Fortinet NSE7_SDW-7.2 Exam Practice Test Instant Access

Question 1

Which statement about using BGP routes in SD-WAN is true?

ALearned routes can be used as dynamic destinations in SD-WAN rules.

BYou must use BGP to route traffic for both overlay and underlay links.

CYou must configure AS path prepending.

DYou must use external BGP.

Answer : A

Question 2

Which SD-WAN setting enables FortiGate to delay the recovery of ADVPN shortcuts?

Ahold-down-time

Blink-down-failover

Cauto-discovery-shortcuts

Didle-timeout

Answer : A

Question 3

What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in a hub-and-spoke topology? (Choose two.)

AVPN monitor tool provides additional statistics for tunnels defined with an IPsec recommended template.

BFortiManager automatically installs IPsec tunnels to every spoke when they are added to the FortiManager ADOM.

CIPsec recommended template guides the administrator to use Fortinet recommended settings.

DIPsec recommended template ensures consistent settings between phase1 and phase2

Answer : B, C

According to theSD-WAN 7.2 Study Guide, IPsec recommended templates are designed to simplify the configuration of IPsec tunnels in a hub-and-spoke topology. They have the following advantages:

FortiManager automatically installs IPsec tunnels to every spoke when they are added to the FortiManager ADOM. This reduces the manual effort and ensures that all spokes have the same configuration.

IPsec recommended template guides the administrator to use Fortinet recommended settings, such as encryption algorithms, key lifetimes, and dead peer detection. This ensures optimal performance and security of the IPsec tunnels.

Question 4

Which are three key routing principles in SD-WAN? (Choose three.)

AFortiGate performs route lookups for new sessions only.

BRegular policy routes have precedence over SD-WAN rules.

CSD-WAN rules have precedence over ISDB routes.

DBy default, SD-WAN members are skipped if they do not have a valid route to the destination.

EBy default, SD-WAN rules are skipped if the best route to the destination is not an SD-WAN member.

Answer : B, D, E

Study Guide 7.2, pages 125, 129, 151

Question 5

Within IPsec tunnel templates available on FortiManager. which template will you use to configure static tunnels for a hub and spoke topology?

AStatic_IPsec_Recommended

BHub_IPsec_Recommended

CBranch_IPsec_Recommended

DIPsec_Fortinet_Recommended

Answer : C

Recommended templates will allow you to prepare a template for IPsec tunnels using Fortinet recommended settings for phase1 and phase2 parameters.

* The IPsec_Fortinet_Recommended template defines a template for a static point-to-point tunnel

* The BRANCH_IPsec_Recommended template defines a template for a static tunnel (with a known remote IP address)

* The HUB_IPsec_Recommended template defines a template for a dynamic tunnel (an IPsec hub for dial-up tunnels)

Question 6

Refer to the exhibits.

Exhibit A -

Exhibit B -

Exhibit A shows a site-to-site topology between two FortiGate devices: branch1_fgt and dc1_fgt. Exhibit B shows the system global and system settings configuration on dc1_fgt.

When branch1_client establishes a connection to dc1_host, the administrator observes that, on dc1_fgt, the reply traffic is routed over T_INET_0_0, even though T_INET_1_0 is the preferred member in the matching SD-WAN rule.

Based on the information shown in the exhibits, what configuration change must be made on dc1_fgt so dc1_fgt routes the reply traffic over T_INET_1_0?

AEnable auxiliary-session under config system settings.

BDisable tp-session-without-syn under config system settings.

CEnable snat-route-change under config system global.

DDisable allow-subnet-overlap under config system settings.

Answer : A

Question 7

What is the route-tag setting in an SD-WAN rule used for?

ATo indicate the routes for health check probes.

BTo indicate the destination of a rule based on learned BGP prefixes.

CTo indicate the routes that can be used for routing SD-WAN traffic.

DTo indicate the members that can be used to route SD-WAN traffic.

Answer : B

'Configure SD-WAN *rules* to steer traffic to members only if routes have a specific route-tag.' Agree with Cyril - although A says the largely same thing as D, route-tag specifically get used by the SD-WAN rule to determine next-hop (i.e., destination). SG p 142 shows 'how an administrator can use [route-]tags in SD-WAN rules.'

Fortinet NSE 7 - SD-WAN 7.2 NSE7_SDW-7.2 Exam Practice Test