Fortinet NSE7_SDW-6.4 Exam Practice Test Instant Access

Question 1

Which diagnostic command can you use to show the SD-WAN rules interface information and state?

Adiagnose sys sdwan route-tag-list.

Bdiagnose sys sdwan service.

Cdiagnose sys sdwan member.

Ddiagnose sys sdwan neighbor.

Answer : B

Question 2

Which statement about using BGP routes in SD-WAN is true?

ALearned routes can be used as dynamic destinations in SD-WAN rules.

BYou must use BGP to route traffic for both overlay and underlay links.

CYou must configure AS path prepending.

DYou must use external BGP.

Answer : A

Question 3

Which two statements about SD-WAN central management are true? (Choose two.)

AIt does not allow you to monitor the status of SD-WAN members.

BIt is enabled or disabled on a per-ADOM basis.

CIt is enabled by default.

DIt uses templates to configure SD-WAN on managed devices.

Answer : B, D

Question 4

Refer to the exhibit.

Which two statements about the IPsec VPN configuration and the status of the IPsec VPN tunnel are true? (Choose two.)

AFortiGate creates separate virtual interfaces for each dial-up client.

BFortiGate creates a single IPsec virtual interface that is shared by all clients.

CFortiGate maps the remote gateway 100.64.3.1 to tunnel index interface 1.

DFortiGate does not install IPsec static routes for remote protected networks in the routing table.

Answer : B, C

Question 5

Which two benefits from using forward error correction (FEC) in IPsec VPNs are true? (Choose two.)

AFEC transmits the original payload in full to recover the error in transmission.

BFEC reduces the stress on the remote device buffer to reconstruct packet loss.

CFEC transmits additional packets as redundant data to the remote device.

DFEC improves reliability, which overcomes adverse WAN conditions such as noisy links.

Answer : C, D

Question 6

Refer to Exhibit:

Which statement is correct it the responder FortiGate is using a dynamic routing protocol over the IPsec VPN interface?

AThe phase 1 type must be changed to static for dynamic routing.

BOnly dial-up connections without XAuth can be used for the dynamic routing

Cadd-route must be disabled to prevent FortiGate from installing VPN static routes

Dpeertype must be set to accept only one peer ID for a unique VPN interface

Answer : C

Question 7

Which three protocols are available only on the command line to configure as performance SLA status check? (Choose three.)

Asmtp

Btcp-echo

Ctwamp

Dudp-echo

Eicmp

Answer : B, C, D

Fortinet NSE7_SDW-6.4 Fortinet NSE 7 - SD-WAN 6.4 Exam Practice Test