Fortinet NSE7_SDW-7.2 Exam Practice Test Instant Access

Question 1

Refer to the exhibit.

Which statement explains the output shown in the exhibit?

AFortiGate performed standard FIB routing on the session.

BFortiGate will not re-evaluate the session following a firewall policy change.

CFortiGate used 192.2.0.1 as the gateway for the original direction of the traffic.

DFortiGate must re-evaluate the session due to routing change.

Answer : D

The snat-route-change option is enabled by default. This option enables FortiGate to re-evaluate the routing table and select a new egress interface if the next hop IP address changes. This option only applies to sessions in the dirty state. Sessions in the log state are not affected by routing changes.

Question 2

Which diagnostic command can you use to show the member utilization statistics measured by performance SLAs for the last 10 minutes?

Adiagnose sys sdwan sla-log

Bdiagnose ays sdwan health-check

Cdiagnose sys sdwan intf-sla-log

Ddiagnose sys sdwan log

Answer : A

Question 3

What are two benefits of using the Internet service database (ISDB) in an SD-WAN rule? (Choose two.)

AThe ISDB is dynamically updated and reduces administrative overhead.

BThe ISDB requires application control to maintain signatures and perform load balancing.

CThe ISDB applies rules to traffic from specific sources, based on application type.

DThe ISDB contains the IP addresses and port ranges of well-known internet services.

Answer : A, D

Question 4

Exhibit.

The exhibit shows the output of the command diagnose sys sdwan health-check status collected on a FortiGate device. Which two statements are correct about the health check status on this FortiGate device? (Choose two.)

AThe health-check VPN_PING orders the members according to the lowest jitter.

BThe interface T_INET_1 missed one SLA target.

CThere is no SLA criteria configured for the health-check Level3_DNS.

DThe interface T_INET_0 missed three SLA targets.

Answer : A, C

According to theFortiGate / FortiOS 6.4.2 Administration Guide, the health check status command displays the status of the health check probes for each SD-WAN member interface. The output includes the following information:

state: the current state of the interface, either alive or dead

packet-loss: the percentage of packets lost during the health check

latency: the average round-trip time in milliseconds

jitter: the variation in latency

mos: the mean opinion score, a measure of voice quality

bandwidth: the available bandwidth in kilobits per second for each direction (up, down, bi)

sla map: a bitmap that indicates which SLA criteria are met or failed

Based on the exhibit, the following statements are correct:

The health-check VPN_PING orders the members according to the lowest jitter.This means that the interface with the lowest jitter value is listed first, followed by the next lowest, and so on1. In the exhibit, the order is T_MPLS, T_INET_1, and T_INET_0.

There is no SLA criteria configured for the health-check Level3_DNS.This means that the health check does not use any SLA parameters to determine the state of the interface2. In the exhibit, the sla map value is 0x0 for both port1 and port2, indicating that no SLA criteria are applied.

Question 5

Which two protocols in the IPsec suite are most used for authentication and encryption? (Choose two.)

AEncapsulating Security Payload (ESP)

BSecure Shell (SSH)

CInternet Key Exchange (IKE)

DSecurity Association (SA)

Answer : A, C

Question 6

Which are two benefits of using CLI templates in FortiManager? (Choose two.)

AYou can reference meta fields.

BYou can configure interfaces as SD-WAN members without having to remove references first.

CYou can configure FortiManager to sync local configuration changes made on the managed device, to the CLI template.

DYou can configure advanced CLI settings.

Answer : A, D

Question 7

Refer to the exhibit.

Which two statements about the IPsec VPN configuration and the status of the IPsec VPN tunnel are true? (Choose two.)

AFortiGate does not install IPsec static routes for remote protected networks in the routing table.

BThe phase 1 configuration supports the network-overlay setting.

CFortiGate facilitated the negotiation of the T_INET_1_0_0 ADVPN shortcut over T_INET_1_0.

DDead peer detection is disabled.

Answer : A, B

Fortinet NSE 7 - SD-WAN 7.2 NSE7_SDW-7.2 Exam Practice Test