Winter Special Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 713PS592

NSE7_SDW-7.2 Fortinet NSE 7 - SD-WAN 7.2 Questions and Answers

Questions 4

Which two statements reflect the benefits of implementing the ADVPN solution to replace conventional VPN topologies? (Choose two.)

Options:

A.

It creates redundant tunnels between hub-and-spokes, in case failure takes place on the primary links.

B.

It dynamically assigns cost and weight between the hub and the spokes, based on the physical distance.

C.

It ensures that spoke-to-spoke traffic no longer needs to flow through the tunnels through the hub.

D.

It provides direct connectivity between all sites by creating on-demand tunnels between spokes.

Buy Now
Questions 5

Which SD-WAN setting enables FortiGate to delay the recovery of ADVPN shortcuts?

Options:

A.

hold-down-time

B.

link-down-failover

C.

auto-discovery-shortcuts

D.

idle-timeout

Buy Now
Questions 6

Which statement is correct about SD-WAN and ADVPN?

Options:

A.

Routes for ADVPN shortcuts must be manually configured.

B.

SD-WAN can steer traffic to ADVPN shortcuts, established over IPsec overlays, configured as SD-WAN members.

C.

SD-WAN does not monitor the health and performance of ADVPN shortcuts.

D.

You must use IKEv2 on IPsec tunnels.

Buy Now
Questions 7

Refer to the exhibit.

NSE7_SDW-7.2 Question 7

Based on the output shown in the exhibit, which two criteria on the SD-WAN member configuration can be used to select an outgoing interface in an SD-WAN rule? (Choose two.)

Options:

A.

Set priority 10.

B.

Set cost 15.

C.

Set load-balance-mode source-ip-ip-based.

D.

Set source 100.64.1.1.

Buy Now
Questions 8

Refer to the exhibit.

Based on the output, which two conclusions are true? (Choose two.)

Options:

A.

There is more than one SD-WAN rule configured.

B.

The SD-WAN rules take precedence over regular policy routes.

C.

Theall_rulesrule represents the implicit SD-WAN rule.

D.

Entry1(id=1)is a regular policy route.

Buy Now
Questions 9

Refer to the exhibit.

NSE7_SDW-7.2 Question 9

Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules?

Options:

A.

All traffic from a source IP to a destination IP is sent to the same interface.

B.

All traffic from a source IP is sent to the same interface.

C.

All traffic from a source IP is sent to the most used interface.

D.

All traffic from a source IP to a destination IP is sent to the least used interface.

Buy Now
Questions 10

Which two statements about SLA targets and SD-WAN rules are true? (Choose two.)

Options:

A.

When configuring an SD-WAN rule, you can select multiple SLA targets of the same performance SLA.

B.

SD-WAN rules use SLA targets to check if the preferred members meet the SLA requirements.

C.

SLA targets are used only by SD-WAN rules that are configured with Lowest Cost (SLA) or Maximize Bandwidth (SLA) as strategy.

D.

Member metrics are measured only if an SLA target is configured.

Buy Now
Questions 11

NSE7_SDW-7.2 Question 11

Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2. The administrator configured ADVPN on both hub-and-spoke groups.

Which two outcomes are expected if a user in Toronto sends traffic to London? (Choose two.)

Options:

A.

London generates an IKE information message that contains the Toronto public IP address.

B.

Traffic from Toronto to London triggers the dynamic negotiation of a direct site-to-site VPN.

C.

Toronto needs to establish a site-to-site tunnel with Hub 2 to bypass Hub 1.

D.

The first packets from Toronto to London are routed through Hub 1 then to Hub 2.

Buy Now
Questions 12

Exhibit B –

NSE7_SDW-7.2 Question 12

Exhibit A shows the system interface with the static routes and exhibit B shows the firewall policies on the managed FortiGate.

Based on the FortiGate configuration shown in the exhibits, what issue might you encounter when creating an SD-WAN zone for port1 and port2?

Options:

A.

port1 is assigned a manual IP address.

B.

port1 is referenced in a firewall policy.

C.

port2 is referenced in a static route.

D.

port1 and port2 are not administratively down.

Buy Now
Questions 13

Refer to the exhibit.

NSE7_SDW-7.2 Question 13

Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2.

Which two configuration settings are required for Toronto and London spokes to establish an ADVPN shortcut? (Choose two.)

Options:

A.

On the hubs,auto-discovery-sendermust be enabled on the IPsec VPNs to spokes.

B.

On the spokes,auto-discovery-receivermust be enabled on the IPsec VPN to the hub.

C.

auto-discovery-forwardermust be enabled on all IPsec VPNs.

D.

On the hubs,net-devicemust be enabled on all IPsec VPNs.

Buy Now
Questions 14

Refer to the exhibit.

Based on the exhibit, which action does FortiGate take?

Options:

A.

FortiGate bounces port5 after it detects all SD-WAN members as dead.

B.

FortiGate fails over to the secondary device after it detects all SD-WAN members as dead.

C.

FortiGate brings up port5 after it detects all SD-WAN members as alive.

D.

FortiGate brings down port5 after it detects all SD-WAN members as dead.

Buy Now
Questions 15

Refer to the exhibits.

Exhibit A -

Exhibit B -

Exhibit A shows the traffic shaping policy and exhibit B shows the firewall policy.

The administrator wants FortiGate to limit the bandwidth used by YouTube. When testing, the administrator determines that FortiGate does not apply traffic shaping on YouTube traffic.

Based on the policies shown in the exhibits, what configuration change must be made so FortiGate performs traffic shaping on YouTube traffic?

Options:

A.

Destination internet service must be enabled on the traffic shaping policy.

B.

Application control must be enabled on the firewall policy.

C.

Web filtering must be enabled on the firewall policy.

D.

Individual SD-WAN members must be selected as the outgoing interface on the traffic shaping policy.

Buy Now
Questions 16

In the default SD-WAN minimum configuration, which two statements are correct when traffic matches the default implicit SD-WAN rule? (Choose two )

Options:

A.

Traffic has matched none of the FortiGate policy routes.

B.

Matched traffic failed RPF and was caught by the rule.

C.

The FIB lookup resolved interface was the SD-WAN interface.

D.

An absolute SD-WAN rule was defined and matched traffic.

Buy Now
Questions 17

What is the route-tag setting in an SD-WAN rule used for?

Options:

A.

To indicate the routes for health check probes.

B.

To indicate the destination of a rule based on learned BGP prefixes.

C.

To indicate the routes that can be used for routing SD-WAN traffic.

D.

To indicate the members that can be used to route SD-WAN traffic.

Buy Now
Questions 18

What is true about SD-WAN multiregion topologies?

Options:

A.

Each region has its own SD-WAN topology

B.

It is not compatible with ADVPN.

C.

Regions must correspond to geographical areas.

D.

Routing between the hub and spokes must be BGP.

Buy Now
Questions 19

Refer to the exhibit.

Which two statements about the IPsec VPN configuration and the status of the IPsec VPN tunnel are true? (Choose two.)

Options:

A.

FortiGate does not install IPsec static routes for remote protected networks in the routing table. Most Voted

B.

The phase 1 configuration supports the network-overlay setting. Most Voted

C.

FortiGate facilitated the negotiation of the T_INET_1_0_0 ADVPN shortcut over T_INET_1_0.

D.

Dead peer detection is disabled.

Buy Now
Questions 20

Refer to the exhibit.

NSE7_SDW-7.2 Question 20

Which configuration change is required if the responder FortiGate uses a dynamic routing protocol to exchange routes over IPsec?

Options:

A.

type must be set to static.

B.

mode-cfg must be enabled.

C.

exchange-interface-ip must be enabled.

D.

add-route must be disabled.

Buy Now
Questions 21

Which two statements are true about using SD-WAN to steer local-out traffic? (Choose two.)

Options:

A.

FortiGate does not consider the source address of the packet when matching an SD-WAN rule for local-out traffic.

B.

By default, local-out traffic does not use SD-WAN.

C.

By default, FortiGate does not check if the selected member has a valid route to the destination.

D.

You must configure each local-out feature individually, to use SD-WAN.

Buy Now
Questions 22

Refer to the exhibit.

NSE7_SDW-7.2 Question 22

In a dual-hub hub-and-spoke SD-WAN deployment, which is a benefit of disabling theanti-replaysetting on the hubs?

Options:

A.

It instructs the hub to disable the reordering of TCP packets on behalf of the receiver, to improve performance.

B.

It instructs the hub to disable TCP sequence number check, which is required for TCP sessions originated from spokes to fail over back and forth between the hubs.

C.

It instructs the hub to not check the ESP sequence numbers on IPsec traffic, to improve performance.

D.

It instructs the hub to skip content inspection on TCP traffic, to improve performance.

Buy Now
Questions 23

Refer to the exhibits.

Exhibit A

Exhibit B

Exhibit A shows the SD-WAN performance SLA configuration, the SD-WAN rule configuration, and the application IDs of Facebook and YouTube. Exhibit B shows the firewall policy configuration and the underlay zone status.

Based on the exhibits, which two statements are correct about the health and performance of port1 and port2? (Choose two.)

Options:

A.

The performance is an average of the metrics measured for Facebook and YouTube traffic passing through the member.

B.

FortiGate is unable to measure jitter and packet loss on Facebook and YouTube traffic.

C.

FortiGate identifies the member as dead when there is no Facebook and YouTube traffic passing through the member.

D.

Non-TCP Facebook and YouTube traffic are not used for performance measurement.

Buy Now
Questions 24

What does enabling theexchange-interface-ipsetting enable FortiGate devices to exchange?

Options:

A.

The gateway address of their IPsec interfaces

B.

The tunnel ID of their IPsec interfaces

C.

The IP address of their IPsec interfaces

D.

The name of their IPsec interfaces

Buy Now
Questions 25

Refer to the exhibit.

NSE7_SDW-7.2 Question 25

An administrator used the SD-WAN overlay template to prepare an IPsec configuration for a hub-and-spoke SD-WAN topology. The exhibit shows the installation preview for one FortiGate device. In the exhibit, which statement best describes the configuration applied to the FortiGate device?

Options:

A.

It is a hub device. It can send ADVPN shortcut offers.

B.

It is a spoke device that establishes dynamic IPsec tunnels to the hub. The subnet range is 10.10.128.0/23.

C.

It is a spoke device that establishes dynamic IPsec tunnels to the hub. It can send ADVPN shortcut requests.

D.

It is a hub device and will automatically discover the spoke devices that are in the SD-WAN topology.

Buy Now
Questions 26

Exhibit.

The exhibit shows VPN event logs on FortiGate. In the output shown in the exhibit, which statement is true?

Options:

A.

There are no IPsec tunnel statistics log messages for ADVPN cuts.

B.

There is one shortcut tunnel built from master tunnel T_MPLS_0.

C.

The VPN tunnel T_MPLS_0 is a shortcut tunnel.

D.

The master tunnel T_INET_0 cannot accept the ADVPN shortcut. 

Buy Now
Questions 27

Refer to the exhibit.

NSE7_SDW-7.2 Question 27

The exhibit shows output of the command diagnose 3vg sdwan service collected on a FortiGate device.

The administrator wants to know through which interface FortiGate will steer the traffic from local users on subnet 10.0.1.0/255.255.255.192 and with a destination of the business application Salesforce located on HO servers 10.0.0.1.

Based on the exhibits, which two statements are correct? (Choose two.)

Options:

A.

When FortiGate cannot recognize the application of the flow it steers the traffic destined to server 10.0.0.1 according to service rule 3.

B.

FortiGate steers traffic to HO servers according to service rule 1 and it uses port1 or port2 because both interfaces are selected.

C.

There is no service defined for the Salesforce application, so FortiGate will use the service rule 3 and steer the traffic through interface T_HQ1.

D.

FortiGate steers traffic for business application according to service rule 2 and steers traffic through port2.

Buy Now
Questions 28

Which two statements about SLA targets and SD-WAN rules are true? (Choose two.)

Options:

A.

SD-WAN rules use SLA targets to check if the preferred members meet the SLA requirements

B.

Member metrics are measured only if an SLA target is configured

C.

When configuring an SD-WAN rule you can select multiple SLA targets of the same performance SLA

D.

SLA targets are used only by SD-WAN rules that are configured with Lowest Cost (SLA) or Maximize Bandwidth (SLA) as strategy

Buy Now
Questions 29

What are two benefits of choosing packet duplication over FEC for data loss correction on noisy links? (Choose two.)

Options:

A.

Packet duplication can leverage multiple IPsec overlays for sending additional data.

B.

Packet duplication does not require a route to the destination.

C.

Packet duplication supports hardware offloading.

D.

Packet duplication uses smaller parity packets which results in less bandwidth consumption.

Buy Now
Exam Code: NSE7_SDW-7.2
Exam Name: Fortinet NSE 7 - SD-WAN 7.2
Last Update: Dec 3, 2024
Questions: 97

PDF + Testing Engine

$66  $164.99

Testing Engine

$50  $124.99
buy now NSE7_SDW-7.2 testing engine

PDF (Q&A)

$42  $104.99
buy now NSE7_SDW-7.2 pdf