Fortinet NSE7_SDW-7.2 Fortinet NSE 7 - SD-WAN 7.2 Exam Practice Test

The reply direction of the asymmetric traffic flows from port2 to port3.

The auxiliary session can be offloaded to hardware.

The original direction of the symmetric traffic flows from port3 to port2.

The main session cannot be offloaded to hardware.

hold-down-time

link-down-failover

auto-discovery-shortcuts

idle-timeout

Assign an sdwan_id metadata variable to each device (branch and hub).

Assign a branch_id metadata variable to each branch device.

Create policy packages for branch devices.

Configure SD-WAN rules.

Configure routing through overlay tunnels created by the SD-WAN overlay template.

After FortiGate switches to active mode, FortiGate never fails back to passive monitoring.

During passive monitoring, FortiGate can’t detect dead members.

FortiGate can offload the traffic that is subject to passive monitoring to hardware.

FortiGate passively monitors the member if TCP traffic is passing through the member.

You can assign only one template with a tunnel of fype static to each FortiGate device

You can define only one IPsec tunnel from branch devices to HUB1.

You can assign only one IPsec template to each FortiGate device.

You should review the branch1_fgt configuration for the already configured tunnel with the name HUB1-VPN2.

Learned routes can be used as dynamic destinations in SD-WAN rules.

You must use BGP to route traffic for both overlay and underlay links.

You must configure AS path prepending.

You must use external BGP.

FortiGate performs route lookups for new sessions only.

Regular policy routes have precedence over SD-WAN rules.

SD-WAN rules have precedence over ISDB routes.

By default, SD-WAN members are skipped if they do not have a valid route to the destination.

By default, SD-WAN rules are skipped if the best route to the destination is not an SD-WAN member.

FortiGate applies traffic shaping to the original traffic direction only.

FortiGate shares 10 Mbps of bandwidth equally among all source IP addresses.

RIAS

Fortigate limits each source ip address to a maximum bandwidth of 10 Mbps.

FortiGate guarantees a minimum of 10 Mbps of bandwidth to each source IP address.

Create a new firewall policy, and the select the SD-WAN zone as Incoming Interface.

In the traffic shaping policy, select Assign Shaping Class ID as Action.

In the firewall policy, select Proxy-based as Inspection Mode.

In the traffic shaping policy, enable Reverse shaper, and then select the traffic shaper to use.

You must use BGP to route traffic for both overlay and underlay links.

You must configure AS path prepending.

You must configure BGP communities.

IBGP is preferred over EBGP, because IBGP preserves next hop information.

Set priority 10.

Set cost 15.

Set load-balance-mode source-ip-ip-based.

Set source 100.64.1.1.

It creates redundant tunnels between hub-and-spokes, in case failure takes place on the primary links.

It dynamically assigns cost and weight between the hub and the spokes, based on the physical distance.

It ensures that spoke-to-spoke traffic no longer needs to flow through the tunnels through the hub.

It provides direct connectivity between all sites by creating on-demand tunnels between spokes.

FortiGate performed standard FIB routing on the session.

FortiGate will not re-evaluate the session following a firewall policy change.

FortiGate used192.2.0.1as the gateway for the original direction of the traffic.

FortiGate must re-evaluate the session due to routing change.

A peer ID is included in the first packet from the initiator, along with suggested security policies.

XAuth is enabled as an additional level of authentication, which requires a username and password.

Three packets are exchanged between an initiator and a responder instead of six packets.

The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.

VPN monitor tool provides additional statistics for tunnels defined with an IPsec recommended template.

FortiManager automatically installs IPsec tunnels to every spoke when they are added to the FortiManager ADOM.

IPsec recommended template guides the administrator to use Fortinet recommended settings.

IPsec recommended template ensures consistent settings between phase1 and phase2

An IKE session is established between 10.0.1.101 and 10.0.2.101 in the process of forming a shortcut tunnel.

This is a hub that has received an offer from a spoke and has forwarded it to another spoke.

Two spokes. 192.2. 1 and 10.0.2.101. establish a shortcut.

This is a spoke that has received an offer from a remote hub.

FortiGate does not consider the source address of the packet when matching an SD-WAN rule for local-out traffic.

By default, local-out traffic does not use SD-WAN.

By default, FortiGate does not check if the selected member has a valid route to the destination.

You must configure each local-out feature individually, to use SD-WAN.

Setadditional-pathtosend

Enableroute-reflector-client

Setadvertisement-intervalto the number of additional paths to advertise

Setadv-additional-pathto the number of additional paths to advertise

Enablesoft-reconfiguration

Each BGP route is three hops away from the destination.

ibgp-multipath is disabled.

additional-path is enabled.

You can run the get router info routing-table database command to display the additional paths.

You can apply a system template and a CLI template to the same FortiGate device.

A CLI template can be of type CLI script or Perl script.

A template group can include a system template and an SD-WAN template.

A template group can contain CLI templates of both types.

Templates are applied in order, from top to bottom.

It provides the benefits of a full-mesh topology in a hub-and-spoke network.

It provides direct connectivity between spokes by creating shortcuts.

It enables spokes to bypass the hub during shortcut negotiation.

It enables spokes to establish shortcuts to third-party gateways.

It simplifies the deployment and administration of SD-WAN on managed FortiGate devices.

It improves SD-WAN performance on the managed FortiGate devices.

It sends probe signals as health checks to the beacon servers on behalf of FortiGate.

It acts as a policy compliance entity to review all managed FortiGate devices.

It reduces WAN usage on FortiGate devices by acting as a local FortiGuard server.

type must be set to static.

mode-cfg must be enabled.

exchange-interface-ip must be enabled.

add-route must be disabled.

Enable auxiliary-session under config system settings.

Disable tсp-session-without-syn under config system settings.

Enable snat-route-change under config system global.

Disable allow-subnet-overlap under config system settings.

diagnose sys sdwan sla-log

diagnose ays sdwan health-check

diagnose sys sdwan intf-sla-log

diagnose sys sdwan log

When all three members have the same packet loss.

When T_INET_0_0 has 4% packet loss.

When T_INET_0_0 has 12% packet loss.

When T_INET_1_0 has 4% packet loss.

When T_INET_0_0 and T_MPLS_0 have the same latency.

When T_MPLS_0 has a latency of 100 ms.

When T_INET_0_0 has a latency of 250 ms.

When T_N1PLS_0 has a latency of 80 ms.

The session information output displays no SD-WAN-specific details.

All SD-WAN rules have the default and gateway setting enabled.

Traffic does not match any of the entries in the policy route table.

Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting.

http

icmp

twamp

dns