1. Home
  2. Fortinet
  3. NSE7_SDW-6.4

Fortinet NSE 7 - SD-WAN 6.4

Exam Details

  • Exam Code
    :NSE7_SDW-6.4
  • Exam Name
    :Fortinet NSE 7 - SD-WAN 6.4
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :80 Q&As
  • Last Updated
    :Aug 22, 2023

Fortinet Fortinet Certifications NSE7_SDW-6.4 Questions & Answers

  • Question 21:

    Refer to the exhibit.

    Multiple IPsec VPNs are formed between two hub-and-spokes groups, and site-to-site between Hub 1 and Hub 2 The administrator configured ADVPN on the dual regions topology

    Which two statements are correct if a dynamic site-to-site tunne1 between Toronto and London has been established? (Choose two)

    A. auto-discovery-receiver is enabled on the egress VPN interfaces on the spokes

    B. auto-discovery-sender is enabled on the ingress VPN interfaces on hubs

    C. tunnel-search IS set to phase 2 quick mode selectors

    D. add-route is enabled to install static routes on hub devices

    E. auto-discovery-forwarder IS enabled on all VPN interfaces

  • Question 22:

    Refer to the exhibit.

    Which two conclusions for traffic that matches the traffic shaper are true? (Choose two.)

    A. The traffic shaper drops packets if the bandwidth exceeds 6250 KBps.

    B. The traffic shaper limits the bandwidth of each source IP to a maximum of 6250 KBps.

    C. The traffic shaper drops packets if the bandwidth is less than 2500 KBps.

    D. The measured bandwidth is less than 100 KBps.

  • Question 23:

    Refer to exhibits.

    Exhibit A shows the firewall policy and exhibit B shows the traffic shaping policy.

    The traffic shaping policy is being applied to all outbound traffic; however, inbound traffic is not being evaluated by the shaping policy.

    Based on the exhibits, what configuration change must be made in which policy so that traffic shaping can be applied to inbound traffic?

    A. The reverse shaper option must be enabled and a traffic shaper must be selected

    B. The guaranteed-10mbps option must be selected as the reverse shaper option.

    C. A new firewall policy must be created and SD-WAN must be selected as the incoming interface.

    D. The guaranteed-10mbps option must be selected as the per-IP shaper option

  • Question 24:

    In which two ways does FortiGate learn the FortiManager IP address or FQDN for zero-touch provisioning? (Choose two.)

    A. From a FortiGuard definitions update

    B. From the central management configuration configured in FortiDeploy

    C. From a DHCP server configured with options 240 or 241

    D. From another FortiGate device in the same local network

  • Question 25:

    Refer to the exhibit.

    Based on the output, which two statements are true? (Choose two )

    A. The diagnostic output presents only of the policy routes

    B. The all_rules rule is the implicit SD-WAN rule in place

    C. There is more than one SD-WAN rule configured

    D. At least one policy route is implemented and in effect

  • Question 26:

    Which two protocols in the IPsec suite are most used for authentication and encryption? (Choose two)

    A. Secure Shell (SSH)

    B. Encapsulating Security Payload (ESP)

    C. Internet Key Exchange (IKE)

    D. Transport Layer Security (TLS)

    E. Security Association (SA)

  • Question 27:

    Which diagnostic command can you use to show the SD-WAN rules interface information and state?

    A. diagnose sys virtual-wan-link neighbor.

    B. diagnose sys virtual--wan--link route-tag-list

    C. diagnose sys virtual--wan--link member.

    D. diagnose sys virtual-wan-link service

  • Question 28:

    Refer to Exhibit:

    Which statement is correct it the responder FortiGate is using a dynamic routing protocol over the IPsec VPN interface?

    A. The phase 1 type must be changed to static for dynamic routing.

    B. Only dial-up connections without XAuth can be used for the dynamic routing

    C. add-route must be disabled to prevent FortiGate from installing VPN static routes

    D. peertype must be set to accept only one peer ID for a unique VPN interface

  • Question 29:

    Refer to the exhibit

    Which statement about the ADVPN device role in handling traffic is true?

    A. Two spokes 100.64.3.1 and 10.1.2. 254 forward their queries to their hubs

    B. This is a hub that has received a query from a spoke and has forwarded it to another spoke

    C. This is a spoke that has received a query from a remote hub and has forwarded the response to its hub

    D. Two hubs. 10.1.1.254 and 10.1.2.254, are receiving and forwarding queries between each other

  • Question 30:

    Which statement is correct about the SD-WAN and ADVPN?

    A. ADVPN interface can be a member of SD-WAN interface.

    B. Dynamic VPN is not supported as an SD-Wan interface.

    C. Spoke support dynamic VPN as a static interface.

    D. Hub FortiGate is limited to use ADVPN as SD-WAN member interface.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE7_SDW-6.4 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.