Labour Day Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 713PS592

  1. Home
  2. Fortinet
  3. NSE 7 Network Security Architect
  4. NSE7_SDW-7.0
  5. Fortinet NSE 7 - SD-WAN 7.0 Questions and Answers

NSE7_SDW-7.0 Fortinet NSE 7 - SD-WAN 7.0 Questions and Answers

Questions 4

Refer to the exhibit.

NSE7_SDW-7.0 Question 4

The exhibit shows the BGP configuration on the hub in a hub-and-spoke topology. The administrator wants BGP to advertise prefixes from spokes to other spokes over the IPsec overlays, including additional paths. However, when looking at the spoke routing table, the administrator does not see the prefixes from other spokes and the additional paths.

Based on the exhibit, which three settings must the administrator configure inside each BGP neighbor group so spokes can learn other spokes prefixes and their additional paths? (Choose three.)

Options:

A.

Set additional-path to send

B.

Enable route-reflector-client

C.

Set advertisement-interval to the number of additional paths to advertise

D.

Set adv-additional-path to the number of additional paths to advertise

E.

Enable soft-reconfiguration

Buy Now
Questions 5

Refer to the exhibit.

NSE7_SDW-7.0 Question 5

Based on the exhibit, which two actions does FortiGate perform on sessions after a firewall policy change? (Choose two.)

Options:

A.

FortiGate flushes all sessions.

B.

FortiGate terminates the old sessions.

C.

FortiGate does not change existing sessions.

D.

FortiGate evaluates new sessions.

Buy Now
Questions 6

Which best describes the SD-WAN traffic shaping mode that bases itself on a percentage of available bandwidth?

Options:

A.

Interface-based shaping mode

B.

Reverse-policy shaping mode

C.

Shared-policy shaping mode

D.

Per-IP shaping mode

Buy Now
Questions 7

Which diagnostic command can you use to show the configured SD-WAN zones and their assigned members?

Options:

A.

diagnose sys sdwan zone

B.

diagnose sys sdwan service

C.

diagnose sys sdwan member

D.

diagnose sys sdwan interface

Buy Now
Questions 8

What does enabling the exchange-interface-ip setting enable FortiGate devices to exchange?

Options:

A.

The gateway address of their IPsec interfaces

B.

The tunnel ID of their IPsec interfaces

C.

The IP address of their IPsec interfaces

D.

The name of their IPsec interfaces

Buy Now
Questions 9

Which diagnostic command can you use to show the member utilization statistics measured by performance SLAs for the last 10 minutes?

Options:

A.

diagnose sys sdwan intf-sla-log

B.

diagnose sys sdwan health-check

C.

diagnose sys sdwan log

D.

diagnose sys sdwan sla-log

Buy Now
Questions 10

Refer to the exhibit.

NSE7_SDW-7.0 Question 10

FortiGate has multiple dial-up VPN interfaces incoming on port1 that match only FIRST_VPN.

Which two configuration changes must be made to both IPsec VPN interfaces to allow incoming connections to match all possible IPsec dial-up interfaces? (Choose two.)

Options:

A.

Specify a unique peer ID for each dial-up VPN interface.

B.

Use different proposals are used between the interfaces.

C.

Configure the IKE mode to be aggressive mode.

D.

Use unique Diffie Hellman groups on each VPN interface.

Buy Now
Questions 11

In a hub-and-spoke topology, what are two advantages of enabling ADVPN on the IPsec overlays? (Choose two.)

Options:

A.

It provides the benefits of a full-mesh topology in a hub-and-spoke network.

B.

It provides direct connectivity between spokes by creating shortcuts.

C.

It enables spokes to bypass the hub during shortcut negotiation.

D.

It enables spokes to establish shortcuts to third-party gateways.

Buy Now
Questions 12

Refer to the exhibits.

Exhibit A

NSE7_SDW-7.0 Question 12

Exhibit B

NSE7_SDW-7.0 Question 12

Exhibit A shows an SD-WAN event log and exhibit B shows the member status and the SD-WAN rule configuration.

Based on the exhibits, which two statements are correct? (Choose two.)

Options:

A.

FortiGate updated the outgoing interface list on the rule so it prefers port2.

B.

Port2 has the highest member priority.

C.

Port2 has a lower latency than port1.

D.

SD-WAN rule ID 1 is set to lowest cost (SLA) mode.

Buy Now
Questions 13

Refer to the exhibit.

NSE7_SDW-7.0 Question 13

Based on the exhibit, which two actions does FortiGate perform on traffic passing through port2? (Choose two.)

Options:

A.

FortiGate does not change the routing information on existing sessions that use a valid gateway, after a route change.

B.

FortiGate performs routing lookups for new sessions only, after a route change.

C.

FortiGate always blocks all traffic, after a route change.

D.

FortiGate flushes all routing information from the session table, after a route change.

Buy Now
Questions 14

Refer to the exhibit.

NSE7_SDW-7.0 Question 14

Based on the exhibit, which two statements are correct about the health of the selected members? (Choose two.)

Options:

A.

After FortiGate switches to active mode, FortiGate never fails back to passive monitoring.

B.

During passive monitoring, FortiGate can’t detect dead members.

C.

FortiGate can offload the traffic that is subject to passive monitoring to hardware.

D.

FortiGate passively monitors the member if TCP traffic is passing through the member.

Buy Now
Questions 15

Which three matching traffic criteria are available in SD-WAN rules? (Choose three.)

Options:

A.

Type of physical link connection

B.

Internet service database (ISDB) address object

C.

Source and destination IP address

D.

URL categories

E.

Application signatures

Buy Now
Questions 16

Refer to the exhibits.

Exhibit A -

NSE7_SDW-7.0 Question 16

Exhibit B -

NSE7_SDW-7.0 Question 16

Exhibit A shows the SD-WAN performance SLA and exhibit B shows the SD-WAN member status, the routing table, and the performance SLA status.

If port2 is detected dead by FortiGate, what is the expected behavior?

Options:

A.

Port2 becomes alive after three successful probes are detected.

B.

FortiGate removes all static routes for port2.

C.

The administrator manually restores the static routes for port2, if port2 becomes alive.

D.

Host 8.8.8.8 is reachable through port1 and port2.

Buy Now
Questions 17

Refer to the exhibits.

NSE7_SDW-7.0 Question 17

Exhibit A shows the packet duplication rule configuration, the SD-WAN zone status output, and the sniffer output on FortiGate acting as the sender. Exhibit B shows the sniffer output on a FortiGate acting as the receiver.

The administrator configured packet duplication on both FortiGate devices. The sniffer output on the sender FortiGate shows that FortiGate forwards an ICMP echo request packet over three overlays, but it only receives one reply packet through T_INET_1_0.

Based on the output shown in the exhibits, which two reasons can cause the observed behavior? (Choose two.)

Options:

A.

On the receiver FortiGate, packet-de-duplication is enabled.

B.

The ICMP echo request packets sent over T_INET_0_0 and T_MPLS_0 were dropped along the way.

C.

The ICMP echo request packets received over T_INET_0_0 and T_MPLS_0 were offloaded to NPU.

D.

On the sender FortiGate, duplication-max-num is set to 3.

Buy Now
Questions 18

Refer to the exhibit.

NSE7_SDW-7.0 Question 18

Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2.

Which two configuration settings are required for Toronto and London spokes to establish an ADVPN shortcut? (Choose two.)

Options:

A.

On the hubs, auto-discovery-sender must be enabled on the IPsec VPNs to spokes.

B.

On the spokes, auto-discovery-receiver must be enabled on the IPsec VPN to the hub.

C.

auto-discovery-forwarder must be enabled on all IPsec VPNs.

D.

On the hubs, net-device must be enabled on all IPsec VPNs.

Buy Now
Questions 19

What are two benefits of using forward error correction (FEC) in IPsec VPNs? (Choose two.)

Options:

A.

FEC supports hardware offloading.

B.

FEC improves reliability of noisy links.

C.

FEC transmits parity packets that can be used to reconstruct packet loss.

D.

FEC can leverage multiple IPsec tunnels for parity packets transmission.

Buy Now
Questions 20

Which are three key routing principles in SD-WAN? (Choose three.)

Options:

A.

FortiGate performs route lookups for new sessions only.

B.

Regular policy routes have precedence over SD-WAN rules.

C.

SD-WAN rules have precedence over ISDB routes.

D.

By default, SD-WAN members are skipped if they do not have a valid route to the destination.

E.

By default, SD-WAN rules are skipped if the best route to the destination is not an SD-WAN member.

Buy Now
Questions 21

Refer to the exhibits.

Exhibit A

NSE7_SDW-7.0 Question 21

Exhibit B -

NSE7_SDW-7.0 Question 21

Exhibit A shows the configuration for an SD-WAN rule and exhibit B shows the respective rule status, the routing table, and the member status.

The administrator wants to understand the expected behavior for traffic matching the SD-WAN rule.

Based on the exhibits, what can the administrator expect for traffic matching the SD-WAN rule?

Options:

A.

The traffic will be load balanced across all three overlays.

B.

The traffic will be routed over T_INET_0_0.

C.

The traffic will be routed over T_MPLS_0.

D.

The traffic will be routed over T_INET_1_0.

Buy Now
Exam Code: NSE7_SDW-7.0
Exam Name: Fortinet NSE 7 - SD-WAN 7.0
Last Update: Apr 27, 2024
Questions: 70

PDF + Testing Engine

$66.4  $165.99
buy now NSE7_SDW-7.0 pdf + testing engine

Testing Engine

$46  $114.99
buy now NSE7_SDW-7.0 testing engine

PDF (Q&A)

$42  $104.99
buy now NSE7_SDW-7.0 pdf