Fortinet NSE7_SDW-7.2 Exam Questions Instant Access

Question 1

Which two performance SLA protocols enable you to verify that the server response contains a specific value? (Choose two.)

Ahttp

Bicmp

Ctwamp

Ddns

Answer : A, D

Performance SLA (Service Level Agreement) protocols are used in SD-WAN to monitor the quality and performance of various network services. The two protocols that specifically allow for verifying a specific value in the server response are:

HTTP (Hypertext Transfer Protocol): HTTP is the foundation of data communication on the World Wide Web. It allows for fetching resources, such as HTML documents. You can configure an HTTP performance SLA to send specific requests (e.g., GET or POST) and then check if the response body contains a particular string or value. This is useful for validating web server functionality and content delivery.

DNS (Domain Name System): DNS is responsible for translating domain names into IP addresses. A DNS performance SLA can be set up to query a specific domain and verify that the returned IP address or other DNS record values match what is expected. This helps ensure proper name resolution and accessibility of resources.

Question 2

Which are three key routing principles in SD-WAN? (Choose three.)

AFortiGate performs route lookups for new sessions only.

BRegular policy routes have precedence over SD-WAN rules.

CSD-WAN rules have precedence over ISDB routes.

DBy default, SD-WAN members are skipped if they do not have a valid route to the destination.

EBy default, SD-WAN rules are skipped if the best route to the destination is not an SD-WAN member.

Answer : B, D, E

Study Guide 7.2, pages 125, 129, 151

Question 3

Refer to the exhibit.

Which configuration change is required if the responder FortiGate uses a dynamic routing protocol to exchange routes over IPsec?

Atype must be set to static.

Bmode-cfg must be enabled.

Cexchange-interface-ip must be enabled.

Dadd-route must be disabled.

Answer : D

Question 4

Which two protocols in the IPsec suite are most used for authentication and encryption? (Choose two.)

AEncapsulating Security Payload (ESP)

BSecure Shell (SSH)

CInternet Key Exchange (IKE)

DSecurity Association (SA)

Answer : A, C

Question 5

Refer to the exhibit.

The exhibit shows the SD-WAN rule status and configuration.

Based on the exhibit, which change in the measured packet loss will make T_INET_1_0 the new preferred member?

AWhen all three members have the same packet loss.

BWhen T_INET_0_0 has 4% packet loss.

CWhen T_INET_0_0 has 12% packet loss.

DWhen T_INET_1_0 has 4% packet loss.

Answer : A

Question 6

Which two statements are correct when traffic matches the implicit SD-WAN rule? (Choose two.)

AThe session information output displays no SD-WAN-specific details.

BAll SD-WAN rules have the default and gateway setting enabled.

CTraffic does not match any of the entries in the policy route table.

DTraffic is load balanced using the algorithm set for the v4-ecmp-mode setting.

Answer : A, C

Question 7

Refer to the exhibit, which shows the IPsec phase 1 configuration of a spoke.

What must you configure on the IPsec phase 1 configuration for ADVPN to work with SD-WAN?

AYou must set ike-version to 1.

BYou must enable net-device.

CYou must enable auto-discovery-sender.

DYou must disable idle-timeout.

Answer : B

Fortinet NSE 7 - SD-WAN 7.2 NSE7_SDW-7.2 Exam Questions