Fortinet NSE7-SDW-7-0 Exam Questions

Questions for the NSE7-SDW-7-0 were updated on : Jun 17 ,2024

Page 1 out of 4. Viewing questions 1-10 out of 39

Question 1

In a hub-and-spoke topology, what are two advantages of enabling ADVPN on the IPsec overlays? (Choose two.)

  • A. It provides the benefits of a full-mesh topology in a hub-and-spoke network.
  • B. It provides direct connectivity between spokes by creating shortcuts.
  • C. It enables spokes to bypass the hub during shortcut negotiation.
  • D. It enables spokes to establish shortcuts to third-party gateways.
Answer:

ab

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

Refer to the exhibits.

Exhibit A

Exhibit B
Exhibit A shows an SD-WAN event log and exhibit B shows the member status and the SD-WAN rule configuration.
Based on the exhibits, which two statements are correct? (Choose two.)

  • A. FortiGate updated the outgoing interface list on the rule so it prefers port2.
  • B. Port2 has the highest member priority.
  • C. Port2 has a lower latency than port1.
  • D. SD-WAN rule ID 1 is set to lowest cost (SLA) mode.
Answer:

ac

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

Refer to the exhibit.

An administrator is troubleshooting SD-WAN on FortiGate. A device behind branch1_fgt generates traffic to the 10.0.0.0/8 network. The administrator expects the traffic to match SD-WAN rule ID 1 and be routed over T_INET_0_0. However, the traffic is routed over T_INET_1_0.
Based on the output shown in the exhibit, which two reasons can cause the observed behavior? (Choose two.)

  • A. The traffic matches a regular policy route configured with T_INET_1_0 as the outgoing device.
  • B. T_INET_1_0 has a lower route priority value (higher priority) than T_INET_0_0.
  • C. T_INET_0_0 does not have a valid route to the destination.
  • D. T_INET_1_0 has a higher member configuration priority than T_INET_0_0.
Answer:

ab

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

Which are three key routing principles in SD-WAN? (Choose three.)

  • A. FortiGate performs route lookups for new sessions only.
  • B. Regular policy routes have precedence over SD-WAN rules.
  • C. SD-WAN rules have precedence over ISDB routes.
  • D. By default, SD-WAN members are skipped if they do not have a valid route to the destination.
  • E. By default, SD-WAN rules are skipped if the best route to the destination is not an SD-WAN member.
Answer:

abd

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 5

Refer to the exhibits.

Exhibit A

Exhibit B
Exhibit A shows a site-to-site topology between two FortiGate devices: branch1_fgt and dc1_fgt. Exhibit B shows the system global and system settings configuration on dc1_fgt.
When branch1_client establishes a connection to dc1_host, the administrator observes that, on dc1_fgt, the reply traffic is routed over T_INET_0_0, even though T_INET_1_0 is the preferred member in the matching SD-WAN rule.
Based on the information shown in the exhibits, what configuration change must be made on dc1_fgt so dc1_fgt routes the reply traffic over T_INET_1_0?

  • A. Enable auxiliary-session under config system settings.
  • B. Disable tp-session-without-syn under config system settings.
  • C. Enable snat-route-change under config system global.
  • D. Disable allow-subnet-overlap under config system settings.
Answer:

b

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

What are two benefits of using the Internet service database (ISDB) in an SD-WAN rule? (Choose two.)

  • A. The ISDB is dynamically updated and reduces administrative overhead.
  • B. The ISDB requires application control to maintain signatures and perform load balancing.
  • C. The ISDB applies rules to traffic from specific sources, based on application type.
  • D. The ISDB contains the IP addresses and port ranges of well-known internet services.
Answer:

ad

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

Which two protocols in the IPsec suite are most used for authentication and encryption? (Choose two.)

  • A. Encapsulating Security Payload (ESP)
  • B. Secure Shell (SSH)
  • C. Internet Key Exchange (IKE)
  • D. Security Association (SA)
Answer:

ac

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Which two performance SLA protocols enable you to verify that the server response contains a specific value? (Choose two.)

  • A. http
  • B. icmp
  • C. twamp
  • D. dns
Answer:

ad

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Refer to the exhibits.

Exhibit A

Exhibit B
Exhibit A shows the SD-WAN performance SLA configuration, the SD-WAN rule configuration, and the application IDs of Facebook and YouTube. Exhibit B shows the firewall policy configuration and the underlay zone status.
Based on the exhibits, which two statements are correct about the health and performance of port1 and port2? (Choose two.)

  • A. The performance is an average of the metrics measured for Facebook and YouTube traffic passing through the member.
  • B. FortiGate is unable to measure jitter and packet loss on Facebook and YouTube traffic.
  • C. FortiGate identifies the member as dead when there is no Facebook and YouTube traffic passing through the member.
  • D. Non-TCP Facebook and YouTube traffic are not used for performance measurement.
Answer:

ad

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Which two statements about SD-WAN central management are true? (Choose two.)

  • A. The objects are saved in the ADOM common object database.
  • B. It does not support meta fields.
  • C. It uses templates to configure SD-WAN on managed devices.
  • D. It supports normalized interfaces for SD-WAN member configuration.
Answer:

cd

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2