Questions for the NSE7-SDW-6-4 were updated on : Nov 06 ,2024
Page 1 out of 3. Viewing questions 1-15 out of 36
Question 1
Which components make up the secure SD-WAN solution?
A. Application, antivirus, and URL, and SSL inspection
B. Datacenter, branch offices, and public cloud
C. FortiGate, FortiManager, FortiAnalyzer, and FortiDeploy
D. Telephone, ISDN, and telecom network.
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 2
Refer to the exhibit.
Based on the output shown in the exhibit, which two criteria on the SD-WAN member configuration can be used to select an outgoing interface in an SD-WAN rule? (Choose two.)
A. Set priority 10.
B. Set cost 15.
C. Set load-balance-mode source-ip-ip-based.
D. Set source 100.64.1.1.
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 3
What are two reasons why FortiGate would be unable to complete the zero-touch provisioning process? (Choose two.)
A. The FortiGate cloud key has not been added to the FortiGate cloud portal.
B. FortiDeploy has connected with FortiGate and provided the initial configuration to contact FortiManager
C. The zero-touch provisioning process has completed internally, behind FortiGate.
D. FortiGate has obtained a configuration from the platform template in FortiGate cloud.
E. A factory reset performed on FortiGate.
Answer:
AC
User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
0/ 1000
Question 4
Which two statements describe how IPsec phase 1 main mode is different from aggressive mode when performing IKE negotiation? (Choose two )
A. A peer ID is included in the first packet from the initiator, along with suggested security policies.
B. XAuth is enabled as an additional level of authentication, which requires a username and password.
C. A total of six packets are exchanged between an initiator and a responder instead of three packets.
D. The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.
Answer:
BC
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 5
Refer to the exhibit.
Based on the exhibit, which statement about FortiGate re-evaluating traffic is true?
A. The type of traffic defined and allowed on firewall policy ID 1 is UDP.
B. FortiGate has terminated the session after a change on policy ID 1.
C. Changes have been made on firewall policy ID 1 on FortiGate.
D. Firewall policy ID 1 has source NAT disabled.
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 6
What are two benefits of using FortiManager to organize and manage the network for a group of FortiGate devices? (Choose two )
A. It simplifies the deployment and administration of SD-WAN on managed FortiGate devices.
B. It improves SD-WAN performance on the managed FortiGate devices.
C. It sends probe signals as health checks to the beacon servers on behalf of FortiGate.
D. It acts as a policy compliance entity to review all managed FortiGate devices.
E. It reduces WAN usage on FortiGate devices by acting as a local FortiGuard server.
Answer:
BD
User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
0/ 1000
Question 7
In the default SD-WAN minimum configuration, which two statements are correct when traffic matches the default implicit SD-WAN rule? (Choose two )
A. Traffic has matched none of the FortiGate policy routes.
B. Matched traffic failed RPF and was caught by the rule.
C. The FIB lookup resolved interface was the SD-WAN interface.
D. An absolute SD-WAN rule was defined and matched traffic.
Answer:
AC
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 8
Refer to the exhibit.
FortiGate has multiple dial-up VPN interfaces incoming on port1 that match only FIRST_VPN. Which two configuration changes must be made to both IPsec VPN interfaces to allow incoming connections to match all possible IPsec dial-up interfaces? (Choose two.)
A. Specify a unique peer ID for each dial-up VPN interface.
B. Use different proposals are used between the interfaces.
C. Configure the IKE mode to be aggressive mode.
D. Use unique Diffie Hellman groups on each VPN interface.
Answer:
BD
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 9
What are two roles that SD-WAN orchestrator plays when it works with FortiManager? (Choose two )
A. It configures and monitors SD-WAN networks on FortiGate devices that are managed by FortiManager.
B. It acts as a standalone device to assist FortiManager to manage SD-WAN interfaces on the managed FortiGate devices.
C. It acts as a hub FortiGate with an SD-WAN interface enabled and managed along with other FortiGate devices by FortiManager.
D. It acts as an application that is released and signed by Fortinet to run as a part of management extensions on FortiManager.
Answer:
BD
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 10
Refer to the exhibit.
Which two statements about the status of the VPN tunnel are true? <Choose two )
A. There are separate virtual interfaces for each dial-up client.
B. VPN static routes are prevented from populating the FortiGate routing table.
C. FortiGate created a single IPsec virtual interface that is shared by all clients.
D. 100.64.3.1 is one of the remote IP address that comes through index interface 1.
Answer:
CD
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 11
Refer to exhibits.
Exhibit A shows the SD-WAN rules and exhibit B shows the traffic logs. The SD-WAN traffic logs reflect how FortiGate processed traffic. Which two statements about how the configured SD-WAN rules are processing traffic are true? (Choose two.)
A. The implicit rule overrides all other rules because parameters widely cover sources and destinations.
B. SD-WAN rules are evaluated in the same way as firewall policies: from top to bottom.
C. The All_Access_Rules rule load balances Vimeo application traffic among SD-WAN member interfaces.
D. The initial session of an application goes through a learning phase in order to apply the correct rule.
Answer:
AB
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 12
Refer to the exhibit.
What must you configure to enable ADVPN?
A. On the hub VPN, only the device needs additional phase one sett
B. ADVPN should only be enabled on unmanaged FortiGate devices.
C. Each VPN device has a unique pre-shared key configured separately on phase one
D. The protected subnets should be set to address object to all (0.0 .0. o/o).
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 13
An administrator is troubleshooting VoIP quality issues that occur when calling external phone numbers The SD-WAN interface on the edge FortiGate is configured with the default settings, and is using two upstream links One link has random jitter and latency issues and is based on a wireless connection Which two actions must the administrator apply simultaneously on the edge FortiGate to improve VoIP quality using SD_WAN rules?
A. Select the corresponding SD-WAN balancing strategy in the SD-WAN rule.
B. Choose the suitable interface based on the interface cost and weight.
C. Use the performance SLA targets to detect latency and jitter instantly.
D. Place the troublesome link at the top of the interface preference list.
E. Configure an SD-WAN rule to load balance all traffic without VoIP.
Answer:
AC
User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
0/ 1000
Question 14
Refer to the exhibit.
Which statement about the command route-tag in the SD-WAN rule is true?
A. It enables the SD-WAN rule to load balance and assign traffic with a route tag
B. It tags each route and references the tag in the routing table.
C. It uses route tags for a BGP community and assigns the SD-WAN rules with same tag.
D. It ensures route tags match the SD-WAN rule based on the rule order
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 15
Refer to exhibits. Exhibit A.
Exhibit B.
Exhibit A, which shows the SD-WAN performance SLA and exhibit B shows the health of the participating SD-WAN members. Based on the exhibits, which statement is correct?
A. The dead member interface stays unavailable until an administrator manually brings the interface back.
B. The SLA state of port2 has exceeded three consecutive unanswered requests from the SLA server.
C. Port2 needs to wait 500 milliseconds to change the status from alive to dead.
D. Check interval is the time to wait before a packet sent by a member interface considered as lost.