1. Home
  2. Fortinet
  3. NSE7_SDW-7.0

Fortinet NSE7_SDW-7.0 Online Practice Questions and Exam Preparation

NSE7_SDW-7.0 Exam Details

  • Exam Code
    :NSE7_SDW-7.0
  • Exam Name
    :Fortinet NSE 7 - SD-WAN 7.0
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :115 Q&As
  • Last Updated
    :Oct 02, 2025

Fortinet NSE7_SDW-7.0 Online Questions & Answers

  • Question 61:

    Refer to the exhibits. Exhibit A

    Exhibit B

    Exhibit A shows the traffic shaping policy and exhibit B shows the firewall policy.

    The administrator wants FortiGate to limit the bandwidth used by YouTube. When testing, the administrator determines that FortiGate does not apply traffic shaping on YouTube traffic.

    Based on the policies shown in the exhibits, what configuration change must be made so FortiGate performs traffic shaping on YouTube traffic?

    A. Destination internet service must be enabled on the traffic shaping policy.
    B. Application control must be enabled on the firewall policy.
    C. Web filtering must be enabled on the firewall policy.
    D. Individual SD-WAN members must be selected as the outgoing interface on the traffic shaping policy.

  • Question 62:

    What are two reasons for using FortiManager to organize and manage the network for a group of FortiGate devices? (Choose two )

    A. It simplifies the deployment and administration of SD-WAN on managed FortiGate devices.
    B. It improves SD-WAN performance on the managed FortiGate devices.
    C. It sends probe signals as health checks to the beacon servers on behalf of FortiGate.
    D. It acts as a policy compliance entity to review all managed FortiGate devices.
    E. It reduces WAN usage on FortiGate devices by acting as a local FortiGuard server.

  • Question 63:

    Which two protocols in the IPsec suite are most used for authentication and encryption? (Choose two)

    A. Secure Shell (SSH)
    B. Encapsulating Security Payload (ESP)
    C. Internet Key Exchange (IKE)
    D. Transport Layer Security (TLS)
    E. Security Association (SA)

  • Question 64:

    Refer to the exhibit.

    Based on output shown in the exhibit, which two commands can be used by SD-WAN rules? (Choose two.)

    A. set cost 15.
    B. set source 100.64.1.1.
    C. set priority 10.
    D. set load-balance-mode source-ip-based.

  • Question 65:

    What is the route-tag setting in an SD-WAN rule used for?

    A. To indicate the routes for health check probes.
    B. To indicate the destination of a rule based on learned BGP prefixes.
    C. To indicate the routes that can be used for routing SD-WAN traffic.
    D. To indicate the members that can be used to route SD-WAN traffic.

  • Question 66:

    Which two statements about SLA targets and SD-WAN rules are true? (Choose two.)

    A. Member metrics are measured only if an SLA target is configured.
    B. SLA targets are used only by SD-WAN rules that are configured with Lowest Cost (SLA) or Maximize Bandwidth (SLA) as strategy.
    C. When configuring an SD-WAN rule, you can select multiple SLA targets of the same performance SLA.
    D. SD-WAN rules use SLA targets to check if the preferred members meet the SLA requirements.

  • Question 67:

    Refer to the exhibit.

    Multiple IPsec VPNs are formed between two hub-and-spokes groups, and site-to-site between Hub 1 and Hub 2 The administrator configured ADVPN on the dual regions topology

    Which two statements are correct if a user in Toronto sends traffic to London? (Choose two )

    A. Toronto needs to establish a site-to-site tunnel with Hub 2 to bypass Hub 1.
    B. The first packets from Toronto to London are routed through Hub 1 then to Hub 2.
    C. London generates an IKE information message that contains the Toronto public IP address.
    D. Traffic from Toronto to London triggers the dynamic negotiation of a direct site-to-site VPN.

  • Question 68:

    Refer to the exhibit.

    Based on the exhibit, which two actions does FortiGate perform on sessions after a firewall policy change? (Choose two.)

    A. FortiGate flushes all sessions.
    B. FortiGate terminates the old sessions.
    C. FortiGate does not change existing sessions.
    D. FortiGate evaluates new sessions.

  • Question 69:

    Refer to the exhibit.

    FortiGate has multiple dial-up VPN interfaces incoming on port1 that match only FIRST_VPN.

    Which two configuration changes must be made to both IPsec VPN interfaces to allow incoming connections to match all possible IPsec dial-up interfaces? (Choose two.)

    A. Specify a unique peer ID for each dial-up VPN interface.
    B. Use different proposals are used between the interfaces.
    C. Configure the IKE mode to be aggressive mode.
    D. Use unique Diffie Hellman groups on each VPN interface.

  • Question 70:

    Refer to the exhibit.

    Multiple IPsec VPNs are formed between two hub-and-spokes groups, and site-to-site between Hub 1 and Hub 2 The administrator configured ADVPN on the dual regions topology

    Which two statements are correct if a dynamic site-to-site tunne1 between Toronto and London has been established? (Choose two)

    A. auto-discovery-receiver is enabled on the egress VPN interfaces on the spokes
    B. auto-discovery-sender is enabled on the ingress VPN interfaces on hubs
    C. tunnel-search IS set to phase 2 quick mode selectors
    D. add-route is enabled to install static routes on hub devices
    E. auto-discovery-forwarder IS enabled on all VPN interfaces

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE7_SDW-7.0 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.