-based as Inspection Mode.
Answers
D.
In the traffic shaping policy, enable Reverse shaper, and then select the traffic shaper to use.
D.
In the traffic shaping policy, enable Reverse shaper, and then select the traffic shaper to use.
Answers
Suggested answer: D

Question 82

Report
Export
Collapse

Refer to the exhibit.

Based on the output, which two conclusions are true? (Choose two.)

A.
There is more than one SD-WAN rule configured.
A.
There is more than one SD-WAN rule configured.
Answers
B.
The SD-WAN rules take precedence over regular policy routes.
B.
The SD-WAN rules take precedence over regular policy routes.
Answers
C.
The all_rules rule represents the implicit SD-WAN rule.
C.
The all_rules rule represents the implicit SD-WAN rule.
Answers
D.
Entry 1(id=1) is a regular policy route.
D.
Entry 1(id=1) is a regular policy route.
Answers
Suggested answer: A, D

Question 83

Report
Export
Collapse

What does enabling the exchange-interface-ip setting enable FortiGate devices to exchange?

A.
The gateway address of their IPsec interfaces
A.
The gateway address of their IPsec interfaces
Answers
B.
The tunnel ID of their IPsec interfaces
B.
The tunnel ID of their IPsec interfaces
Answers
C.
The IP address of their IPsec interfaces
C.
The IP address of their IPsec interfaces
Answers
D.
The name of their IPsec interfaces
D.
The name of their IPsec interfaces
Answers
Suggested answer: C

Question 84

Report
Export
Collapse

Which diagnostic command can you use to show the configured SD-WAN zones and their assigned members?

A.
diagnose sys sdwan zone
A.
diagnose sys sdwan zone
Answers
B.
diagnose sys sdwan service
B.
diagnose sys sdwan service
Answers
C.
diagnose sys sdwan member
C.
diagnose sys sdwan member
Answers
D.
diagnose sys sdwan interface
D.
diagnose sys sdwan interface
Answers
Suggested answer: C

Question 85

Report
Export
Collapse

Refer to the exhibit.

Which two SD-WAN template member settings support the use of FortiManager meta fields? (Choose two.)

A.
Cost
A.
Cost
Answers
B.
Interface member
B.
Interface member
Answers
C.
Priority
C.
Priority
Answers
D.
Gateway IP
D.
Gateway IP
Answers
Suggested answer: B, D

Question 86

Report
Export
Collapse

Which two conclusions for traffic that matches the traffic shaper are true? (Choose two.)

A.
The traffic shaper drops packets if the bandwidth is less than 2500 KBps.
A.
The traffic shaper drops packets if the bandwidth is less than 2500 KBps.
Answers
B.
The measured bandwidth is less than 100 KBps.
B.
The measured bandwidth is less than 100 KBps.
Answers
C.
The traffic shaper drops packets if the bandwidth exceeds 6250 KBps.
C.
The traffic shaper drops packets if the bandwidth exceeds 6250 KBps.
Answers
D.
The traffic shaper limits the bandwidth of each source IP to a maximum of 6250 KBps.
D.
The traffic shaper limits the bandwidth of each source IP to a maximum of 6250 KBps.
Answers
Suggested answer: B, C

Question 87

Report
Export
Collapse

Which CLI command do you use to perform real-time troubleshooting for ADVPN negotiation?

A.
get router info routing-table all
A.
get router info routing-table all
Answers
B.
diagnose debug application ike
B.
diagnose debug application ike
Answers
C.
diagnose vpn tunnel list
C.
diagnose vpn tunnel list
Answers
D.
get ipsec tunnel list
D.
get ipsec tunnel list
Answers
Suggested answer: B

Explanation:

IKE real-time debug - useful when debugging ADVPN shortcut messages and spoke-to-spoke negotiations.

* diagnose debug console timestamp enable

* diagnose vpn ike log filter clear

* diagnose vpn ike log filter mdst-addr4 <ip.of.hub> <ip.of.spoke>

* diagnose debug application ike -1

* diagnose debug enable

Question 88

Report
Export
Collapse

Which two statements are correct when traffic matches the implicit SD-WAN rule? (Choose two.)

A.
The sdwan_service_id flag in the session information is 0.
A.
The sdwan_service_id flag in the session information is 0.
Answers
B.
All SD-WAN rules have the default setting enabled.
B.
All SD-WAN rules have the default setting enabled.
Answers
C.
Traffic does not match any of the entries in the policy route table.
C.
Traffic does not match any of the entries in the policy route table.
Answers
D.
Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting.
D.
Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting.
Answers
Suggested answer: A, C

Explanation:

sdwan_service_id is 0 = match SD-WAN implicit rule, study guide 7.0 page 120, 7.2 page 149 SD-WAN rules internally are interpreted as a Policy route, so when the traffic doesn't match with any policy route, it will be flowing by implict policy.

Question 89

Report
Export
Collapse

Refer to the exhibit.

Based on the exhibit, which two actions does FortiGate perform on sessions after a firewall policy change? (Choose two.)

A.
FortiGate flushes all sessions.
A.
FortiGate flushes all sessions.
Answers
B.
FortiGate terminates the old sessions.
B.
FortiGate terminates the old sessions.
Answers
C.
FortiGate does not change existing sessions.
C.
FortiGate does not change existing sessions.
Answers
D.
FortiGate evaluates new sessions.
D.
FortiGate evaluates new sessions.
Answers
Suggested answer: C, D

Explanation:

FortiGate not to flag existing impacted session as dirty by setting firewall-session-dirty to check new. The results is that FortiGate evaluates only new session against the new firewall policy.

Question 90

Report
Export
Collapse

Which two statements about SD-WAN central management are true? (Choose two.)

A.
The objects are saved in the ADOM common object database.
A.
The objects are saved in the ADOM common object database.
Answers
B.
It does not support meta fields.
B.
It does not support meta fields.
Answers
C.
It uses templates to configure SD-WAN on managed devices.
C.
It uses templates to configure SD-WAN on managed devices.
Answers
D.
It supports normalized interfaces for SD-WAN member configuration.
D.
It supports normalized interfaces for SD-WAN member configuration.
Answers
Suggested answer: A, C

Explanation:

Normalized interfaces are not supported for SD-WAN templates. You can create multiple SD-WAN zones and add interface members to the SD-WAN zones. You must bind the interface members by name to physical interfaces or VPN interfaces.https://docs.fortinet.com/document/fortigate/7.0.0/sd-wan-new-features/794804/new-sd-wan-template-fmg

Total 97 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms