Easter Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

Fortinet NSE 7 - SD-WAN 7.0 Question and Answers

Fortinet NSE 7 - SD-WAN 7.0

Last Update May 17, 2024
Total Questions : 70

We are offering FREE NSE7_SDW-7.0 Fortinet exam questions. All you do is to just go and sign up. Give your details, prepare NSE7_SDW-7.0 free exam questions and then go for complete pool of Fortinet NSE 7 - SD-WAN 7.0 test questions that will help you more.

NSE7_SDW-7.0 pdf

NSE7_SDW-7.0 PDF

$35  $99.99
 Add to Cart
NSE7_SDW-7.0 Engine

NSE7_SDW-7.0 Testing Engine

$42  $119.99
 Add to Cart
NSE7_SDW-7.0 PDF + Engine

NSE7_SDW-7.0 PDF + Testing Engine

$56  $159.99
 Add to Cart
Questions 1

Refer to the exhibit.

The exhibit shows the details of a session and the index numbers of some relevant interfaces on a FortiGate appliance that supports hardware offloading. Based on the information shown in the exhibits, which two statements about the session are true? (Choose two.)

Options:

A.  

The reply direction of the asymmetric traffic flows from port2 to port3.

B.  

The auxiliary session can be offloaded to hardware.

C.  

The original direction of the symmetric traffic flows from port3 to port2.

D.  

The main session cannot be offloaded to hardware.

Discussion 0
Questions 2

Refer to the exhibit.

The exhibit shows the SD-WAN rule status and configuration.

Based on the exhibit, which change in the measured latency will make T_MPLS_0 the new preferred member?

Options:

A.  

When T_INET_0_0 and T_MPLS_0 have the same latency.

B.  

When T_MPLS_0 has a latency of 100 ms.

C.  

When T_INET_0_0 has a latency of 250 ms.

D.  

When T_N1PLS_0 has a latency of 80 ms.

Discussion 0
Questions 3

Which two protocols in the IPsec suite are most used for authentication and encryption? (Choose two.)

Options:

A.  

Encapsulating Security Payload (ESP)

B.  

Secure Shell (SSH)

C.  

Internet Key Exchange (IKE)

D.  

Security Association (SA)

Discussion 0
Questions 4

Refer to the exhibits.

An administrator is testing application steering in SD-WAN. Before generating test traffic, the administrator collected the information shown in exhibit A.

After generating GoToMeeting test traffic, the administrator examined the respective traffic log on FortiAnalyzer, which is shown in exhibit B. The administrator noticed that the traffic matched the implicit SD-WAN rule, but they expected the traffic to match rule ID 1.

Which two reasons explain why the traffic matched the implicit SD-WAN rule? (Choose two.)

Options:

A.  

FortiGate did not refresh the routing information on the session after the application was detected.

B.  

Port1 and port2 do not have a valid route to the destination.

C.  

Full SSL inspection is not enabled on the matching firewall policy.

D.  

The session 3-tuple did not match any of the existing entries in the ISDB application cache.

Discussion 0
Questions 5

Refer to the exhibit.

Based on the exhibit, which two statements are correct about the health of the selected members? (Choose two.)

Options:

A.  

After FortiGate switches to active mode, FortiGate never fails back to passive monitoring.

B.  

During passive monitoring, FortiGate can’t detect dead members.

C.  

FortiGate can offload the traffic that is subject to passive monitoring to hardware.

D.  

FortiGate passively monitors the member if TCP traffic is passing through the member.

Discussion 0
Questions 6

Which two statements about SLA targets and SD-WAN rules are true? (Choose two.)

Options:

A.  

When configuring an SD-WAN rule, you can select multiple SLA targets of the same performance SL

A.  

B.  

SD-WAN rules use SLA targets to check if the preferred members meet the SLA requirements.

C.  

SLA targets are used only by SD-WAN rules that are configured with Lowest Cost (SLA) or Maximize Bandwidth (SLA) as strategy.

D.  

Member metrics are measured only if an SLA target is configured.

Discussion 0
Questions 7

Refer to the exhibit.

An administrator is troubleshooting SD-WAN on FortiGate. A device behind branch1_fgt generates traffic to the 10.0.0.0/8 network. The administrator expects the traffic to match SD-WAN rule ID 1 and be routed over T_INET_0_0. However, the traffic is routed over T_INET_1_0.

Based on the output shown in the exhibit, which two reasons can cause the observed behavior? (Choose two.)

Options:

A.  

The traffic matches a regular policy route configured with T_INET_1_0 as the outgoing device.

B.  

T_INET_1_0 has a lower route priority value (higher priority) than T_INET_0_0.

C.  

T_INET_0_0 does not have a valid route to the destination.

D.  

T_INET_1_0 has a higher member configuration priority than T_INET_0_0.

Discussion 0
Questions 8

Which diagnostic command can you use to show the member utilization statistics measured by performance SLAs for the last 10 minutes?

Options:

A.  

diagnose sys sdwan intf-sla-log

B.  

diagnose sys sdwan health-check

C.  

diagnose sys sdwan log

D.  

diagnose sys sdwan sla-log

Discussion 0
Questions 9

Refer to the exhibits.

Exhibit A

Exhibit B

Exhibit A shows the SD-WAN performance SLA configuration, the SD-WAN rule configuration, and the application IDs of Facebook and YouTube. Exhibit B shows the firewall policy configuration and the underlay zone status.

Based on the exhibits, which two statements are correct about the health and performance of port1 and port2? (Choose two.)

Options:

A.  

The performance is an average of the metrics measured for Facebook and YouTube traffic passing through the member.

B.  

FortiGate is unable to measure jitter and packet loss on Facebook and YouTube traffic.

C.  

FortiGate identifies the member as dead when there is no Facebook and YouTube traffic passing through the member.

D.  

Non-TCP Facebook and YouTube traffic are not used for performance measurement.

Discussion 0
Questions 10

Refer to the exhibit.

Which two SD-WAN template member settings support the use of FortiManager meta fields? (Choose two.)

Options:

A.  

Cost

B.  

Interface member

C.  

Priority

D.  

Gateway IP

Discussion 0
Questions 11

Which statement is correct about SD-WAN and ADVPN?

Options:

A.  

Routes for ADVPN shortcuts must be manually configured.

B.  

SD-WAN can steer traffic to ADVPN shortcuts, established over IPsec overlays, configured as SD-WAN members.

C.  

SD-WAN does not monitor the health and performance of ADVPN shortcuts.

D.  

You must use IKEv2 on IPsec tunnels.

Discussion 0
Questions 12

Refer to the exhibit.

Which conclusion about the packet debug flow output is correct?

Options:

A.  

The original traffic exceeded the maximum packets per second of the outgoing interface, and the packet was dropped.

B.  

The reply traffic exceeded the maximum bandwidth configured in the traffic shaper, and the packet was dropped.

C.  

The original traffic exceeded the maximum bandwidth of the outgoing interface, and the packet was dropped.

D.  

The original traffic exceeded the maximum bandwidth configured in the traffic shaper, and the packet was dropped.

Discussion 0
Questions 13

Refer to the exhibit.

Which statement explains the output shown in the exhibit?

Options:

A.  

FortiGate performed standard FIB routing on the session.

B.  

FortiGate will not re-evaluate the session following a firewall policy change.

C.  

FortiGate used 192.2.0.1 as the gateway for the original direction of the traffic.

D.  

FortiGate must re-evaluate the session due to routing change.

Discussion 0
Questions 14

Refer to the exhibits.

Exhibit A

Exhibit B

Exhibit A shows the source NAT (SNAT) global setting and exhibit B shows the routing table on FortiGate.

Based on the exhibits, which two actions does FortiGate perform on existing sessions established over port2, if the administrator increases the static route priority on port2 to 20? (Choose two.)

Options:

A.  

FortiGate flags the sessions as dirty.

B.  

FortiGate continues routing the sessions with no SNAT, over port2.

C.  

FortiGate performs a route lookup for the original traffic only.

D.  

FortiGate updates the gateway information of the sessions with SNAT so that they use port1 instead of port2.

Discussion 0
Questions 15

Which components make up the secure SD-WAN solution?

Options:

A.  

Application, antivirus, and URL, and SSL inspection

B.  

Datacenter, branch offices, and public cloud

C.  

FortiGate, FortiManager, FortiAnalyzer, and FortiDeploy

D.  

Telephone, ISDN, and telecom network.

Discussion 0
Questions 16

Which two interfaces are considered overlay links? (Choose two.)

Options:

A.  

LAG

B.  

IPsec

C.  

Physical

D.  

GRE

Discussion 0
Questions 17

Which SD-WAN setting enables FortiGate to delay the recovery of ADVPN shortcuts?

Options:

A.  

hold-down-time

B.  

link-down-failover

C.  

auto-discovery-shortcuts

D.  

idle-timeout

Discussion 0
Questions 18

What is a benefit of using application steering in SD-WAN?

Options:

A.  

The traffic always skips the regular policy routes.

B.  

You steer traffic based on the detected application.

C.  

You do not need to enable SSL inspection.

D.  

You do not need to configure firewall policies that accept the SD-WAN traffic.

Discussion 0
Questions 19

In the default SD-WAN minimum configuration, which two statements are correct when traffic matches the default implicit SD-WAN rule? (Choose two )

Options:

A.  

Traffic has matched none of the FortiGate policy routes.

B.  

Matched traffic failed RPF and was caught by the rule.

C.  

The FIB lookup resolved interface was the SD-WAN interface.

D.  

An absolute SD-WAN rule was defined and matched traffic.

Discussion 0