Fortinet NSE 7 - SD-WAN 6.4 v1.0

Page:    1 / 6   
Exam contains 85 questions
Expand All

Which statement about using BGP routes in SD-WAN is true?

  • A. Adding static routes must be enabled on all ADVPN interfaces.
  • B. VPN topologies must be form using only BGP dynamic routing with SD-WAN.
  • C. Learned routes can be used as dynamic destinations in SD-WAN rules.
  • D. Dynamic routing protocols can be used only with non-encrypted traffic.


Answer : C

Reference:
https://www.fortinetguru.com/2019/09/using-bgp-tags-with-sd-wan-rules-fortios-6-2/#:~:text=SD%2DWAN%20rules%20can%20use,to%20the%20customer's%
20data%20center
.

An administrator is troubleshooting VoIP quality issues that occur when calling external phone numbers. The SD-WAN interface on the edge FortiGate is configured with the default settings, and is using two upstream links. One link has random jitter and latency issues, and is based on a wireless connection.
Which two actions must the administrator apply simultaneously on the edge FortiGate to improve VoIP quality using SD-WAN rules? (Choose two.)

  • A. Select the corresponding SD-WAN balancing strategy in the SD-WAN rule.
  • B. Choose the suitable interface based on the interface cost and weight.
  • C. Use the performance SLA targets to detect latency and jitter instantly.
  • D. Place the troublesome link at the top of the interface preference list.
  • E. Configure an SD-WAN rule to load balance all traffic without VoIP.


Answer : AC

Refer to exhibits.



Exhibit A shows the SD-WAN performance SLA and exhibit B shows the SD-WAN interface and the static routes configuration.
Port1 and port2 are member interfaces of the SD-WAN, and port2 becomes a dead member after reaching the failure thresholds.
Which statement about the dead member is correct?

  • A. Port2 might become alive when a single response is received from an SLA server.
  • B. Dead members require manual administrator access to bring them back alive.
  • C. Subnets 100.64.1.0/24 and 172.20.0.0/16 are reachable only through port1.
  • D. SD-WAN interface becomes disabled and port1 becomes the WAN interface.


Answer : C

What are two roles that SD-WAN orchestrator plays when it works with FortiManager? (Choose two.)

  • A. It configures and monitors SD-WAN networks on FortiGate devices that are managed by FortiManager.
  • B. It acts as a standalone device to assist FortiManager to manage SD-WAN interfaces on the managed FortiGate devices.
  • C. It acts as a hub FortiGate with an SD-WAN interface enabled and managed along with other FortiGate devices by FortiManager.
  • D. It acts as an application that is released and signed by Fortinet to run as a part of management extensions on FortiManager.


Answer : BD

Refer to the exhibit.


Which statement about the command route-tag in the SD-WAN rule is true?

  • A. It ensures route tags match the SD-WAN rule based on the rule order.
  • B. It tags each route and references the tag in the routing table.
  • C. It enables the SD-WAN rule to load balance and assign traffic with a route tag.
  • D. It uses route tags for a BGP community and assigns the SD-WAN rules with same tag.


Answer : A

Reference:
https://docs.fortinet.com/document/fortigate/6.2.9/cookbook/672387/using-bgp-tags-with-sd-wan-rules

Which two configuration tasks are required to use SD-WAN? (Choose two.)

  • A. Add one or more members to an SD-WAN zone.
  • B. Configure at least one firewall policy for SD-WAN traffic.
  • C. Specify the outgoing interface routing cost.
  • D. Specify the incoming interfaces in SD-WAN rules.


Answer : AB

Refer to the exhibit.


Which statement about the ADVPN device role in handling traffic is true?

  • A. This is a spoke that has received a query from a remote hub and has forwarded the response to its hub.
  • B. Two hubs, 10.1.1.254 and 10.1.2.254, are receiving and forwarding queries between each other.
  • C. Two spokes, 100.64.3.1 and 10.1.2.254, forward their queries to their hubs.
  • D. This is a hub that has received a query from a spoke and has forwarded it to another spoke.


Answer : B

Which two statements describe how IPsec phase 1 main mode id different from aggressive mode when performing IKE negotiation? (Choose two.)

  • A. A peer ID is included in the first packet from the initiator, along with suggested security policies.
  • B. XAuth is enabled as an additional level of authentication, which requires a username and password.
  • C. Three packets are exchanged between an initiator and a responder instead of six packets.
  • D. The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.


Answer : AC

Refer to the exhibit.


Based on the output, which two conclusions are true? (Choose two.)

  • A. The all_rules rule represents the implicit SD-WAN rule.
  • B. There is more than one SD-WAN rule configured.
  • C. Entry 1 (id=1) is a regular policy route.
  • D. The SD-WAN rules takes precedence over regular policy routes.


Answer : AC

Which diagnostic command can you use to show the SD-WAN rules interface information and state?

  • A. diagnose sys sdwan route-tag-list.
  • B. diagnose sys sdwan service.
  • C. diagnose sys sdwan member.
  • D. diagnose sys sdwan neighbor.


Answer : B

Reference:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/818746/sd-wan-related-diagnose-commands

Which two protocols in the IPsec suite are most used for authentication and encryption? (Choose two.)

  • A. Internet Key Exchange (IKE)
  • B. Secure Shell (SSH)
  • C. Security Association (SA)
  • D. Encapsulating Security Payload (ESP)


Answer : AD

What are two reasons for using FortiManager to organize and manage the network for a group of FortiGate devices? (Choose two.)

  • A. To improve SD-WAN performance on the managed FortiGate devices
  • B. To send probe packets as health checks to the beacon servers on behalf of FortiGate
  • C. To simplify the deployment and administration of SD-WAN on managed FortiGate devices
  • D. To reduce WAN usage on FortiGate devices by acting as a local FortiGuard server


Answer : AC

In which two ways does FortiGate learn the FortiManager IP address or FQDN for zero-touch provisioning? (Choose two.)

  • A. From a FortiGuard definitions update
  • B. From the central management configuration configured in FortiDeploy
  • C. From a DHCP server configured with options 240 or 241
  • D. From another FortiGate device in the same local network


Answer : AD

Refer to exhibits.



Exhibit A, which shows the SD-WAN performance SLA and exhibit B shows the health of the participating SD-WAN members.
Based on the exhibits, which statement is correct?

  • A. The dead member interface stays unavailable until an administrator manually brings the interface back.
  • B. Port2 needs to wait 500 milliseconds to change the status from alive to dead.
  • C. Static routes using port2 are active in the routing table.
  • D. FortiGate has not received three consecutive requests from the SLA server configured for port2.


Answer : C

Refer to the exhibit.


Which two conclusions for traffic that matches the traffic shaper are true? (Choose two.)

  • A. The traffic shaper drops packets if the bandwidth exceeds 6250 KBps.
  • B. The traffic shaper limits the bandwidth of each source IP to a maximum of 6250 KBps.
  • C. The traffic shaper drops packets if the bandwidth is less than 2500 KBps.
  • D. The measured bandwidth is less than 100 KBps.


Answer : BD

Page:    1 / 6   
Exam contains 85 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy