Labour Day - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

NSE7_SDW-7.2 Questions and Answers

Question # 6

Refer to the exhibit.

Which statement about the role of the ADVPN device in handling traffic is true?

A.

This is a spoke that has received a query from a remote hub and has forwarded the response to its hub.

B.

Two hubs, 10.0.1.101 and 10.0.2.101, are receiving and forwarding queries between each other.

C.

This is a hub that has received a query from a spoke and has forwarded it to another spoke.

D.

Two spokes, 192.2.0.1 and 10.0.2.101, forward their queries to their hubs.

Full Access
Question # 7

Which components make up the secure SD-WAN solution?

A.

Application, antivirus, and URL, and SSL inspection

B.

Datacenter, branch offices, and public cloud

C.

FortiGate, FortiManager, FortiAnalyzer, and FortiDeploy

D.

Telephone, ISDN, and telecom network.

Full Access
Question # 8

Refer to the exhibits.

Exhibit A

Exhibit B

Exhibit A shows the SD-WAN performance SLA configuration, the SD-WAN rule configuration, and the application IDs of Facebook and YouTube. Exhibit B shows the firewall policy configuration and the underlay zone status.

Based on the exhibits, which two statements are correct about the health and performance of port1 and port2? (Choose two.)

A.

The performance is an average of the metrics measured for Facebook and YouTube traffic passing through the member.

B.

FortiGate is unable to measure jitter and packet loss on Facebook and YouTube traffic.

C.

FortiGate identifies the member as dead when there is no Facebook and YouTube traffic passing through the member.

D.

Non-TCP Facebook and YouTube traffic are not used for performance measurement.

Full Access
Question # 9

Which two statements about SLA targets and SD-WAN rules are true? (Choose two.)

A.

SD-WAN rules use SLA targets to check if the preferred members meet the SLA requirements

B.

Member metrics are measured only if an SLA target is configured

C.

When configuring an SD-WAN rule you can select multiple SLA targets of the same performance SLA

D.

SLA targets are used only by SD-WAN rules that are configured with Lowest Cost (SLA) or Maximize Bandwidth (SLA) as strategy

Full Access
Question # 10

Which CLI command do you use to perform real-time troubleshooting for ADVPN negotiation?

A.

get router info routing-table all

B.

diagnose debug application ike

C.

diagnose vpn tunnel list

D.

get ipsec tunnel list

Full Access
Question # 11

Refer to the exhibit, which shows the IPsec phase 1 configuration of a spoke.

What must you configure on the IPsec phase 1 configuration for ADVPN to work with SD-WAN?

A.

You must set ike-version to 1.

B.

You must enable net-device.

C.

You must enable auto-discovery-sender.

D.

You must disable idle-timeout.

Full Access
Question # 12

Which two settings can you configure to speed up routing convergence in BGP? (Choose two.)

A.

update-source

B.

set-route-tag

C.

holdtime-timer

D.

link-down-failover

Full Access
Question # 13

Which two statements are true about using SD-WAN to steer local-out traffic? (Choose two.)

A.

FortiGate does not consider the source address of the packet when matching an SD-WAN rule for local-out traffic.

B.

By default, local-out traffic does not use SD-WAN.

C.

By default, FortiGate does not check if the selected member has a valid route to the destination.

D.

You must configure each local-out feature individually, to use SD-WAN.

Full Access
Question # 14

Refer to the exhibit.

Which two SD-WAN template member settings support the use of FortiManager meta fields? (Choose two.)

A.

Cost

B.

Interface member

C.

Priority

D.

Gateway IP

Full Access
Question # 15

Refer to the exhibits.

Exhibit A

Exhibit B

Exhibit A shows the source NAT (SNAT) global setting and exhibit B shows the routing table on FortiGate.

Based on the exhibits, which two actions does FortiGate perform on existing sessions established over port2, if the administrator increases the static route priority on port2 to 20? (Choose two.)

A.

FortiGate flags the sessions as dirty.

B.

FortiGate continues routing the sessions with no SNAT, over port2.

C.

FortiGate performs a route lookup for the original traffic only.

D.

FortiGate updates the gateway information of the sessions with SNAT so that they use port1 instead of port2.

Full Access
Question # 16

Which SD-WAN setting enables FortiGate to delay the recovery of ADVPN shortcuts?

A.

hold-down-time

B.

link-down-failover

C.

auto-discovery-shortcuts

D.

idle-timeout

Full Access
Question # 17

In the default SD-WAN minimum configuration, which two statements are correct when traffic matches the default implicit SD-WAN rule? (Choose two )

A.

Traffic has matched none of the FortiGate policy routes.

B.

Matched traffic failed RPF and was caught by the rule.

C.

The FIB lookup resolved interface was the SD-WAN interface.

D.

An absolute SD-WAN rule was defined and matched traffic.

Full Access
Question # 18

What are two benefits of using the Internet service database (ISDB) in an SD-WAN rule? (Choose two.)

A.

The ISDB is dynamically updated and reduces administrative overhead.

B.

The ISDB requires application control to maintain signatures and perform load balancing.

C.

The ISDB applies rules to traffic from specific sources, based on application type.

D.

The ISDB contains the IP addresses and port ranges of well-known internet services.

Full Access
Question # 19

Refer to the exhibit.

FortiGate has multiple dial-up VPN interfaces incoming on port1 that match only FIRST_VPN.

Which two configuration changes must be made to both IPsec VPN interfaces to allow incoming connections to match all possible IPsec dial-up interfaces? (Choose two.)

A.

Specify a unique peer ID for each dial-up VPN interface.

B.

Use different proposals are used between the interfaces.

C.

Configure the IKE mode to be aggressive mode.

D.

Use unique Diffie Hellman groups on each VPN interface.

Full Access
Question # 20

Refer to the exhibit.

Based on the output, which two conclusions are true? (Choose two.)

A.

There is more than one SD-WAN rule configured.

B.

The SD-WAN rules take precedence over regular policy routes.

C.

The all_rules rule represents the implicit SD-WAN rule.

D.

Entry 1(id=1) is a regular policy route.

Full Access
Question # 21

What is the route-tag setting in an SD-WAN rule used for?

A.

To indicate the routes for health check probes.

B.

To indicate the destination of a rule based on learned BGP prefixes.

C.

To indicate the routes that can be used for routing SD-WAN traffic.

D.

To indicate the members that can be used to route SD-WAN traffic.

Full Access
Question # 22

Which two conclusions for traffic that matches the traffic shaper are true? (Choose two.)

A.

The traffic shaper drops packets if the bandwidth is less than 2500 KBps.

B.

The measured bandwidth is less than 100 KBps.

C.

The traffic shaper drops packets if the bandwidth exceeds 6250 KBps.

D.

The traffic shaper limits the bandwidth of each source IP to a maximum of 6250 KBps.

Full Access
Question # 23

Refer to the exhibit.

Which configuration change is required if the responder FortiGate uses a dynamic routing protocol to exchange routes over IPsec?

A.

type must be set to static.

B.

mode-cfg must be enabled.

C.

exchange-interface-ip must be enabled.

D.

add-route must be disabled.

Full Access
Question # 24

Which two statements are correct when traffic matches the implicit SD-WAN rule? (Choose two.)

A.

The sdwan_service_id flag in the session information is 0.

B.

All SD-WAN rules have the default setting enabled.

C.

Traffic does not match any of the entries in the policy route table.

D.

Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting.

Full Access