NSE7_SDW-7.0 Online Practice Questions and Answers

Refer to the exhibit.

Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD- WAN rules?

A. All traffic from a source IP to a destination IP is sent to the same interface.

B. All traffic from a source IP is sent to the same interface.

C. All traffic from a source IP is sent to the most used interface.

D. All traffic from a source IP to a destination IP is sent to the least used interface.

Which are two benefits of using CLI templates in FortiManager? (Choose two.)

A. You can reference meta fields.

B. You can configure interfaces as SD-WAN members without having to remove references first.

C. You can configure FortiManager to sync local configuration changes made on the managed device, to the CLI template.

D. You can configure advanced CLI settings.

Refer to the exhibit.

Which conclusion about the packet debug flow output is correct?

A. The total number of daily sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped.

B. The packet size exceeded the outgoing interface MTU.

C. The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped.

D. The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the firewall policy, and the packet was dropped.

Which two statements about SD-WAN central management are true? (Choose two.)

A. The objects are saved in the ADOM common object database.

B. It does not support meta fields.

C. It uses templates to configure SD-WAN on managed devices.

D. It supports normalized interfaces for SD-WAN member configuration.

In the default SD-WAN minimum configuration, which two statements are correct when traffic matches the default implicit SD-WAN rule? (Choose two )

A. Traffic has matched none of the FortiGate policy routes.

B. Matched traffic failed RPF and was caught by the rule.

C. The FIB lookup resolved interface was the SD-WAN interface.

D. An absolute SD-WAN rule was defined and matched traffic.

Which feature enables SD-WAN to combine IPsec VPN dynamic shortcut tunnels between spokes and a static tunnel to the hub?

A. ADVPN

B. GRE

C. SSLVPN

D. OCVPN

What would best describe the SD-WAN traffic shaping mode that bases itself on a percentage of available bandwidth?

A. Per-IP shaping mode

B. Reverse policy shaping mode

C. Interface-based shaping mode

D. Shared policy shaping mode

Refer to the exhibit.

FortiGate has multiple dial-up VPN interfaces incoming on port1 that match only FIRST_VPN.

Which two configuration changes must be made to both IPsec VPN interfaces to allow incoming connections to match all possible IPsec dial-up interfaces? (Choose two.)

A. Specify a unique peer ID for each dial-up VPN interface.

B. Use different proposals are used between the interfaces.

C. Configure the IKE mode to be aggressive mode.

D. Use unique Diffie Hellman groups on each VPN interface.

Which statement defines how a per-IP traffic shaper of 10 Mbps is applied to the entire network?

A. FortiGate allocates each IP address a maximum 10 Mbps of bandwidth.

B. Each IP is guaranteed a minimum 10 Mbps of bandwidth

C. A single user uses the allocated bandwidth divided by total number of users.

D. The 10 Mbps bandwidth is shared equally among the IP addresses.

Which statement reflects how BGP tags work with SD-WAN rules?

A. BGP tags match the SD-WAN rule based on the order that these rules were installed.

B. BGP tags require that the adding of static routes be enabled on all ADVPN interfaces

C. Route tags are used for a BGP community and the SD-WAN rules are assigned the same tag

D. VPN topologies are formed using only BGP dynamic routing with SD-WAN

When attempting to establish an IPsec tunnel to FortiGate, all remote users match the FIRST_VPN IPsec VPN. This includes remote users that want to connect to the SECOND_VPN IPsec VPN. Which two configuration changes must you make on both IPsec VPNs so that remote users can connect to their intended IPsec VPN? (Choose two.)

A. Configure different proposals.

B. Configure a unique peer ID.

C. Change the IKE mode to aggressive.

D. Configure different Diffie Hellman groups.

Which statement about using BGP routes in SD-WAN is true?

A. Adding static routes must be enabled on all ADVPN interfaces.

B. VPN topologies must be form using only BGP dynamic routing with SD-WAN

C. Learned routes can be used as dynamic destinations in SD-WAN rules

D. Dynamic routing protocols can be used only with non-encrypted traffic

Which action FortiGate performs on traffic that is subject to a per-IP traffic shaper of 10 Mbps?

A. FortiGate shares 10 Mbps of bandwidth equally among all source IP addresses.

B. FortiGate applies traffic shaping to the original traffic direction only.

C. FortiGate limits each source IP address to a maximum bandwidth of 10 Mbps.

D. FortiGate guarantees a minimum of 10 Mbps of bandwidth to each source IP address.

Refer to the exhibit.

Based on the output, which two conclusions are true? (Choose two.)

A. The all_rules rule represents the implicit SD-WAN rule.

B. There is more than one SD-WAN rule configured.

C. Entry 1 (id=1) is a regular policy route.

D. The SD-WAN rules takes precedence over regular policy routes.

Refer to exhibits. Exhibit A.

Exhibit B.

Exhibit A shows the SD-WAN performance SLA and exhibit B shows the SO-WAN interface and the static routes configuration. Port1 and port2 are member interfaces of the SD-WAN, and port2 becomes a dead member after reaching the failure thresholds Which statement about the dead member is correct?

A. Subnets 100 .64.1.0/23 and 172 . 20 . 0. 0/16 are reachable only through port1

B. SD-WAN interface becomes disabled and port1 becomes the WAN interface

C. Dead members require manual administrator access to bring them back alive

D. Port2 might become alive when a single response is received from an SLA server