Fortinet Fortinet NSE 5 - FortiSASE and SD-WAN 7.6 Core Administrator - NSE5_SSE_AD-7.6 Practice Questions

Refer to the exhibit.



The exhibit shows output of the command diagnose sys sdwan service collected on a FortiGate device. The administrator wants to know through which interface FortiGate will steer traffic from local users on subnet 10.0.1.0/255.255.255.192 and with a destination of the social media application Facebook.
Based on the exhibits, which two statements are correct? (Choose two.)

A. FortiGate steers traffic for social media applications according to the service rule 2 and steers traffic through port2.

B. There is no service defined for the Facebook application, so FortiGate applies service rule 3 and directs the traffic to headquarters.

C. When FortiGate cannot recognize the application of the flow, it load balances the traffic through the tunnels HQ_T1, HQ_T2, HQ_T3.

D. When FortiGate cannot recognize the application of the flow, it steers the traffic through the preferred member of rule 3, HQ_T1.

A FortiGate device is in production. To optimize WAN link use and improve redundancy, you enable and configure SD-WAN.
What must you do as part of this configuration update process? (Choose one answer)

A. Replace references to interfaces used as SD-WAN members in the firewall policies.

B. Replace references to interfaces used as SD-WAN members in the routing configuration.

C. Disable the interface that you want to use as an SD-WAN member.

D. Purchase and install the SD-WAN license, and reboot the FortiGate device.

The IT team is wondering whether they will need to continue using MDM tools for future FortiClient upgrades.
What options are available for handling future FortiClient upgrades?

A. Enable the Endpoint Upgrade feature on the FortiSASE portal.

B. FortiClient will need to be manually upgraded.

C. Perform onboarding for managed endpoint users with a newer FortiClient version.

D. A newer FortiClient version will be auto-upgraded on demand.

Refer to the exhibit, which shows the SD-WAN rule status and configuration.



Based on the exhibit, which change in the measured packet loss will make HUB1-VPN3 the new preferred member? (Choose one answer)

A. When all three members have the same packet loss

B. When HUB1-VPN1 has 4% packet loss

C. When HUB1-VPN1 has 12% packet loss

D. When HUB1-VPN3 has 4% packet loss

Refer to the exhibits.



The administrator increases the member priority on port2 to 20. Upon configuration changes and the receipt of new packets, which two actions does FortiGate perform on existing sessions established over port2? (Choose two.)

A. FortiGate updates the gateway information of the sessions with SNAT so that they use port1 instead of port2.

B. FortiGate flags the SNAT session as dirty only if the administrator has assigned an IP pool to the firewall policies with NAT.

C. FortiGate routes only new sessions over port1.

D. FortiGate continues routing all existing sessions over port2.

E. FortiGate flags the sessions as dirty.

What is the purpose of the on/off-net rule setting in FortiSASE?

A. To enable or disable user authentication for external network access.

B. To define different traffic routing rules for on-premises and cloud-based resources.

C. To determine if an endpoint is connecting from a trusted network or untrusted location.

D. To configure different access policies for users based on their geographical location.

Which FortiSASE feature monitors SaaS application performance and connectivity to points of presence (POPs)?

A. Operations widgets

B. FortiView dashboards

C. Event logs

D. Digital experience monitoring