Fortinet NSE7_SDW-7.2 Exam Practice Test Instant Access

Question 1

What are two benefits of choosing packet duplication over FEC for data loss correction on noisy links? (Choose two.)

APacket duplication can leverage multiple IPsec overlays for sending additional data.

BPacket duplication does not require a route to the destination.

CPacket duplication supports hardware offloading.

DPacket duplication uses smaller parity packets which results in less bandwidth consumption.

Answer : A, C

Question 2

Which two statements describe how IPsec phase 1 main mode id different from aggressive mode when performing IKE negotiation? (Choose two.)

AA peer ID is included in the first packet from the initiator, along with suggested security policies.

BXAuth is enabled as an additional level of authentication, which requires a username and password.

CThree packets are exchanged between an initiator and a responder instead of six packets.

DThe use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.

Answer : A, C

Question 3

Which two performance SLA protocols enable you to verify that the server response contains a specific value? (Choose two.)

Ahttp

Bicmp

Ctwamp

Ddns

Answer : A, D

Performance SLA (Service Level Agreement) protocols are used in SD-WAN to monitor the quality and performance of various network services. The two protocols that specifically allow for verifying a specific value in the server response are:

HTTP (Hypertext Transfer Protocol): HTTP is the foundation of data communication on the World Wide Web. It allows for fetching resources, such as HTML documents. You can configure an HTTP performance SLA to send specific requests (e.g., GET or POST) and then check if the response body contains a particular string or value. This is useful for validating web server functionality and content delivery.

DNS (Domain Name System): DNS is responsible for translating domain names into IP addresses. A DNS performance SLA can be set up to query a specific domain and verify that the returned IP address or other DNS record values match what is expected. This helps ensure proper name resolution and accessibility of resources.

Question 4

Refer to the exhibit.

Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules?

AAll traffic from a source IP to a destination IP is sent to the same interface.

BAll traffic from a source IP is sent to the same interface.

CAll traffic from a source IP is sent to the most used interface.

DAll traffic from a source IP to a destination IP is sent to the least used interface.

Answer : A

Study Guide 7.2, page 176.

Question 5

Refer to the exhibit.

Which two statements about the IPsec VPN configuration and the status of the IPsec VPN tunnel are true? (Choose two.)

AFortiGate does not install IPsec static routes for remote protected networks in the routing table.

BThe phase 1 configuration supports the network-overlay setting.

CFortiGate facilitated the negotiation of the T_INET_1_0_0 ADVPN shortcut over T_INET_1_0.

DDead peer detection is disabled.

Answer : A, B

Question 6

What is the route-tag setting in an SD-WAN rule used for?

ATo indicate the routes for health check probes.

BTo indicate the destination of a rule based on learned BGP prefixes.

CTo indicate the routes that can be used for routing SD-WAN traffic.

DTo indicate the members that can be used to route SD-WAN traffic.

Answer : B

'Configure SD-WAN *rules* to steer traffic to members only if routes have a specific route-tag.' Agree with Cyril - although A says the largely same thing as D, route-tag specifically get used by the SD-WAN rule to determine next-hop (i.e., destination). SG p 142 shows 'how an administrator can use [route-]tags in SD-WAN rules.'

Question 7

Which statement about using BGP for ADVPN is true?

AYou must use BGP to route traffic for both overlay and underlay links.

BYou must configure AS path prepending.

CYou must configure BGP communities.

DIBGP is preferred over EBGP, because IBGP preserves next hop information.

Answer : D

ADVPN is a technology that allows dynamic creation of IPsec tunnels between branch sites without requiring pre-configured policies or keys. BGP is a routing protocol that can be used to exchange routes between ADVPN peers. IBGP is a type of BGP that runs between routers in the same autonomous system (AS), while EBGP is a type of BGP that runs between routers in different ASes. IBGP is preferred over EBGP for ADVPN, because IBGP preserves the next hop information of the routes, which is needed to establish the IPsec tunnels. EBGP changes the next hop information to the EBGP peer address, which may not be reachable by the ADVPN peers. Therefore, using IBGP for ADVPN avoids the need to configure additional static routes or redistribute routes between BGP and another routing protocol.Reference=ADVPN with BGP as the routing protocol,ADVPN,SD-WAN self-healing with BGP,Technical Tip: ADVPN with BGP as the routing protocol

The statement that IBGP is preferred over EBGP for ADVPN because IBGP preserves next hop information (D) is true. In a typical ADVPN deployment, it's beneficial to maintain next hop information across the network to ensure proper routing and optimal path selection. Reference: This understanding comes from my knowledge of Fortinet's SD-WAN and ADVPN configurations, where BGP's behavior in terms of next hop preservation is a key consideration.

Fortinet NSE7_SDW-7.2 Fortinet NSE 7 - SD-WAN 7.2 Exam Practice Test