1. Home
  2. Fortinet
  3. NSE 7 Network Security Architect
  4. NSE7_SDW-7.2
  5. Fortinet NSE 7 - SD-WAN 7.2 Questions and Answers

Pass the Fortinet NSE 7 Network Security Architect NSE7_SDW-7.2 Questions and answers with CertsForce

 Fortinet Exams      Go to Exam Detail      Get Premium Access
Viewing page 2 out of 3 pages
Viewing questions 11-20 out of questions
Questions # 11:

Which diagnostic command can you use to show the SD-WAN rules, interface information, and state?

    diagnose sys sdwan service

    diagnose sys sdwan route-tag-list

    diagnose sys sdwan member

Options:
A.

diagnose sys sdwan neighbor

Expert Solution
Questions # 12:

Which two settings can you configure to speed up routing convergence in BGP? (Choose two.)

Options:
A.

update-source

B.

set-route-tag

C.

holdtime-timer

D.

link-down-failover

Expert Solution
Questions # 13:

Refer to the exhibits.

Exhibit A

Question # 13

Exhibit B

Question # 13

Exhibit A shows an SD-WAN event log and exhibit B shows the member status and the SD-WAN rule configuration.

Based on the exhibits, which two statements are correct? (Choose two.)

Options:
A.

FortiGate updated the outgoing interface list on the rule so it prefers port2.

B.

Port2 has the highest member priority.

C.

Port2 has a lower latency than port1.

D.

SD-WAN rule ID 1 is set to lowest cost (SLA) mode.

Expert Solution
Questions # 14:

Refer to the exhibit.

Question # 14

An administrator is troubleshooting SD-WAN on FortiGate. A device behind branch1_fgt generates traffic to the 10.0.0.0/8 network. The administrator expects the traffic to match SD-WAN rule ID 1 and be routed over T_INET_0_0. However, the traffic is routed over T_INET_1_0.

Based on the output shown in the exhibit, which two reasons can cause the observed behavior? (Choose two.)

Options:
A.

The traffic matches a regular policy route configured with T_INET_1_0 as the outgoing device.

B.

T_INET_1_0 has a lower route priority value (higher priority) than T_INET_0_0.

C.

T_INET_0_0 does not have a valid route to the destination.

D.

T_INET_1_0 has a higher member configuration priority than T_INET_0_0.

Expert Solution
Questions # 15:

What is the route-tag setting in an SD-WAN rule used for?

Options:
A.

To indicate the routes for health check probes.

B.

To indicate the destination of a rule based on learned BGP prefixes.

C.

To indicate the routes that can be used for routing SD-WAN traffic.

D.

To indicate the members that can be used to route SD-WAN traffic.

Expert Solution
Questions # 16:

Refer to the exhibit.

Question # 16

Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2.

Which two configuration settings are required for Toronto and London spokes to establish an ADVPN shortcut? (Choose two.)

Options:
A.

On the hubs,auto-discovery-sendermust be enabled on the IPsec VPNs to spokes.

B.

On the spokes,auto-discovery-receivermust be enabled on the IPsec VPN to the hub.

C.

auto-discovery-forwardermust be enabled on all IPsec VPNs.

D.

On the hubs,net-devicemust be enabled on all IPsec VPNs.

Expert Solution
Questions # 17:

Refer to the exhibit.

Question # 17

The exhibit shows the SD-WAN rule status and configuration.

Based on the exhibit, which change in the measured packet loss will make T_INET_1_0 the new preferred member?

Options:
A.

When all three members have the same packet loss.

B.

When T_INET_0_0 has 4% packet loss.

C.

When T_INET_0_0 has 12% packet loss.

D.

When T_INET_1_0 has 4% packet loss.

Expert Solution
Questions # 18:

Which three matching traffic criteria are available in SD-WAN rules? (Choose three.)

Options:
A.

Type of physical link connection

B.

Internet service database (ISDB) address object

C.

Source and destination IP address

D.

URL categories

E.

Application signatures

Expert Solution
Questions # 19:

Within IPsec tunnel templates available on FortiManager. which template will you use to configure static tunnels for a hub and spoke topology?

Options:
A.

Static_IPsec_Recommended

B.

Hub_IPsec_Recommended

C.

Branch_IPsec_Recommended

D.

IPsec_Fortinet_Recommended

Expert Solution
Questions # 20:

Refer to the exhibits.

Question # 20

Exhibit A shows two IPsec templates to define Branch_IPsec_1 and Branch_IPsec_2. Each template defines a VPN tunnel.

Exhibit B shows the error message that FortiManager displayed when the administrator tried to assign the second template to the FortiGate device.

Which statement best explain the cause for this issue?

Options:
A.

You can assign only one template with a tunnel of fype static to each FortiGate device

B.

You can define only one IPsec tunnel from branch devices to HUB1.

C.

You can assign only one IPsec template to each FortiGate device.

D.

You should review the branch1_fgt configuration for the already configured tunnel with the name HUB1-VPN2.

Expert Solution
Viewing page 2 out of 3 pages
Viewing questions 11-20 out of questions