A.  

FEC supports hardware offloading.

B.  

FEC improves reliability of noisy links.

C.  

FEC transmits parity packets that can be used to reconstruct packet loss.

D.  

FEC can leverage multiple IPsec tunnels for parity packets transmission.

A.  

The service-sla-tie-break setting enables you to configure preferred member selection based on the best route to the destination.

B.  

You can delete the default zones.

C.  

The default zones are virtual-wan-link and SASE.

D.  

An SD-WAN member can belong to two or more zones.

A.  

The traffic matches a regular policy route configured with T_INET_1_0 as the outgoing device.

B.  

T_INET_1_0 has a lower route priority value (higher priority) than T_INET_0_0.

C.  

T_INET_0_0 does not have a valid route to the destination.

D.  

T_INET_1_0 has a higher member configuration priority than T_INET_0_0.

A.  

LAG

B.  

IPsec

C.  

Physical

D.  

GRE

A.  

It simplifies the deployment and administration of SD-WAN on managed FortiGate devices.

B.  

It improves SD-WAN performance on the managed FortiGate devices.

C.  

It sends probe signals as health checks to the beacon servers on behalf of FortiGate.

D.  

It acts as a policy compliance entity to review all managed FortiGate devices.

E.  

It reduces WAN usage on FortiGate devices by acting as a local FortiGuard server.

A.  

When all three members have the same packet loss.

B.  

When T_INET_0_0 has 4% packet loss.

C.  

When T_INET_0_0 has 12% packet loss.

D.  

When T_INET_1_0 has 4% packet loss.

A.  

On the receiver FortiGate, packet-de-duplication is enabled.

B.  

The ICMP echo request packets sent over T_INET_0_0 and T_MPLS_0 were dropped along the way.

C.  

The ICMP echo request packets received over T_INET_0_0 and T_MPLS_0 were offloaded to NPU.

D.  

On the sender FortiGate, duplication-max-num is set to 3.

A.  

diagnose sys sdwan zone

B.  

diagnose sys sdwan service

C.  

diagnose sys sdwan member

D.  

diagnose sys sdwan interface

A.  

When T_INET_0_0 and T_MPLS_0 have the same latency.

B.  

When T_MPLS_0 has a latency of 100 ms.

C.  

When T_INET_0_0 has a latency of 250 ms.

D.  

When T_N1PLS_0 has a latency of 80 ms.

A.  

A peer ID is included in the first packet from the initiator, along with suggested security policies.

B.  

XAuth is enabled as an additional level of authentication, which requires a username and password.

C.  

A total of six packets are exchanged between an initiator and a responder instead of three packets.

D.  

The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.

A.  

You can apply a system template and a CLI template to the same FortiGate device.

B.  

A CLI template can be of type CLI script or Perl script.

C.  

A template group can include a system template and an SD-WAN template.

D.  

A template group can contain CLI templates of both types.

E.  

Templates are applied in order, from top to bottom.

A.  

The FortiGate cloud key has not been added to the FortiGate cloud portal.

B.  

FortiDeploy has connected with FortiGate and provided the initial configuration to contact FortiManager

C.  

The zero-touch provisioning process has completed internally, behind FortiGate.

D.  

FortiGate has obtained a configuration from the platform template in FortiGate cloud.

E.  

A factory reset performed on FortiGate.

A.  

http

B.  

icmp

C.  

twamp

D.  

dns

A.  

The total number of daily sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped.

B.  

The packet size exceeded the outgoing interface MTU.

C.  

The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped.

D.  

The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the firewall policy, and the packet was dropped.

A.  

The health-check VPN_PING orders the members according to the lowest jitter.

B.  

The interface T_INET_1 missed one SLA target.

C.  

There is no SLA criteria configured for the health-check Level3_DNS.

D.  

The interface T_INET_0 missed three SLA targets.

A.  

FortiGate updated the outgoing interface list on the rule so it prefers port2.

B.  

Port2 has the highest member priority.

C.  

Port2 has a lower latency than port1.

D.  

SD-WAN rule ID 1 is set to lowest cost (SLA) mode.

A.  

VPN monitor tool provides additional statistics for tunnels defined with an IPsec recommended template.

B.  

FortiManager automatically installs IPsec tunnels to every spoke when they are added to the FortiManager ADOM.

C.  

IPsec recommended template guides the administrator to use Fortinet recommended settings.

D.  

IPsec recommended template ensures consistent settings between phase1 and phase2

A.  

This is a spoke that has received a query from a remote hub and has forwarded the response to its hub.

B.  

Two hubs, 10.0.1.101 and 10.0.2.101, are receiving and forwarding queries between each other.

C.  

This is a hub that has received a query from a spoke and has forwarded it to another spoke.

D.  

Two spokes, 192.2.0.1 and 10.0.2.101, forward their queries to their hubs.

A.  

The reply direction of the asymmetric traffic flows from port2 to port3.

B.  

The auxiliary session can be offloaded to hardware.

C.  

The original direction of the symmetric traffic flows from port3 to port2.

D.  

The main session cannot be offloaded to hardware.

A.  

Set additional-path to send

B.  

Enable route-reflector-client

C.  

Set advertisement-interval to the number of additional paths to advertise

D.  

Set adv-additional-path to the number of additional paths to advertise

E.  

Enable soft-reconfiguration

A.  

You can reference meta fields.

B.  

You can configure interfaces as SD-WAN members without having to remove references first.

C.  

You can configure FortiManager to sync local configuration changes made on the managed device, to the CLI template.

D.  

You can configure advanced CLI settings.

A.  

FortiGate does not change the routing information on existing sessions that use a valid gateway, after a route change.

B.  

FortiGate performs routing lookups for new sessions only, after a route change.

C.  

FortiGate always blocks all traffic, after a route change.

D.  

FortiGate flushes all routing information from the session table, after a route change.

A.  

Specify a unique peer ID for each dial-up VPN interface.

B.  

Use different proposals are used between the interfaces.

C.  

Configure the IKE mode to be aggressive mode.

D.  

Use unique Diffie Hellman groups on each VPN interface.

A.  

Destination internet service must be enabled on the traffic shaping policy.

B.  

Application control must be enabled on the firewall policy.

C.  

Web filtering must be enabled on the firewall policy.

D.  

Individual SD-WAN members must be selected as the outgoing interface on the traffic shaping policy.