Fortinet NSE7_SDW-7.2 Exam Practice Test Instant Access

Question 1

Refer to the exhibits.

Exhibit A

Exhibit B

Exhibit A shows an SD-WAN event log and exhibit B shows the member status and the SD-WAN rule configuration.

Based on the exhibits, which two statements are correct? (Choose two.)

AFortiGate updated the outgoing interface list on the rule so it prefers port2.

BPort2 has the highest member priority.

CPort2 has a lower latency than port1.

DSD-WAN rule ID 1 is set to lowest cost (SLA) mode.

Answer : A, C

Question 2

Which statement about SD-WAN zones is true?

AAn SD-WAN zone can contain only one type of interface.

BAn SD-WAN zone can contain between 0 and 512 members.

CYou cannot use an SD-WAN zone in static route definitions.

DYou can configure up to 32 SD-WAN zones per VDOM.

Answer : B

Full Explanation:

Option A is incorrect because SD-WAN zones can include multiple interface types (e.g., physical, VLAN, tunnels), as explained in the study guide's discussion of member configuration.

Option B is correct because an SD-WAN zone can logically have zero members (an empty zone) and up to a large number of members, with 512 being a reasonable upper bound supported by Fortinet's scalability, even if not explicitly stated in the study guide.

Option C is incorrect because the study guide clearly states that SD-WAN zones can be used in static route definitions, enhancing routing flexibility.

Option D, while possibly true based on Fortinet's typical limits, lacks a definitive reference in the Fortinet SD-WAN Study Guide for FortiOS 7.2 to confirm '32' as the exact number, making it less certain than Option B.

Fortinet SD-WAN Study Guide for FortiOS 7.2, Section 3: Members, Zones, and Performance SLAs (description of interface types and zones).

Fortinet SD-WAN Study Guide for FortiOS 7.2, Section 4: Routing and Sessions (use of SD-WAN zones in static routes).

Fortinet Documentation: SD-WAN members and zones | FortiGate / FortiOS 7.2.4 (general behavior and flexibility of zones).

Question 3

Which statement about using BGP routes in SD-WAN is true?

ALearned routes can be used as dynamic destinations in SD-WAN rules.

BYou must use BGP to route traffic for both overlay and underlay links.

CYou must configure AS path prepending.

DYou must use external BGP.

Answer : A

Question 4

Which diagnostic command can you use to show the member utilization statistics measured by performance SLAs for the last 10 minutes?

Adiagnose sys sdwan sla-log

Bdiagnose ays sdwan health-check

Cdiagnose sys sdwan intf-sla-log

Ddiagnose sys sdwan log

Answer : A

Question 5

Refer to the exhibits.

An administrator is testing application steering in SD-WAN. Before generating test traffic, the administrator collected the information shown in exhibit A.

After generating GoToMeeting test traffic, the administrator examined the respective traffic log on FortiAnalyzer, which is shown in exhibit B. The administrator noticed that the traffic matched the implicit SD-WAN rule, but they expected the traffic to match rule ID 1.

Which two reasons explain why the traffic matched the implicit SD-WAN rule? (Choose two.)

AFortiGate did not refresh the routing information on the session after the application was detected.

BPort1 and port2 do not have a valid route to the destination.

CFull SSL inspection is not enabled on the matching firewall policy.

DThe session 3-tuple did not match any of the existing entries in the ISDB application cache.

Answer : B, C

Study guide 7.2 Page 191

Question 6

Refer to the exhibit.

Which two statements about the IPsec VPN configuration and the status of the IPsec VPN tunnel are true? (Choose two.)

AFortiGate does not install IPsec static routes for remote protected networks in the routing table.

BThe phase 1 configuration supports the network-overlay setting.

CFortiGate facilitated the negotiation of the T_INET_1_0_0 ADVPN shortcut over T_INET_1_0.

DDead peer detection is disabled.

Answer : A, B

Question 7

Refer to the exhibit.

Which statement explains the output shown in the exhibit?

AFortiGate performed standard FIB routing on the session.

BFortiGate will not re-evaluate the session following a firewall policy change.

CFortiGate used 192.2.0.1 as the gateway for the original direction of the traffic.

DFortiGate must re-evaluate the session due to routing change.

Answer : D

The snat-route-change option is enabled by default. This option enables FortiGate to re-evaluate the routing table and select a new egress interface if the next hop IP address changes. This option only applies to sessions in the dirty state. Sessions in the log state are not affected by routing changes.

Fortinet NSE 7 - SD-WAN 7.2 NSE7_SDW-7.2 Exam Practice Test