NSE6-SDW-AD-7-6 Practice Exam — 35 Free Fortinet Questions

Join Us Among the Stars

Sign Up & unlock 100% of Exam Questions

Log in / Sign up

No Strings Attached!

35Practice Questions

3Study Modes

Free

TopicSort

Question 1

Rules and routing

What are three key routing principles of SD-WAN? (Choose three.)

A SD-WAN rules are skipped if the best route to the destination is not an SD-WAN member.
B Routes to directly connected subnets have precedence over SD-WAN rules.
C SD-WAN rules are skipped if the best route to the destination is a static route.
D SD-WAN members are skipped if they do not have a valid route to the destination.
E Internet Service Database (ISDB) routes have precedence over SD-WAN rules.

Question 2

SD-WAN troubleshooting

Question 3

Advanced IPsec

Question 4

SD-WAN setup

Question 5

Rules and routing

Question 6

SD-WAN setup

Question 7

Advanced IPsec

Question 8

Rules and routing

Question 9

Rules and routing

Question 10

SD-WAN setup

Question 11

SD-WAN setup

Question 12

SD-WAN troubleshooting

Question 13

SD-WAN setup

Question 14

Advanced IPsec

That's the end of the Preview

This exam has 35 community-verified practice questions. Create a free account to access all questions, comments, and explanations.

Topics covered:

SD-WAN setupRules and routingCentralized managementAdvanced IPsecSD-WAN troubleshooting

Log In / Sign Up

Page 1 of 2 • Questions 1-25 of 35

1 2

→

Know a question that should be here? Contribute to this exam

Refer to the exhibit.

Question Image

To check the status of an SD-WAN topology using the FortiManager SD-WAN monitor menus, you place your mouse next to branch1_fgt and receive the output shown in the exhibit.
Which conclusion can you draw from the output shown in the exhibit?

A The template Corp-SOT defines a single-hub topology
B branch3_fgt is configured with three SD-WAN overlay tunnels and one is dead.
C The three spokes have tunnels that are out of SLA.
D Three tunnels of branch2_fgt are out of SLA.

Refer to the exhibit.

Question Image

Two hub-and-spoke groups are connected through redundant site-to-site IPsec VPNs between Hub 1 and Hub 2.
Which two configuration settings are required for spoke A1 to establish an auto-discovery VPN (ADVPN) shortcut with spoke B2? (Choose two.)

A On the hubs, auto-discovery-forwarder must be enabled on the IPsec VPNs to hubs.
B On the spokes, auto-discovery-receiver must be enabled on the IPsec VPNs to the hub.
C On the hubs, auto-discovery-receiver must be enabled on the IPsec VPNs to spokes.
D On the spokes, auto-discovery-sender must be enabled on the IPsec VPNs to hubs.

In the context of SD-WAN, the terms underlay and overlay are commonly used to categorize links.
Which two statements about underlay and overlay links are correct? (Choose two.)

A Overlay links provide routing flexibility.
B FortiLink interface is considered an underlay link.
C A VLAN is a type of overlay link.
D Only wired connections can be used as underlay links.
E Wireless connections can be used to build overlay links.

Refer to the exhibit.

Question Image

Which two conclusions can you draw from the output shown? (Choose two.)

A UDP traffic destined to the subnet 10.22.0.0/24 matches a policy route.
B At least one SD-WAN rule is defined with application categories as the destination.
C At least one SD-WAN rule allows traffic load balancing.
D UDP traffic destined to the subnet 10.22.0.0/24 matches a manual SD-WAN rule.

Question 6

SD-WAN setup

Question 7

Advanced IPsec

Question 8

Rules and routing

Question 9

Rules and routing

Question 10

SD-WAN setup

Question 11

SD-WAN setup

Question 12

SD-WAN troubleshooting

Question 13

SD-WAN setup

Question 14

Advanced IPsec

You are configuring SD-WAN to load balance network traffic and you want to take into account the link quality.
Which two facts should you consider? (Choose two.)

A The best quality strategy supports only the round-robin hash mode.
B When applicable, FortiGate load balances the traffic through all members that meet the SLA target.
C You can select the best quality strategy and allow SD-WAN load balancing.
D You can select the lowest cost service level agreement (SLA) strategy and allow SD-WAN load balancing.

You configure the overlay tunnels for an SD-WAN hub-and-spoke topology defined with IPsec tunnels, BGP on loopback and dynamic BGP.
Which are two recommended IPsec settings for this topology? (Choose two.)

A On the hub, set the tunnel type to static.
B On the spoke, set the parameter net-device to enable.
C On the spoke, configure the parameter localid.
D On the hub, set the parameter mode-cfg to enable.

An SD-WAN member is no longer used to steer SD-WAN traffic. The administrator updated the SD-WAN configuration and deleted the unused member. After the configuration update, users report that some destinations are unreachable. You confirm that the affected flow does not match an SD-WAN rule.
What could be a possible cause of the traffic interruption?

A FortiGate administratively brings down interfaces when they are removed from the SD-WAN configuration.
B FortiGate, with SD-WAN enabled, cannot route traffic through interfaces that are not SD-WAN members.
C FortiGate can remove some static routes associated with an interface when the member is removed from SD-WAN.
D FortiGate removes the layer 3 settings for interfaces that are removed from the SD-WAN configuration.

Refer to the exhibits.

Question Image

The configuration of an SD-WAN rule and the corresponding rule status and routing table are shown.
You want to understand the expected behavior for traffic that matches the SD-WAN rule, at the time the output was collected.
Based on the exhibits, which behavior can you expect for traffic that matches the SD-WAN rule?

A The traffic will be routed over HUB1-VPN1.
B The traffic will be load balanced across all three overlays.
C The traffic will be routed over HUB1-VPN2.
D The traffic will be routed over HUB1-VPN3.

Refer to the exhibits.

Question Image

The SD-WAN overlay template, advanced settings, and the underlay and network advertisement settings are shown.
These are the configurations for the secondary hub of a dual-hub SD-WAN topology created with the FortiManager SD-WAN overlay orchestrator.
Which two conclusions can you draw from the information shown in the exhibits? (Choose two.)

A FortiManager will create an overlay tunnel on the port2 interface.
B FortiManager will define port5 as a BGP neighbor.
C FortiManager will create an overlay tunnel on the port1 interface.
D FortiManager will define port2 as a BGP neighbor.

You manage an SD-WAN topology and you will soon deploy 50 new branches.
Which two tasks can you do in advance to simplify this deployment? (Choose two.)

A Define metadata variable values for each device.
B Create model devices.
C Create a zero-touch provisioning (ZTP) template.
D Create a policy blueprint.

Refer to the exhibit.

Question Image

The event log on a FortiGate device is shown.
Based on the output shown in the exhibit, what can you conclude about the tunnels on this device?

A The master tunnel HUB2-VPN3 cannot accept auto-discovery VPN (ADVPN) shortcuts.
B The voice traffic is steered through the VPN tunnel HUB1-VPN3.
C There is one shortcut tunnel built from the master tunnel VPN4.
D The VPN tunnel HUB1-VPN1_0 is a shortcut tunnel.

Refer to the exhibits.

Question Image

You use FortiManager to configure SD-WAN on three branch devices.
When you install the device settings, FortiManager prompts you with the error “Copy Failed” for the device branch1_fgt. When you click Log, FortiManager displays the message shown in the exhibit.
Based on the exhibits, which statement best describes the root cause of the issue?

A You cannot combine metadata variables and installation targets.
B The metadata variable definitions are incomplete or incorrect.
C The connection between branch1_fgt and FortiManager failed.
D Gateways for all members in a zone must be of the same type.

Refer to the exhibits.

Question Image

Two IPsec templates to define Branch_IPsec_1 and Branch_IPsec_2 are shown.
Each template defines a VPN tunnel. When the administrator tried to assign the second template to the FortiGate device, the FortiManager displayed the below error message:

Question Image

Which statement best describes the cause of the issue?

A You can assign only one IPsec template to each FortiGate device.
B You should use the same outgoing interface of both templates.
C You can assign only one template with a tunnel type of static to each FortiGate device.
D You should review the branch1_fgt configuration for configured tunnels in the root VDOM.

Join Us Among the Stars

NSE6-SDW-AD-7-6Preview

About the NSE6-SDW-AD-7-6 Exam

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

That's the end of the Preview

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Join Us Among the Stars

NSE6-SDW-AD-7-6Preview

About the NSE6-SDW-AD-7-6 Exam

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

That's the end of the Preview

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14