Fortinet nse7-sdw-7-2 practice test
fortinet nse 7 - sd-wan 7.2
Question 1
Refer to the exhibits.
Exhibit A.
Exhibit B.
An administrator is testing application steering in SD-WAN. Before generating test traffic, the administrator collected the information shown in exhibit A.
After generating GoToMeeting test traffic, the administrator examined the respective traffic log on FortiAnalyzer, which is shown in exhibit B. The administrator noticed that the traffic matched the implicit SD-WAN rule, but they expected the traffic to match rule ID 1.
Which two reasons explain why some log messages show that the traffic matched the implicit SD-WAN rule? (Choose two.)
- A. Port1 and port2 do not have a valid route to the destination.
- B. The session 3-tuple did not match any of the existing entries in the ISDB application cache.
- C. Full SSL inspection is not enabled on the matching firewall policy.
- D. FortiGate did not refresh the routing information on the session after the application was detected.
Answer:
bd
Question 2
Which diagnostic command can you use to show the member utilization statistics measured by performance SLAs for the last 10 minutes?
- A. diagnose sys sdwan sla-log
- B. diagnose sys sdwan log
- C. diagnose sys sdwan health-check
- D. diagnose sys sdwan intf-sla-log
Answer:
d
Question 3
Which three characteristics apply to provisioning templates available on FortiManager? (Choose three.)
- A. You cannot apply a system template and CLI template to the same FortiGate device.
- B. A CLI template can be of type CLI script or Perl script.
- C. A CLI template group can contain CLI templates of both types.
- D. A template group can include a system template and an SD-WAN template.
- E. CLI templates are applied in order, from top to bottom.
Answer:
bce
Question 4
What is true about SD-WAN multiregion topologies?
- A. It is not compatible with ADVPN.
- B. Routing between the hub and spokes must be BGP.
- C. Regions must correspond to geographical areas.
- D. Each region has its own SD-WAN topology.
Answer:
d
Question 5
Which two statements are correct when traffic matches the implicit SD-WAN rule? (Choose two.)
- A. The session information output displays no SD-WAN-specific details.
- B. All SD-WAN rules have the default and gateway setting enabled.
- C. Traffic does not match any of the entries in the policy route table.
- D. Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting.
Answer:
ac
Question 6
Refer to the exhibit.
The exhibit shows the SD-WAN rule status and configuration.
Based on the exhibit, which change in the measured latency will make T_MPLS_0 the new preferred member?
- A. When T_INET_0_0 has a latency of 250 ms.
- B. When T_MPLS_0 has a latency of 80 ms.
- C. When T_INET_0_0 and T_MPLS_0 have the same latency.
- D. When T_MPLS_0 has a latency of 100 ms.
Answer:
b
Question 7
Refer to the exhibit.
Which statement about the role of the ADVPN device in handling traffic is true?
- A. This is a spoke that has received an offer from a remote hub.
- B. Two spokes, 192.2.0.1 and 10.0.2.101, establish a shortcut.
- C. This is a hub that has received an offer from a spoke and has forwarded it to another spoke.
- D. An IKE session is established between 10.0.1.101 and 10.0.2.101 in the process of forming a shortcut tunnel.
Answer:
c
Question 8
Which CLI command do you use to perform real-time troubleshooting for ADVPN negotiation?
- A. get router info routing-table all
- B. get ipsec tunnel list
- C. diagnose vpn tunnel list
- D. diagnose debug application ike
Answer:
d
Question 9
What are two benefits of using forward error correction (FEC) in IPsec VPNs? (Choose two.)
- A. FEC can leverage multiple IPsec tunnels for parity packets transmission.
- B. FEC transmits parity packets that can be used to reconstruct packet loss.
- C. FEC improves reliability of noisy links.
- D. FEC supports hardware offloading.
Answer:
bc
Question 10
Refer to the exhibit.
The exhibit shows the details of a session and the index numbers of some relevant interfaces on a FortiGate appliance that supports hardware offloading.
Based on the information shown in the exhibits, which two statements about the session are true? (Choose two.)
- A. The main session cannot be offloaded to hardware.
- B. The original direction of the symmetric traffic flows from port3 to port2.
- C. The reply direction of the asymmetric traffic flows from port2 to port3.
- D. The auxiliary session can be offloaded to hardware.
Answer:
cd