Fortinet NSE 7 - SD-WAN 7.0 v1.0 (NSE7_SDW-7.0)

Page:    1 / 5   
Total 62 questions

Refer to the exhibit.



Which conclusion about the packet debug flow output is correct?

  • A. The original traffic exceeded the maximum packets per second of the outgoing interface, and the packet was dropped.
  • B. The reply traffic exceeded the maximum bandwidth configured in the traffic shaper, and the packet was dropped.
  • C. The original traffic exceeded the maximum bandwidth of the outgoing interface, and the packet was dropped.
  • D. The original traffic exceeded the maximum bandwidth configured in the traffic shaper, and the packet was dropped.


Answer : D

Refer to the exhibit.



The exhibit shows the BGP configuration on the hub in a hub-and-spoke topology. The administrator wants BGP to advertise prefixes from spokes to other spokes over the IPsec overlays, including additional paths. However, when looking at the spoke routing table, the administrator does not see the prefixes from other spokes and the additional paths.

Based on the exhibit, which three settings must the administrator configure inside each BGP neighbor group so spokes can learn other spokes prefixes and their additional paths? (Choose three.)

  • A. Set additional-path to send
  • B. Enable route-reflector-client
  • C. Set advertisement-interval to the number of additional paths to advertise
  • D. Set adv-additional-path to the number of additional paths to advertise
  • E. Enable soft-reconfiguration


Answer : ABC

Refer to the exhibit.



Which statement explains the output shown in the exhibit?

  • A. FortiGate performed standard FIB routing on the session.
  • B. FortiGate will not re-evaluate the session following a firewall policy change.
  • C. FortiGate used 192.2.0.1 as the gateway for the original direction of the traffic.
  • D. FortiGate must re-evaluate the session due to routing change.


Answer : D

Refer to the exhibit.



The exhibit shows the details of a session and the index numbers of some relevant interfaces on a FortiGate appliance that supports hardware offloading. Based on the information shown in the exhibits, which two statements about the session are true? (Choose two.)

  • A. The reply direction of the asymmetric traffic flows from port2 to port3.
  • B. The auxiliary session can be offloaded to hardware.
  • C. The original direction of the symmetric traffic flows from port3 to port2.
  • D. The main session cannot be offloaded to hardware.


Answer : AB

Refer to the exhibit.



In a dual-hub hub-and-spoke SD-WAN deployment, which is a benefit of disabling the anti-replay setting on the hubs?

  • A. It instructs the hub to disable the reordering of TCP packets on behalf of the receiver, to improve performance.
  • B. It instructs the hub to disable TCP sequence number check, which is required for TCP sessions originated from spokes to fail over back and forth between the hubs.
  • C. It instructs the hub to not check the ESP sequence numbers on IPsec traffic, to improve performance.
  • D. It instructs the hub to skip content inspection on TCP traffic, to improve performance.


Answer : B

Which SD-WAN setting enables FortiGate to delay the recovery of ADVPN shortcuts?

  • A. hold-down-time
  • B. link-down-failover
  • C. auto-discovery-shortcuts
  • D. idle-timeout


Answer : A

Refer to the exhibit.



Which statement about the role of the ADVPN device in handling traffic is true?

  • A. This is a spoke that has received a query from a remote hub and has forwarded the response to its hub.
  • B. Two hubs, 10.0.1.101 and 10.0.2.101, are receiving and forwarding queries between each other.
  • C. This is a hub that has received a query from a spoke and has forwarded it to another spoke.
  • D. Two spokes, 192.2.0.1 and 10.0.2.101, forward their queries to their hubs.


Answer : C

Refer to the exhibit.



Based on the exhibit, which two actions does FortiGate perform on traffic passing through port2? (Choose two.)

  • A. FortiGate does not change the routing information on existing sessions that use a valid gateway, after a route change.
  • B. FortiGate performs routing lookups for new sessions only, after a route change.
  • C. FortiGate always blocks all traffic, after a route change.
  • D. FortiGate flushes all routing information from the session table, after a route change.


Answer : AB

What is a benefit of using application steering in SD-WAN?

  • A. The traffic always skips the regular policy routes.
  • B. You steer traffic based on the detected application.
  • C. You do not need to enable SSL inspection.
  • D. You do not need to configure firewall policies that accept the SD-WAN traffic.


Answer : B

Which two statements about the SD-WAN zone configuration are true? (Choose two.)

  • A. The service-sla-tie-break setting enables you to configure preferred member selection based on the best route to the destination.
  • B. You can delete the default zones.
  • C. The default zones are virtual-wan-link and SASE.
  • D. An SD-WAN member can belong to two or more zones.


Answer : AC

What are two common use cases for remote internet access (RIA)? (Choose two.)

  • A. Provide direct internet access on spokes
  • B. Provide internet access through the hub
  • C. Centralize security inspection on the hub
  • D. Provide thorough inspection on spokes


Answer : BC

Refer to the exhibit.



Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2.

Which two configuration settings are required for Toronto and London spokes to establish an ADVPN shortcut? (Choose two.)

  • A. On the hubs, auto-discovery-sender must be enabled on the IPsec VPNs to spokes.
  • B. On the spokes, auto-discovery-receiver must be enabled on the IPsec VPN to the hub.
  • C. auto-discovery-forwarder must be enabled on all IPsec VPNs.
  • D. On the hubs, net-device must be enabled on all IPsec VPNs.


Answer : AB

Refer to the exhibit.



The exhibit shows the SD-WAN rule status and configuration.

Based on the exhibit, which change in the measured packet loss will make T_INET_1_0 the new preferred member?

  • A. When all three members have the same packet loss.
  • B. When T_INET_0_0 has 4% packet loss.
  • C. When T_INET_0_0 has 12% packet loss.
  • D. When T_INET_1_0 has 4% packet loss.


Answer : A

Refer to the exhibit.



Based on the exhibit, which action does FortiGate take?

  • A. FortiGate bounces port5 after it detects all SD-WAN members as dead.
  • B. FortiGate fails over to the secondary device after it detects all SD-WAN members as dead.
  • C. FortiGate brings up port5 after it detects all SD-WAN members as alive.
  • D. FortiGate brings down port5 after it detects all SD-WAN members as dead.


Answer : B

What are two benefits of using forward error correction (FEC) in IPsec VPNs? (Choose two.)

  • A. FEC supports hardware offloading.
  • B. FEC improves reliability of noisy links.
  • C. FEC transmits parity packets that can be used to reconstruct packet loss.
  • D. FEC can leverage multiple IPsec tunnels for parity packets transmission.


Answer : BC

Page:    1 / 5   
Total 62 questions