Fortinet NSE7_SDW-7.2 Online Practice Questions and Exam Preparation

Fortinet NSE7_SDW-7.2 Online Questions & Answers

• Question 71:

  The administrator uses the FortiManager SD-WAN overlay template to prepare an SD- WAN deployment. With information provided through the SD-WAN overlay template wizard, FortiManager creates templates ready to install on spoke and hub devices.

  Select three templates created by the SD-WAN overlay template for a spoke device.(Choose three.)

  A. System template
  B. BGP template
  C. IPsec tunnel template
  D. CLI template
  E. Overlay template
  B. BGP template
  C. IPsec tunnel template
  D. CLI template

• Question 72:

  Refer to the exhibit.

  

  The exhibit shows output of the command diagnose 3vg sdwan service collected on a FortiGate device.

  The administrator wants to know through which interface FortiGate will steer the traffic from local users on subnet 10.0.1.0/255.255.255.192 and with a destination of the business application Salesforce located on HO servers 10.0.0.1.

  Based on the exhibits, which two statements are correct? (Choose two.)

  A. When FortiGate cannot recognize the application of the flow it steers the traffic destined to server 10.0.0.1 according to service rule 3.
  B. FortiGate steers traffic to HO servers according to service rule 1 and it uses port1 or port2 because both interfaces are selected.
  C. There is no service defined for the Salesforce application, so FortiGate will use the service rule 3 and steer the traffic through interface T_HQ1.
  D. FortiGate steers traffic for business application according to service rule 2 and steers traffic through port2.
  A. When FortiGate cannot recognize the application of the flow it steers the traffic destined to server 10.0.0.1 according to service rule 3.
  D. FortiGate steers traffic for business application according to service rule 2 and steers traffic through port2.

• Question 73:

  Refer to the exhibits.

  

  Exhibit A shows a policy package definition Exhibit B shows the install log that the administrator received when he tried to install the policy package on FortiGate devices. Based on the output shown in the exhibits, what can the administrator do to solve the Issue?

  A. Create dynamic mapping for the LAN interface for all devices in the installation target list.
  B. Use a metadata variable instead of a dynamic interface to define the firewall policy.
  C. Dynamic mapping should be done automatically. Review the LAN interface configuration for branch2_fgt.
  D. Policies can refer to only one LAN source interface. Keep only the D-LAN, which is the dynamic LAN interface.
  A. Create dynamic mapping for the LAN interface for all devices in the installation target list.

• Question 74:

  Refer to the exhibit.

  

  Which statement explains the output shown in the exhibit?

  A. FortiGate performed standard FIB routing on the session.
  B. FortiGate will not re-evaluate the session following a firewall policy change.
  C. FortiGate used192.2.0.1as the gateway for the original direction of the traffic.
  D. FortiGate must re-evaluate the session due to routing change.
  D. FortiGate must re-evaluate the session due to routing change.

• Question 75:

  Refer to the exhibit.

  

  The exhibit shows the SD-WAN rule status and configuration.

  Based on the exhibit, which change in the measured latency will make T_MPLS_0 the new preferred member?

  A. When T_INET_0_0 and T_MPLS_0 have the same latency.
  B. When T_MPLS_0 has a latency of 100 ms.
  C. When T_INET_0_0 has a latency of 250 ms.
  D. When T_N1PLS_0 has a latency of 80 ms.
  D. When T_N1PLS_0 has a latency of 80 ms.

• Question 76:

  Which statement about using BGP for ADVPN is true?

  A. You must use BGP to route traffic for both overlay and underlay links.
  B. You must configure AS path prepending.
  C. You must configure BGP communities.
  D. IBGP is preferred over EBGP, because IBGP preserves next hop information.
  D. IBGP is preferred over EBGP, because IBGP preserves next hop information.

• Question 77:

  Which two statements are true about using SD-WAN to steer local-out traffic? (Choose two.)

  A. FortiGate does not consider the source address of the packet when matching an SD- WAN rule for local-out traffic.
  B. By default, local-out traffic does not use SD-WAN.
  C. By default, FortiGate does not check if the selected member has a valid route to the destination.
  D. You must configure each local-out feature individually, to use SD-WAN.
  B. By default, local-out traffic does not use SD-WAN.
  D. You must configure each local-out feature individually, to use SD-WAN.

• Question 78:

  Which CLI command do you use to perform real-time troubleshooting for ADVPN negotiation?

  A. get router info routing-table all
  B. diagnose debug application ike
  C. diagnose vpn tunnel list
  D. get ipsec tunnel list
  B. diagnose debug application ike

• Question 79:

  Which best describes the SD-WAN traffic shaping mode that bases itself on a percentage of available bandwidth?

  A. Interface-based shaping mode
  B. Reverse-policy shaping mode
  C. Shared-policy shaping mode
  D. Per-IP shaping mode
  A. Interface-based shaping mode

• Question 80:

  Which two statements reflect the benefits of implementing the ADVPN solution to replace conventional VPN topologies? (Choose two.)

  A. It creates redundant tunnels between hub-and-spokes, in case failure takes place on the primary links.
  B. It dynamically assigns cost and weight between the hub and the spokes, based on the physical distance.
  C. It ensures that spoke-to-spoke traffic no longer needs to flow through the tunnels through the hub.
  D. It provides direct connectivity between all sites by creating on-demand tunnels between spokes.
  C. It ensures that spoke-to-spoke traffic no longer needs to flow through the tunnels through the hub.
  D. It provides direct connectivity between all sites by creating on-demand tunnels between spokes.