Fortinet NSE7-SDW-6-4 Exam Questions

Questions for the NSE7-SDW-6-4 were updated on : Jun 17 ,2024

Page 1 out of 3. Viewing questions 1-15 out of 36

Question 1

Which components make up the secure SD-WAN solution?

  • A. Application, antivirus, and URL, and SSL inspection
  • B. Datacenter, branch offices, and public cloud
  • C. FortiGate, FortiManager, FortiAnalyzer, and FortiDeploy
  • D. Telephone, ISDN, and telecom network.
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

Refer to the exhibit.

Based on the output shown in the exhibit, which two criteria on the SD-WAN member configuration
can be used to select an outgoing interface in an SD-WAN rule? (Choose two.)

  • A. Set priority 10.
  • B. Set cost 15.
  • C. Set load-balance-mode source-ip-ip-based.
  • D. Set source 100.64.1.1.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

What are two reasons why FortiGate would be unable to complete the zero-touch provisioning
process? (Choose two.)

  • A. The FortiGate cloud key has not been added to the FortiGate cloud portal.
  • B. FortiDeploy has connected with FortiGate and provided the initial configuration to contact FortiManager
  • C. The zero-touch provisioning process has completed internally, behind FortiGate.
  • D. FortiGate has obtained a configuration from the platform template in FortiGate cloud.
  • E. A factory reset performed on FortiGate.
Answer:

AC

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 4

Which two statements describe how IPsec phase 1 main mode is different from aggressive mode
when performing IKE negotiation? (Choose two )

  • A. A peer ID is included in the first packet from the initiator, along with suggested security policies.
  • B. XAuth is enabled as an additional level of authentication, which requires a username and password.
  • C. A total of six packets are exchanged between an initiator and a responder instead of three packets.
  • D. The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.
Answer:

BC

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

Refer to the exhibit.

Based on the exhibit, which statement about FortiGate re-evaluating traffic is true?

  • A. The type of traffic defined and allowed on firewall policy ID 1 is UDP.
  • B. FortiGate has terminated the session after a change on policy ID 1.
  • C. Changes have been made on firewall policy ID 1 on FortiGate.
  • D. Firewall policy ID 1 has source NAT disabled.
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

What are two benefits of using FortiManager to organize and manage the network for a group of
FortiGate devices? (Choose two )

  • A. It simplifies the deployment and administration of SD-WAN on managed FortiGate devices.
  • B. It improves SD-WAN performance on the managed FortiGate devices.
  • C. It sends probe signals as health checks to the beacon servers on behalf of FortiGate.
  • D. It acts as a policy compliance entity to review all managed FortiGate devices.
  • E. It reduces WAN usage on FortiGate devices by acting as a local FortiGuard server.
Answer:

BD

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 7

In the default SD-WAN minimum configuration, which two statements are correct when traffic
matches the default implicit SD-WAN rule? (Choose two )

  • A. Traffic has matched none of the FortiGate policy routes.
  • B. Matched traffic failed RPF and was caught by the rule.
  • C. The FIB lookup resolved interface was the SD-WAN interface.
  • D. An absolute SD-WAN rule was defined and matched traffic.
Answer:

AC

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Refer to the exhibit.

FortiGate has multiple dial-up VPN interfaces incoming on port1 that match only FIRST_VPN.
Which two configuration changes must be made to both IPsec VPN interfaces to allow incoming
connections to match all possible IPsec dial-up interfaces? (Choose two.)

  • A. Specify a unique peer ID for each dial-up VPN interface.
  • B. Use different proposals are used between the interfaces.
  • C. Configure the IKE mode to be aggressive mode.
  • D. Use unique Diffie Hellman groups on each VPN interface.
Answer:

BD

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

What are two roles that SD-WAN orchestrator plays when it works with FortiManager? (Choose two )

  • A. It configures and monitors SD-WAN networks on FortiGate devices that are managed by FortiManager.
  • B. It acts as a standalone device to assist FortiManager to manage SD-WAN interfaces on the managed FortiGate devices.
  • C. It acts as a hub FortiGate with an SD-WAN interface enabled and managed along with other FortiGate devices by FortiManager.
  • D. It acts as an application that is released and signed by Fortinet to run as a part of management extensions on FortiManager.
Answer:

BD

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Refer to the exhibit.

Which two statements about the status of the VPN tunnel are true? <Choose two )

  • A. There are separate virtual interfaces for each dial-up client.
  • B. VPN static routes are prevented from populating the FortiGate routing table.
  • C. FortiGate created a single IPsec virtual interface that is shared by all clients.
  • D. 100.64.3.1 is one of the remote IP address that comes through index interface 1.
Answer:

CD

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

Refer to exhibits.


Exhibit A shows the SD-WAN rules and exhibit B shows the traffic logs. The SD-WAN traffic logs
reflect how FortiGate processed traffic.
Which two statements about how the configured SD-WAN rules are processing traffic are true?
(Choose two.)

  • A. The implicit rule overrides all other rules because parameters widely cover sources and destinations.
  • B. SD-WAN rules are evaluated in the same way as firewall policies: from top to bottom.
  • C. The All_Access_Rules rule load balances Vimeo application traffic among SD-WAN member interfaces.
  • D. The initial session of an application goes through a learning phase in order to apply the correct rule.
Answer:

AB

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

Refer to the exhibit.

What must you configure to enable ADVPN?

  • A. On the hub VPN, only the device needs additional phase one sett
  • B. ADVPN should only be enabled on unmanaged FortiGate devices.
  • C. Each VPN device has a unique pre-shared key configured separately on phase one
  • D. The protected subnets should be set to address object to all (0.0 .0. o/o).
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

An administrator is troubleshooting VoIP quality issues that occur when calling external phone
numbers The SD-WAN interface on the edge FortiGate is configured with the default settings, and is
using two upstream links One link has random jitter and latency issues and is based on a wireless
connection
Which two actions must the administrator apply simultaneously on the edge FortiGate to improve
VoIP quality using SD_WAN rules?

  • A. Select the corresponding SD-WAN balancing strategy in the SD-WAN rule.
  • B. Choose the suitable interface based on the interface cost and weight.
  • C. Use the performance SLA targets to detect latency and jitter instantly.
  • D. Place the troublesome link at the top of the interface preference list.
  • E. Configure an SD-WAN rule to load balance all traffic without VoIP.
Answer:

AC

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 14

Refer to the exhibit.

Which statement about the command route-tag in the SD-WAN rule is true?

  • A. It enables the SD-WAN rule to load balance and assign traffic with a route tag
  • B. It tags each route and references the tag in the routing table.
  • C. It uses route tags for a BGP community and assigns the SD-WAN rules with same tag.
  • D. It ensures route tags match the SD-WAN rule based on the rule order
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

Refer to exhibits.
Exhibit A.

Exhibit B.

Exhibit A, which shows the SD-WAN performance SLA and exhibit B shows the health of the
participating SD-WAN members.
Based on the exhibits, which statement is correct?

  • A. The dead member interface stays unavailable until an administrator manually brings the interface back.
  • B. The SLA state of port2 has exceeded three consecutive unanswered requests from the SLA server.
  • C. Port2 needs to wait 500 milliseconds to change the status from alive to dead.
  • D. Check interval is the time to wait before a packet sent by a member interface considered as lost.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2