Fortinet NSE7_SDW-7.2 Fortinet NSE 7 - SD-WAN 7.2 Exam Practice Test

FortiGate bounces port5 after it detects all SD-WAN members as dead.

FortiGate fails over to the secondary device after it detects all SD-WAN members as dead.

FortiGate brings up port5 after it detects all SD-WAN members as alive.

FortiGate brings down port5 after it detects all SD-WAN members as dead.

The traffic will be load balanced across all three overlays.

The traffic will be routed over T_INET_0_0.

The traffic will be routed over T_MPLS_0.

The traffic will be routed over T_INET_1_0.

The traffic always skips the regular policy routes.

You steer traffic based on the detected application.

You do not need to enable SSL inspection.

You do not need to configure firewall policies that accept the SD-WAN traffic.

You can assign only one template with a tunnel of fype static to each FortiGate device

You can define only one IPsec tunnel from branch devices to HUB1.

You can assign only one IPsec template to each FortiGate device.

You should review the branch1_fgt configuration for the already configured tunnel with the name HUB1-VPN2.

Encapsulating Security Payload (ESP)

Secure Shell (SSH)

Internet Key Exchange (IKE)

Security Association (SA)

port1 is assigned a manual IP address.

port1 is referenced in a firewall policy.

port2 is referenced in a static route.

port1 and port2 are not administratively down.

FEC supports hardware offloading.

FEC improves reliability of noisy links.

FEC transmits parity packets that can be used to reconstruct packet loss.

FEC can leverage multiple IPsec tunnels for parity packets transmission.

There are no IPsec tunnel statistics log messages for ADVPN cuts.

There is one shortcut tunnel built from master tunnel T_MPLS_0.

The VPN tunnel T_MPLS_0 is a shortcut tunnel.

The master tunnel T_INET_0 cannot accept the ADVPN shortcut. 

There is more than one SD-WAN rule configured.

The SD-WAN rules take precedence over regular policy routes.

The all_rules rule represents the implicit SD-WAN rule.

Entry 1(id=1) is a regular policy route.

You must use BGP to route traffic for both overlay and underlay links.

You must configure AS path prepending.

You must configure BGP communities.

IBGP is preferred over EBGP, because IBGP preserves next hop information.

FortiGate does not install IPsec static routes for remote protected networks in the routing table. Most Voted

The phase 1 configuration supports the network-overlay setting. Most Voted

FortiGate facilitated the negotiation of the T_INET_1_0_0 ADVPN shortcut over T_INET_1_0.

Dead peer detection is disabled.

FortiGate does not consider the source address of the packet when matching an SD-WAN rule for local-out traffic.

By default, local-out traffic does not use SD-WAN.

By default, FortiGate does not check if the selected member has a valid route to the destination.

You must configure each local-out feature individually, to use SD-WAN.

Create policy packages for branch devices.

Assign an sdwan_id metadata variable to each device (branch and hub}.

Configure routing through overlay tunnels created by the SD-WAN overlay template.

Assign a branch_id metadata variable to each branch device.

Configure SD-WAN rules.

It instructs the hub to disable the reordering of TCP packets on behalf of the receiver, to improve performance.

It instructs the hub to disable TCP sequence number check, which is required for TCP sessions originated from spokes to fail over back and forth between the hubs.

It instructs the hub to not check the ESP sequence numbers on IPsec traffic, to improve performance.

It instructs the hub to skip content inspection on TCP traffic, to improve performance.

This is a spoke that has received a query from a remote hub and has forwarded the response to its hub.

Two hubs, 10.0.1.101 and 10.0.2.101, are receiving and forwarding queries between each other.

This is a hub that has received a query from a spoke and has forwarded it to another spoke.

Two spokes, 192.2.0.1 and 10.0.2.101, forward their queries to their hubs.

The traffic matches a regular policy route configured with T_INET_1_0 as the outgoing device.

T_INET_1_0 has a lower route priority value (higher priority) than T_INET_0_0.

T_INET_0_0 does not have a valid route to the destination.

T_INET_1_0 has a higher member configuration priority than T_INET_0_0.

London generates an IKE information message that contains the Toronto public IP address.

Traffic from Toronto to London triggers the dynamic negotiation of a direct site-to-site VPN.

Toronto needs to establish a site-to-site tunnel with Hub 2 to bypass Hub 1.

The first packets from Toronto to London are routed through Hub 1 then to Hub 2.

Specify a unique peer ID for each dial-up VPN interface.

Use different proposals are used between the interfaces.

Configure the IKE mode to be aggressive mode.

Use unique Diffie Hellman groups on each VPN interface.

FortiGate did not refresh the routing information on the session after the application was detected.

Port1 and port2 do not have a valid route to the destination.

Full SSL inspection is not enabled on the matching firewall policy.

The session 3-tuple did not match any of the existing entries in the ISDB application cache.

To indicate the routes for health check probes.

To indicate the destination of a rule based on learned BGP prefixes.

To indicate the routes that can be used for routing SD-WAN traffic.

To indicate the members that can be used to route SD-WAN traffic.

The gateway address of their IPsec interfaces

The tunnel ID of their IPsec interfaces

The IP address of their IPsec interfaces

The name of their IPsec interfaces

FortiGate flushes all sessions.

FortiGate terminates the old sessions.

FortiGate does not change existing sessions.

FortiGate evaluates new sessions.

FortiGate flags the sessions as dirty.

FortiGate continues routing the sessions with no SNAT, over port2.

FortiGate performs a route lookup for the original traffic only.

FortiGate updates the gateway information of the sessions with SNAT so that they use port1 instead of port2.

Enable auxiliary-session under config system settings.

Disable tсp-session-without-syn under config system settings.

Enable snat-route-change under config system global.

Disable allow-subnet-overlap under config system settings.