Fortinet NSE7_SDW-7.2 Exam Practice Test Instant Access

Question 1

Refer to the exhibits.

Exhibit A

Exhibit B

Exhibit A shows an SD-WAN event log and exhibit B shows the member status and the SD-WAN rule configuration.

Based on the exhibits, which two statements are correct? (Choose two.)

AFortiGate updated the outgoing interface list on the rule so it prefers port2.

BPort2 has the highest member priority.

CPort2 has a lower latency than port1.

DSD-WAN rule ID 1 is set to lowest cost (SLA) mode.

Answer : A, C

Question 2

Which three matching traffic criteria are available in SD-WAN rules? (Choose three.)

AType of physical link connection

BInternet service database (ISDB) address object

CSource and destination IP address

DURL categories

EApplication signatures

Answer : B, C, E

Question 3

Refer to the exhibit.

The exhibit shows the SD-WAN rule status and configuration.

Based on the exhibit, which change in the measured packet loss will make T_INET_1_0 the new preferred member?

AWhen all three members have the same packet loss.

BWhen T_INET_0_0 has 4% packet loss.

CWhen T_INET_0_0 has 12% packet loss.

DWhen T_INET_1_0 has 4% packet loss.

Answer : A

Question 4

Exhibit A shows the firewall policy and exhibit B shows the traffic shaping policy.

The traffic shaping policy is being applied to all outbound traffic; however, inbound traffic is not being evaluated by the shaping policy.

Based on the exhibits, what configuration change must be made in which policy so that traffic shaping can be applied to inbound traffic?

ACreate a new firewall policy, and the select the SD-WAN zone as Incoming Interface.

BIn the traffic shaping policy, select Assign Shaping Class ID as Action.

CIn the firewall policy, select Proxy-based as Inspection Mode.

DIn the traffic shaping policy, enable Reverse shaper, and then select the traffic shaper to use.

Answer : D

Question 5

Refer to the exhibit.

The device exchanges routes using IBGP.

Which two statements are correct about the IBGP configuration and routing information on the device? (Choose two.)

AEach BGP route is three hops away from the destination.

Bibgp-multipath is disabled.

Cadditional-path is enabled.

DYou can run the get router info routing-table database command to display the additional paths.

Answer : C, D

Question 6

Which SD-WAN setting enables FortiGate to delay the recovery of ADVPN shortcuts?

Ahold-down-time

Blink-down-failover

Cauto-discovery-shortcuts

Didle-timeout

Answer : A

Question 7

What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in a hub-and-spoke topology? (Choose two.)

AVPN monitor tool provides additional statistics for tunnels defined with an IPsec recommended template.

BFortiManager automatically installs IPsec tunnels to every spoke when they are added to the FortiManager ADOM.

CIPsec recommended template guides the administrator to use Fortinet recommended settings.

DIPsec recommended template ensures consistent settings between phase1 and phase2

Answer : B, C

According to theSD-WAN 7.2 Study Guide, IPsec recommended templates are designed to simplify the configuration of IPsec tunnels in a hub-and-spoke topology. They have the following advantages:

FortiManager automatically installs IPsec tunnels to every spoke when they are added to the FortiManager ADOM. This reduces the manual effort and ensures that all spokes have the same configuration.

IPsec recommended template guides the administrator to use Fortinet recommended settings, such as encryption algorithms, key lifetimes, and dead peer detection. This ensures optimal performance and security of the IPsec tunnels.

Fortinet NSE7_SDW-7.2 Fortinet NSE 7 - SD-WAN 7.2 Exam Practice Test