New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Certensure Logo
  1. Home
  2. Fortinet
  3. NSE 7 Network Security Architect
  4. NSE7_SDW-6.4 - Fortinet NSE 7 - SD-WAN 6.4.5

Fortinet NSE7_SDW-6.4 Fortinet NSE 7 - SD-WAN 6.4.5 Exam Practice Test

Demo: 12 questions
Total 80 questions
Get NSE7_SDW-6.4 Full Access Download NSE7_SDW-6.4 PDF

Fortinet NSE 7 - SD-WAN 6.4.5 Questions and Answers

Question 1

Which three protocols are available only on the command line to configure as performance SLA status check? (Choose three.)

Options:

A.

smtp

B.

tcp-echo

C.

twamp

D.

udp-echo

E.

icmp

Question 2

Refer to exhibits.

Exhibit A.

Exhibit B.

Exhibit A, which shows the SD-WAN performance SLA and exhibit B shows the health of the participating SD-WAN members.

Based on the exhibits, which statement is correct?

Options:

A.

The dead member interface stays unavailable until an administrator manually brings the interface back.

B.

The SLA state of port2 has exceeded three consecutive unanswered requests from the SLA server.

C.

Port2 needs to wait 500 milliseconds to change the status from alive to dead.

D.

Check interval is the time to wait before a packet sent by a member interface considered as lost.

Question 3

Refer to the exhibit.

Based on the exhibit, which status description is correct?

Options:

A.

Port1 is dead because it does not meet the SLA target.

B.

Port2 is alive because its packet loss is lower than 10%.

C.

The SD-WAN members are monitored by different performance SLAs.

D.

Traffic matching the SD-WAN rule is steered through port2.

Question 4

Which diagnostic command you can use to show interface-specific SLA logs for the last 10 minutes?

Options:

A.

diagnose sys virtual-wan-link health-check

B.

diagnose sys virtual-wan-link log

C.

diagnose sys virtual-wan-link sla-log

D.

diagnose sys virtual-wan-link intf-sla-log

Question 5

What are two reasons why it is effective to implement the internet service database (ISDB) in an SD-WAN rule? (Choose two )

Options:

A.

The ISDB is dynamically updated and reduces administrative overhead.

B.

The ISDB applies rules to traffic from specific sources, based on application type.

C.

The ISDB requires application control to maintain signatures and perform load-balancing.

D.

The ISDB contains the IP addresses and port ranges of well-known destinations.

Question 6

Refer to the exhibit.

Based on the exhibit, which two actions does FortiGate perform on traffic passing through the SD-WAN member port2? (Choose two.)

Options:

A.

FortiGate performs routing lookups for new sessions only after a route change.

B.

FortiGate marks the routing information on existing sessions as persistent.

C.

FortiGate flushes all routing information from the session table after a route change.

D.

FortiGate always blocks all traffic after a route change.

Question 7

Refer to the exhibit.

Based on the output shown in the exhibit, which two criteria on the SD-WAN member configuration can be used to select an outgoing interface in an SD-WAN rule? (Choose two.)

Options:

A.

Set priority 10.

B.

Set cost 15.

C.

Set load-balance-mode source-ip-ip-based.

D.

Set source 100.64.1.1.

Question 8

Refer to the exhibit.

What must you configure to enable ADVPN?

Options:

A.

On the hub VPN, only the device needs additional phase one sett

B.

ADVPN should only be enabled on unmanaged FortiGate devices.

C.

Each VPN device has a unique pre-shared key configured separately on phase one

D.

The protected subnets should be set to address object to all (0.0 .0. 0/0).

Question 9

Refer to the exhibits.

ExhibitA shows the system interface with the static routes and exhibit B shows the firewall policies on the managed FortiGate.

Based on the FortiGate configuration shown in the exhibits, what issue might you encounter when creating an SD-WAN zone for port1 and port2?

Options:

A.

port2 is referenced in a static route.

B.

port1 is assigned a manual IP address.

C.

port1 and port2 are not administratively down.

D.

port1 is referenced in a firewall policy.

Question 10

Which statement is correct about the SD-WAN and ADVPN?

Options:

A.

ADVPN interface can be a member of SD-WAN interface.

B.

Dynamic VPN is not supported as an SD-Wan interface.

C.

Spoke support dynamic VPN as a static interface.

D.

Hub FortiGate is limited to use ADVPN as SD-WAN member interface.

Question 11

Refer to exhibits.

Exhibit A shows the firewall policy and exhibit B shows the traffic shaping policy.

The traffic shaping policy is being applied to all outbound traffic; however, inbound traffic is not being evaluated by the shaping policy.

Based on the exhibits, what configuration change must be made in which policy so that traffic shaping can be applied to inbound traffic?

Options:

A.

Create a new firewall policy, and the select the SD-WAN zone as Incoming Interface.

B.

In the traffic shaping policy, select Assign Shaping Class ID as Action.

C.

In the firewall policy, select Proxy-based as Inspection Mode.

D.

In the traffic shaping policy, enable Reverse shaper, and then select the traffic shaper to use.

Question 12

Which statement about using BGP routes in SD-WAN is true?

Options:

A.

Learned routes can be used as dynamic destinations in SD-WAN rules.

B.

You must use BGP to route traffic for both overlay and underlay links.

C.

You must configure AS path prepending.

D.

You must use external BGP.

Load More NSE7_SDW-6.4 Questions
Demo: 12 questions
Total 80 questions
Get NSE7_SDW-6.4 Full Access Download NSE7_SDW-6.4 PDF