Fortinet NSE7_SDW-7.2 Practice Questions

Refer to the exhibit.

Based on the exhibit, which statement about FortiGate re-evaluating traffic is true?

A. The type of traffic defined and allowed on firewall policy ID 1 is UDP.

B. FortiGate has terminated the session after a change on policy ID 1.

C. Changes have been made on firewall policy ID 1 on FortiGate.

D. Firewall policy ID 1 has source NAT disabled.

Refer to the exhibits.

Exhibit A shows the SD-WAN rule status and the learned BGP routes with community 65000:10. Exhibit B shows the SD-WAN rule configuration, the BGP neighbor configuration, and the route map configuration. The administrator wants to steer corporate traffic using routes tags in the SD-WAN rule ID 1. However, the administrator observes that the corporate traffic does not match the SD-WAN rule ID 1. Based on the exhibits, which configuration change is required to fix issue?

A. In the dcl-lab-rm route map configuration, set set-route-tag to 10.

B. In SD-WAN rule ID 1, change the destination to use ISDB entries.

C. In the BGP neighbor configuration, apply the route map dcl-lab-rm in the outbound direction.

D. In the dcl-lab-rm route map configuration, unset match-community.

Refer to the exhibit.

Which algorithm does SD-WAN use to distribute traffic that does not match any of the SDWAN rules?

A. All traffic from a source IP to a destination IP is sent to the same interface.

B. All traffic from a source IP is sent to the same interface.

C. All traffic from a source IP is sent to the most used interface.

D. All traffic from a source IP to a destination IP is sent to the least used interface.

What are two benefits of using forward error correction (FEC) in IPsec VPNs? (Choose two.)

A. FEC supports hardware offloading.

B. FEC improves reliability of noisy links.

C. FEC transmits parity packets that can be used to reconstruct packet loss.

D. FEC can leverage multiple IPsec tunnels for parity packets transmission.

Refer to the exhibit.

An administrator used the SD-WAN overlay template to prepare an IPsec configuration for a hub-and-spoke SD-WAN topology. The exhibit shows the installation preview for one FortiGate device. In the exhibit, which statement best describes the configuration applied to the FortiGate device?

A. It is a hub device. It can send ADVPN shortcut offers.

B. It is a spoke device that establishes dynamic IPsec tunnels to the hub. The subnet range is 10.10.128.0/23.

C. It is a spoke device that establishes dynamic IPsec tunnels to the hub. It can send ADVPN shortcut requests.

D. It is a hub device and will automatically discover the spoke devices that are in the SDWAN topology.

Which three matching traffic criteria are available in SD-WAN rules? (Choose three.)

A. Type of physical link connection

B. Internet service database (ISDB) address object

C. Source and destination IP address

D. URL categories

E. Application signatures

Refer to the Exhibits:

Exhibit A, which shows the SD-WAN performance SLA and exhibit B shows the health of the participating SD-WAN members. Based on the exhibits, which statement is correct?

A. The dead member interface stays unavailable until an administrator manually brings the interface back.

B. Port2 needs to wait 500 milliseconds to change the status from alive to dead.

C. Static routes using port2 are active in the routing table.

D. FortiGate has not received three consecutive requests from the SLA server configured for port2.