Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Fortinet NSE7_SDW-7.2 - Fortinet NSE 7 - SD-WAN 7.2

Fortinet NSE7_SDW-7.2 Premium Access     Download Demo    
Page: 2 / 3
Total 99 questions

Which action fortigate performs on the traffic that is subject to a per-IP traffic shaper of 10 Mbps?

A.

FortiGate applies traffic shaping to the original traffic direction only.

B.

FortiGate shares 10 Mbps of bandwidth equally among all source IP addresses.

RIAS

C.

Fortigate limits each source ip address to a maximum bandwidth of 10 Mbps.

D.

FortiGate guarantees a minimum of 10 Mbps of bandwidth to each source IP address.

In which SD-WAN template field can you use a metadata variable?

A.

You can use metadata variables only to define interface members and the gateway IP.

B.

All SD-WAN template fields support metadata variables.

C.

Any field Identified with a dollar sign ($) in a magnifying glass.

D.

Any field identified with an "M" in a circle.

Refer to the exhibits.

Exhibit A -

Exhibit B -

Exhibit A shows the SD-WAN performance SLA and exhibit B shows the SD-WAN member status, the routing table, and the performance SLA status.

If port2 is detected dead by FortiGate, what is the expected behavior?

A.

Port2 becomes alive after three successful probes are detected.

B.

FortiGate removes all static routes for port2.

C.

The administrator manually restores the static routes for port2, if port2 becomes alive.

D.

Host 8.8.8.8 is reachable through port1 and port2.

Refer to the exhibit.

Based on the exhibit, which two statements are correct about the health of the selected members? (Choose two.)

A.

After FortiGate switches to active mode, FortiGate never fails back to passive monitoring.

B.

During passive monitoring, FortiGate can’t detect dead members.

C.

FortiGate can offload the traffic that is subject to passive monitoring to hardware.

D.

FortiGate passively monitors the member if TCP traffic is passing through the member.

Refer to the exhibit.

Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules?

A.

All traffic from a source IP to a destination IP is sent to the same interface.

B.

All traffic from a source IP is sent to the same interface.

C.

All traffic from a source IP is sent to the most used interface.

D.

All traffic from a source IP to a destination IP is sent to the least used interface.

Which CLI command do you use to perform real-time troubleshooting for ADVPN negotiation?

A.

get router info routing-table all

B.

diagnose debug application ike

C.

diagnose vpn tunnel list

D.

get ipsec tunnel list

What is the route-tag setting in an SD-WAN rule used for?

A.

To indicate the routes for health check probes.

B.

To indicate the destination of a rule based on learned BGP prefixes.

C.

To indicate the routes that can be used for routing SD-WAN traffic.

D.

To indicate the members that can be used to route SD-WAN traffic.

Refer to the exhibits.

Exhibit A shows two IPsec templates to define Branch_IPsec_1 and Branch_IPsec_2. Each template defines a VPN tunnel.

Exhibit B shows the error message that FortiManager displayed when the administrator tried to assign the second template to the FortiGate device.

Which statement best explain the cause for this issue?

A.

You can assign only one template with a tunnel of fype static to each FortiGate device

B.

You can define only one IPsec tunnel from branch devices to HUB1.

C.

You can assign only one IPsec template to each FortiGate device.

D.

You should review the branch1_fgt configuration for the already configured tunnel with the name HUB1-VPN2.

Refer to the exhibits.

Exhibit A

Exhibit B

Exhibit A shows the source NAT (SNAT) global setting and exhibit B shows the routing table on FortiGate.

Based on the exhibits, which two actions does FortiGate perform on existing sessions established over port2, if the administrator increases the static route priority on port2 to 20? (Choose two.)

A.

FortiGate flags the sessions as dirty.

B.

FortiGate continues routing the sessions with no SNAT, over port2.

C.

FortiGate performs a route lookup for the original traffic only.

D.

FortiGate updates the gateway information of the sessions with SNAT so that they use port1 instead of port2.

Which are two benefits of using CLI templates in FortiManager? (Choose two.)

A.

You can reference meta fields.

B.

You can configure interfaces as SD-WAN members without having to remove references first.

C.

You can configure FortiManager to sync local configuration changes made on the managed device, to the CLI template.

D.

You can configure advanced CLI settings.