Which three factors about SLA targets and SD-WAN rules should you consider when configuring SD-WAN rules? (Choose three.)
AWhen configuring an SD-WAN rule, you can select multiple SLA targets from different performance SLAs.
BSLA targets are used only by SD-WAN rules that are configured with a Lowest Cost (SLA) strategy.
CMember metrics are measured only if a rule uses the SLA target.
DSD-WAN rules can use SLA targets to check whether the preferred members meet the SLA requirements.
EWhen configuring an SD-WAN rule, you can select multiple SLA targets if they are from the same performance SLA.
Refer to the exhibit.
How does FortiGate handle the traffic with the source IP 10.0.1.130 and the destination IP 128.66.0.125?
AFortiGate steers the traffic flow through port2.
BFortiGate routes the traffic flow according to the FIB.
CFortiGate load balances the traffic flow through port1 and port2.
DFortiGate drops the traffic flow.
Which statement about FortiSASE CASB capabilities is true?
AFortiSASE provides both API-based CASB and inline CASB.
BFortiSASE provides only API-based CASB.
CFortiSASE provides only inline CASB.
DFortiSASE provides CASB capabilities only through Security Fabric integration.
Which three reports are valid report types in FortiSASE? (Choose three.)
AShadow IT Report
BEndpoint Compliance Deviation Report
CCyber Threat Assessment
DVulnerability Assessment Report
EWeb Usage Summary Report
Which statement is true about FortiSASE supported deployment?
AFortiSASE relies on ZTNA-only mode, which replaces SWG and endpoint functions.
BFortiSASE supports both Endpoint mode and SWG mode, depending on deployment.
CFortiSASE supports VPN mode and Agentless mode, based on user requirements.
DFortiSASE operates only in SWG mode, where all traffic is forced through FortiSASE POPs.
Which two statements correctly describe what happens when traffic matches the implicit SD-WAN rule? (Choose two.)
ATraffic is load balanced using the algorithm set for the v4-ecmp-mode setting.
BTraffic does not match any of the entries in the policy route table.
CFortiGate flags the session with may_dirty and vwl_default.
DThe traffic is distributed, regardless of weight, through all available static routes.
EThe session information output displays no SD-WAN service id.
Refer to the exhibit.
An SD-WAN zone configuration on the FortiGate GUI is shown.
What can you conclude about the zone and member configuration on this device?
AYou can move HUB1-VPN3 from the HUB1 zone to the virtual-wan-link zone.
BThe overlay-factories zone contains no member.
CYou can delete the virtual-wan-link zones.
DYou can delete the overlay-factories zone.
Refer to the exhibit.
You configure SD-WAN on a standalone FortiGate device. You want to create an SD-WAN rule that steers traffic related to Facebook and LinkedIn through the less costly internet link.
What must you do to set Facebook and LinkedIn applications as destinations from the GUI?
AEnable the visibility of the applications field as destinations of the SD-WAN rule.
BYou cannot configure applications as destinations of an SD-WAN rule on a standalone FortiGate device.
CInstall a license to allow applications as destinations of SD-WAN rules.
DIn the Internet service field select Facebook and LinkedIn.
A FortiGate device is in production. To optimize WAN link use and improve redundancy, you enable and configure SD-WAN.
What must you do as part of this configuration update process?
AReplace references to interfaces used as SD-WAN members in the firewall policies.
BReplace references to interfaces used as SD-WAN members in the routing configuration.
CDisable the interface that you want to use as an SD-WAN member.
DPurchase and install the SD-WAN license, and reboot the FortiGate device.
Which three authentication sources support secure identity verification and access control for FortiSASE remote users? (Choose three.)
ASecurity Assertion Markup Language (SAML)
BOpen Connect (OIDC)
CLightweight Directory Access Protocol (LDAP)
DTerminal Access Controller Access-Control System Plus (TACACS+)
ERemote Authentication Dial-in User Service (RADIUS)
You are configuring SD-WAN to load balance network traffic.
Which two facts should you consider when setting up SD-WAN? (Choose two.)
AWhen applicable, FortiGate load balances traffic through all members that meet the SLA target.
BSD-WAN load balancing is possible only when using the manual and the best quality strategies.
COnly the manual and lowest cost (SLA) strategies allow SD-WAN load balancing,
DYou can select the outsessions hash mode with all strategies that allow load balancing.
Which statement is true about scheduling a FortiClient upgrade using an endpoint upgrade rule?
AWhen scheduled, the installation always starts immediately if the endpoint is online.
BAn endpoint upgrade rule can be assigned to a user group.
CScheduled upgrades automatically reboot macOS endpoints after installation.
DIf the scheduled time is already past in the local time zone of the endpoint, installation starts the next day at that time.
How is the Geofencing feature used in ForiSASE?
ATo allow or block remote user connections to FortiSASE POPs from specific countries.
BTo encrypt data at rest on mobile devices in specific counties.
CTo restrict access to applications based on the time of day in specific counties.
DTo monitor user behavior on websites and block non-work-related content from specific countries.
You want FortiGate to use SD-WAN rules to steer ping local-out traffic
Which two constraints should you consider? (Choose two.)
ABy default, local-out traffic does not use SD-WAN.
BYou must configure each local-out feature individually to use SDAWAN.
CYou can steer local-out traffic only with SD-WAN rules that use the manual strategy.
DBy default, FortiGate uses SD-WAN rules only for local-out traffic that corresponds to ping and traceroute.
An existing Fortinet SD-WAN customer who has recently deployed FortiSASE wants to have a comprehensive view of, and combined reports for both SD-WAN branches and remote users.
How can the customer achieve this?
AForward the logs from FortiSASE to Fortinet SOCaaS.
BForward the logs from FortiGate to ForliSASE.
CForward the logs from FortiSASE to the external FortiAnalyzer.
DForward the logs from the external SD-WAN FortiAnalyzer to FotiSASE.
Refer to the exhibit.
The SD-WAN rule status and configuration is shown.
Based on the exhibit, which change in the measured latency will first make HUBI1-VPN3 the new preferred member?
AWhen HUB1-VPNS has a latency of 80 ms
BWhen HUB1-VPNS has a lower latency than HUB1-VPN1 and HUB1-VPN2
CWhen HUB1-VPN1 has a latency of 200 ms
DWhen HUB1-VPN3 has a latency of 90 ms
Which two delivery methods are used for installing FortiClient on a user’s laptop? (Choose two.)
AUse zero-touch installation through a third-party application store.
BDownload the installer directly from the FortiSASE portal.
CSend an invitation email to selected users containing links to FortiClient installers.
DConfigure automatic installation through an API to the user’s laptop.
Which configuration is a valid use case for ForiSASE features in supporting remote users?
AEnabling source SaaS access through SD-WAN integration, protecting against web-based threats with data loss prevention, and monitoring user connectivity with shadow IT visibility.
BMonitoring SaaS application performance, isolating browser sessions for all websites, and integrating with SD-WAN for data loss prevention.
CEnabling secure web browsing to protect against threats, providing explicit application access with zero-trust or SD-WAN integration, and addressing shadow IT visibility with data loss prevention.
DProving secure web browsing through remote browser isolation, addressing shadow IT with zero-trust access, and protecting data a rest only.
Refer to the exhibits.
Two SD-WAN event logs, the member status, the SD-WAN rule configuration, and the health-check configuration for a FortiGate device are shown.
Immediately after the log messages are displayed, how will the FortiGate steer the traffic based on the information shown in the exhibits?
AFortiGate uses port2 to steer the traffic for SD-WAN rule ID 1.
BFortiGate skips SD-WAN rule ID 1
CFortiGate uses port1 to steer the traffic for SD-WAN rule ID 1.
DFortiGate uses port1 or port2 to steer the traffic for SD-WAN rule ID 1.
For a small site, an administrator plans to implement SD-WAN and ensure high network availability for business-critical applications while limiting the overall cost and the cost of pay-per-use backup connections.
When action must the administrator take to accomplish this plan?
AUse a mid-range FortiGate device to implement standalone SD-WAN.
BImplement dynamic outing.
CSet up a high availability (HA) cluster to implement standalone SD-WAN.
Preview
