Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Fortinet NSE7_SDW-7.2 - Fortinet NSE 7 - SD-WAN 7.2

Page: 1 / 3
Total 99 questions

Which two statements reflect the benefits of implementing the ADVPN solution to replace conventional VPN topologies? (Choose two.)

A.

It creates redundant tunnels between hub-and-spokes, in case failure takes place on the primary links.

B.

It dynamically assigns cost and weight between the hub and the spokes, based on the physical distance.

C.

It ensures that spoke-to-spoke traffic no longer needs to flow through the tunnels through the hub.

D.

It provides direct connectivity between all sites by creating on-demand tunnels between spokes.

Which two statements about SD-WAN central management are true? (Choose two.)

A.

It does not allow you to monitor the status of SD-WAN members.

B.

It is enabled or disabled on a per-ADOM basis.

C.

It is enabled by default.

D.

It uses templates to configure SD-WAN on managed devices.

Refer to the exhibit.

The exhibit shows the BGP configuration on the hub in a hub-and-spoke topology. The administrator wants BGP to advertise prefixes from spokes to other spokes over the IPsec overlays, including additional paths. However, when looking at the spoke routing table, the administrator does not see the prefixes from other spokes and the additional paths.

Based on the exhibit, which three settings must the administrator configure inside each BGP neighbor group so spokes can learn other spokes prefixes and their additional paths? (Choose three.)

A.

Setadditional-pathtosend

B.

Enableroute-reflector-client

C.

Setadvertisement-intervalto the number of additional paths to advertise

D.

Setadv-additional-pathto the number of additional paths to advertise

E.

Enablesoft-reconfiguration

Refer to the exhibit, which shows an SD-WAN zone configuration on the FortiGate GUI.

Based on the exhibit, which statement is true?

A.

You can delete the virtual-wan-link zone because it contains no member.

B.

The corporate zone contains no member.

C.

You can move port1 from the underlay zone to the overlay zone.

D.

The overlay zone contains four members.

Refer to the exhibit.

Based on the output, which two conclusions are true? (Choose two.)

A.

There is more than one SD-WAN rule configured.

B.

The SD-WAN rules take precedence over regular policy routes.

C.

Theall_rulesrule represents the implicit SD-WAN rule.

D.

Entry1(id=1)is a regular policy route.

Which two statements describe how IPsec phase 1 main mode id different from aggressive mode when performing IKE negotiation? (Choose two.)

A.

A peer ID is included in the first packet from the initiator, along with suggested security policies.

B.

XAuth is enabled as an additional level of authentication, which requires a username and password.

C.

Three packets are exchanged between an initiator and a responder instead of six packets.

D.

The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.

Which two performance SLA protocols enable you to verify that the server response contains a specific value? (Choose two.)

A.

http

B.

icmp

C.

twamp

D.

dns

Which two protocols in the IPsec suite are most used for authentication and encryption? (Choose two.)

A.

Encapsulating Security Payload (ESP)

B.

Secure Shell (SSH)

C.

Internet Key Exchange (IKE)

D.

Security Association (SA)

What are two benefits of using the Internet service database (ISDB) in an SD-WAN rule? (Choose two.)

A.

The ISDB is dynamically updated and reduces administrative overhead.

B.

The ISDB requires application control to maintain signatures and perform load balancing.

C.

The ISDB applies rules to traffic from specific sources, based on application type.

D.

The ISDB contains the IP addresses and port ranges of well-known internet services.

What is a benefit of using application steering in SD-WAN?

A.

The traffic always skips the regular policy routes.

B.

You steer traffic based on the detected application.

C.

You do not need to enable SSL inspection.

D.

You do not need to configure firewall policies that accept the SD-WAN traffic.