Fortinet NSE7_SDW-7.2 Online Practice Questions and Exam Preparation

Fortinet NSE7_SDW-7.2 Online Questions & Answers

• Question 51:

  Exhibit A shows the system interface with the static routes and exhibit B shows the firewall policies on the managed FortiGate. Exhibt A

  

  Exhibit B

  

  Based on the FortiGate configuration shown in the exhibits, what issue might you encounter when creating an SD-WAN zone for port1 and port2?

  A. port1 is assigned a manual IP address.
  B. port1 is referenced in a firewall policy.
  C. port2 is referenced in a static route.
  D. port1 and port2 are not administratively down.
  B. port1 is referenced in a firewall policy.

• Question 52:

  What are two benefits of using the Internet service database (ISDB) in an SD-WAN rule? (Choose two.)

  A. The ISDB is dynamically updated and reduces administrative overhead.
  B. The ISDB requires application control to maintain signatures and perform load balancing.
  C. The ISDB applies rules to traffic from specific sources, based on application type.
  D. The ISDB contains the IP addresses and port ranges of well-known internet services.
  A. The ISDB is dynamically updated and reduces administrative overhead.
  D. The ISDB contains the IP addresses and port ranges of well-known internet services.

• Question 53:

  Refer to the exhibits.

  

  Exhibit A shows two IPsec templates to define Branch_IPsec_1 and Branch_IPsec_2. Each template defines a VPN tunnel.

  Exhibit B shows the error message that FortiManager displayed when the administrator tried to assign the second template to the FortiGate device.

  Which statement best explain the cause for this issue?

  A. You can assign only one template with a tunnel of fype static to each FortiGate device
  B. You can define only one IPsec tunnel from branch devices to HUB1.
  C. You can assign only one IPsec template to each FortiGate device.
  D. You should review the branch1_fgt configuration for the already configured tunnel with the name HUB1-VPN2.
  C. You can assign only one IPsec template to each FortiGate device.

• Question 54:

  Which two statements describe how IPsec phase 1 main mode id different from aggressive mode when performing IKE negotiation? (Choose two.)

  A. A peer ID is included in the first packet from the initiator, along with suggested security policies.
  B. XAuth is enabled as an additional level of authentication, which requires a username and password.
  C. Three packets are exchanged between an initiator and a responder instead of six packets.
  D. The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.
  A. A peer ID is included in the first packet from the initiator, along with suggested security policies.
  C. Three packets are exchanged between an initiator and a responder instead of six packets.

• Question 55:

  What are two benefits of choosing packet duplication over FEC for data loss correction on noisy links? (Choose two.)

  A. Packet duplication can leverage multiple IPsec overlays for sending additional data.
  B. Packet duplication does not require a route to the destination.
  C. Packet duplication supports hardware offloading.
  D. Packet duplication uses smaller parity packets which results in less bandwidth consumption.
  A. Packet duplication can leverage multiple IPsec overlays for sending additional data.
  C. Packet duplication supports hardware offloading.

• Question 56:

  Refer to the exhibit.

  

  Based on the exhibit, which statement about FortiGate re-evaluating traffic is true?

  A. The type of traffic defined and allowed on firewall policy ID 1 is UDP.
  B. FortiGate has terminated the session after a change on policy ID 1.
  C. Changes have been made on firewall policy ID 1 on FortiGate.
  D. Firewall policy ID 1 has source NAT disabled.
  C. Changes have been made on firewall policy ID 1 on FortiGate.

• Question 57:

  What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in a hub-and-spoke topology? (Choose two.)

  A. VPN monitor tool provides additional statistics for tunnels defined with an IPsec recommended template.
  B. FortiManager automatically installs IPsec tunnels to every spoke when they are added to the FortiManager ADOM.
  C. IPsec recommended template guides the administrator to use Fortinet recommended settings.
  D. IPsec recommended template ensures consistent settings between phase1 and phase2
  B. FortiManager automatically installs IPsec tunnels to every spoke when they are added to the FortiManager ADOM.
  C. IPsec recommended template guides the administrator to use Fortinet recommended settings.

• Question 58:

  Within IPsec tunnel templates available on FortiManager. which template will you use to configure static tunnels for a hub and spoke topology?

  A. Static_IPsec_Recommended
  B. Hub_IPsec_Recommended
  C. Branch_IPsec_Recommended
  D. IPsec_Fortinet_Recommended
  C. Branch_IPsec_Recommended

• Question 59:

  Refer to the exhibit.

  

  FortiGate has multiple dial-up VPN interfaces incoming on port1 that match only FIRST_VPN.

  Which two configuration changes must be made to both IPsec VPN interfaces to allow incoming connections to match all possible IPsec dial-up interfaces? (Choose two.)

  A. Specify a unique peer ID for each dial-up VPN interface.
  B. Use different proposals are used between the interfaces.
  C. Configure the IKE mode to be aggressive mode.
  D. Use unique Diffie Hellman groups on each VPN interface.
  A. Specify a unique peer ID for each dial-up VPN interface.
  C. Configure the IKE mode to be aggressive mode.

• Question 60:

  Refer to the exhibit.

  

  The exhibit shows the SD-WAN rule status and configuration.

  Based on the exhibit, which change in the measured packet loss will make T_INET_1_0 the new preferred member?

  A. When all three members have the same packet loss.
  B. When T_INET_0_0 has 4% packet loss.
  C. When T_INET_0_0 has 12% packet loss.
  D. When T_INET_1_0 has 4% packet loss.
  A. When all three members have the same packet loss.