NSE7_SDW-7.0 Online Practice Questions and Answers
What are two reasons for using FortiManager to organize and manage the network for a group of FortiGate devices? (Choose two )
A. It simplifies the deployment and administration of SD-WAN on managed FortiGate devices.
B. It improves SD-WAN performance on the managed FortiGate devices.
C. It sends probe signals as health checks to the beacon servers on behalf of FortiGate.
D. It acts as a policy compliance entity to review all managed FortiGate devices.
E. It reduces WAN usage on FortiGate devices by acting as a local FortiGuard server.
Refer to the exhibit.
Which configuration change is required if the responder FortiGate uses a dynamic routing protocol to exchange routes over IPsec?
A. type must be set to static.
B. mode-cfg must be enabled.
C. exchange-interface-ip must be enabled.
D. add-route must be disabled.
Refer to the exhibit.
Which statement about the command route-tag in the SD-WAN rule is true?
A. It enables the SD-WAN rule to load balance and assign traffic with a route tag
B. It tags each route and references the tag in the routing table.
C. It uses route tags for a BGP community and assigns the SD-WAN rules with same tag.
D. It ensures route tags match the SD-WAN rule based on the rule order
Which three performance SLA protocols are available on the FortiGate CLI only? (Choose three.)
A. tcp-echo
B. icmp
C. twamp
D. udp-echo
E. smtp
Refer to exhibits
Exhibit A shows the system interface with the static routes and exhibit B shows the firewall policies on the managed FortiGate
Based on the FortiGate configuration shown in the exhibits, what are two issues you might encounter when creating an SD-WAN interface on port1 and port2? {Choose two )
A. Member interfaces that are administratively down
B. Member interface that have IP address of 0.0.0.0/0.0.0.0
C. Member interfaces that are physical interfaces as well as VLAN aggregate, and iPsec interfaces
D. Member interfaces that are referenced by any other configuration element
Refer to the exhibit.
Based on the exhibit, which statement about FortiGate re-evaluating traffic is true?
A. The type of traffic defined and allowed on firewall policy ID 1 is UDP.
B. FortiGate has terminated the session after a change on policy ID 1.
C. Changes have been made on firewall policy ID 1 on FortiGate.
D. Firewall policy ID 1 has source NAT disabled.
Which diagnostic command can you use to show the SD-WAN rules interface information and state?
A. diagnose sys virtual-wan-link neighbor.
B. diagnose sys virtual--wan--link route-tag-list
C. diagnose sys virtual--wan--link member.
D. diagnose sys virtual-wan-link service
Refer to the exhibit.
Based on the exhibit, which status description is correct?
A. Port1 is dead because it does not meet the SLA target.
B. Port2 is alive because its packet loss is lower than 10%.
C. The SD-WAN members are monitored by different performance SLAs.
D. Traffic matching the SD-WAN rule is steered through port2.
Refer to the exhibit.
Which two statements about the IPsec VPN configuration and the status of the IPsec VPN tunnel are true? (Choose two.)
A. FortiGate creates separate virtual interfaces for each dial-up client.
B. FortiGate creates a single IPsec virtual interface that is shared by all clients.
C. FortiGate maps the remote gateway 100.64.3.1 to tunnel index interface 1.
D. FortiGate does not install IPsec static routes for remote protected networks in the routing table.
Which two benefits from using forward error correction (FEC) in IPsec VPNs are true? (Choose two.)
A. FEC transmits the original payload in full to recover the error in transmission.
B. FEC reduces the stress on the remote device buffer to reconstruct packet loss.
C. FEC transmits additional packets as redundant data to the remote device.
D. FEC improves reliability, which overcomes adverse WAN conditions such as noisy links.