Fortinet nse7-sdw-6-4 practice test

Fortinet NSE 7 - SD-WAN 6.4 Exam


Question 1

Refer to the exhibit.

Based on output shown in the exhibit, which two commands can be used by SD-WAN rules? (Choose
two.)

  • A. set cost 15.
  • B. set source 100.64.1.1.
  • C. set priority 10.
  • D. set load-balance-mode source-ip-based.
Answer:

CD

Discussions

Question 2

Which two statements reflect the benefits of implementing the ADVPN solution to replace
conventional VPN topologies? (Choose two )

  • A. It creates redundant tunnels between hub-and-spokes, in case failure takes place on the primary links. D18912E1457D5D1DDCBD40AB3BF70D5D
  • B. It dynamically assigns cost and weight between the hub and the spokes, based on the physical distance.
  • C. It ensures that spoke-to-spoke traffic no longer needs to flow through the tunnels through the hub.
  • D. It provides direct connectivity between all sites by creating on-demand tunnels between spokes.
Answer:

CD

Discussions

Question 3

What is the lnkmtd process responsible for?

  • A. Monitoring links for any bandwidth saturation
  • B. Processing performance SLA probes
  • C. Flushing route tags addresses
  • D. Logging interface quality information
Answer:

D

Discussions

Question 4

Refer to the exhibit.
Multiple IPsec VPNs are formed between two hub-and-spokes groups, and site-to-site between Hub
1 and Hub 2 The administrator configured ADVPN on the dual regions topology

Which two statements are correct if a user in Toronto sends traffic to London? (Choose two )

  • A. Toronto needs to establish a site-to-site tunnel with Hub 2 to bypass Hub 1.
  • B. The first packets from Toronto to London are routed through Hub 1 then to Hub 2.
  • C. Traffic from Toronto to London triggers the dynamic negotiation of a direct site-to-site VPN
  • D. London generates an IKE information message that contains the Toronto public IP address
Answer:

AC

Reference:
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/320160/example-advpn-
configuration

Discussions

Question 5

Which statement is correct about the SD-WAN and ADVPN?

  • A. ADVPN interface can be a member of SD-WAN interface.
  • B. Dynamic VPN is not supported as an SD-Wan interface.
  • C. Spoke support dynamic VPN as a static interface.
  • D. Hub FortiGate is limited to use ADVPN as SD-WAN member interface.
Answer:

A

Discussions

Question 6

Refer to exhibits.


Exhibit A shows the source NAT global setting and exhibit B shows the routing table on FortiGate.
Based on the exhibits, which two statements about increasing the port2 interface priority to 20 are
true? (Choose two.)

  • A. All the existing sessions that do not use SNAT will be flushed and routed through port1.
  • B. All the existing sessions will continue to use port2, and new sessions will use port1.
  • C. All the existing sessions using SNAT will be flushed and routed through port1.
  • D. All the existing sessions will be blocked from using port1 and port2.
Answer:

BC

Discussions

Question 7

Refer to exhibits.
Exhibit A.

Exhibit B.

Exhibit A shows the traffic shaping policy and exhibit B show: the firewall policy
FortiGate is not performing traffic shaping as expected basi on the policies shown in the exhibits.
To correct this traffic shaping issue on FortiGate, what configuration change must be made on which
policy?

  • A. The shaper mode must be applied per-IP shaper on the traffic shaping policy
  • B. The application control profile must be enabled on the firewall policy.
  • C. The web filter profile must be enabled on the firewall policy
  • D. The URL category must be specified on the traffic shaping policy
Answer:

C

Discussions

Question 8

Which three parameters are available to configure SD-WAN rules? (Choose three.)

  • A. Application signatures
  • B. Type of physical link connection
  • C. URL categories
  • D. Source and destination IP address
  • E. Internet service database (ISDB) address object
Answer:

BDE

Discussions

Question 9

Which statement reflects how BGP tags work with SD-WAN rules?

  • A. BGP tags match the SD-WAN rule based on the order that these rules were installed.
  • B. BGP tags require that the adding of static routes be enabled on all ADVPN interfaces
  • C. Route tags are used for a BGP community and the SD-WAN rules are assigned the same tag
  • D. VPN topologies are formed using only BGP dynamic routing with SD-WAN
Answer:

D

Discussions

Question 10

Refer to exhibits.
Exhibit A.

Exhibit B.

Exhibit A shows the SD-WAN performance SLA and exhibit B shows the SO-WAN interface and the
static routes configuration.
Port1 and port2 are member interfaces of the SD-WAN, and port2 becomes a dead member after
reaching the failure thresholds
Which statement about the dead member is correct?

  • A. Subnets 100 .64.1.0/23 and 172 . 20 . 0. 0/16 are reachable only through port1
  • B. SD-WAN interface becomes disabled and port1 becomes the WAN interface
  • C. Dead members require manual administrator access to bring them back alive
  • D. Port2 might become alive when a single response is received from an SLA server
Answer:

A

Discussions
To page 2