1. Home
  2. Fortinet
  3. NSE 7 Network Security Architect
  4. NSE7_SDW-7.2
  5. Fortinet NSE 7 - SD-WAN 7.2 Questions and Answers

Pass the Fortinet NSE 7 Network Security Architect NSE7_SDW-7.2 Questions and answers with CertsForce

 Fortinet Exams      Go to Exam Detail      Get Premium Access
Viewing page 3 out of 3 pages
Viewing questions 21-30 out of questions
Questions # 21:

The SD-WAN overlay template helps to prepare SD-WAN deployments. To complete the tasks performed by the SD-WAN overlay template, the administrator must perform some post-run tasks. What are three mandatory post-run tasks that must be performed? (Choose three.)

Options:
A.

Assign an sdwan_id metadata variable to each device (branch and hub).

B.

Assign a branch_id metadata variable to each branch device.

C.

Create policy packages for branch devices.

D.

Configure SD-WAN rules.

E.

Configure routing through overlay tunnels created by the SD-WAN overlay template.

Expert Solution
Questions # 22:

What are two benefits of using the Internet service database (ISDB) in an SD-WAN rule? (Choose two.)

Options:
A.

The ISDB is dynamically updated and reduces administrative overhead.

B.

The ISDB requires application control to maintain signatures and perform load balancing.

C.

The ISDB applies rules to traffic from specific sources, based on application type.

D.

The ISDB contains the IP addresses and port ranges of well-known internet services.

Expert Solution
Questions # 23:

What are two reasons for using FortiManager to organize and manage the network for a group of FortiGate devices? (Choose two.)

Options:
A.

It simplifies the deployment and administration of SD-WAN on managed FortiGate devices.

B.

It improves SD-WAN performance on the managed FortiGate devices.

C.

It sends probe signals as health checks to the beacon servers on behalf of FortiGate.

D.

It acts as a policy compliance entity to review all managed FortiGate devices.

E.

It reduces WAN usage on FortiGate devices by acting as a local FortiGuard server.

Expert Solution
Questions # 24:

Which are three key routing principles in SD-WAN? (Choose three.)

Options:
A.

FortiGate performs route lookups for new sessions only.

B.

Regular policy routes have precedence over SD-WAN rules.

C.

SD-WAN rules have precedence over ISDB routes.

D.

By default, SD-WAN members are skipped if they do not have a valid route to the destination.

E.

By default, SD-WAN rules are skipped if the best route to the destination is not an SD-WAN member.

Expert Solution
Questions # 25:

Which two statements about the SD-WAN zone configuration are true? (Choose two.)

Options:
A.

Theservice-sla-tie-breaksetting enables you to configure preferred member selection based on the best route to the destination.

B.

You can delete the default zones.

C.

The default zones are virtual-wan-link and SASE.

D.

An SD-WAN member can belong to two or more zones.

Expert Solution
Questions # 26:

Which two performance SLA protocols enable you to verify that the server response contains a specific value? (Choose two.)

Options:
A.

http

B.

icmp

C.

twamp

D.

dns

Expert Solution
Questions # 27:

Refer to the exhibit.

Question # 27

Based on the exhibit, which two actions does FortiGate perform on sessions after a firewall policy change? (Choose two.)

Options:
A.

FortiGate flushes all sessions.

B.

FortiGate terminates the old sessions.

C.

FortiGate does not change existing sessions.

D.

FortiGate evaluates new sessions.

Expert Solution
Questions # 28:

Refer to the exhibits.

Question # 28

Question # 28

An administrator is testing application steering in SD-WAN. Before generating test traffic, the administrator collected the information shown in exhibit A.

After generating GoToMeeting test traffic, the administrator examined the respective traffic log on FortiAnalyzer, which is shown in exhibit B. The administrator noticed that the traffic matched the implicit SD-WAN rule, but they expected the traffic to match rule ID 1.

Which two reasons explain why the traffic matched the implicit SD-WAN rule? (Choose two.)

Options:
A.

FortiGate did not refresh the routing information on the session after the application was detected.

B.

Port1 and port2 do not have a valid route to the destination.

C.

Full SSL inspection is not enabled on the matching firewall policy.

D.

The session 3-tuple did not match any of the existing entries in the ISDB application cache.

Expert Solution
Questions # 29:

Which two interfaces are considered overlay links? (Choose two.)

Options:
A.

LAG

B.

IPsec

C.

Physical

D.

GRE

Expert Solution
Viewing page 3 out of 3 pages
Viewing questions 21-30 out of questions