Fortinet NSE7_SDW-7.2 Practice Questions

Total 91 Questions


Last Updated On : 26-Nov-2025


undraw-questions

Think You're Ready? Prove It Under Real Fortinet Exam Conditions

Take Exam

Refer to the exhibit.

Based on the exhibit, which statement about FortiGate re-evaluating traffic is true?



A. The type of traffic defined and allowed on firewall policy ID 1 is UDP.


B. FortiGate has terminated the session after a change on policy ID 1.


C. Changes have been made on firewall policy ID 1 on FortiGate.


D. Firewall policy ID 1 has source NAT disabled.





C.
  Changes have been made on firewall policy ID 1 on FortiGate.

Refer to the exhibits.

Exhibit A shows the SD-WAN rule status and the learned BGP routes with community 65000:10. Exhibit B shows the SD-WAN rule configuration, the BGP neighbor configuration, and the route map configuration. The administrator wants to steer corporate traffic using routes tags in the SD-WAN rule ID 1. However, the administrator observes that the corporate traffic does not match the SD-WAN rule ID 1. Based on the exhibits, which configuration change is required to fix issue?



A. In the dcl-lab-rm route map configuration, set set-route-tag to 10.


B. In SD-WAN rule ID 1, change the destination to use ISDB entries.


C. In the BGP neighbor configuration, apply the route map dcl-lab-rm in the outbound direction.


D. In the dcl-lab-rm route map configuration, unset match-community.





C.
  In the BGP neighbor configuration, apply the route map dcl-lab-rm in the outbound direction.

Refer to the exhibit.

Which algorithm does SD-WAN use to distribute traffic that does not match any of the SDWAN rules?



A. All traffic from a source IP to a destination IP is sent to the same interface.


B. All traffic from a source IP is sent to the same interface.


C. All traffic from a source IP is sent to the most used interface.


D. All traffic from a source IP to a destination IP is sent to the least used interface.





A.
  All traffic from a source IP to a destination IP is sent to the same interface.

What are two benefits of using forward error correction (FEC) in IPsec VPNs? (Choose two.)



A. FEC supports hardware offloading.


B. FEC improves reliability of noisy links.


C. FEC transmits parity packets that can be used to reconstruct packet loss.


D. FEC can leverage multiple IPsec tunnels for parity packets transmission.





B.
  FEC improves reliability of noisy links.

C.
  FEC transmits parity packets that can be used to reconstruct packet loss.

Refer to the exhibit.

An administrator used the SD-WAN overlay template to prepare an IPsec configuration for a hub-and-spoke SD-WAN topology. The exhibit shows the installation preview for one FortiGate device. In the exhibit, which statement best describes the configuration applied to the FortiGate device?



A. It is a hub device. It can send ADVPN shortcut offers.


B. It is a spoke device that establishes dynamic IPsec tunnels to the hub. The subnet range is 10.10.128.0/23.


C. It is a spoke device that establishes dynamic IPsec tunnels to the hub. It can send ADVPN shortcut requests.


D. It is a hub device and will automatically discover the spoke devices that are in the SDWAN topology.





C.
  It is a spoke device that establishes dynamic IPsec tunnels to the hub. It can send ADVPN shortcut requests.

Explanation:
According to the SD-WAN 7.2 Study Guide, the SD-WAN overlay template simplifies the configuration of IPsec tunnels in a hub-and-spoke topology. The template defines the following parameters:

Type: dynamic for spokes, static for hubs
Interface: the WAN interface to use for the IPsec tunnel
Network-overlay: enable for spokes, disable for hubs
Network-id: a unique identifier for each spoke
Auto-discovery-sender: enable for hubs, disable for spokes
Auto-discovery-receiver: enable for spokes, disable for hubs

Based on the exhibit, the FortiGate device has the following configuration:

Type: dynamic
Interface: port1
Network-overlay: enable
Network-id: 5
Auto-discovery-sender: disable
Auto-discovery-receiver: enable

Therefore, the FortiGate device is a spoke that establishes dynamic IPsec tunnels to the hub. It also has the network-overlay and auto-discovery-receiver options enabled, which means it can send ADVPN shortcut requests to other spokes when it receives a shortcut offer from the hub.

Which three matching traffic criteria are available in SD-WAN rules? (Choose three.)



A. Type of physical link connection


B. Internet service database (ISDB) address object


C. Source and destination IP address


D. URL categories


E. Application signatures





B.
  Internet service database (ISDB) address object

C.
  Source and destination IP address

E.
  Application signatures

Refer to the Exhibits:

Exhibit A, which shows the SD-WAN performance SLA and exhibit B shows the health of the participating SD-WAN members. Based on the exhibits, which statement is correct?



A. The dead member interface stays unavailable until an administrator manually brings the interface back.


B. Port2 needs to wait 500 milliseconds to change the status from alive to dead.


C. Static routes using port2 are active in the routing table.


D. FortiGate has not received three consecutive requests from the SLA server configured for port2.





C.
  Static routes using port2 are active in the routing table.

Page 4 out of 13 Pages
NSE7_SDW-7.2 Practice Test Home Previous

Your Official Fortinet NSE7_SDW-7.2 Exam Rehearsal

Our new Timed NSE7_SDW-7.2 Exam Simulation replicates the exact format, question count, and strict time limit of the real test.

We don't just test your knowledge; we build your Fortinet exam-day stamina and speed, so you can answer with confidence when it matters most.



Stop the clock-watching. Start your simulation now!