New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

NSE7_SDW-7.2 Fortinet NSE 7 - SD-WAN 7.2 Questions and Answers

Questions 4

The SD-WAN overlay template helps to prepare SD-WAN deployments. To complete the tasks performed by the SD-WAN overlay template, the administrator must perform some post-run tasks. What are three mandatory post-run tasks that must be performed? (Choose three.)

Options:

A.

Create policy packages for branch devices.

B.

Assign an sdwan_id metadata variable to each device (branch and hub}.

C.

Configure routing through overlay tunnels created by the SD-WAN overlay template.

D.

Assign a branch_id metadata variable to each branch device.

E.

Configure SD-WAN rules.

Buy Now
Questions 5

Refer to the exhibit.

Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2.

Which two configuration settings are required for Toronto and London spokes to establish an ADVPN shortcut? (Choose two.)

Options:

A.

On the hubs, auto-discovery-sender must be enabled on the IPsec VPNs to spokes.

B.

On the spokes, auto-discovery-receiver must be enabled on the IPsec VPN to the hub.

C.

auto-discovery-forwarder must be enabled on all IPsec VPNs.

D.

On the hubs, net-device must be enabled on all IPsec VPNs.

Buy Now
Questions 6

Which two settings can you configure to speed up routing convergence in BGP? (Choose two.)

Options:

A.

update-source

B.

set-route-tag

C.

holdtime-timer

D.

link-down-failover

Buy Now
Questions 7

Refer to the Exhibits:

Exhibit A, which shows the SD-WAN performance SLA and exhibit B shows the health of the participating SD-WAN members.

Based on the exhibits, which statement is correct?

Options:

A.

The dead member interface stays unavailable until an administrator manually brings the interface back.

B.

Port2 needs to wait 500 milliseconds to change the status from alive to dead.

C.

Static routes using port2 are active in the routing table.

D.

FortiGate has not received three consecutive requests from the SLA server configured for port2.

Buy Now
Questions 8

Refer to the exhibits.

Exhibit A shows the packet duplication rule configuration, the SD-WAN zone status output, and the sniffer output on FortiGate acting as the sender. Exhibit B shows the sniffer output on a FortiGate acting as the receiver.

The administrator configured packet duplication on both FortiGate devices. The sniffer output on the sender FortiGate shows that FortiGate forwards an ICMP echo request packet over three overlays, but it only receives one reply packet through T_INET_1_0.

Based on the output shown in the exhibits, which two reasons can cause the observed behavior? (Choose two.)

Options:

A.

On the receiver FortiGate, packet-de-duplication is enabled.

B.

The ICMP echo request packets sent over T_INET_0_0 and T_MPLS_0 were dropped along the way.

C.

The ICMP echo request packets received over T_INET_0_0 and T_MPLS_0 were offloaded to NPU.

D.

On the sender FortiGate, duplication-max-num is set to 3.

Buy Now
Questions 9

Refer to the exhibit.

Based on the output shown in the exhibit, which two criteria on the SD-WAN member configuration can be used to select an outgoing interface in an SD-WAN rule? (Choose two.)

Options:

A.

Set priority 10.

B.

Set cost 15.

C.

Set load-balance-mode source-ip-ip-based.

D.

Set source 100.64.1.1.

Buy Now
Questions 10

Which diagnostic command can you use to show the configured SD-WAN zones and their assigned members?

Options:

A.

diagnose sys sdwan zone

B.

diagnose sys sdwan service

C.

diagnose sys sdwan member

D.

diagnose sys sdwan interface

Buy Now
Questions 11

What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in a hub-and-spoke topology? (Choose two.)

Options:

A.

VPN monitor tool provides additional statistics for tunnels defined with an IPsec recommended template.

B.

FortiManager automatically installs IPsec tunnels to every spoke when they are added to the FortiManager ADOM.

C.

IPsec recommended template guides the administrator to use Fortinet recommended settings.

D.

IPsec recommended template ensures consistent settings between phase1 and phase2

Buy Now
Questions 12

Which two statements about SD-WAN central management are true? (Choose two.)

Options:

A.

The objects are saved in the ADOM common object database.

B.

It does not support meta fields.

C.

It uses templates to configure SD-WAN on managed devices.

D.

It supports normalized interfaces for SD-WAN member configuration.

Buy Now
Questions 13

Refer to the exhibit.

Which configuration change is required if the responder FortiGate uses a dynamic routing protocol to exchange routes over IPsec?

Options:

A.

type must be set to static.

B.

mode-cfg must be enabled.

C.

exchange-interface-ip must be enabled.

D.

add-route must be disabled.

Buy Now
Questions 14

In which SD-WAN template field can you use a metadata variable?

Options:

A.

You can use metadata variables only to define interface members and the gateway IP.

B.

All SD-WAN template fields support metadata variables.

C.

Any field Identified with a dollar sign ($) in a magnifying glass.

D.

Any field identified with an "M" in a circle.

Buy Now
Questions 15

Which statement about SD-WAN zones is true?

Options:

A.

An SD-WAN zone can contain only one type of interface.

B.

An SD-WAN zone can contain between 0 and 512 members.

C.

You cannot use an SD-WAN zone in static route definitions.

D.

You can configure up to 32 SD-WAN zones per VDOM.

Buy Now
Questions 16

Refer to the exhibits.

Exhibit A

Exhibit B -

Exhibit A shows the configuration for an SD-WAN rule and exhibit B shows the respective rule status, the routing table, and the member status.

The administrator wants to understand the expected behavior for traffic matching the SD-WAN rule.

Based on the exhibits, what can the administrator expect for traffic matching the SD-WAN rule?

Options:

A.

The traffic will be load balanced across all three overlays.

B.

The traffic will be routed over T_INET_0_0.

C.

The traffic will be routed over T_MPLS_0.

D.

The traffic will be routed over T_INET_1_0.

Buy Now
Questions 17

Refer to the exhibits.

Exhibit A

Exhibit B

Exhibit A shows the source NAT (SNAT) global setting and exhibit B shows the routing table on FortiGate.

Based on the exhibits, which two actions does FortiGate perform on existing sessions established over port2, if the administrator increases the static route priority on port2 to 20? (Choose two.)

Options:

A.

FortiGate flags the sessions as dirty.

B.

FortiGate continues routing the sessions with no SNAT, over port2.

C.

FortiGate performs a route lookup for the original traffic only.

D.

FortiGate updates the gateway information of the sessions with SNAT so that they use port1 instead of port2.

Buy Now
Questions 18

Refer to the exhibit.

The exhibit shows the details of a session and the index numbers of some relevant interfaces on a FortiGate appliance that supports hardware offloading. Based on the information shown in the exhibits, which two statements about the session are true? (Choose two.)

Options:

A.

The reply direction of the asymmetric traffic flows from port2 to port3.

B.

The auxiliary session can be offloaded to hardware.

C.

The original direction of the symmetric traffic flows from port3 to port2.

D.

The main session cannot be offloaded to hardware.

Buy Now
Questions 19

What are two reasons for using FortiManager to organize and manage the network for a group of FortiGate devices?  (Choose two.)

Options:

A.

It simplifies the deployment and administration of SD-WAN on managed FortiGate devices.

B.

It improves SD-WAN performance on the managed FortiGate devices.

C.

It sends probe signals as health checks to the beacon servers on behalf of FortiGate.

D.

It acts as a policy compliance entity to review all managed FortiGate devices.

E.

It reduces WAN usage on FortiGate devices by acting as a local FortiGuard server.

Buy Now
Questions 20

Refer to the exhibits.

Exhibit A shows the SD-WAN rule status and the learned BGP routes with community 65000:10.

Exhibit B shows the SD-WAN rule configuration, the BGP neighbor configuration, and the route map configuration.

The administrator wants to steer corporate traffic using routes tags in the SD-WAN rule ID 1.

However, the administrator observes that the corporate traffic does not match the SD-WAN rule ID 1.

Based on the exhibits, which configuration change is required to fix issue?

Options:

A.

In the dcl-lab-rm route map configuration, set set-route-tag to 10.

B.

In SD-WAN rule ID 1, change the destination to use ISDB entries.

C.

In the BGP neighbor configuration, apply the route map dcl-lab-rm in the outbound direction.

D.

In the dcl-lab-rm route map configuration, unset match-community.

Buy Now
Questions 21

Refer to the exhibits.

Exhibit A -

Exhibit B -

Exhibit A shows the SD-WAN performance SLA and exhibit B shows the SD-WAN member status, the routing table, and the performance SLA status.

If port2 is detected dead by FortiGate, what is the expected behavior?

Options:

A.

Port2 becomes alive after three successful probes are detected.

B.

FortiGate removes all static routes for port2.

C.

The administrator manually restores the static routes for port2, if port2 becomes alive.

D.

Host 8.8.8.8 is reachable through port1 and port2.

Buy Now
Questions 22

Refer to the exhibit.

Which conclusion about the packet debug flow output is correct?

Options:

A.

The original traffic exceeded the maximum packets per second of the outgoing interface, and the packet was dropped.

B.

The reply traffic exceeded the maximum bandwidth configured in the traffic shaper, and the packet was dropped.

C.

The original traffic exceeded the maximum bandwidth of the outgoing interface, and the packet was dropped.

D.

The original traffic exceeded the maximum bandwidth configured in the traffic shaper, and the packet was dropped.

Buy Now
Questions 23

Which statement about using BGP for ADVPN is true?

Options:

A.

You must use BGP to route traffic for both overlay and underlay links.

B.

You must configure AS path prepending.

C.

You must configure BGP communities.

D.

IBGP is preferred over EBGP, because IBGP preserves next hop information.

Buy Now
Questions 24

Exhibit.

The exhibit shows the output of the command diagnose sys sdwan health-check status collected on a FortiGate device. Which two statements are correct about the health check status on this FortiGate device? (Choose two.)

Options:

A.

The health-check VPN_PING orders the members according to the lowest jitter.

B.

The interface T_INET_1 missed one SLA target.

C.

There is no SLA criteria configured for the health-check Level3_DNS.

D.

The interface T_INET_0 missed three SLA targets.

Buy Now
Questions 25

Which two conclusions for traffic that matches the traffic shaper are true? (Choose two.)

Options:

A.

The traffic shaper drops packets if the bandwidth is less than 2500 KBps.

B.

The measured bandwidth is less than 100 KBps.

C.

The traffic shaper drops packets if the bandwidth exceeds 6250 KBps.

D.

The traffic shaper limits the bandwidth of each source IP to a maximum of 6250 KBps.

Buy Now
Questions 26

What three characteristics apply to provisioning templates available on FortiManager? (Choose three.)

Options:

A.

You can apply a system template and a CLI template to the same FortiGate device.

B.

A CLI template can be of type CLI script or Perl script.

C.

A template group can include a system template and an SD-WAN template.

D.

A template group can contain CLI templates of both types.

E.

Templates are applied in order, from top to bottom.

Buy Now
Questions 27

Refer to the exhibit.

Based on the exhibit, which action does FortiGate take?

Options:

A.

FortiGate bounces port5 after it detects all SD-WAN members as dead.

B.

FortiGate fails over to the secondary device after it detects all SD-WAN members as dead.

C.

FortiGate brings up port5 after it detects all SD-WAN members as alive.

D.

FortiGate brings down port5 after it detects all SD-WAN members as dead.

Buy Now
Questions 28

Exhibit.

Which conclusion about the packet debug flow output is correct?

Options:

A.

The total number of daily sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped.

B.

The packet size exceeded the outgoing interface MTU.

C.

The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped.

D.

The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the firewall policy, and the packet was dropped.

Buy Now
Exam Code: NSE7_SDW-7.2
Exam Name: Fortinet NSE 7 - SD-WAN 7.2
Last Update: Dec 23, 2024
Questions: 97
NSE7_SDW-7.2 pdf

NSE7_SDW-7.2 PDF

$25.5  $84.99
NSE7_SDW-7.2 Engine

NSE7_SDW-7.2 Testing Engine

$30  $99.99
NSE7_SDW-7.2 PDF + Engine

NSE7_SDW-7.2 PDF + Testing Engine

$40.5  $134.99