Fortinet nse7-sdw-7-0 practice test

Fortinet NSE 7 - SD-WAN 7.0

Last exam update: Nov 04 ,2024
Page 1 out of 4. Viewing questions 1-10 out of 39

Question 1

Refer to the exhibit, which shows the IPsec phase 1 configuration of a spoke.

What must you configure on the IPsec phase 1 configuration for ADVPN to work with SD-WAN?

  • A. You must set ike-version to 1.
  • B. You must enable net-device.
  • C. You must enable auto-discovery-sender.
  • D. You must disable idle-timeout.
Mark Question:
Answer:

c

User Votes:
A
50%
B 4 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
davidjulianbaronwork
8 months, 2 weeks ago

B net-device. es requerido

geroboamo
2 months, 2 weeks ago

auto-discovery-sender is meant to be configured on hub phase1 towards scopes


Question 2

What is the route-tag setting in an SD-WAN rule used for?

  • A. To indicate the routes for health check probes.
  • B. To indicate the destination of a rule based on learned BGP prefixes.
  • C. To indicate the routes that can be used for routing SD-WAN traffic.
  • D. To indicate the members that can be used to route SD-WAN traffic.
Mark Question:
Answer:

b

User Votes:
A
50%
B 3 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
davidjulianbaronwork
8 months, 2 weeks ago

es la b To indicate the destination of a rule based on learned BGP prefixes


Question 3

Refer to the exhibit.

Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2. The administrator configured ADVPN on both hub-and-spoke groups.
Which two outcomes are expected if a user in Toronto sends traffic to London? (Choose two.)

  • A. London generates an IKE information message that contains the Toronto public IP address.
  • B. Traffic from Toronto to London triggers the dynamic negotiation of a direct site-to-site VPN.
  • C. Toronto needs to establish a site-to-site tunnel with Hub 2 to bypass Hub 1.
  • D. The first packets from Toronto to London are routed through Hub 1 then to Hub 2.
Mark Question:
Answer:

bd

User Votes:
A
50%
B 3 votes
50%
C
50%
D 3 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
davidjulianbaronwork
8 months, 2 weeks ago

estoy de acuerdo con la respuesta


Question 4

Which diagnostic command can you use to show the configured SD-WAN zones and their assigned members?

  • A. diagnose sys sdwan zone
  • B. diagnose sys sdwan service
  • C. diagnose sys sdwan member
  • D. diagnose sys sdwan interface
Mark Question:
Answer:

c

User Votes:
A 2 votes
50%
B 1 votes
50%
C 2 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
davidjulianbaronwork
8 months, 2 weeks ago

es diagnose sys sdwan zone por que muestra los miembros de la zona

geroboamo
2 months, 2 weeks ago

diag sys sdwan service -> shows sdwan rules related stuff
diag sys sdwan member -> shows sdwan enabled interfaces and their gw
diag sys sdwan interface -> doesn't even exist
diag sys sdwan zone -> shows zones and their associated interfaces


Question 5

Refer to the exhibit.



Based on the exhibit, which action does FortiGate take?

  • A. FortiGate bounces port5 after it detects all SD-WAN members as dead.
  • B. FortiGate fails over to the secondary device after it detects all SD-WAN members as dead.
  • C. FortiGate brings up port5 after it detects all SD-WAN members as alive.
  • D. FortiGate brings down port5 after it detects all SD-WAN members as dead.
Mark Question:
Answer:

b

User Votes:
A 1 votes
50%
B
50%
C 1 votes
50%
D 2 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
geroboamo
2 months, 2 weeks ago

this configuration is used to bring down the alerted interface in case all the health-checks fail


Question 6

Refer to the exhibit.

The device exchanges routes using IBGP.
Which two statements are correct about the IBGP configuration and routing information on the device? (Choose two.)

  • A. Each BGP route is three hops away from the destination.
  • B. ibgp-multipath is disabled.
  • C. additional-path is enabled.
  • D. You can run the get router info routing-table database command to display the additional paths.
Mark Question:
Answer:

ab

User Votes:
A
50%
B
50%
C 4 votes
50%
D 3 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

Refer to the exhibit.

Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules?

  • A. All traffic from a source IP to a destination IP is sent to the same interface.
  • B. All traffic from a source IP is sent to the same interface.
  • C. All traffic from a source IP is sent to the most used interface.
  • D. All traffic from a source IP to a destination IP is sent to the least used interface.
Mark Question:
Answer:

b

User Votes:
A 4 votes
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
geroboamo
2 months, 2 weeks ago

"set load-balance source-dest-ip-based" clearly states that the distribution is based on both source and destination ip values


Question 8

Refer to the exhibits.

Exhibit A

Exhibit B
Exhibit A shows the traffic shaping policy and exhibit B shows the firewall policy.
The administrator wants FortiGate to limit the bandwidth used by YouTube. When testing, the administrator determines that FortiGate does not apply traffic shaping on YouTube traffic.
Based on the policies shown in the exhibits, what configuration change must be made so FortiGate performs traffic shaping on YouTube traffic?

  • A. Destination internet service must be enabled on the traffic shaping policy.
  • B. Application control must be enabled on the firewall policy.
  • C. Web filtering must be enabled on the firewall policy.
  • D. Individual SD-WAN members must be selected as the outgoing interface on the traffic shaping policy.
Mark Question:
Answer:

b

User Votes:
A
50%
B 2 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Which diagnostic command can you use to show the member utilization statistics measured by performance SLAs for the last 10 minutes?

  • A. diagnose sys sdwan intf-sla-log
  • B. diagnose sys sdwan health-check
  • C. diagnose sys sdwan log
  • D. diagnose sys sdwan sla-log
Mark Question:
Answer:

d

User Votes:
A 3 votes
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
geroboamo
2 months, 2 weeks ago

answer is A, you can find it in the sdwan study guide 7.2 page 321


Question 10

Which two statements are correct when traffic matches the implicit SD-WAN rule? (Choose two.)

  • A. The sdwan_service_id flag in the session information is 0.
  • B. All SD-WAN rules have the default setting enabled.
  • C. Traffic does not match any of the entries in the policy route table.
  • D. Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting.
Mark Question:
Answer:

ad

User Votes:
A 3 votes
50%
B
50%
C 3 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
geroboamo
2 months, 2 weeks ago

v4-ecmp-mode setting is available only if you are not using sdwan

geroboamo
2 months, 1 week ago

when traffic is routed according to the default sdwan policy sdwan_service_id is 0 and it is load balanced as per the algorithm chosen in the rule.
answer B doesn't mean anything, and v4-ecmp-mode is used only when sd-wan is not enabled

To page 2