Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Fortinet NSE7_SDW-7.2 - Fortinet NSE 7 - SD-WAN 7.2

Fortinet NSE7_SDW-7.2 Premium Access     Download Demo    
Page: 3 / 3
Total 99 questions

Which two statements about SLA targets and SD-WAN rules are true? (Choose two.)

A.

When configuring an SD-WAN rule, you can select multiple SLA targets of the same performance SLA.

B.

SD-WAN rules use SLA targets to check if the preferred members meet the SLA requirements.

C.

SLA targets are used only by SD-WAN rules that are configured with Lowest Cost (SLA) or Maximize Bandwidth (SLA) as strategy.

D.

Member metrics are measured only if an SLA target is configured.

Which two statements are correct when traffic matches the implicit SD-WAN rule? (Choose two.)

A.

The session information output displays no SD-WAN-specific details.

B.

All SD-WAN rules have the default and gateway setting enabled.

C.

Traffic does not match any of the entries in the policy route table.

D.

Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting.

Exhibit B –

Exhibit A shows the system interface with the static routes and exhibit B shows the firewall policies on the managed FortiGate.

Based on the FortiGate configuration shown in the exhibits, what issue might you encounter when creating an SD-WAN zone for port1 and port2?

A.

port1 is assigned a manual IP address.

B.

port1 is referenced in a firewall policy.

C.

port2 is referenced in a static route.

D.

port1 and port2 are not administratively down.

Refer to the exhibit.

The exhibit shows output of the command diagnose 3vg sdwan service collected on a FortiGate device.

The administrator wants to know through which interface FortiGate will steer the traffic from local users on subnet 10.0.1.0/255.255.255.192 and with a destination of the business application Salesforce located on HO servers 10.0.0.1.

Based on the exhibits, which two statements are correct? (Choose two.)

A.

When FortiGate cannot recognize the application of the flow it steers the traffic destined to server 10.0.0.1 according to service rule 3.

B.

FortiGate steers traffic to HO servers according to service rule 1 and it uses port1 or port2 because both interfaces are selected.

C.

There is no service defined for the Salesforce application, so FortiGate will use the service rule 3 and steer the traffic through interface T_HQ1.

D.

FortiGate steers traffic for business application according to service rule 2 and steers traffic through port2.

Exhibit.

Which conclusion about the packet debug flow output is correct?

A.

The total number of daily sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped.

B.

The packet size exceeded the outgoing interface MTU.

C.

The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped.

D.

The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the firewall policy, and the packet was dropped.

Refer to the Exhibits:

Exhibit A, which shows the SD-WAN performance SLA and exhibit B shows the health of the participating SD-WAN members.

Based on the exhibits, which statement is correct?

A.

The dead member interface stays unavailable until an administrator manually brings the interface back.

B.

Port2 needs to wait 500 milliseconds to change the status from alive to dead.

C.

Static routes using port2 are active in the routing table.

D.

FortiGate has not received three consecutive requests from the SLA server configured for port2.

Refer to the exhibit.

Based on the output shown in the exhibit, which two criteria on the SD-WAN member configuration can be used to select an outgoing interface in an SD-WAN rule? (Choose two.)

A.

Set priority 10.

B.

Set cost 15.

C.

Set load-balance-mode source-ip-ip-based.

D.

Set source 100.64.1.1.

Refer to the exhibit.

Which statement about the role of the ADVPN device in handling traffic is true?

A.

This is a spoke that has received a query from a remote hub and has forwarded the response to its hub.

B.

Two hubs,10.0.1.101and10.0.2.101, are receiving and forwarding queries between each other.

C.

This is a hub that has received a query from a spoke and has forwarded it to another spoke.

D.

Two spokes,192.2.0.1and10.0.2.101, forward their queries to their hubs.

Refer to the exhibit.

Which two statements about the IPsec VPN configuration and the status of the IPsec VPN tunnel are true? (Choose two.)

A.

FortiGate does not install IPsec static routes for remote protected networks in the routing table.

B.

The phase 1 configuration supports the network-overlay setting.

C.

FortiGate facilitated the negotiation of the T_INET_1_0_0 ADVPN shortcut over T_INET_1_0.

D.

Dead peer detection is disabled.