Fortinet nse7-sdw-7-0 practice test

Fortinet NSE 7 - SD-WAN 7.0

Last exam update: Nov 30 ,2023
Page 1 out of 4
Viewing questions 1-10 out of 39

Question 1

Refer to the exhibit, which shows the IPsec phase 1 configuration of a spoke.

What must you configure on the IPsec phase 1 configuration for ADVPN to work with SD-WAN?

  • A. You must set ike-version to 1.
  • B. You must enable net-device.
  • C. You must enable auto-discovery-sender.
  • D. You must disable idle-timeout.
Answer:

c

Discussions
0 / 1000

Question 2

What is the route-tag setting in an SD-WAN rule used for?

  • A. To indicate the routes for health check probes.
  • B. To indicate the destination of a rule based on learned BGP prefixes.
  • C. To indicate the routes that can be used for routing SD-WAN traffic.
  • D. To indicate the members that can be used to route SD-WAN traffic.
Answer:

b

Discussions
0 / 1000

Question 3

Refer to the exhibit.

Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2. The administrator configured ADVPN on both hub-and-spoke groups.
Which two outcomes are expected if a user in Toronto sends traffic to London? (Choose two.)

  • A. London generates an IKE information message that contains the Toronto public IP address.
  • B. Traffic from Toronto to London triggers the dynamic negotiation of a direct site-to-site VPN.
  • C. Toronto needs to establish a site-to-site tunnel with Hub 2 to bypass Hub 1.
  • D. The first packets from Toronto to London are routed through Hub 1 then to Hub 2.
Answer:

bd

Discussions
0 / 1000

Question 4

Which diagnostic command can you use to show the configured SD-WAN zones and their assigned members?

  • A. diagnose sys sdwan zone
  • B. diagnose sys sdwan service
  • C. diagnose sys sdwan member
  • D. diagnose sys sdwan interface
Answer:

c

Discussions
0 / 1000

Question 5

Refer to the exhibit.



Based on the exhibit, which action does FortiGate take?

  • A. FortiGate bounces port5 after it detects all SD-WAN members as dead.
  • B. FortiGate fails over to the secondary device after it detects all SD-WAN members as dead.
  • C. FortiGate brings up port5 after it detects all SD-WAN members as alive.
  • D. FortiGate brings down port5 after it detects all SD-WAN members as dead.
Answer:

b

Discussions
0 / 1000

Question 6

Refer to the exhibit.

The device exchanges routes using IBGP.
Which two statements are correct about the IBGP configuration and routing information on the device? (Choose two.)

  • A. Each BGP route is three hops away from the destination.
  • B. ibgp-multipath is disabled.
  • C. additional-path is enabled.
  • D. You can run the get router info routing-table database command to display the additional paths.
Answer:

ab

Discussions
0 / 1000

Question 7

Refer to the exhibit.

Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules?

  • A. All traffic from a source IP to a destination IP is sent to the same interface.
  • B. All traffic from a source IP is sent to the same interface.
  • C. All traffic from a source IP is sent to the most used interface.
  • D. All traffic from a source IP to a destination IP is sent to the least used interface.
Answer:

b

Discussions
0 / 1000

Question 8

Refer to the exhibits.

Exhibit A

Exhibit B
Exhibit A shows the traffic shaping policy and exhibit B shows the firewall policy.
The administrator wants FortiGate to limit the bandwidth used by YouTube. When testing, the administrator determines that FortiGate does not apply traffic shaping on YouTube traffic.
Based on the policies shown in the exhibits, what configuration change must be made so FortiGate performs traffic shaping on YouTube traffic?

  • A. Destination internet service must be enabled on the traffic shaping policy.
  • B. Application control must be enabled on the firewall policy.
  • C. Web filtering must be enabled on the firewall policy.
  • D. Individual SD-WAN members must be selected as the outgoing interface on the traffic shaping policy.
Answer:

b

Discussions
0 / 1000

Question 9

Which diagnostic command can you use to show the member utilization statistics measured by performance SLAs for the last 10 minutes?

  • A. diagnose sys sdwan intf-sla-log
  • B. diagnose sys sdwan health-check
  • C. diagnose sys sdwan log
  • D. diagnose sys sdwan sla-log
Answer:

d

Discussions
0 / 1000

Question 10

Which two statements are correct when traffic matches the implicit SD-WAN rule? (Choose two.)

  • A. The sdwan_service_id flag in the session information is 0.
  • B. All SD-WAN rules have the default setting enabled.
  • C. Traffic does not match any of the entries in the policy route table.
  • D. Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting.
Answer:

ad

Discussions
0 / 1000
To page 2