NSE7_SDW-7.2 Practice Exam Questions with Answers Fortinet NSE 7 - SD-WAN 7.2 Certification

When T_INET_0_0 and T_MPLS_0 have the same latency.

When T_MPLS_0 has a latency of 100 ms.

When T_INET_0_0 has a latency of 250 ms.

When T_N1PLS_0 has a latency of 80 ms.

The total number of daily sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped.

The packet size exceeded the outgoing interface MTU.

The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped.

The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the firewall policy, and the packet was dropped.

You can assign only one template with a tunnel of fype static to each FortiGate device

You can define only one IPsec tunnel from branch devices to HUB1.

You can assign only one IPsec template to each FortiGate device.

You should review the branch1_fgt configuration for the already configured tunnel with the name HUB1-VPN2.

The traffic always skips the regular policy routes.

You steer traffic based on the detected application.

You do not need to enable SSL inspection.

You do not need to configure firewall policies that accept the SD-WAN traffic.

The reply direction of the asymmetric traffic flows from port2 to port3.

The auxiliary session can be offloaded to hardware.

The original direction of the symmetric traffic flows from port3 to port2.

The main session cannot be offloaded to hardware.

The health-check VPN_PING orders the members according to the lowest jitter.

The interface T_INET_1 missed one SLA target.

There is no SLA criteria configured for the health-check Level3_DNS.

The interface T_INET_0 missed three SLA targets.

The ISDB is dynamically updated and reduces administrative overhead.

The ISDB requires application control to maintain signatures and perform load balancing.

The ISDB applies rules to traffic from specific sources, based on application type.

The ISDB contains the IP addresses and port ranges of well-known internet services.

On the receiver FortiGate, packet-de-duplication is enabled.

The ICMP echo request packets sent over T_INET_0_0 and T_MPLS_0 were dropped along the way.

The ICMP echo request packets received over T_INET_0_0 and T_MPLS_0 were offloaded to NPU.

On the sender FortiGate, duplication-max-num is set to 3.

You must set ike-version to 1.

You must enable net-device.

You must enable auto-discovery-sender.

You must disable idle-timeout.

FortiGate updated the outgoing interface list on the rule so it prefers port2.

Port2 has the highest member priority.

Port2 has a lower latency than port1.

SD-WAN rule ID 1 is set to lowest cost (SLA) mode.

You must use BGP to route traffic for both overlay and underlay links.

You must configure AS path prepending.

You must configure BGP communities.

IBGP is preferred over EBGP, because IBGP preserves next hop information.

The traffic shaper drops packets if the bandwidth is less than 2500 KBps.

The measured bandwidth is less than 100 KBps.

The traffic shaper drops packets if the bandwidth exceeds 6250 KBps.

The traffic shaper limits the bandwidth of each source IP to a maximum of 6250 KBps.

The service-sla-tie-break setting enables you to configure preferred member selection based on the best route to the destination.

You can delete the default zones.

The default zones are virtual-wan-link and SASE.

An SD-WAN member can belong to two or more zones.

There is more than one SD-WAN rule configured.

The SD-WAN rules take precedence over regular policy routes.

The all_rules rule represents the implicit SD-WAN rule.

Entry 1(id=1) is a regular policy route.

Create policy packages for branch devices.

Assign an sdwan_id metadata variable to each device (branch and hub}.

Configure routing through overlay tunnels created by the SD-WAN overlay template.

Assign a branch_id metadata variable to each branch device.

Configure SD-WAN rules.

FortiGate does not change the routing information on existing sessions that use a valid gateway, after a route change.

FortiGate performs routing lookups for new sessions only, after a route change.

FortiGate always blocks all traffic, after a route change.

FortiGate flushes all routing information from the session table, after a route change.

You can apply a system template and a CLI template to the same FortiGate device.

A CLI template can be of type CLI script or Perl script.

A template group can include a system template and an SD-WAN template.

A template group can contain CLI templates of both types.

Templates are applied in order, from top to bottom.

FortiGate does not consider the source address of the packet when matching an SD-WAN rule for local-out traffic.

By default, local-out traffic does not use SD-WAN.

By default, FortiGate does not check if the selected member has a valid route to the destination.

You must configure each local-out feature individually, to use SD-WAN.

diagnose sys sdwan zone

diagnose sys sdwan service

diagnose sys sdwan member

diagnose sys sdwan interface