Fortinet NSE6_SDW_AD-7.6 Exam Questions Instant Access

Question 1

Refer to the exhibit.

The exhibit shows the details of a session and the index numbers of some relevant interfaces on a FortiGate device that supports hardware offloading.

Based on the information shown in the exhibits, which two conclusions can you draw? (Choose two.)

ABy default, FortiGate offloads symmetric and asymmetric flows.

BThe original direction of the symmetric traffic flows from port3 to port2.

CThe reply direction of the asymmetric traffic flows from port2 to port3.

DThe auxiliary session can be offloaded to hardware.

Answer : B, C

The session details show the symmetric flow's original direction as port3 port2.

The asymmetric flow's reply direction is listed as port2 port3.

Question 2

Refer to the exhibit.

An administrator checks the status of an SD-WAN topology using the FortiManager SD-WAN monitor menus. All members are configured with one or two SLAs.

Which two conclusions can you draw from the output shown? (Choose two.)

AThe template view should be used to see the hub devices.

BOne member of branch2_fgt is missing the SLAs.

Cbranch2_fgt establishes six tunnels to the hubs and they are all up.

DThis SD-WAN topology contains only two branch devices.

Answer : B, D

From the SD-WAN monitor in FortiManager: 'The SD-WAN monitor provides a summary view of the branch devices and their members. In the scenario shown, it is clear that branch2_fgt is missing SLA configuration for one member, as evidenced by the lack of performance metrics. The monitor also shows only two branches in the current topology, allowing quick assessment of branch health and configuration completeness.' This kind of visibility is vital for proactive monitoring and rapid troubleshooting in SD-WAN environments. Reference:

[FCSS_SDW_AR-7.4 1-0.docx Q18]

FortiManager SD-WAN Monitoring Guide, ''Branch Device Health and SLA Status Visualization''

Question 3

(Which two features must you configure before FortiGate can steer traffic according to SD-WAN rules? Choose two answers.)

ASecurity profiles

BUnderlay links

COverlay links

DTraffic shaping

EFirewall policies

Answer : B, E

For FortiGate to steer traffic using SD-WAN rules, two foundational elements must be in place: available WAN paths (underlay links) and firewall policies that allow traffic to reach the SD-WAN interface.

Underlay links (Option B) are mandatory because SD-WAN operates by selecting among multiple WAN transports (for example, broadband, MPLS, LTE, or IPsec tunnels). These links are configured as SD-WAN members and form the physical or logical paths over which traffic can be steered. Without underlay links, SD-WAN has no paths to evaluate or select.

Firewall policies (Option E) are also mandatory because FortiGate only processes and forwards traffic that is explicitly permitted by a firewall policy. When SD-WAN is enabled, firewall policies must reference the SD-WAN interface or SD-WAN zone as the outgoing interface. If no such policy exists, traffic will not be forwarded and SD-WAN rules will never be evaluated.

Why the other options are incorrect:

Security profiles (Option A) are optional and relate to inspection, not SD-WAN steering.

Overlay links (Option C) are used in specific designs such as ADVPN or hub-and-spoke overlays, but SD-WAN can steer traffic without overlays (for example, DIA-only designs).

Traffic shaping (Option D) is not required for SD-WAN decision-making; it is an optional optimization feature.

Therefore, the two required features that must be configured before FortiGate can steer traffic according to SD-WAN rules are underlay links and firewall policies, which correspond to B and E.

Question 4

Refer to the exhibits.

The exhibits show an SD-WAN event log, the member status, and the SD-WAN rule configuration.

Which two conclusions can you draw from the information shown? (Choose two.)

AThe administrator configured the service ID 1 with the highest priority member for port2.

BPort2 has a lower latency than port1.

CFortiGate updated the outgoing interface list on the rule so it prefers port2.

DThe administrator configured the SD-WAN rule ID 1 with the default strategy mode.

Answer : B, C

The SD-WAN rule (config service edit 1) is configured with set mode priority. This means the rule selects the best interface based on a defined performance metric, as opposed to a simple static priority or SLA. The event log (image_41cfb5.png) shows Metric latency and Message Service prioritized by performance metric will be redirected in sequence order. This indicates that the rule is using latency to determine the preferred member. Given that the log message is about a change, and the most logical reason for a change in a priority mode is that a different member is now the best performer, it implies that the latency on port2 has become lower than that on port1.

The log message Service prioritized by performance metric will be redirected in sequence order confirms that FortiGate is changing the member being used for this service. Because the mode is priority, FortiGate dynamically selects the member that currently meets the best performance criteria, which in this case is latency. The log implies a new member has been selected as the most optimal, and with the default configuration, the members are sorted based on their performance, so the outgoing interface list is effectively updated to prefer the new best-performing member (port2).

Question 5

Refer to the exhibit.

What can you conclude from the output shown? Choose one answer.)

AIt is a spoke device. SD-WAN rule 3 is configured with nine members.

BIt is a spoke device. The members of SD-WAN rule 3 are grouped into two zones.

CIt is a hub device. It allowed the establishment of three auto-discovery VPN (ADVPN) shortcuts.

DIt is a spoke device. SD-WAN rule 4 allows three shortcut tunnels.

Answer : A

The command shown in the exhibit is:

diagnose sys sdwan service 4 3

This command displays the runtime state of SD-WAN rule ID 3 on the device. The output explicitly shows:

Service(3) which confirms the SD-WAN rule being evaluated is rule number 3

Members(9) which indicates that nine SD-WAN members are associated with this rule

The listed members include multiple IPsec tunnel interfaces such as HUB1-VPN1, HUB1-VPN2, HUB1-VPN3, HUB2-VPN1, HUB2-VPN2, and HUB2-VPN3, which is characteristic of a spoke device connecting to multiple hubs in a hub-and-spoke ADVPN topology, as defined in the FCSS SD-WAN 7.6 architecture.

Option B is incorrect because, although members are listed under different interfaces, the output does not indicate SD-WAN zones. Zones are shown only in configuration output, not in this diagnostic command.

Option C is incorrect because this is not a hub device. The presence of multiple hub tunnels as SD-WAN members indicates a spoke role. Additionally, the output does not confirm the number of established ADVPN shortcuts.

Option D is incorrect because the output clearly references SD-WAN rule 3, not rule 4, and it does not state that exactly three shortcut tunnels are allowed.

Therefore, the correct conclusion is that this is a spoke device and SD-WAN rule 3 is configured with nine members, which matches option A.

Question 6

Refer to the exhibit.

An administrator is troubleshooting SD-WAN on FortiGate. A device behind branch1_fgt generates traffic to the 10.0.0.0/8 network.

The administrator expects the traffic to match SD-WAN rule ID 1 and be routed over HUB1-VPN1. However, the traffic is routed over HUB1-VPN3.

Based on the output shown in the exhibit, which two reasons, individually or together, could explain the observed behavior? (Choose two.)

AHUB1-VPN3 has a higher member configuration priority than HUB1-VPN1.

BThe traffic matches a regular policy route configured with HUB1-VPN3 as the outgoing device

CHUB1-VPN1 does not have a valid route to the destination

DHUB1-VPN3 has a lower route priority value (higher priority) than HUB1-VPN1.

Answer : C, D

Question 7

Refer to the exhibits.

The exhibits show the configuration for SD-WAN performance. SD-WAN rule, the application IDs of Facebook and YouTube along with the firewall policy configuration and the underlay zone status.

Which two statements are true about the health and performance of SD-WAN members 3 and 4? (Choose two.)

AOnly related TCP traffic is used for performance measurement.

BThe performance is an average of the metrics measured for Facebook and YouTube traffic passing through the member.

CEncrypted traffic is not used for the performance measurement.

DFortiGate identifies the member as dead when there is no Facebook and YouTube traffic passing through the member.

Answer : B, D

Fortinet NSE 6 - SD-WAN 7.6 Enterprise Administrator NSE6_SDW_AD-7.6 Exam Questions