Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Discussions
  1. Home
  2. Fortinet
  3. NSE 7 Network Security Architect
  4. NSE7_SDW-7.2
  5. Fortinet NSE 7 - SD-WAN 7.2 Questions and Answers

Pass the Fortinet NSE 7 Network Security Architect NSE7_SDW-7.2 Questions and answers with ValidTests

Exam NSE7_SDW-7.2 All Questions
Exam NSE7_SDW-7.2 Premium Access

View all detail and faqs for the NSE7_SDW-7.2 exam

Go to Exam
Viewing page 2 out of 3 pages
Viewing questions 11-20 out of questions
Questions # 11:

Question # 11

Question # 11

Exhibit A shows the firewall policy and exhibit B shows the traffic shaping policy.

The traffic shaping policy is being applied to all outbound traffic; however, inbound traffic is not being evaluated by the shaping policy.

Based on the exhibits, what configuration change must be made in which policy so that traffic shaping can be applied to inbound traffic?

Options:

A.

Create a new firewall policy, and the select the SD-WAN zone as Incoming Interface.

B.

In the traffic shaping policy, select Assign Shaping Class ID as Action.

C.

In the firewall policy, select Proxy-based as Inspection Mode.

D.

In the traffic shaping policy, enable Reverse shaper, and then select the traffic shaper to use.

Expert Solution
Questions # 12:

Refer to the exhibits.

Question # 12

Exhibit A shows a policy package definition Exhibit B shows the install log that the administrator received when he tried to install the policy package on FortiGate devices.

Based on the output shown in the exhibits, what can the administrator do to solve the Issue?

Options:

A.

Create dynamic mapping for the LAN interface for all devices in the installation target list.

B.

Use a metadata variable instead of a dynamic interface to define the firewall policy.

C.

Dynamic mapping should be done automatically. Review the LAN interface configuration for branch2_fgt.

D.

Policies can refer to only one LAN source interface. Keep only the D-LAN, which is the dynamic LAN interface.

Expert Solution
Questions # 13:

What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in a hub-and-spoke topology? (Choose two.)

Options:

A.

VPN monitor tool provides additional statistics for tunnels defined with an IPsec recommended template.

B.

FortiManager automatically installs IPsec tunnels to every spoke when they are added to the FortiManager ADOM.

C.

IPsec recommended template guides the administrator to use Fortinet recommended settings.

D.

IPsec recommended template ensures consistent settings between phase1 and phase2

Expert Solution
Questions # 14:

Which SD-WAN setting enables FortiGate to delay the recovery of ADVPN shortcuts?

Options:

A.

hold-down-time

B.

link-down-failover

C.

auto-discovery-shortcuts

D.

idle-timeout

Expert Solution
Questions # 15:

Which two statements describe how IPsec phase 1 main mode id different from aggressive mode when performing IKE negotiation? (Choose two.)

Options:

A.

A peer ID is included in the first packet from the initiator, along with suggested security policies.

B.

XAuth is enabled as an additional level of authentication, which requires a username and password.

C.

Three packets are exchanged between an initiator and a responder instead of six packets.

D.

The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.

Expert Solution
Questions # 16:

Which two statements are correct when traffic matches the implicit SD-WAN rule? (Choose two.)

Options:

A.

The session information output displays no SD-WAN-specific details.

B.

All SD-WAN rules have the default and gateway setting enabled.

C.

Traffic does not match any of the entries in the policy route table.

D.

Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting.

Expert Solution
Questions # 17:

Which two statements about SLA targets and SD-WAN rules are true? (Choose two.)

Options:

A.

When configuring an SD-WAN rule, you can select multiple SLA targets of the same performance SLA.

B.

SD-WAN rules use SLA targets to check if the preferred members meet the SLA requirements.

C.

SLA targets are used only by SD-WAN rules that are configured with Lowest Cost (SLA) or Maximize Bandwidth (SLA) as strategy.

D.

Member metrics are measured only if an SLA target is configured.

Expert Solution
Questions # 18:

What is true about SD-WAN multiregion topologies?

Options:

A.

Each region has its own SD-WAN topology

B.

It is not compatible with ADVPN.

C.

Regions must correspond to geographical areas.

D.

Routing between the hub and spokes must be BGP.

Expert Solution
Questions # 19:

Which two statements about SD-WAN central management are true? (Choose two.)

Options:

A.

It does not allow you to monitor the status of SD-WAN members.

B.

It is enabled or disabled on a per-ADOM basis.

C.

It is enabled by default.

D.

It uses templates to configure SD-WAN on managed devices.

Expert Solution
Questions # 20:

Refer to the exhibits.

Exhibit A

Question # 20

Exhibit B

Question # 20

Exhibit A shows an SD-WAN event log and exhibit B shows the member status and the SD-WAN rule configuration.

Based on the exhibits, which two statements are correct? (Choose two.)

Options:

A.

FortiGate updated the outgoing interface list on the rule so it prefers port2.

B.

Port2 has the highest member priority.

C.

Port2 has a lower latency than port1.

D.

SD-WAN rule ID 1 is set to lowest cost (SLA) mode.

Expert Solution
Viewing page 2 out of 3 pages
Viewing questions 11-20 out of questions