Fortinet nse7-sdw-6-4 practice test
Fortinet NSE 7 - SD-WAN 6.4 Exam
Last exam update: Apr 13 ,2024
Question 1
Refer to the exhibit.
Based on output shown in the exhibit, which two commands can be used by SD-WAN rules? (Choose
two.)
- A. set cost 15.
- B. set source 100.64.1.1.
- C. set priority 10.
- D. set load-balance-mode source-ip-based.
Answer:
CD
Question 2
Which two statements reflect the benefits of implementing the ADVPN solution to replace
conventional VPN topologies? (Choose two )
- A. It creates redundant tunnels between hub-and-spokes, in case failure takes place on the primary links. D18912E1457D5D1DDCBD40AB3BF70D5D
- B. It dynamically assigns cost and weight between the hub and the spokes, based on the physical distance.
- C. It ensures that spoke-to-spoke traffic no longer needs to flow through the tunnels through the hub.
- D. It provides direct connectivity between all sites by creating on-demand tunnels between spokes.
Answer:
CD
Question 3
What is the lnkmtd process responsible for?
- A. Monitoring links for any bandwidth saturation
- B. Processing performance SLA probes
- C. Flushing route tags addresses
- D. Logging interface quality information
Answer:
D
Question 4
Refer to the exhibit.
Multiple IPsec VPNs are formed between two hub-and-spokes groups, and site-to-site between Hub
1 and Hub 2 The administrator configured ADVPN on the dual regions topology
Which two statements are correct if a user in Toronto sends traffic to London? (Choose two )
- A. Toronto needs to establish a site-to-site tunnel with Hub 2 to bypass Hub 1.
- B. The first packets from Toronto to London are routed through Hub 1 then to Hub 2.
- C. Traffic from Toronto to London triggers the dynamic negotiation of a direct site-to-site VPN
- D. London generates an IKE information message that contains the Toronto public IP address
Answer:
AC
Reference:
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/320160/example-advpn-
configuration
Question 5
Which statement is correct about the SD-WAN and ADVPN?
- A. ADVPN interface can be a member of SD-WAN interface.
- B. Dynamic VPN is not supported as an SD-Wan interface.
- C. Spoke support dynamic VPN as a static interface.
- D. Hub FortiGate is limited to use ADVPN as SD-WAN member interface.
Answer:
A
Question 6
Refer to exhibits.
Exhibit A shows the source NAT global setting and exhibit B shows the routing table on FortiGate.
Based on the exhibits, which two statements about increasing the port2 interface priority to 20 are
true? (Choose two.)
- A. All the existing sessions that do not use SNAT will be flushed and routed through port1.
- B. All the existing sessions will continue to use port2, and new sessions will use port1.
- C. All the existing sessions using SNAT will be flushed and routed through port1.
- D. All the existing sessions will be blocked from using port1 and port2.
Answer:
BC
Question 7
Refer to exhibits.
Exhibit A.
Exhibit B.
Exhibit A shows the traffic shaping policy and exhibit B show: the firewall policy
FortiGate is not performing traffic shaping as expected basi on the policies shown in the exhibits.
To correct this traffic shaping issue on FortiGate, what configuration change must be made on which
policy?
- A. The shaper mode must be applied per-IP shaper on the traffic shaping policy
- B. The application control profile must be enabled on the firewall policy.
- C. The web filter profile must be enabled on the firewall policy
- D. The URL category must be specified on the traffic shaping policy
Answer:
C
Question 8
Which three parameters are available to configure SD-WAN rules? (Choose three.)
- A. Application signatures
- B. Type of physical link connection
- C. URL categories
- D. Source and destination IP address
- E. Internet service database (ISDB) address object
Answer:
BDE
Question 9
Which statement reflects how BGP tags work with SD-WAN rules?
- A. BGP tags match the SD-WAN rule based on the order that these rules were installed.
- B. BGP tags require that the adding of static routes be enabled on all ADVPN interfaces
- C. Route tags are used for a BGP community and the SD-WAN rules are assigned the same tag
- D. VPN topologies are formed using only BGP dynamic routing with SD-WAN
Answer:
D
Question 10
Refer to exhibits.
Exhibit A.
Exhibit B.
Exhibit A shows the SD-WAN performance SLA and exhibit B shows the SO-WAN interface and the
static routes configuration.
Port1 and port2 are member interfaces of the SD-WAN, and port2 becomes a dead member after
reaching the failure thresholds
Which statement about the dead member is correct?
- A. Subnets 100 .64.1.0/23 and 172 . 20 . 0. 0/16 are reachable only through port1
- B. SD-WAN interface becomes disabled and port1 becomes the WAN interface
- C. Dead members require manual administrator access to bring them back alive
- D. Port2 might become alive when a single response is received from an SLA server
Answer:
A
Question 11
Refer to the exhibit.
Which two statements about the debug output are correct? (Choose two )
- A. The debug output shows per-IP shaper values and real-time readings.
- B. This traffic shaper drops traffic that exceeds the set limits.
- C. Traffic being controlled by the traffic shaper is under 1 Kbps.
- D. FortiGate provides statistics and reading based on historical traffic logs.
Answer:
AB
Question 12
Which two reasons make forward error correction (FEC) ideal to enable in a phase one VPN
interface? (Choose two )
- A. FEC transmits the original payload in full to recover the error in transmission.
- B. FEC improves reliability which overcomes adverse WAN conditions such as noisy links.
- C. FEC is useful to increase speed at which traffic is routed through IPsec tunnels.
- D. FEC transmits additional packets as redundant data to the remote device.
- E. FEC reduces the stress on the remote device jitter buffer to reconstruct packet loss
Answer:
BD
Question 13
Which statement about using BGP routes in SD-WAN is true?
- A. Adding static routes must be enabled on all ADVPN interfaces.
- B. VPN topologies must be form using only BGP dynamic routing with SD-WAN
- C. Learned routes can be used as dynamic destinations in SD-WAN rules
- D. Dynamic routing protocols can be used only with non-encrypted traffic
Answer:
C
Question 14
Refer to exhibits.
Exhibit A shows the performance SLA exhibit B shows the SD-WAN diagnostics output.
Based on the exhibits, which statement is correct?
- A. Both SD-WAN member interfaces have used separate SLA targets.
- B. The SLA state of port1 is dead after five unanswered requests by the SLA servers.
- C. Port1 became dead 1ecause no traffic was offload through the egress of port1.
- D. SD-WAN member interfaces are affected by the SLA state of the inactive interface
Answer:
B
Question 15
Which diagnostic command can you use to show the SD-WAN rules interface information and state?
- A. diagnose sys virtual-wan-link neighbor.
- B. diagnose sys virtual—wan—link route-tag-list
- C. diagnose sys virtual—wan—link member.
- D. diagnose sys virtual-wan-link service
Answer:
C
Reference:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/818746/sd-wan-related-
diagnose-commands