NSE7_SDW-7.0
Free trial
Verified
Question 1
Which diagnostic command can you use to show the member utilization statistics measured by performance SLAs for the last 10 minutes?
- A: diagnose sys sdwan intf-sla-log
- B: diagnose sys sdwan health-check
- C: diagnose sys sdwan log
- D: diagnose sys sdwan sla-log
Question 2
Refer to the exhibits.
Exhibit A -
Exhibit B -
Exhibit A shows the system interface with the static routes and exhibit B shows the firewall policies on the managed FortiGate.
Based on the FortiGate configuration shown in the exhibits, what issue might you encounter when creating an SD-WAN zone for port1 and port2?
- A: port1 is assigned a manual IP address.
- B: port1 is referenced in a firewall policy.
- C: port2 is referenced in a static route.
- D: port1 and port2 are not administratively down.
Question 3
Which two statements are correct when traffic matches the implicit SD-WAN rule? (Choose two.)
- A: The sdwan_service_id flag in the session information is 0.
- B: All SD-WAN rules have the default setting enabled.
- C: Traffic does not match any of the entries in the policy route table.
- D: Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting.
Question 4
Refer to the exhibit.
An administrator is troubleshooting SD-WAN on FortiGate. A device behind branch1_fgt generates traffic to the 10.0.0.0/8 network. The administrator expects the traffic to match SD-WAN rule ID 1 and be routed over T_INET_0_0. However, the traffic is routed over T_INET_1_0.
Based on the output shown in the exhibit, which two reasons can cause the observed behavior? (Choose two.)
- A: The traffic matches a regular policy route configured with T_INET_1_0 as the outgoing device.
- B: T_INET_1_0 has a lower route priority value (higher priority) than T_INET_0_0.
- C: T_INET_0_0 does not have a valid route to the destination.
- D: T_INET_1_0 has a higher member configuration priority than T_INET_0_0.
Question 5
Refer to the exhibit.
Based on the exhibit, which two actions does FortiGate perform on sessions after a firewall policy change? (Choose two.)
- A: FortiGate flushes all sessions.
- B: FortiGate terminates the old sessions.
- C: FortiGate does not change existing sessions.
- D: FortiGate evaluates new sessions.
Question 6
Which two statements about SD-WAN central management are true? (Choose two.)
- A: The objects are saved in the ADOM common object database.
- B: It does not support meta fields.
- C: It uses templates to configure SD-WAN on managed devices.
- D: It supports normalized interfaces for SD-WAN member configuration.
Question 7
Refer to the exhibit.
Which conclusion about the packet debug flow output is correct?
- A: The total number of daily sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped.
- B: The packet size exceeded the outgoing interface MTU.
- C: The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped.
- D: The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the firewall policy, and the packet was dropped.
Question 8
Which are two benefits of using CLI templates in FortiManager? (Choose two.)
- A: You can reference meta fields.
- B: You can configure interfaces as SD-WAN members without having to remove references first.
- C: You can configure FortiManager to sync local configuration changes made on the managed device, to the CLI template.
- D: You can configure advanced CLI settings.
Question 9
Refer to the exhibits.
Exhibit A -
Exhibit B -
Exhibit A shows the SD-WAN performance SLA and exhibit B shows the SD-WAN member status, the routing table, and the performance SLA status.
If port2 is detected dead by FortiGate, what is the expected behavior?
- A: Port2 becomes alive after three successful probes are detected.
- B: FortiGate removes all static routes for port2.
- C: The administrator manually restores the static routes for port2, if port2 becomes alive.
- D: Host 8.8.8.8 is reachable through port1 and port2.
Question 10
Refer to the exhibit.
The device exchanges routes using IBGP.
Which two statements are correct about the IBGP configuration and routing information on the device? (Choose two.)
- A: Each BGP route is three hops away from the destination.
- B: ibgp-multipath is disabled.
- C: additional-path is enabled.
- D: You can run the get router info routing-table database command to display the additional paths.
Question 11
In a hub-and-spoke topology, what are two advantages of enabling ADVPN on the IPsec overlays? (Choose two.)
- A: It provides the benefits of a full-mesh topology in a hub-and-spoke network.
- B: It provides direct connectivity between spokes by creating shortcuts.
- C: It enables spokes to bypass the hub during shortcut negotiation.
- D: It enables spokes to establish shortcuts to third-party gateways.
Question 12
Which two protocols in the IPsec suite are most used for authentication and encryption? (Choose two.)
- A: Encapsulating Security Payload (ESP)
- B: Secure Shell (SSH)
- C: Internet Key Exchange (IKE)
- D: Security Association (SA)
Question 13
Refer to the exhibit.
Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules?
- A: All traffic from a source IP to a destination IP is sent to the same interface.
- B: All traffic from a source IP is sent to the same interface.
- C: All traffic from a source IP is sent to the most used interface.
- D: All traffic from a source IP to a destination IP is sent to the least used interface.
That’s the end of your free questions
You’ve reached the preview limit for NSE7_SDW-7.0Consider upgrading to gain full access!
Free preview mode
Enjoy the free questions and consider upgrading to gain full access!