NSE7_SDW-6.4 Online Practice Questions and Answers

Refer to the exhibit.

Which statement about the command route-tag in the SD-WAN rule is true?

A. It enables the SD-WAN rule to load balance and assign traffic with a route tag

B. It tags each route and references the tag in the routing table.

C. It uses route tags for a BGP community and assigns the SD-WAN rules with same tag.

D. It ensures route tags match the SD-WAN rule based on the rule order

Refer to exhibits. Exhibit A.

Exhibit B.

Exhibit A, which shows the SD-WAN performance SLA and exhibit B shows the health of the participating SD-WAN members. Based on the exhibits, which statement is correct?

A. The dead member interface stays unavailable until an administrator manually brings the interface back.

B. The SLA state of port2 has exceeded three consecutive unanswered requests from the SLA server.

C. Port2 needs to wait 500 milliseconds to change the status from alive to dead.

D. Check interval is the time to wait before a packet sent by a member interface considered as lost.

Refer to the exhibit.

Based on the output shown in the exhibit, which two criteria on the SD-WAN member configuration can be used to select an outgoing interface in an SD-WAN rule? (Choose two.)

A. Set priority 10.

B. Set cost 15.

C. Set load-balance-mode source-ip-ip-based.

D. Set source 100.64.1.1.

Refer to exhibits

Exhibit A shows the system interface with the static routes and exhibit B shows the firewall policies on the managed FortiGate

Based on the FortiGate configuration shown in the exhibits, what are two issues you might encounter when creating an SD-WAN interface on port1 and port2? {Choose two )

A. Member interfaces that are administratively down

B. Member interface that have IP address of 0.0.0.0/0.0.0.0

C. Member interfaces that are physical interfaces as well as VLAN aggregate, and iPsec interfaces

D. Member interfaces that are referenced by any other configuration element

Which components make up the secure SD-WAN solution?

A. Application, antivirus, and URL, and SSL inspection

B. Datacenter, branch offices, and public cloud

C. FortiGate, FortiManager, FortiAnalyzer, and FortiDeploy

D. Telephone, ISDN, and telecom network.

FortiGate is connected to the internet and is obtaining the IP address on its egress interlace from the DHCP server

Which statement is due when FortiGate restarts and receives preconfigured settings to install as part of a zero-touch provisioning process?

A. FortiDeploy connects with FortiGate and provides the initial configuration to contact FortiManager

B. The zero-touch provisioning process completes internally, behind FortiGate

C. FortiManager registers FortiGate after the restart and retrieves the existing configuration

D. The FortiGate cloud key added to the FortiGate cloud portal and FortiGate performs a factory reset before the restart

Refer to the exhibit

Based on the exhibit, which two statements about existing sessions on FortiGate after a firewall policy change, are true?(Choose two.)

A. The old sessions terminate after a policy change

B. Existing sessions remain unchanged after a policy change

C. All sessions are flushed by FortiGate after a policy change

D. FortiGate re-evaluates new packets after a policy change

Refer to exhibits. Exhibit A.

Exhibit B.

Exhibit A shows the SD-WAN performance SLA and exhibit B shows the SO-WAN interface and the static routes configuration. Port1 and port2 are member interfaces of the SD-WAN, and port2 becomes a dead member after reaching the failure thresholds Which statement about the dead member is correct?

A. Subnets 100 .64.1.0/23 and 172 . 20 . 0. 0/16 are reachable only through port1

B. SD-WAN interface becomes disabled and port1 becomes the WAN interface

C. Dead members require manual administrator access to bring them back alive

D. Port2 might become alive when a single response is received from an SLA server

Refer to the exhibit.

Multiple IPsec VPNs are formed between two hub-and-spokes groups, and site-to-site between Hub 1 and Hub 2 The administrator configured ADVPN on the dual regions topology

Which two statements are correct if a dynamic site-to-site tunne1 between Toronto and London has been established? (Choose two)

A. auto-discovery-receiver is enabled on the egress VPN interfaces on the spokes

B. auto-discovery-sender is enabled on the ingress VPN interfaces on hubs

C. tunnel-search IS set to phase 2 quick mode selectors

D. add-route is enabled to install static routes on hub devices

E. auto-discovery-forwarder IS enabled on all VPN interfaces

Refer to exhibits.

Exhibit A shows the firewall policy and exhibit B shows the traffic shaping policy.

The traffic shaping policy is being applied to all outbound traffic; however, inbound traffic is not being evaluated by the shaping policy.

Based on the exhibits, what configuration change must be made in which policy so that traffic shaping can be applied to inbound traffic?

A. The reverse shaper option must be enabled and a traffic shaper must be selected

B. The guaranteed-10mbps option must be selected as the reverse shaper option.

C. A new firewall policy must be created and SD-WAN must be selected as the incoming interface.

D. The guaranteed-10mbps option must be selected as the per-IP shaper option