Fortinet NSE7_SDW-6.4 Exam Practice Test Instant Access

Question 1

Refer to the exhibit.

Based on output shown in the exhibit, which two commands can be used by SD-WAN rules? (Choose two.)

Aset cost 15.

Bset source 100.64.1.1.

Cset priority 10.

Dset load-balance-mode source-ip-based.

Answer : C, D

Question 2

Which two statements reflect the benefits of implementing the ADVPN solution to replace conventional VPN topologies? (Choose two )

AIt creates redundant tunnels between hub-and-spokes, in case failure takes place on the primary links.
D18912E1457D5D1DDCBD40AB3BF70D5D

BIt dynamically assigns cost and weight between the hub and the spokes, based on the physical distance.

CIt ensures that spoke-to-spoke traffic no longer needs to flow through the tunnels through the hub.

DIt provides direct connectivity between all sites by creating on-demand tunnels between spokes.

Answer : C, D

Question 3

What is the lnkmtd process responsible for?

AMonitoring links for any bandwidth saturation

BProcessing performance SLA probes

CFlushing route tags addresses

DLogging interface quality information

Answer : D

Question 4

Refer to the exhibit.

Multiple IPsec VPNs are formed between two hub-and-spokes groups, and site-to-site between Hub 1 and Hub 2 The administrator configured ADVPN on the dual regions topology

Which two statements are correct if a user in Toronto sends traffic to London? (Choose two )

AToronto needs to establish a site-to-site tunnel with Hub 2 to bypass Hub 1.

BThe first packets from Toronto to London are routed through Hub 1 then to Hub 2.

CTraffic from Toronto to London triggers the dynamic negotiation of a direct site-to-site VPN

DLondon generates an IKE information message that contains the Toronto public IP address

Answer : A, C

Question 5

Which statement is correct about the SD-WAN and ADVPN?

AADVPN interface can be a member of SD-WAN interface.

BDynamic VPN is not supported as an SD-Wan interface.

CSpoke support dynamic VPN as a static interface.

DHub FortiGate is limited to use ADVPN as SD-WAN member interface.

Answer : A

Question 6

Refer to exhibits.

Exhibit A shows the source NAT global setting and exhibit B shows the routing table on FortiGate.

Based on the exhibits, which two statements about increasing the port2 interface priority to 20 are true? (Choose two.)

AAll the existing sessions that do not use SNAT will be flushed and routed through port1.

BAll the existing sessions will continue to use port2, and new sessions will use port1.

CAll the existing sessions using SNAT will be flushed and routed through port1.

DAll the existing sessions will be blocked from using port1 and port2.

Answer : B, C

Question 7

Refer to exhibits.

Exhibit A.

Exhibit B.

Exhibit A shows the traffic shaping policy and exhibit B show: the firewall policy

FortiGate is not performing traffic shaping as expected basi on the policies shown in the exhibits.

To correct this traffic shaping issue on FortiGate, what configuration change must be made on which policy?

AThe shaper mode must be applied per-IP shaper on the traffic shaping policy

BThe application control profile must be enabled on the firewall policy.

CThe web filter profile must be enabled on the firewall policy

DThe URL category must be specified on the traffic shaping policy

Answer : C

Fortinet NSE7_SDW-6.4 Fortinet NSE 7 - SD-WAN 6.4 Exam Practice Test