NSE7_SDW-6.4 Online Practice Questions and Answers
Which three parameters are available to configure SD-WAN rules? (Choose three.)
A. Application signatures
B. Type of physical link connection
C. URL categories
D. Source and destination IP address
E. Internet service database (ISDB) address object
Refer to the exhibit.
Which two statements about the status of the VPN tunnel are true? A. There are separate virtual interfaces for each dial-up client. B. VPN static routes are prevented from populating the FortiGate routing table. C. FortiGate created a single IPsec virtual interface that is shared by all clients. D. 100.64.3.1 is one of the remote IP address that comes through index interface 1.
Which diagnostic command can you use to show the SD-WAN rules interface information and state?
A. diagnose sys sdwan route-tag-list.
B. diagnose sys sdwan service.
C. diagnose sys sdwan member.
D. diagnose sys sdwan neighbor.
What would best describe the SD-WAN traffic shaping mode that bases itself on a percentage of available bandwidth?
A. Per-IP shaping mode
B. Reverse policy shaping mode
C. Interface-based shaping mode
D. Shared policy shaping mode
Refer to the exhibit.
Which two conclusions for traffic that matches the traffic shaper are true? (Choose two.)
A. The traffic shaper drops packets if the bandwidth exceeds 6250 KBps.
B. The traffic shaper limits the bandwidth of each source IP to a maximum of 6250 KBps.
C. The traffic shaper drops packets if the bandwidth is less than 2500 KBps.
D. The measured bandwidth is less than 100 KBps.
What is the lnkmtd process responsible for?
A. Monitoring links for any bandwidth saturation
B. Processing performance SLA probes
C. Flushing route tags addresses
D. Logging interface quality information
Which two statements describe how IPsec phase 1 aggressive mode is different from main mode when performing IKE negotiation? (Choose two)
A. A peer ID is included in the first packet from the initiator, along with suggested security policies.
B. XAuth is enabled as an additional level of authentication, which requires a username and password.
C. A total of six packets are exchanged between an initiator and a responder instead of three packets.
D. The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.
Refer to exhibits.
Exhibit A shows the firewall policy and exhibit B shows the traffic shaping policy.
The traffic shaping policy is being applied to all outbound traffic; however, inbound traffic is not being evaluated by the shaping policy.
Based on the exhibits, what configuration change must be made in which policy so that traffic shaping can be applied to inbound traffic?
A. Create a new firewall policy, and the select the SD-WAN zone as Incoming Interface.
B. In the traffic shaping policy, select Assign Shaping Class ID as Action.
C. In the firewall policy, select Proxy-based as Inspection Mode.
D. In the traffic shaping policy, enable Reverse shaper, and then select the traffic shaper to use.
Refer to the exhibit.
Which conclusion about the packet debug flow output is correct?
A. The original traffic exceeded the maximum bandwidth of the outgoing interface, and the packet was dropped.
B. The reply traffic exceeded the maximum bandwidth configured in the traffic shaper, and the packet was dropped.
C. The original traffic exceeded the maximum packets per second of the outgoing interface, and the packet was dropped.
D. The original traffic exceeded the maximum bandwidth configured in the traffic shaper, and the packet was dropped.
Which two statements describe how IPsec phase 1 main mode is different from aggressive mode when performing IKE negotiation? (Choose two )
A. A peer ID is included in the first packet from the initiator, along with suggested security policies.
B. XAuth is enabled as an additional level of authentication, which requires a username and password.
C. A total of six packets are exchanged between an initiator and a responder instead of three packets.
D. The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.