NSE7_SDW-7.0 Dumps NSE7_SDW-7.0 Braindumps NSE7_SDW-7.0 Real Questions NSE7_SDW-7.0 Practice Test NSE7_SDW-7.0 Actual Questions Fortinet NSE7_SDW-7.0 Fortinet NSE 7 - SD-WAN 7.0 https://killexams.com/pass4sure/exam-detail/NSE7_SDW-7.0 Question: 151 Refer to the exhibits. Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2. The administrator configured ADVPN on both hub-and-spoke groups. Which two outcomes are expected if a user in Toronto sends traffic to London? (Choose two.) A. London generates an IKE information message that contains the Toronto public IP address. B. Traffic from Toronto to London triggers the dynamic negotiation of a direct site-to-site VP C. Toronto needs to establish a site-to-site tunnel with Hub 2 to bypass Hub 1. D. The first packets from Toronto to London are routed through Hub 1 then to Hub 2. Answer: A,B,C Question: 152 Which two performance SLA protocols enable you to verify that the server response contains a specific value? (Choose two.) A. http B. icmp C. twamp D. dns Answer: A,D Explanation: Pages 85,86 in Study guide 7.0 Pages 100,101 in Study guide 7 Question: Refer to the exhibits. Which two conclusions for traffic that matches the traffic shaper are true? (Choose two.) A. The traffic shaper drops packets if the bandwidth is less than 2500 KBps. B. The measured bandwidth is less than 100 KBps. C. The traffic shaper drops packets if the bandwidth exceeds 6250 KBps. D. The traffic shaper limits the bandwidth of each source IP to a maximum of 6250 KBps. Answer: A,B,C Question: 154 Refer to the exhibit. Which configuration change is required if the responder FortiGate uses a dynamic routing protocol to exchange routes over IPsec? A. type must be set to static. B. mode-cfg must be enabled. C. exchange-interface-ip must be enabled. D. add-route must be disabled. Answer: D Explanation: for using "non ike" routes (for example BGP/static and so on) you must do disable the add-route that inject automatically kernel route based on p2 selectors from the remote site from the SD-WAN_7.2_Study_Guide page 236 Question: 155 Which CLI command do you use to perform real-time troubleshooting for ADVPN negotiation? A. get router info routing-table all B. diagnose debug application ike C. diagnose vpn tunnel list D. get ipsec tunnel list Answer: B Explanation: IKE real-time debug - useful when debugging ADVPN shortcut messages and spoke-to-spoke negotiations. βΆ diagnose debug console timestamp enable βΆ diagnose vpn ike log filter clear βΆ diagnose vpn ike log filter mdst-addr4 βΆ diagnose debug application ike -1 βΆ diagnose debug enable Question: 1 Refer to the exhibits. Exhibit B Exhibit A shows the system interface with the static routes and exhibit B shows the firewall policies on the managed FortiGate. Based on the FortiGate configuration shown in the exhibits, what issue might you encounter when creating an SD- WAN zone for port1 and port2? A. port1 is assigned a manual IP address. B. port1 is referenced in a firewall policy. C. port2 is referenced in a static route. D. port1 and port2 are not administratively down. Answer: B Question: 157 Which two statements are correct when traffic matches the implicit SD-WAN rule? (Choose two.) A. The sdwan_service_id flag in the session information is 0. B. All SD-WAN rules have the default setting enabled. C. Traffic does not match any of the entries in the policy route table. D. Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting. Answer: A,C Explanation: sdwan_service_id is 0 = match SD-WAN implicit rule, study guide 7.0 page 120, 7.2 page 149 SD-WAN rules internally are interpreted as a Policy route, so when the traffic doesn't match with any policy route, it will be flowing by implict policy. Question: 1 Refer to the exhibit. An administrator is troubleshooting SD-WAN on FortiGate. A device behind branch1_fgt generates traffic to the 10.0.0.0/8 network. The administrator expects the traffic to match SD-WAN rule ID 1 and be routed over T_INET_0_0. However, the traffic is routed over T_INET_1_0. Based on the output shown in the exhibit, which two reasons can cause the observed behavior? (Choose two.) A. The traffic matches a regular policy route configured with T_INET_1_0 as the outgoing device. B. T_INET_1_0 has a lower route priority value (higher priority) than T_INET_0_0. C. T_INET_0_0 does not have a valid route to the destination. D. T_INET_1_0 has a higher member configuration priority than T_INET_0_0. Answer: A,C Explanation: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Assigning-Priority-to-SD-WAN-Members-for-Default/ta- p/230911 Question: 1 Refer to the exhibit. Based on the exhibit, which two actions does FortiGate perform on sessions after a firewall policy change? (Choose two.) A. FortiGate flushes all sessions. B. FortiGate terminates the old sessions. C. FortiGate does not change existing sessions. D. FortiGate evaluates new sessions. Answer: A,C,D Explanation: FortiGate not to flag existing impacted session as dirty by setting firewall-session-dirty to check new. The results is that FortiGate evaluates only new session against the new firewall policy. Question: 160 Which two statements about SD-WAN central management are true? (Choose two.) A. The objects are saved in the ADOM common object database. B. It does not support meta fields. C. It uses templates to configure SD-WAN on managed devices. D. It supports normalized interfaces for SD-WAN member configuration. Answer: A,C Explanation: Normalized interfaces are not supported for SD-WAN templates. You can create multiple SD-WAN zones and add interface members to the SD-WAN zones. You must bind the interface members by name to physical interfaces or VPN interfaces. https://docs.fortinet.com/document/fortigate/7.0.0/sd-wan-new- features/794804/new-sd-wan-template-fmg Question: 161 Refer to the exhibits. Which conclusion about the packet debug flow output is correct? A. The total number of daily sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped. B. The packet size exceeded the outgoing interface MT C. The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped. D. The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the firewall policy, and the packet was dropped. Answer: A,C Explanation: In a Per-IP shaper configuration, if an IP address exceeds the configured concurrent session limit, the message "Denied by quota check" appears. SD-WAN 7.0 Study Guide page 287 Question: 162 Which are two benefits of using CLI templates in FortiManager? (Choose two.) A. You can reference meta fields. B. You can configure interfaces as SD-WAN members without having to remove references first. C. You can configure FortiManager to sync local configuration changes made on the managed device, to the CLI template. D. You can configure advanced CLI settings. Answer: A,D Question: 163 What is the route-tag setting in an SD-WAN rule used for? A. To indicate the routes for health check probes. B. To indicate the destination of a rule based on learned BGP prefixes. C. To indicate the routes that can be used for routing SD-WAN traffic. D. To indicate the members that can be used to route SD-WAN traffic. Answer: B Question: 164 Refer to the exhibit. The exhibit shows the SD-WAN rule status and configuration. Based on the exhibit, which change in the measured latency will make T_MPLS_0 the new preferred member? A. When T_INET_0_0 and T_MPLS_0 have the same latency. B. When T_MPLS_0 has a latency of 100 ms. C. When T_INET_0_0 has a latency of 250 ms. D. When T_N1PLS_0 has a latency of 80 ms. Answer: D Question: 165 Refer to the exhibits. Exhibit A - Exhibit B - Exhibit A shows the traffic shaping policy and exhibit B shows the firewall policy. The administrator wants FortiGate to limit the bandwidth used by YouTube. When testing, the administrator determines that FortiGate does not apply traffic shaping on YouTube traffic. Based on the policies shown in the exhibits, what configuration change must be made so FortiGate performs traffic shaping on YouTube traffic? A. Destination internet service must be enabled on the traffic shaping policy. B. Application control must be enabled on the firewall policy. C. Web filtering must be enabled on the firewall policy. D. Individual SD-WAN members must be selected as the outgoing interface on the traffic shaping policy. Answer: B Question: 166 Refer to the exhibit, which shows the IPsec phase 1 configuration of a spoke. What must you configure on the IPsec phase 1 configuration for ADVPN to work with SD-WAN? A. You must set ike-version to 1. B. You must enable net-device. C. You must enable auto-discovery-sender. D. You must disable idle-timeout. Answer: B 6$03/( 48(67,216 7KHVH TXHVWLRQV DUH IRU GHPR SXUSRVH RQO\ )XOO YHUVLRQ LV XS WR GDWH DQG FRQWDLQV DFWXDO TXHVWLRQV DQG DQVZHUV .LOOH[DPV FRP LV DQ RQOLQH SODWIRUP WKDW RIIHUV D ZLGH UDQJH RI VHUYLFHV UHODWHG WR FHUWLILFDWLRQ H[DP SUHSDUDWLRQ 7KH SODWIRUP SURYLGHV DFWXDO TXHVWLRQV H[DP GXPSV DQG SUDFWLFH WHVWV WR KHOS LQGLYLGXDOV SUHSDUH IRU YDULRXV FHUWLILFDWLRQ H[DPV ZLWK FRQILGHQFH +HUH DUH VRPH NH\ IHDWXUHV DQG VHUYLFHV RIIHUHG E\ .LOOH[DPV FRP $FWXDO ([DP 4XHVWLRQV .LOOH[DPV FRP SURYLGHV DFWXDO H[DP TXHVWLRQV WKDW DUH H[SHULHQFHG LQ WHVW FHQWHUV 7KHVH TXHVWLRQV DUH XSGDWHG UHJXODUO\ WR HQVXUH WKH\ DUH XS WR GDWH DQG UHOHYDQW WR WKH ODWHVW H[DP V\OODEXV %\ VWXG\LQJ WKHVH DFWXDO TXHVWLRQV FDQGLGDWHV FDQ IDPLOLDUL]H WKHPVHOYHV ZLWK WKH FRQWHQW DQG IRUPDW RI WKH UHDO H[DP ([DP 'XPSV .LOOH[DPV FRP RIIHUV H[DP GXPSV LQ 3') IRUPDW 7KHVH GXPSV FRQWDLQ D FRPSUHKHQVLYH FROOHFWLRQ RI TXHVWLRQV DQG DQVZHUV WKDW FRYHU WKH H[DP WRSLFV %\ XVLQJ WKHVH GXPSV FDQGLGDWHV FDQ HQKDQFH WKHLU NQRZOHGJH DQG LPSURYH WKHLU FKDQFHV RI VXFFHVV LQ WKH FHUWLILFDWLRQ H[DP 3UDFWLFH 7HVWV .LOOH[DPV FRP SURYLGHV SUDFWLFH WHVWV WKURXJK WKHLU GHVNWRS 9&( H[DP VLPXODWRU DQG RQOLQH WHVW HQJLQH 7KHVH SUDFWLFH WHVWV VLPXODWH WKH UHDO H[DP HQYLURQPHQW DQG KHOS FDQGLGDWHV DVVHVV WKHLU UHDGLQHVV IRU WKH DFWXDO H[DP 7KH SUDFWLFH WHVWV FRYHU D ZLGH UDQJH RI TXHVWLRQV DQG HQDEOH FDQGLGDWHV WR LGHQWLI\ WKHLU VWUHQJWKV DQG ZHDNQHVVHV *XDUDQWHHG 6XFFHVV .LOOH[DPV FRP RIIHUV D VXFFHVV JXDUDQWHH ZLWK WKHLU H[DP GXPSV 7KH\ FODLP WKDW E\ XVLQJ WKHLU PDWHULDOV FDQGLGDWHV ZLOO SDVV WKHLU H[DPV RQ WKH ILUVW DWWHPSW RU WKH\ ZLOO UHIXQG WKH SXUFKDVH SULFH 7KLV JXDUDQWHH SURYLGHV DVVXUDQFH DQG FRQILGHQFH WR LQGLYLGXDOV SUHSDULQJ IRU FHUWLILFDWLRQ H[DPV 8SGDWHG &RQWHQW .LOOH[DPV FRP UHJXODUO\ XSGDWHV LWV TXHVWLRQ EDQN DQG H[DP GXPSV WR HQVXUH WKDW WKH\ DUH FXUUHQW DQG UHIOHFW WKH ODWHVW FKDQJHV LQ WKH H[DP V\OODEXV 7KLV KHOSV FDQGLGDWHV VWD\ XS WR GDWH ZLWK WKH H[DP FRQWHQW DQG LQFUHDVHV WKHLU FKDQFHV RI VXFFHVV 7HFKQLFDO 6XSSRUW .LOOH[DPV FRP SURYLGHV IUHH [ WHFKQLFDO VXSSRUW WR DVVLVW FDQGLGDWHV ZLWK DQ\ TXHULHV RU LVVXHV WKH\ PD\ HQFRXQWHU ZKLOH XVLQJ WKHLU VHUYLFHV 7KHLU FHUWLILHG H[SHUWV DUH DYDLODEOH WR SURYLGH JXLGDQFH DQG KHOS FDQGLGDWHV WKURXJKRXW WKHLU H[DP SUHSDUDWLRQ MRXUQH\ 'PS .PSF FYBNT WJTJU IUUQT LJMMFYBNT DPN WFOEPST FYBN MJTU .LOO \RXU H[DP DW )LUVW $WWHPSW *XDUDQWHHG