Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

NSE7_SDW-7.2Free trial

By fortinet

Verified

25Q per page

Question 1

Refer to the exhibit.

The exhibit shows the BGP configuration on the hub in a hub-and-spoke topology. The administrator wants BGP to advertise prefixes from spokes to other spokes over the IPsec overlays, including additional paths. However, when looking at the spoke routing table, the administrator does not see the prefixes from other spokes and the additional paths.
Based on the exhibit, which three settings must the administrator configure inside each BGP neighbor group so spokes can learn other spokes prefixes and their additional paths? (Choose three.)

A: Enable soft-reconfiguration
B: Enable route-reflector-client
C: Set additional-path to send
D: Set adv-additional-path to the number of additional paths to advertise
E: Set advertisement-interval to the number of additional paths to advertise

—

Question 2

Refer to the exhibits.
Exhibit A.

Exhibit B.

An administrator is testing application steering in SD-WAN. Before generating test traffic, the administrator collected the information shown in exhibit A.
After generating GoToMeeting test traffic, the administrator examined the respective traffic log on FortiAnalyzer, which is shown in exhibit B. The administrator noticed that the traffic matched the implicit SD-WAN rule, but they expected the traffic to match rule ID 1.
Which two reasons explain why some log messages show that the traffic matched the implicit SD-WAN rule? (Choose two.)

A: Port1 and port2 do not have a valid route to the destination.
B: The session 3-tuple did not match any of the existing entries in the ISDB application cache.
C: Full SSL inspection is not enabled on the matching firewall policy.
D: FortiGate did not refresh the routing information on the session after the application was detected.

—

Question 3

Which diagnostic command can you use to show the configured SD-WAN zones and their assigned members?

A: diagnose sys sdwan member
B: diagnose sys sdwan interface
C: diagnose sys sdwan zone
D: diagnose sys sdwan service

—

Question 4

Which statement is correct about SD-WAN and ADVPN?

A: SD-WAN can steer traffic to ADVPN shortcuts only for rules defined with strategy manual or best quality.
B: SD-WAN does not monitor the health and performance of ADVPN shortcuts.
C: SD-WAN cannot steer traffic to ADVPN shortcuts established over IPSec overlays if the zone contains physical interfaces.
D: SD-WAN can steer traffic to ADVPN shortcuts established over IPsec overlays configured as SD-WAN members.

—

Question 5

Refer to the exhibit.

The exhibit shows the SD-WAN rule status and configuration.
Based on the exhibit, which change in the measured latency will make T_MPLS_0 the new preferred member?

A: When T_INET_0_0 has a latency of 250 ms.
B: When T_MPLS_0 has a latency of 80 ms.
C: When T_INET_0_0 and T_MPLS_0 have the same latency.
D: When T_MPLS_0 has a latency of 100 ms.

—

Question 6

What is a benefit of using application steering in SD-WAN?

A: The traffic always skips the regular policy routes.
B: You do not need to configure firewall policies that accept the SD-WAN traffic.
C: You steer traffic based on the detected application.
D: You do not need to enable SSL inspection.

—

Question 7

Refer to the exhibit.

Based on the exhibit, which two statements are correct about the health of the selected members? (Choose two.)

A: After FortiGate switches to active mode, the SLA performance rule never fallsback to passive monitoring.
B: FortiGate passively monitors the member if TCP traffic is passing through the member.
C: FortiGate can offload the traffic that is subject to passive monitoring to hardware.
D: During passive monitoring, the SLA performance rule cannot detect dead members.

—

Question 8

Which two statements about the SD-WAN members are true? (Choose two.)

A: Interfaces of type virtual wire pair can be used as SD-WAN members.
B: You can manually define the SD-WAN members sequence number.
C: An SD-WAN member can belong to two or more SD-WAN zones.
D: Interfaces of type VLAN can be used as SD-WAN members.

—

Question 9

Refer to the exhibit.

An administrator is troubleshooting SD-WAN on FortiGate. A device behind branch1_fgt generates traffic to the 10.0.0.0/8 network. The administrator expects the traffic to match SD-WAN rule ID 1 and be routed over T_INET_0. However, the traffic is routed over T_INET_1.
Based on the output shown in the exhibit, which two reasons can cause the observed behavior? (Choose two.)

A: T_INET_1 has a lower route priority value (higher priority) than T_INET_0.
B: The traffic matches a regular policy route configured with T_INET_1 as the outgoing device.
C: T_INET_1 has a higher member configuration priority than T_INET_0.
D: T_INET_0 does not have a valid route to the destination.

—

Question 10

Within IPsec tunnel templates available on FortiManager, which template will you use to configure static tunnels for a hub and spoke topology?

A: Hub_IPsec_Recommended
B: Static_IPsec_Recommended
C: IPsec Fortinet Recommended
D: Branch IPsec Recommended

—

Question 11

The administrator uses the FortiManager SD-WAN overlay template to prepare an SD-WAN deployment. With information provided through the SD-WAN overlay template wizard, FortiManager creates templates ready to install on spoke and hub devices.
Select three templates created by the SD-WAN overlay template for a spoke device. (Choose three.)

A: IPsec tunnel template
B: BGP template
C: Overlay template
D: System template
E: CLI template

—

Question 12

What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in an hub-and-spoke topology? (Choose two.)

A: It ensures consistent settings between phase1 and phase2.
B: It guides the administrator to use Fortinet recommended settings.
C: The VPN monitor tool provides additional statistics for tunnels defined with an IPsec recommended template.
D: It automatically install IPsec tunnels to every spoke when they are added to the FortiManager ADOM.

—

Question 13

Refer to the exhibit.

Based on the output, which two conclusions are true? (Choose two.)

A: Entry 1 (id=1) is a regular policy route.
B: There is more than one SD-WAN rule configured.
C: The SD-WAN rules take precedence over regular policy routes.
D: The all_rules rule represents the implicit SD-WAN rule.

—

Question 14

What are two benefits of using forward error correction (FEC) in IPsec VPNs? (Choose two.)

A: FEC can leverage multiple IPsec tunnels for parity packets transmission.
B: FEC transmits parity packets that can be used to reconstruct packet loss.
C: FEC improves reliability of noisy links.
D: FEC supports hardware offloading.

—

That’s the end of your free questions

You’ve reached the preview limit for NSE7_SDW-7.2

Consider upgrading to gain full access!

Page 1 of 3 • Questions 1-25 of 70

1 2 3

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!