1. Home
  2. Fortinet
  3. NSE7_SDW-7.0

Fortinet NSE 7 - SD-WAN 7.0

Exam Details

  • Exam Code
    :NSE7_SDW-7.0
  • Exam Name
    :Fortinet NSE 7 - SD-WAN 7.0
  • Certification
    :Fortinet Certifications
  • Vendor
    :Fortinet
  • Total Questions
    :134 Q&As
  • Last Updated
    :Jun 17, 2025

Fortinet Fortinet Certifications NSE7_SDW-7.0 Questions & Answers

  • Question 81:

    Which three parameters are available to configure SD-WAN rules? (Choose three.)

    A. Application signatures

    B. Type of physical link connection

    C. URL categories

    D. Source and destination IP address

    E. Internet service database (ISDB) address object

  • Question 82:

    Refer to the exhibit. Exhibit A

    Exhibit B

    Exhibit A shows the system interface with the static routes and exhibit B shows the firewall policies on the managed FortiGate.

    Based on the FortiGate configuration shown in the exhibits, what issue might you encounter when creating an SD-WAN zone for port1 and port2?

    A. port1 is assigned a manual IP address.

    B. port1 is referenced in a firewall policy.

    C. port2 is referenced in a static route.

    D. port1 and port2 are not administratively down.

  • Question 83:

    Which two statements about SD-WAN central management are true? (Choose two.)

    A. The objects are saved in the ADOM common object database.

    B. It does not support meta fields.

    C. It uses templates to configure SD-WAN on managed devices.

    D. It supports normalized interfaces for SD-WAN member configuration.

  • Question 84:

    Refer to the exhibit.

    Based on the output shown in the exhibit, which two criteria on the SD-WAN member configuration can be used to select an outgoing interface in an SD-WAN rule? (Choose two.)

    A. Set priority 10.

    B. Set cost 15.

    C. Set load-balance-mode source-ip-ip-based.

    D. Set source 100.64.1.1.

  • Question 85:

    Refer to the exhibit.

    Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2. The administrator configured ADVPN on both hub-and-spoke groups.

    Which two outcomes are expected if a user in Toronto sends traffic to London? (Choose two.)

    A. London generates an IKE information message that contains the Toronto public IP address.

    B. Traffic from Toronto to London triggers the dynamic negotiation of a direct site-to-site VPN.

    C. Toronto needs to establish a site-to-site tunnel with Hub 2 to bypass Hub 1.

    D. The first packets from Toronto to London are routed through Hub 1 then to Hub 2.

  • Question 86:

    Which are three key routing principles in SD-WAN? (Choose three.)

    A. FortiGate performs route lookups for new sessions only.

    B. Regular policy routes have precedence over SD-WAN rules.

    C. SD-WAN rules have precedence over ISDB routes.

    D. By default, SD-WAN members are skipped if they do not have a valid route to the destination.

    E. By default, SD-WAN rules are skipped if the best route to the destination is not an SD- WAN member.

  • Question 87:

    Refer to the exhibit.

    Which conclusion about the packet debug flow output is correct?

    A. The total number of daily sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped.

    B. The packet size exceeded the outgoing interface MTU.

    C. The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped.

    D. The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the firewall policy, and the packet was dropped.

  • Question 88:

    Refer to the exhibit.

    FortiGate has multiple dial-up VPN interfaces incoming on port1 that match only FIRST_VPN.

    Which two configuration changes must be made to both IPsec VPN interfaces to allow incoming connections to match all possible IPsec dial-up interfaces? (Choose two.)

    A. Specify a unique peer ID for each dial-up VPN interface.

    B. Use different proposals are used between the interfaces.

    C. Configure the IKE mode to be aggressive mode.

    D. Use unique Diffie Hellman groups on each VPN interface.

  • Question 89:

    Refer to the exhibit.

    Which two conclusions for traffic that matches the traffic shaper are true? (Choose two.)

    A. The traffic shaper drops packets if the bandwidth is less than 2500 KBps.

    B. The measured bandwidth is less than 100 KBps.

    C. The traffic shaper drops packets if the bandwidth exceeds 6250 KBps.

    D. The traffic shaper limits the bandwidth of each source IP to a maximum of 6250 KBps.

  • Question 90:

    Refer to the exhibit.

    The exhibit shows the SD-WAN rule status and configuration.

    Based on the exhibit, which change in the measured latency will make T_MPLS_0 the new preferred member?

    A. When T_INET_0_0 and T_MPLS_0 have the same latency.

    B. When T_MPLS_0 has a latency of 100 ms.

    C. When T_INET_0_0 has a latency of 250 ms.

    D. When T_N1PLS_0 has a latency of 80 ms.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Fortinet exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your NSE7_SDW-7.0 exam preparations and Fortinet certification application, do not hesitate to visit our Vcedump.com to find your solutions here.