Fortinet NSE7-SDW-6-4 Exam Questions
Questions for the NSE7-SDW-6-4 were updated on : Jul 20 ,2024
Page 1 out of 3. Viewing questions 1-15 out of 36
Question 1
Which components make up the secure SD-WAN solution?
- A. Application, antivirus, and URL, and SSL inspection
- B. Datacenter, branch offices, and public cloud
- C. FortiGate, FortiManager, FortiAnalyzer, and FortiDeploy
- D. Telephone, ISDN, and telecom network.
Answer:
C
Question 2
Refer to the exhibit.
Based on the output shown in the exhibit, which two criteria on the SD-WAN member configuration
can be used to select an outgoing interface in an SD-WAN rule? (Choose two.)
- A. Set priority 10.
- B. Set cost 15.
- C. Set load-balance-mode source-ip-ip-based.
- D. Set source 100.64.1.1.
Answer:
D
Question 3
What are two reasons why FortiGate would be unable to complete the zero-touch provisioning
process? (Choose two.)
- A. The FortiGate cloud key has not been added to the FortiGate cloud portal.
- B. FortiDeploy has connected with FortiGate and provided the initial configuration to contact FortiManager
- C. The zero-touch provisioning process has completed internally, behind FortiGate.
- D. FortiGate has obtained a configuration from the platform template in FortiGate cloud.
- E. A factory reset performed on FortiGate.
Answer:
AC
Question 4
Which two statements describe how IPsec phase 1 main mode is different from aggressive mode
when performing IKE negotiation? (Choose two )
- A. A peer ID is included in the first packet from the initiator, along with suggested security policies.
- B. XAuth is enabled as an additional level of authentication, which requires a username and password.
- C. A total of six packets are exchanged between an initiator and a responder instead of three packets.
- D. The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.
Answer:
BC
Question 5
Refer to the exhibit.
Based on the exhibit, which statement about FortiGate re-evaluating traffic is true?
- A. The type of traffic defined and allowed on firewall policy ID 1 is UDP.
- B. FortiGate has terminated the session after a change on policy ID 1.
- C. Changes have been made on firewall policy ID 1 on FortiGate.
- D. Firewall policy ID 1 has source NAT disabled.
Answer:
C
Question 6
What are two benefits of using FortiManager to organize and manage the network for a group of
FortiGate devices? (Choose two )
- A. It simplifies the deployment and administration of SD-WAN on managed FortiGate devices.
- B. It improves SD-WAN performance on the managed FortiGate devices.
- C. It sends probe signals as health checks to the beacon servers on behalf of FortiGate.
- D. It acts as a policy compliance entity to review all managed FortiGate devices.
- E. It reduces WAN usage on FortiGate devices by acting as a local FortiGuard server.
Answer:
BD
Question 7
In the default SD-WAN minimum configuration, which two statements are correct when traffic
matches the default implicit SD-WAN rule? (Choose two )
- A. Traffic has matched none of the FortiGate policy routes.
- B. Matched traffic failed RPF and was caught by the rule.
- C. The FIB lookup resolved interface was the SD-WAN interface.
- D. An absolute SD-WAN rule was defined and matched traffic.
Answer:
AC
Question 8
Refer to the exhibit.
FortiGate has multiple dial-up VPN interfaces incoming on port1 that match only FIRST_VPN.
Which two configuration changes must be made to both IPsec VPN interfaces to allow incoming
connections to match all possible IPsec dial-up interfaces? (Choose two.)
- A. Specify a unique peer ID for each dial-up VPN interface.
- B. Use different proposals are used between the interfaces.
- C. Configure the IKE mode to be aggressive mode.
- D. Use unique Diffie Hellman groups on each VPN interface.
Answer:
BD
Question 9
What are two roles that SD-WAN orchestrator plays when it works with FortiManager? (Choose two )
- A. It configures and monitors SD-WAN networks on FortiGate devices that are managed by FortiManager.
- B. It acts as a standalone device to assist FortiManager to manage SD-WAN interfaces on the managed FortiGate devices.
- C. It acts as a hub FortiGate with an SD-WAN interface enabled and managed along with other FortiGate devices by FortiManager.
- D. It acts as an application that is released and signed by Fortinet to run as a part of management extensions on FortiManager.
Answer:
BD
Question 10
Refer to the exhibit.
Which two statements about the status of the VPN tunnel are true? <Choose two )
- A. There are separate virtual interfaces for each dial-up client.
- B. VPN static routes are prevented from populating the FortiGate routing table.
- C. FortiGate created a single IPsec virtual interface that is shared by all clients.
- D. 100.64.3.1 is one of the remote IP address that comes through index interface 1.
Answer:
CD
Question 11
Refer to exhibits.
Exhibit A shows the SD-WAN rules and exhibit B shows the traffic logs. The SD-WAN traffic logs
reflect how FortiGate processed traffic.
Which two statements about how the configured SD-WAN rules are processing traffic are true?
(Choose two.)
- A. The implicit rule overrides all other rules because parameters widely cover sources and destinations.
- B. SD-WAN rules are evaluated in the same way as firewall policies: from top to bottom.
- C. The All_Access_Rules rule load balances Vimeo application traffic among SD-WAN member interfaces.
- D. The initial session of an application goes through a learning phase in order to apply the correct rule.
Answer:
AB
Question 12
Refer to the exhibit.
What must you configure to enable ADVPN?
- A. On the hub VPN, only the device needs additional phase one sett
- B. ADVPN should only be enabled on unmanaged FortiGate devices.
- C. Each VPN device has a unique pre-shared key configured separately on phase one
- D. The protected subnets should be set to address object to all (0.0 .0. o/o).
Answer:
C
Question 13
An administrator is troubleshooting VoIP quality issues that occur when calling external phone
numbers The SD-WAN interface on the edge FortiGate is configured with the default settings, and is
using two upstream links One link has random jitter and latency issues and is based on a wireless
connection
Which two actions must the administrator apply simultaneously on the edge FortiGate to improve
VoIP quality using SD_WAN rules?
- A. Select the corresponding SD-WAN balancing strategy in the SD-WAN rule.
- B. Choose the suitable interface based on the interface cost and weight.
- C. Use the performance SLA targets to detect latency and jitter instantly.
- D. Place the troublesome link at the top of the interface preference list.
- E. Configure an SD-WAN rule to load balance all traffic without VoIP.
Answer:
AC
Question 14
Refer to the exhibit.
Which statement about the command route-tag in the SD-WAN rule is true?
- A. It enables the SD-WAN rule to load balance and assign traffic with a route tag
- B. It tags each route and references the tag in the routing table.
- C. It uses route tags for a BGP community and assigns the SD-WAN rules with same tag.
- D. It ensures route tags match the SD-WAN rule based on the rule order
Answer:
D
Question 15
Refer to exhibits.
Exhibit A.
Exhibit B.
Exhibit A, which shows the SD-WAN performance SLA and exhibit B shows the health of the
participating SD-WAN members.
Based on the exhibits, which statement is correct?
- A. The dead member interface stays unavailable until an administrator manually brings the interface back.
- B. The SLA state of port2 has exceeded three consecutive unanswered requests from the SLA server.
- C. Port2 needs to wait 500 milliseconds to change the status from alive to dead.
- D. Check interval is the time to wait before a packet sent by a member interface considered as lost.
Answer:
B