Fortinet nse7-sdw-7-2 practice test

Refer to the exhibit.



Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2. The administrator configured ADVPN on both hub-and-spoke groups.

Which two outcomes are expected if a user in Toronto sends traffic to London? (Choose two.)

• A. London generates an IKE information message that contains the Toronto public IP address.
• B. The first packets from Toronto to London are routed through Hub 1 then to Hub 2.
• C. Traffic from Toronto to London triggers the dynamic negotiation of a direct site-to-site VPN.
• D. Toronto needs to establish a site-to-site tunnel with Hub 2 to bypass Hub 1.

Refer to the exhibit.

Based on the exhibit, which two actions does FortiGate perform on sessions after a firewall policy change? (Choose two.)

• A. FortiGate terminates the old sessions.
• B. FortiGate evaluates new sessions.
• C. FortiGate does not change existing sessions.
• D. FortiGate flushes all sessions.

Refer to the exhibits.

Exhibit A

Exhibit B
Exhibit A shows the SD-WAN performance SLA and exhibit B shows the SD-WAN member status, the routing table, and the performance SLA status.
If port2 is detected dead by FortiGate, what is the expected behavior?

• A. Host 8.3.8.8 is reachable through port1 and port2.
• B. Port2 becomes alive after three successful probes are detected.
• C. The administrator manually restores the static routes for port2, if port2 becomes alive.
• D. FortiGate disables all static routes for port2.

Refer to the exhibits.

Exhibit A

Exhibit B
Exhibit A shows a policy package definition. Exhibit B shows the install log that the administrator received when he tried to install the policy package on FortiGate devices.
Based on the output shown in the exhibits, what can the administrator do to solve the issue?

• A. Create dynamic mapping for the LAN interface for all devices in the installation target list.
• B. Policies can refer to only one LAN source interface. Keep only the D-LAN, which is the dynamic LAN interface.
• C. Dynamic mapping should be done automatically. Review the LAN interface configuration for branch2_fgt.
• D. Use a metadata variable instead of a dynamic interface to define the firewall policy.

Which two statements are true about using SD-WAN to steer local-out traffic? (Choose two.)

• A. By default, FortiGate does not check if the selected member has a valid route to the destination.
• B. You must configure each local-out feature individually, to use SD-WAN.
• C. By default, local-out traffic does not use SD-WAN.
• D. FortiGate does not consider the source address of the packet when matching an SD-WAN rule for local-out traffic.

Which three matching traffic criteria are available in SD-WAN rules? (Choose three.)

• A. Type of physical link connection
• B. Source and destination IP address
• C. URL categories
• D. Application categories
• E. Internet service database (ISDB) address object

Refer to the exhibit, which shows output of the command diagnose sys sdwan health-check status collected on a FortiGate device.

Which two statements are correct about the health check status on this FortiGate device? (Choose two.)

• A. The interface T_INET_0 missed three SLA targets.
• B. The interface T_INET_1 missed one SLA target.
• C. There is no SLA criteria configured for the health-check Level3_DNS.
• D. The health-check VPN_PING orders the members according to the measured jitter.

In which SD-WAN template field can you use a metadata variable?

• A. You can use metadata variables only to define interface members and the gateway IP.
• B. Any field identified with a dollar sign (S) in a magnifying glass.
• C. Any field identified with an "M" in a circle.
• D. All SD-WAN template fields support metadata variables.

What is true about SD-WAN multiregion topologies?

• A. It is not compatible with ADVPN.
• B. Routing between the hub and spokes must be BGP.
• C. Regions must correspond to geographical areas.
• D. Each region has its own SD-WAN topology.

Which three characteristics apply to provisioning templates available on FortiManager? (Choose three.)

• A. You cannot apply a system template and CLI template to the same FortiGate device.
• B. A CLI template can be of type CLI script or Perl script.
• C. A CLI template group can contain CLI templates of both types.
• D. A template group can include a system template and an SD-WAN template.
• E. CLI templates are applied in order, from top to bottom.