Fortinet NSE7_SDW-7.2 Übungsprüfungen
Zuletzt aktualisiert am 26.04.2025- Prüfungscode: NSE7_SDW-7.2
- Prüfungsname: Fortinet NSE 7 - SD-WAN 7.2
- Zertifizierungsanbieter: Fortinet
- Zuletzt aktualisiert am: 26.04.2025
Refer to the exhibit.
Exhibit B
Exhibit A shows the system interface with the static routes and exhibit B shows the firewall policies on the managed FortiGate.
Based on the FortiGate configuration shown in the exhibits, what issue might you encounter when creating an SD-WAN zone for port1 and port2?
- A . port1 is assigned a manual IP address.
- B . port1 is referenced in a firewall policy.
- C . port2 is referenced in a static route.
- D . port1 and port2 are not administratively down.
Refer to the exhibits.
Exhibit A –
Exhibit B
Exhibit A shows a site-to-site topology between two FortiGate devices: branch1_fgt and dc1_fgt.
Exhibit B shows the system global and system settings configuration on dc1_fgt.
When branch1_client establishes a connection to dc1_host, the administrator observes that, on dc1_fgt, the reply traffic is routed over T_INET_0_0, even though T_INET_1_0 is the preferred member in the matching SD-WAN rule.
Based on the information shown in the exhibits, what configuration change must be made on dc1_fgt so dc1_fgt routes the reply traffic over T_INET_1_0?
- A . Enable auxiliary-session under config system settings.
- B . Disable tсp-session-without-syn under config system settings.
- C . Enable snat-route-change under config system global.
- D . Disable allow-subnet-overlap under config system settings.
Refer to the exhibit.
Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2. The administrator configured ADVPN on both hub-and-spoke groups.
Which two outcomes are expected if a user in Toronto sends traffic to London? (Choose two.)
- A . London generates an IKE information message that contains the Toronto public IP address.
- B . Traffic from Toronto to London triggers the dynamic negotiation of a direct site-to-site VPN.
- C . Toronto needs to establish a site-to-site tunnel with Hub 2 to bypass Hub 1.
- D . The first packets from Toronto to London are routed through Hub 1 then to Hub 2.
Which two statements are correct when traffic matches the implicit SD-WAN rule? (Choose two.)
- A . The sdwan_service_id flag in the session information is 0.
- B . All SD-WAN rules have the default setting enabled.
- C . Traffic does not match any of the entries in the policy route table.
- D . Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting.
Refer to the exhibits.
Exhibit A
Exhibit B –
Exhibit A shows the configuration for an SD-WAN rule and exhibit B shows the respective rule status, the routing table, and the member status.
The administrator wants to understand the expected behavior for traffic matching the SD-WAN rule.
Based on the exhibits, what can the administrator expect for traffic matching the SD-WAN rule?
- A . The traffic will be load balanced across all three overlays.
- B . The traffic will be routed over T_INET_0_0.
- C . The traffic will be routed over T_MPLS_0.
- D . The traffic will be routed over T_INET_1_0.
Which diagnostic command can you use to show the member utilization statistics measured by performance SLAs for the last 10 minutes?
- A . diagnose sys sdwan sla-log
- B . diagnose ays sdwan health-check
- C . diagnose sys sdwan intf-sla-log
- D . diagnose sys sdwan log
Which statement about using BGP for ADVPN is true?
- A . You must use BGP to route traffic for both overlay and underlay links.
- B . You must configure AS path prepending.
- C . You must configure BGP communities.
- D . IBGP is preferred over EBGP, because IBGP preserves next hop information.
Which two performance SLA protocols enable you to verify that the server response contains a specific value? (Choose two.)
- A . http
- B . icmp
- C . twamp
- D . dns
Exhibit.
The exhibit shows VPN event logs on FortiGate.
In the output shown in the exhibit, which statement is true?
- A . There are no IPsec tunnel statistics log messages for ADVPN cuts.
- B . There is one shortcut tunnel built from master tunnel T_MPLS_0.
- C . The VPN tunnel T_MPLS_0 is a shortcut tunnel.
- D . The master tunnel T_INET_0 cannot accept the ADVPN shortcut.
Which two interfaces are considered overlay links? (Choose two.)
- A . LAG
- B . IPsec
- C . Physical
- D . GRE